Malware Analysis Report

2025-01-18 22:56

Sample ID 241215-cqzafs1nct
Target http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 02:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 02:17

Reported

2024-12-15 02:20

Platform

win10v2004-20241007-en

Max time kernel

131s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4272 wrote to memory of 4352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 4352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4272 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe109046f8,0x7ffe10904708,0x7ffe10904718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 rvoblox.com udp
DE 5.252.33.158:80 rvoblox.com tcp
DE 5.252.33.158:80 rvoblox.com tcp
DE 5.252.33.158:443 rvoblox.com tcp
US 8.8.8.8:53 158.33.252.5.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 inju.cc udp
US 8.8.8.8:53 js.rbxcdn.com udp
DE 18.66.112.62:443 css.rbxcdn.com tcp
DE 18.66.112.62:443 css.rbxcdn.com tcp
DE 18.66.112.62:443 css.rbxcdn.com tcp
DE 18.66.112.62:443 css.rbxcdn.com tcp
DE 18.66.112.62:443 css.rbxcdn.com tcp
DE 18.66.112.62:443 css.rbxcdn.com tcp
DE 5.252.33.158:443 inju.cc tcp
DE 65.9.66.35:443 js.rbxcdn.com tcp
DE 65.9.66.35:443 js.rbxcdn.com tcp
DE 65.9.66.35:443 js.rbxcdn.com tcp
DE 65.9.66.35:443 js.rbxcdn.com tcp
DE 65.9.66.35:443 js.rbxcdn.com tcp
DE 108.138.7.25:443 static.rbxcdn.com tcp
DE 65.9.66.35:443 js.rbxcdn.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
DE 18.66.147.43:80 crt.rootg2.amazontrust.com tcp
DE 18.66.147.43:80 crt.rootg2.amazontrust.com tcp
DE 18.66.147.43:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 62.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 35.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 25.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 43.147.66.18.in-addr.arpa udp
US 8.8.8.8:53 128.66.9.65.in-addr.arpa udp
DE 18.66.112.62:443 css.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 128.116.119.3:443 roblox.com tcp
DE 18.66.112.8:443 images.rbxcdn.com tcp
DE 18.66.112.8:443 images.rbxcdn.com tcp
DE 5.252.33.158:443 inju.cc tcp
US 8.8.8.8:53 metrics.roblox.com udp
GB 128.116.119.4:443 metrics.roblox.com tcp
US 8.8.8.8:53 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 8.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
GB 2.19.117.106:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 106.117.19.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 assetgame.rvoblox.com udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 assetgame.rvoblox.com udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 assetgame.rvoblox.com udp
US 8.8.8.8:53 assetgame.rvoblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
DE 18.245.60.9:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 9.60.245.18.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_4272_XAKJSFSGRUELRYHU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7faa9d545345e40f278a8fd805a3d6ff
SHA1 c9bad1c8fe48485fb03ebe32fb186cd2e2e7473e
SHA256 4f91d36b3a68e016619f10f195e3a45c3e4be262e32609c6dea5792e98b0ca90
SHA512 df0a1695ee4cc16a40a635190d1c81a20dec73a30e86a4b42da85189fb58b2777174b95dbb38b78eb4a6d34c9bbfa1a12c37eded1bd1e456936d97356205551c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

