Analysis Overview
Threat Level: Known bad
The file https://s.id/FishcPrivateServer was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-29 03:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-29 03:53
Reported
2024-11-29 03:56
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://s.id/FishcPrivateServer
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6dfa46f8,0x7ffa6dfa4708,0x7ffa6dfa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18067455486185029847,2053362991234448402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.id | udp |
| HK | 193.84.85.178:443 | s.id | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.85.84.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblgox.com | udp |
| NL | 91.215.40.22:443 | www.roblgox.com | tcp |
| US | 8.8.8.8:53 | 22.40.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | static.rbxcdn.com | tcp |
| NL | 91.215.40.22:443 | inju.cc | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| IE | 3.162.140.36:80 | crt.rootg2.amazontrust.com | tcp |
| IE | 3.162.140.36:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 78.68.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.252.19.2.in-addr.arpa | udp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 36.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| IE | 13.224.68.78:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.inju.cc | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube-nocookie.com | udp |
| GB | 142.250.200.46:443 | www.youtube-nocookie.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.46:443 | www.youtube-nocookie.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_2616_NCJCEEKTMXFTDCZJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53b659e5e92b33b7a151792d96050148 |
| SHA1 | 3c0fe9010348102384bcd3e0128aa565104e2004 |
| SHA256 | 68a31e566e14151b8c5da6d8c1271453a131c6361558fc8da326f535dda66ad5 |
| SHA512 | 37b15dbd88b5406a036cde60d4e62587f6d04789d3bb7d718d0f9fd0e0a067380803239abe34fb070688767e82213bb68c2b40e7b9268adafd012a0a1c8ab704 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 343859b4ad03856a60d076c8cd8f22c3 |
| SHA1 | 7954a27de3329b4c5eefd4bdcb8450823881aad6 |
| SHA256 | 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f |
| SHA512 | 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | f38c0f7c686509a6eaaaf0db493d145a |
| SHA1 | faec040416aba4a8bc8c404e982c2312094a03c0 |
| SHA256 | 546447318da82e5f545a27d91053e87cc7f967464c16869bdc2f2db3dd33d4cb |
| SHA512 | 070371060a15f36f83d4b23296e02dd78c93879c672db11d37ffbf47b3505a4273fc72065dd6ae11b479488e729288d6f99cb2ee8ed6e1975912094edadb9de1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd1053c26de22312e92a85a0b00834e8 |
| SHA1 | f9bb254fd5289f450b0b2d43360b501bda5c6bdf |
| SHA256 | ce309cc5c864790608d1277865484b3f14dcc1e9c8165b21a6ac2d6a035c4538 |
| SHA512 | 6692c3f9326c54e4ec2747c1b83e69216108a365de3fe01675edd5718bd0a7c4f0f502f2121ecc64a78b0cd53a9c447e90517ea493cc2f504fb7354d9bb78056 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ffa10cec309c6359a84601d6c01a3a32 |
| SHA1 | 98ef0b4bc0c614191a3a2406b12bc2c9c914547c |
| SHA256 | f6968792abe5af1931200ae1cb9a47322a4a253033b2216f8096e6dcce0971bd |
| SHA512 | 0340ddc812107b8fa6807af10e7789ad9ade67334c2fdd9a71774d203f2e95976f823e081aca5784786dcfe8ad1d73d42928a44df86a3c632dc429cece02b5e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3e25b10309237010a48d48ebce440094 |
| SHA1 | 82b1a732a6bea7ee390f5fe10ed2a170fe415553 |
| SHA256 | 1cccfb5ae7aca1a0961ed7b33ec4c458583e183f103d054a28c5b3b8a14e4098 |
| SHA512 | 17bb7881cc77eaef693179f853cba4a4e503aedfdfc95cee450c266c4eb5a372a3a6e80dce2b3f14684b680b8119d118afefb3bf2e16a1530d77f1b0e2bad187 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583851.TMP
| MD5 | 200251f620e9defb6691f9e18cc7af95 |
| SHA1 | 6f5ee6b3caa8eba87d2d6d1746e4295735aae5e8 |
| SHA256 | 9a33bc5364e1efb145371ff946fdd7b73862629b15777eb0a8e70066f9d9e808 |
| SHA512 | c85f74edc9f1e7e0117098229481691fa55d3b6f855358d85f54823fd798f5109ee9920f32871002e662eee6ba18e1baf62242d7439415ad50e032ce1b10bc7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3ba9076821c0ed1a70fc59a6bae30a95 |
| SHA1 | e6a1cdf37cd9ffbaa725ee862d3ada3c8e95e2c7 |
| SHA256 | 59b98f3d60780922058f112832a066687202c206fb7dfc1bc789ad0bd120838f |
| SHA512 | ee2ba01f3bed5528b8bd13685fb733a19e7796d2df78852c267aecf91fa83b8fd15ff02d2372a49aab4271c72a1ff84f8f1f1e464106f64fae95d4d14b64db54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9e524384567d6cf14fc5992b91f93de |
| SHA1 | a3d5bc6c24b9287c80c9c1865a9db7a39f69f41c |
| SHA256 | 512f73791e02f6527cef14c31ae4d8f41122010d7bb8a0ed2bac5cbbc95fed8d |
| SHA512 | d2f74d5b2da231d4e42254915e119655df7ee72a580f9a13deb24f8eb4b17d3893300cba98160be84244a2696409562fca2fde231bfab0152dbb0ca888a504b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c7d1962f86386bd841dbedcfcfb36ac2 |
| SHA1 | 761a5efe0debfa17e1a2e1bb75f0533a9bb06e88 |
| SHA256 | 446aee0239674838f206e1b2092bda364d10fa72ce2e3d4eca5b6e2b92dd5b28 |
| SHA512 | 82d75ec99219058da6c9f93e6f0296cb4f1018a67ae1b7ca4e248e5c307048b0e4da8e735acda682a08cb843564764ec4ac9f1ed63260ada4bb8b70d6ede8a5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9868a22b63de1d219d055317068b36f3 |
| SHA1 | 29411824802e29fc4e9269ce787bf98363a91117 |
| SHA256 | d9e3e1d12af2df34502965a345a3747659f7813cc0c49124378bfa3b8088d499 |
| SHA512 | ba74533efd0772cc22dbc2b1987b9fec9b90be38979787628914757a27c501432df6a3d5badddfabc91ba31fa3d3bf9b3863d2bf8c028d4e120e4922e5815d98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 90827d191b6da9a8b1e48936ec7d3121 |
| SHA1 | 7dbd481fe4335809fb2b8688a63e59909a0df3f6 |
| SHA256 | f8e8358f7ef3f56ba12486bf57cc0392121462a09f1dd76e0f31293cf19a61a3 |
| SHA512 | 9d8243b1cced869b659a74baa4bc38aa8bb5acd776d524940f918093683ff7f05142bca36b14a87ab405434c81242e6b160fed78afa312c351d8ed29506713a4 |