Analysis Overview
Threat Level: Known bad
The file https://s.id/FishcPrivateServer was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-29 06:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-29 06:22
Reported
2024-11-29 06:24
Platform
win10v2004-20241007-en
Max time kernel
132s
Max time network
133s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://s.id/FishcPrivateServer
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b18146f8,0x7ff9b1814708,0x7ff9b1814718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17568045543332004056,5636131490381709071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.id | udp |
| HK | 193.84.85.178:443 | s.id | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.85.84.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblgox.com | udp |
| NL | 91.215.40.22:443 | www.roblgox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| NL | 91.215.40.22:443 | inju.cc | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 22.40.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | api.inju.cc | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| NL | 91.215.40.22:443 | api.inju.cc | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube-nocookie.com | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.213.14:443 | www.youtube-nocookie.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.14:443 | www.youtube-nocookie.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 216.58.213.14:443 | www.youtube-nocookie.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_1792_OMDFVGOINVSFKBXI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3dc7dcec4f9ab8699659a368614905de |
| SHA1 | f1d95ff887e165422d7308c43337a3382c8abcd9 |
| SHA256 | 6655fbab3a2c987edd65c41fdb496b0a21a85cf59f979406df9f0f08561af6c0 |
| SHA512 | 0a65edbc422f1f4aff09938e3be96dda1980c41e9bd491eaec85a499b96b20c9904e2d3218d4ff8b98dbe34a2a7abd8998cdb0e6b991e98200783983acbfe6c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 13aa9b8d855b106e8cfd428671850a9e |
| SHA1 | 1a3a1ce5d31a875a8016425ddfd36da83f3d0fa9 |
| SHA256 | 68123a79cc2a148f2fe78d342bc032f2f7dc17ba5d9a9e945404535cb5b5d3bf |
| SHA512 | f6e9d63a691b620655331031f70952d182421ae84d435e4f372e1dd1bcb91f505ae38611ebbf1e802d4056d2ed18f4c9e709893d74cafa9a80b142ae09967731 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 343859b4ad03856a60d076c8cd8f22c3 |
| SHA1 | 7954a27de3329b4c5eefd4bdcb8450823881aad6 |
| SHA256 | 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f |
| SHA512 | 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 687a68fec6c7d9baa648f2dcd3f4d355 |
| SHA1 | 3e83800f6e490af6842f02b0fbf716e171819c03 |
| SHA256 | a61cf70e4f5152ee1e9801e1a5dc0966f3bb9aab51dbda40d879a2bcf7b8971f |
| SHA512 | 74c8dadba550a4b250691c89ec38bc64ad761f3b235b116b358e3257250e63363e378e3fcd640e612890e746335bcf9c216caa6e3370b45b16fc6ee786b370cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75781759faabe60d2b274f6a9b1da762 |
| SHA1 | 26a15ca7d86e099c1cf58e3e17c1ed7067d9fbfa |
| SHA256 | 841c237cb9442cd4dd441f499e803a9b7a71b4a19416b9ca72e61f2860c3a63a |
| SHA512 | 9293d9e6160df4ce4041771844c049fb8f70049d6bde5828b26e51da5759e04da48692ef1fb66f05ad5acf3643b0857eb741287bd94db2d38f09be78c6aec50b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1d4.TMP
| MD5 | 233dfb73f6dadc6681ea697bda88d2aa |
| SHA1 | 68657d31c234bab6c95d3d135e2967b17ef1af95 |
| SHA256 | 9be213e90577612ee9ac2270693f0d18f2db9ca3ea24500cca160cde2eb9b265 |
| SHA512 | e207d81c4718d14d4fb949b3e041daba24c0f6670cb16efe57a818fe6bdbd3064fc2c347178b79a0bdc7658ca1ddeb7cd21c13d93a3a1510cb6a135433ad8048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eaab0a8ae70070f2de8086aa4351c838 |
| SHA1 | 5e437671c22401b073870d73e04a39bad9f561fe |
| SHA256 | 2caca74be94b41ed07e8a0d976acfd0f696ffef6c5a3af2a6b8133aa50af8b75 |
| SHA512 | d80c962970f23b00ea36fc452f5b94b46dde56bff6c57caebcf9a673b84fa388ed5a7baa2341b756d61a708ac732686ee0ec6d275a3a1a581805204d831e3d02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f69e9108eb630c42f58462848332dc2f |
| SHA1 | 7de3bb8527bdb0b00d960136cfc8387e7d36fcd0 |
| SHA256 | 723d8ab29ca3dc188f019a2d123bc02c42aec14ace5546a0c977f4cc208974f8 |
| SHA512 | 09d2fa3043f50d69d829cbebf5e14728e50c57a432c9e84bf842adea78378bacc200532ed1ac82ea653318b45e5e3eee1e828cbeb31d29cad43b69105826eded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b3a9fd5f28b06c3ae9a208299172086 |