MD5 6c1f2728e98aceed824a43f2c14476f3
SHA1 d2bfd22c08726370187636a1c2df4ae819d84409
SHA256 53f299fd57815ffa68dffee92b822b82a4f3420f5ba39fa1aa040091798b5b45
SHA512 b80a5baf0271b33c81faf56508ce7e2768ee990de70dd721c3db0c7bf17c9200358709bb2aec8d8d16c83848aa6f0bc94bc60554b0b73619bf29bf7d488c221a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c6150925cfea5941ddc7ff2a0a506692
SHA1 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA256 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512 b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 73541b06882c6124f8a510990d4e9bf7
SHA1 77a2a0d15d4247fda215c91c3a5fbb2e6fd7f28e
SHA256 eec68b8d7ddb8a6062c26f0ebc09fd805e65c2ec48fea3fd1bb0834e560e9f5f
SHA512 eb8d5c11c253406de9fecfde0fcbbd0214eed3708792733de07bbf48f98b26f1124fbb77ae95742ef3d9ba515d1ed9b07dd2028fa5bf5f94c17269c2bf267327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e90c826a3215be956cbeaeff23e6b9f9
SHA1 6c48803873c3f351dff04a6f7bede2d78cb94ae3
SHA256 38ff5d58a4549cc91c250b3e4a3f4bea1e5fddd49dcc97cbf9370d2556196918
SHA512 a5977eafd27397c08e35061a080e2e54314b4f65bd721d51a7401a54cf66ed04874473de5d33a96928dde740473f65f622d01369b0b8a7b28fb364d5a93cdc30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c0a469b1f1ef30c2645c9dd4fbfbec4
SHA1 ac7a5a8ba990600c0bf26bc4fad81c23b8657164
SHA256 f853558348cc3cc92cf5bc085b73d38164b042ffc59ca7f798c95a7980a16ee8
SHA512 88f16d6e7a633b37a36a8d495d6e7b32646627ac293763b283178ce6d737dc15789112451a1fefbd430732c7e582f389f18f09a6cb3009ff3ebcbd99410ea6ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6084ab306d9f1a06eba8b4e5c5f787fe
SHA1 26b58f5367ed05db0a833843442113f2a038d0dd
SHA256 681d0dbf0d2cb9461fa3bb8926eb2dab6ac4359875a59bad6450e1c8d16c6340
SHA512 4b1d6448a4c151b5bc4673e9808b00e6c72d85f6b669739b454b973a333207b7715342f43974330b7106ad86d283c4424c4d2601689948f6e949e7462000f7bc

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6540d82ffad71a6784026e5b6b3d5e53
SHA1 1f22013365d3c91f6160813612848f47089db898
SHA256 1e158e579a983023150a505aaba97d7ea93c3534cab0efadaf145e73ea56063f
SHA512 fc01f547cac490598f2e6285207ea0505363122afd6788779be5ff4435fbafa1d677d1db52dee1f7861a30808b2c54900c03f18ba1c577d31a54a3424986f630

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da91.TMP

MD5 8e6c74d28c35d63a239c3b941799130e
SHA1 8f2bacd8dd79726913ba7d5374504884bd86ffe4
SHA256 13d9a46312e765b13d83c745235cf0480595cc460b6cd21ab74667fbadce7eb3
SHA512 43fd29774f92dc92fcb25c0eb8800bccd1b164ef681c6d618973e8a840326912169eae8d1b49e93a5bca4d2777490298d4d327b979dc62a52b6a9b01675fb105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old

MD5 f3252eb236ae93b5dc302520c66ee9a7
SHA1 03c30e122dc3e011766403d1c56818f43ddc2367
SHA256 7cb838b897dfaa30023926b111cb293694bde6a1f000c67556f7576b9b7eecbb
SHA512 6f4eeb94898a4951a6b1f9cecb00bfa8ec3c482741a3b19c5fedb8e15c4f2ec122f890646e9dd78d958cb873023059f5424236c6575153fc568a335294afb78f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old~RFe5800b7.TMP

MD5 d95a29bd8ffa58870b29d8e3f1e1e059
SHA1 89862715fc85db152cc7153e6d935146aeed1c7a
SHA256 41a2534f5c706b29577dca749cc659af13be9becd7e5dc6c2f896fbf5694ef54
SHA512 cde22bca18bfb8d268f402eb30172bbba2498aca29561dbd9ee2bb61bb05543111a990159db85f5593d1a79173068153db9d3804a23d65b741f2827f49c20de1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3f19e60bd1a5e76cc437903ac70859b7
SHA1 e0731788e1231a926edb8a80e3a6949bda43a2ef
SHA256 5053953fdede62f46227dbeb5ecbe7ce6e85b9679eaed887b5046163e7d8d6fd
SHA512 5fffa5b55802bced012947e3dba570bd00231063e53a249d794dd3114cba43a035f33dfae1d980fd0be8180a413f7d290fc83271cf32b238d30a006a4593f819

