Analysis Overview
Threat Level: Known bad
The file https://s.id/FishcPrivateServer was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-29 04:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-29 04:00
Reported
2024-11-29 04:03
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://s.id/FishcPrivateServer
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe67d946f8,0x7ffe67d94708,0x7ffe67d94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15775643174159050636,7877840728011967952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.id | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| HK | 193.84.85.178:443 | s.id | tcp |
| HK | 193.84.85.178:443 | s.id | tcp |
| HK | 193.84.85.178:443 | s.id | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.85.84.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblgox.com | udp |
| NL | 91.215.40.22:443 | www.roblgox.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.190.18.2.in-addr.arpa | udp |
| NL | 91.215.40.22:443 | inju.cc | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 132.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| IE | 18.66.171.56:443 | images.rbxcdn.com | tcp |
| IE | 18.66.171.56:443 | images.rbxcdn.com | tcp |
| IE | 18.66.171.56:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| IE | 18.66.171.56:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| IE | 3.162.140.85:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | 56.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.inju.cc | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| GB | 128.116.119.4:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | 88.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube-nocookie.com | udp |
| GB | 142.250.179.238:443 | www.youtube-nocookie.com | tcp |
| GB | 142.250.179.238:443 | www.youtube-nocookie.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 2.22.144.23:443 | apis.rbxcdn.com | tcp |
| GB | 2.22.144.23:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 23.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_4392_QTECKHRXLGSUAWQE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ebb36f36-b903-4afa-90d2-78083cf240fd.tmp
| MD5 | 1b3e2f9a861ed137eab09f92676948b2 |
| SHA1 | 6f88268847ecfcc7462cdc8a7ed6cdce041cde53 |
| SHA256 | 8aa2ce91d325c367e8c7c78797f7ade26ae4cff402406207399ad6082c3e25e2 |
| SHA512 | 0c7db228194107d52dfdff14b2f4736348a07d8987273ecc3b3494fcda5a8318575332d8e8314bcaa903f05f6e7ad58dddb79a04ebba6484b228fff9231bbcee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 884f4cd17f613ce42138b765da3e110f |
| SHA1 | a313c369e8d1008834cc42bf33f488c1002f5239 |
| SHA256 | d0f2178de83f9863502afa6556b0244a7082b20c40d308e812ec9cf885eb1c3c |
| SHA512 | bfb7f8e1b07757dec0ffbef7d2fd1b17adbbbe91f157171f29d89ddfedfe9d505b99ba34158c56a02e1b3d0b17c018269d4e3921c7aa5c826b0a0ed14938de74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 660de7624e40cdbfdded7f89b230a6e5 |
| SHA1 | 74b93c670ec82a6754bb9eca9b21f3e14683c4b6 |
| SHA256 | 4047d7e7f07ad186f580271863e512b8067cf664fe8293122a8822861a7ef14c |
| SHA512 | b7010578960f88dc93f20316c61f61cfd5628f4221a6b399a7fbb7ee88f6d284d482c76b76abb3f20f0aa30518d24a960fb86f867f86f5e15864ee5a2b2dadb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 343859b4ad03856a60d076c8cd8f22c3 |
| SHA1 | 7954a27de3329b4c5eefd4bdcb8450823881aad6 |
| SHA256 | 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f |
| SHA512 | 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | e8ec40477715135c24afd003d4c8a340 |
| SHA1 | 1101fd6ac0c786a1efb0803d5abfb61383955cb0 |
| SHA256 | 510ae5cdf555795e72a0ae274af0e17bc4a8214cdf15c297796cfe03a1092204 |
| SHA512 | 73ddef79563c9c30dd4ce9e42dd6079839afeb7e9aace2f52da7fa6b2dcfd5f89a9ea59c0f28d69f1c91c569450e901c13a94a0a926c1f1271675fdac8308c29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02f0c3aa1da9ba52e133f933a5521b78 |
| SHA1 | 3160172ae433f233cbe9dce86a40c54dc53d448c |
| SHA256 | 6abcbe03d05808204074d6cba56b1119af2d51a659b82e7050ce92dd40590fe0 |
| SHA512 | 9f475218ec79e6f51e9d64b7406ca8c00136a9b7be0d199892dd3458b2c21bfa7c0ad381950b57afc6f5d5738cacb8fce80e42b26447606fc3e6d5e9af9424c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 61cd01df08ef0e5f40cbcf253162cfb6 |