| SHA1 | 156dd0c568a2d2387738945503f3fd9eba20ac6a |
| SHA256 | 5f943a8c5e439be2e31238ab6cc2a2ecd0f537cd7118958d1a6a3b1a464a524f |
| SHA512 | 9916727375235595d768ce3208f4d19d8907d25ff6aa0847cea88b83a907d97ff02555e746847b72526f9f6c19cb2ae5df4dc144b83fd6d328f14cbb095d0b5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4fc297c4b81f56f4535bfaa7bc7d8f20 |
| SHA1 | b1539217e774b6f718a23cfd90f4def3f2ddd23c |
| SHA256 | 58cc7f217a5a45bfd5804ee2afc67479b3489bdf129931c7f4d80066af95c6e2 |
| SHA512 | d472b20636c157349ded45e39a20ab3b15f7d9bc562bdbd0d201289cf06140686dccd1304e1aaf680fb36bcb75776bf92f81d41af541f81ef13c994bf8281369 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 10fc8c8774d402d1883c278a14bad742 |
| SHA1 | 0626d6e3d5d7b0d22ee60938a6674deaad37aae6 |
| SHA256 | b1d6929ec891f39f10ebc60d74564b4e635cde320175c915155c8404934add9d |
| SHA512 | eb932753021f87f786d96cbfd20fc78d0596f636421e3545a44729e16ae662167d7cd87a9dfe7d90b58a12bf34cd28ad2d2e4e80daac28de77d0cadc2fcc4752 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5815ff67e236faf88356814844cb5e55 |
| SHA1 | cc10a66d3f19474f7b3fc667f7c54cc055c1934d |
| SHA256 | 487a01ba0d48be31414d1779b5d0612604f7ad9be1b9b85a6c58b810139af4b2 |
| SHA512 | 9658dd9a02d4affc48daf0ae55539fbb118866fe40e367ea7fd90dde6e9a1b9a27dbd115001ed87f31e4245f3b35db6cb11151a0eb6a5b16571127edd22f3f91 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01ea538809019a6d3d2442bd16723a75 |
| SHA1 | 9a43a92cf82db2af99ccbceaac098e5ae2e47d52 |
| SHA256 | 44eb2d53fb2c77c3a75e1ea6c0295945bf691878b8380265e0bef78c3a7e4ee7 |
| SHA512 | 94d43f361dff49d786fc926c0e4f49a2e35dd599d443e5a349cdd7c128ac69c36e239da1d00f8317102cb4e3cd36612c2b74f126f1a7d71184ec6388e2b9d137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 752072cd9b1ae0128216f1c08accdb79 |
| SHA1 | a96cd1107b0b25dc6e72841435150bbf1b7927d0 |
| SHA256 | a32a20f4bc858fd16ce31c915b0b5e320da8b5d1e7cbbc4ee2e83c9928928fb8 |
| SHA512 | 8cefe38db7e6dc5773aa865dc8a554696f27342ca37eea69cc833f75c4c7c35ae4cccf89019510e69b30894c092cc0c280debddfea5d9304c8224b347a755017 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblgox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9184ec7725e6bc268bc5733e8629b984 |
| SHA1 | ef2b01671f998e165686ac222a1328541fca21ad |
| SHA256 | 5ed8c0d0244b09aa7f5f0212a741eafecbbefabe68b5edcb36aac199c346525c |
| SHA512 | 69866cb068abc9942d5cdbbf41798ce8e704d9343c55a99749cc3358ae42e2733ee12858778ea22e88c945dd4a1a623c43d45cadcbe8eb4741739de56eb52754 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c332a7f8a358e57109bd5c15a53a5f97 |
| SHA1 | e809bf8147a9eb4028634d3e3a916648a84dea1d |
| SHA256 | 7911a7b4dafbb05f826f331a881fe71d2ee5809b420fe97f0b4e6a02a14e2556 |
| SHA512 | bbcd0b20a7a0d914b1b17ad8a3e78819fbcdc8935385633e703c2d2bde02470cd12bc2dbfd793daafcb8f249e962583e99b31902aa37e11f0530f54841805fb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0fe95f64a45ba859b97764702a2fc5b2 |
| SHA1 | 2c895b23bb0c36545793273266612ed0f53fbcd1 |
| SHA256 | 0d6906ff3c825cdb4cde19b7f7530a82da4abf9f12fc3ee95ee3fdcba0c772b0 |
| SHA512 | 0745bd713b19f24ede15c4a56dfac4b98338f5ec3d45b015ef2c5ddf0b5500433d16178e30c9f45e33557d9075de02debf7e68f56ae139f9c6b455be0622c257 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c827cbd482b1cb593a1353dd6ad6240 |
| SHA1 | b571f6ddb1d8f07b2e8387acf37d5086095ddd4a |
| SHA256 | 81d11a0db28e43fdeae6b7b889376709a469073f7a1348999f7e76bea04e8688 |
| SHA512 | 3c3777e390fe74b6015f7e8b51547d577d2441061afa3906b0cdfd25834cbf718fcf11990dc915d5ec66f2a9475ced96be81c824af7579b0cafeabf69460e3d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 452e0b36aaac089173a4ff96729e4dff |
| SHA1 | 3a89bfc47bdeefb3a1505184b5307a6651303a11 |
| SHA256 | f00548ac2194846f5257d6318bde8e69fec6dda2111d425f860c7bc371f84d33 |
| SHA512 | e6e558a0654706afec89f5b88fdcf21180f4d23932da7be04190da37fda3724d1c58b80fac36aae32a26d42933c446367165a798a81248d7501dc8c700337f03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 40c8578966442117d1391c996a6751a9 |
| SHA1 | 1fb3e2fe7d15c93f51003a89ade18df6ffa8a223 |
| SHA256 | 0c0983bfe783f762a286c4a1ec407eec44d41d2d74d05cd4fe4ecc2db2c40b53 |
| SHA512 | 5774fd5204a6c784f63f37c25b71b01cdcb9e7e7bbfe8f1f5ec48bfd6977d4716d51b793b328dde0bd345675ce607fe32ca5a92e84192a083ead0485b7c07104 |