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 d81106fdc94384ef2ed1fcea7a5d9e5b
SHA1 e694edffa5d6f8843cc7a6a4edd2c27d08a51b34
SHA256 8741c23815ebea5de820107e31a05fcc3b3e0b331712d42e7fcac36befe6a989
SHA512 ef29b662d7ae5e5501e48b676b028f5d0bbb46a5f4b16f365d149e68333720f4746c3e1968cd67e774db3c77c20beb33c1342e8fc2c99b39e9ad0be4e47f81ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 989114c8fc89919f0910c2e2cc837d1d
SHA1 55d51f0041e01c7b1cd39400206d3f46f95c693f
SHA256 769017059f03d7f383c06aad4519890ebff7e04c0797aa20ecc4ad6e4e96d85b
SHA512 d8797f4bea581870c7e0a9861faa165c27f58e4ab373343542be2ebbc542b90fc3a8f75b13f6fc0641fbfbf121c94466690203c9d47c14881c4a22be430a2f02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old

MD5 f13e7df9e4978d2fc569af6d5ebc4908
SHA1 de1bbace2b506a009bd9d1c287d9f94e1ee4e2bc
SHA256 9641998f0e6696e8d215d7545f1a0a3462fc67e3186eb81ecb5b690e30a8cd67
SHA512 74e2747dc4d6c087e54f9e803088f07a03c624cead4042818c811cda4f41ca6208a9904f835b032cc676ba8746375b7c0a629590dcc9c4090b310026b92dc146

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eb81c6eb810ed709b4c526b13dcfd8a2
SHA1 6334edbed667ea27213163d8052afdc6a4457807
SHA256 679cedefbf56fb6509da069389951e2b621a0daf2aeaa8a58e47b0220d0db102
SHA512 f941bf0fd11dd79bcd276d3e030297657a69b5184b96c8bcceb0c82012c86ef7e05fb48d26f075354514e044fb3fc4e0831a3753d1e7faddb10764c4dae0a7e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\000005.ldb

MD5 2b01ea8b5823f84adc505ef9f235e955
SHA1 b6b8f92b19d2ec21b3cc07f91c18ccac9d400558
SHA256 588b67c5321bd67692fad82a1eb3d0e4f426b381ad958f2201c218b71495eea4
SHA512 6c3e0285000dbb1eaf09379d8e573078aab3951ed95d54f0a843c613f20a61510ab5ca54998b807fa85c7476ab5deef50e4c8c4ba76f793bf20e1fb2cdce8ca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 700db95cfa2fcac3be6b694fecd627cf
SHA1 a2a1223671a8bb5c88f330a481587235930a4ced
SHA256 2914ec7a29ee658022d985263799842db3916cec965a0ef2829be1957d33e482
SHA512 b6b096bc026b0a8ed3c796c4ed3a6fb73995065ad6a7013bba8b61426ff1fd69c275cb96de6fad0ed26175ebefd5f7d220538403c4c6b13e5d06c0e65d1991c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eca24f84f45156ba2ecf2f754f520eae
SHA1 e7e2c31877071f2ed77a12ab76f298aee13266d9
SHA256 5eb758d806c84a1a23c1f656df84a14c247370e8c7035066f3e8621b1965daf2
SHA512 64d13a596793092a01f853c9cc0f71d50bb82f120f85f73948e3f8827b30a6590ba0bc6822cc16104abde91527905659e95744bd1d8e460571eed9753f6053f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3737e8d834a70fa208071710b9fe627c
SHA1 95c1a515f9cc5025aa98742f99d9a29df9ae5969
SHA256 ba0565786c406439fae19e37915c0ef8979610375e926618c93d6e6b11f8b26c
SHA512 c8d2ecda100501a45dd33fb5cd37ecfebb4ae8f9a8f89c89e652dff0225c91d555d69e97e8e77af2fe082fa726014d8b606f38592b79336df1abd8bc62aefc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 071630776929191c3fd8bc92c50267ac
SHA1 4a3ff6114b2a27fc2b6a3d75951f738315d8665b
SHA256 cae036e27617730f347db535cbfe372625aee7e5b494f674516a7bf7849ad10b
SHA512 20eba7b98ba008c91c53960c123175446547964f73f57f0afa0d95605ef87b0775cbc91bcc27b7425aa210edeebb2b6521d017e9c5ddf7b08e3beef36b4bdada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4202b14eb9c688bc25f8900fe9c4bdc8
SHA1 ba1018fd5e0f4e923dcd90a5d82ebeb44dccf0cf
SHA256 1a0944cb87049e28b6000312b8c4bc0f4aa557f4c394ef0e700b82cb2c78f034
SHA512 f2a63964175d353327cbe95a42f7d2a4ad04455a314b16dd3fd41773d84fef30d71c28c90ab2407815d77ae06e0910df0e3bc54095303f5aae1e641c86f41ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 528d8bdbe1339ff0c8fd62ad718bcfe9
SHA1 a3862500b27bdde737b8361501841e9b39705f33
SHA256 ceab6bacf904bcfb6c1dc9d8d06af3b7815be104bda866dd6d2813b82fe469f1
SHA512 b78d75d24e5ca7d619dfe55551300b50357d149068f7b6eff1d388f0206c1318e7fc2c27b01f37a696d9f94222528941b45eb227e50df55d044fa86db1f07503