| SHA1 | 67a8be01dce9ddcc05e7c08727b65bd4ee5b2410 |
| SHA256 | cb008544483d07cd655a74d043b4e926ec32a5ec0101e379bd4ddb6fd0226efa |
| SHA512 | 2edd93873521c57bd2aad6e5a8f4e1131df87f464c2617752693b8560890ed7b2d6b62e0b9b85dbf60f71b418f545615e8cde38920ae423e98dd8f0f388b719e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe84.TMP
| MD5 | d24521a161e19ec7f8c974c6700506ff |
| SHA1 | 72f7199f226207ba1ded2b2a4fd24f166168aa92 |
| SHA256 | 51ddb7115f6a32ec3500c1eca56e0dc5038a2d466207ad44e5af033212d71b90 |
| SHA512 | feee31e0018764a634d24b1b9b7a4cbda8f0ae46545cc23413a2573102966a6d18e2b26fd8b2d92c6a37eaa7fb2f5f9729e7a8a51bdbdd0c392869c4edcfdcd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 54f7edd1e78b27cca72e0de206ff1d8c |
| SHA1 | 16a55a50be368df08354d9c126551355cb5147ae |
| SHA256 | 83570283f3bd2ac4954a0b53460d15c8f86393e95163062ba4a1caa0072a8d56 |
| SHA512 | 91db5c1e3e812dd935b9894fc85c87b08c917f8f7a6f6aa5d18ccee0bdcebd52b16511ffb376873c408ad2f07a66c94ac17f541975043dd782acc222405f5578 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1cfc0f99021396ace2e13a1f7d74892c |
| SHA1 | 5047f598ab93f37ea241a928d619206ead81e619 |
| SHA256 | 184a9bbbdc60833d9a047963394e2748f8ee489a7dfdf0caac47b72e34657750 |
| SHA512 | 30e69105f349801498276976202e57f89a0adc37ec9500d31f85111a808cedeeb12e185cd68a38cc17d02fc40314d68a5c2babdbc470ba22c428b2be208c4432 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 390d8fbf7f45b40d283f2a7359154f08 |
| SHA1 | f5cdec2d1ec567989bdb5d4f44fda622aac07e16 |
| SHA256 | df8a47c969cde2f383d324bd0cf218a17c8e7e52ad1c54c0604dbecf8e7330b0 |
| SHA512 | 8347943099d08ea6bd27194ec5bd64440a84064e2332b82d295f9e8c264ad52dc5125e9607153c4f764dcc7abf075259a6b18360f42334c0ad7d56385da919af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ad5eae6273dff331d5d2f84db1b8f79 |
| SHA1 | 15a9baad172b7091293319551ed548d398d7a59b |
| SHA256 | cb9556ca225a7783c5f4fe8cb52db4f0851aa91bd11196c393c9a890d9e825da |
| SHA512 | 5792e0ca06f60d3a826b37c827853a518fd9ec4ea50425bbcc3e2b1451e970c777db3c738caa2ac395b33a96958afd8728710b7bf6177aede8d2a670d0331e45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
| MD5 | 8dff9fa1c024d95a15d60ab639395548 |
| SHA1 | 9a2eb2a8704f481004cfc0e16885a70036d846d0 |
| SHA256 | bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb |
| SHA512 | 23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 75834b6b0cd595f4eea273ef0bbf8e80 |
| SHA1 | 7b55405808acf0f146bac91aadb15db9caa5903b |
| SHA256 | fa0fcf3210fd094490a693279eadf9bf7f4d9244e92e5d5bd0ed590b6f13367c |
| SHA512 | c798c33ab4d9e5e2fd92a02e6cf0194e3778ccee064637079612a8693e93c967344cb84b14bb1124080f8677359a7cf1d26f65edb7e96b78f8cab623919b4a56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ff87ed2208f78371d37bf59e737cc423 |
| SHA1 | e2f4e965cfe25db457d3142772790df3c5bbe617 |
| SHA256 | ace0619adf2ca43255189456ebe711089f1860425b8ebf5cbbb712df861f1a32 |
| SHA512 | b2172664007ab8398c213ceac7c404a048446cc45fb919f767b76b97e587fb6c4cc31315a403c70dfcf038145dcff8e2ed01a020eac3ca1db3d1be269db613bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f23d4a6e6cc77a23f0c48f777fb6899b |
| SHA1 | efd6dac626bc669cb0c5b2491b75f598148a90d9 |
| SHA256 | 28252fcb139f2152a359eb96f26116183e43ded52804f9d00c71f4c3d88605fe |
| SHA512 | dae6717771650621067263141d39cbac5aaed0df2f778c491a8854af326a8b854b4d9247cea8e46b7f7db8115320fcf257f0a1300ee8759b7ca65acfc8b27f80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4f88c2628f9e4a2d30b6dc15e78fd02a |
| SHA1 | df2bda207b2191ac16ff0c7aefe143173b4f0401 |
| SHA256 | 252c9920fec918fccf5e3cbdd7b501a69e632b7020ee14beff617c85053b29f6 |
| SHA512 | fabd4ccd61e4cdaba1c21f7bbd5f4aa09748c4b6b66938c58d24893ea4ca2466be9a649536571fb1198e3c81a721ba46ada26e8cd2565f3a275b42307e8e6905 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e29c73d4f3a892343156b27231547cf |
| SHA1 | 2b658002b6734ab3b1e68fc32b1e6bb94d406d99 |
| SHA256 | b96fa3e38ddcc74b9af3ef1decedceb6d2ac866d6f88f3dce602b69932c73d7f |
| SHA512 | 7d653cc536e3a84126ef7484e11e7120b514276967133123f4dbbcd823c1622b43f261e209bb3dc151777d0d2587ebaa627f2c2a26e9c1915477e9bc23a5fac6 |