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 81733fe41236a8f61fcf7e379e710023
SHA1 3dbc96799ca9cd4e1e50b772aebd4e610e5d4ab6
SHA256 a52ae2030114c328847a72d9aae942cc93c72d9821359ab6378b790877a3506b
SHA512 cc76cbd988625ec92a46e6d95fe60bac097d56b77bdecb82e4f0f365b7ab731252e55b76ae7a51bf4836827794aeccd82ca27fd6e757bce1cb68d6f34e6c444e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae9e06914d29a61aaa577112872194f4
SHA1 24226817916b8e283add380a5c5100ec373de914
SHA256 5645658ef1d4f915fc151df3fb2abec64c79354100ec1dd3b036cb33eed678bd
SHA512 205d412e49556fd0c87152cfa787d127d847a149abf6fa4be426e46327a7f735f397352c6c1687b71843f1f998f326aff917075674951d035a26b839370eb287

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc1248a3023a9b3663cdad0df4a1a1c6
SHA1 58d29d5b107d16bcb1abb059981345a923c7e37f
SHA256 bf10cb8bb01c7b058108f61e57b2bf6c46a547f0ae4350a793943eb9ae4cbc82
SHA512 9346f845dde5b59ac9e8e36c7908d0205e71a1ac68ae14f97b74dee9fa06c3d95bde6064a6547ca3191b23b8def1bc014c370bb64246ac8a03e92cfcb694b737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 91ef76b5a448fabdf87a6a848eb39260
SHA1 7900e67120861aaf2f44dde9a21bf461bc3ee7a7
SHA256 97dd74e2afc67cbd578df3e7091c6e1c98327700e2662eced6c0b9eee9bec919
SHA512 99b6066b2d0aaedd6cd14081965364507d19c8965822147d08fc4889d9872aaff00fe8f39f4a9caebaabd72420c521247807e4d14e285996aed1ea945851b7b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0694becb9148df9f252d5808c1134c6a
SHA1 2906dc6efeff7c484c56814d4e0e193b95b312a8
SHA256 0edfa45a8bd1e09a2ed00a2bc57412e4284fa619a3cc09f0c3b2525c4e89deff
SHA512 d8017b0d9614cd17ec9fb352047915df8ce881df02615b3665cf9438fcbb31adfef2e198d8d452a5e52c5034c0b546f6d3a0d8e951f19c19da052c3e09ed4631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf743b40d7491d2e5ca13fdb5e77a04b
SHA1 47f945d9bc3244a512ab845e232c8742aa6c65c0
SHA256 05550d6b4f2079caff6f546952f31e04c432627881c7d3dfca3f6e12f3942990
SHA512 feed8f795885c4ed5c5cf109e0fe2ec1dd114d34e8676a661d2194d430714f4ec3d92db54ab0b1ab95bd07fb2f1e81c1f7d4a3fb776f5344fe110e1bd1203b95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6deb8ca0563b52a7b181cb72e23caec0
SHA1 357ae7760046c4a9d966f19de56cfb9684d3e974
SHA256 1d445cf6ae39e09e8a0beec4c29555b09ad3eb14a0a6a4c649c8a3cda396a21e
SHA512 a8e998b4ee0abce9001e796dbcc05f339154ffb2fe4748a4f47eb20aa82ecfeae16e618fac56be7e8c7eef2b034d8430156167587073236fe541b1689a98dfac