Analysis Overview
Threat Level: Known bad
The file https://is.gd/oJE2qG was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-08 22:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-08 22:05
Reported
2024-12-08 22:07
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/oJE2qG
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9da5d46f8,0x7ff9da5d4708,0x7ff9da5d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4580 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17732240025807690126,12990724821919726002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 172.67.83.132:443 | is.gd | tcp |
| US | 8.8.8.8:53 | roblqox.com | udp |
| DE | 5.252.33.158:443 | roblqox.com | tcp |
| DE | 5.252.33.158:443 | roblqox.com | tcp |
| US | 8.8.8.8:53 | 132.83.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t4.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t7.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t2.rbxcdn.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| FR | 13.249.9.31:443 | t4.rbxcdn.com | tcp |
| GB | 2.18.190.72:443 | t2.rbxcdn.com | tcp |
| FR | 3.165.113.28:443 | t7.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | create.inju.cc | udp |
| US | 8.8.8.8:53 | assetgame.com | udp |
| US | 3.140.13.188:443 | assetgame.com | tcp |
| US | 3.140.13.188:443 | assetgame.com | tcp |
| US | 18.119.154.66:443 | assetgame.com | tcp |
| US | 18.119.154.66:443 | assetgame.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| FR | 3.162.38.66:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | assetgame | udp |
| FR | 99.86.91.74:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | premiumfeatures.roblox.com | udp |
| US | 8.8.8.8:53 | 74.91.86.99.in-addr.arpa | udp |
| GB | 128.116.119.4:445 | ecsv2.roblox.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_1076_PLANCUEUQQHLJKIY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b59cc56a3e096e7bb62f88915de40ef |
| SHA1 | 50634627da648b89446b81583bf87c0a10739c0e |
| SHA256 | e513a7ae19e1789db44a14f8917f54db6882815adf0379e0c4aa337a04a679b1 |
| SHA512 | aa19f5a0283a0b5c5cc239790671134f8d292cca199f121fe9f86080a565860c02ca5f10ed7a130555ecc29766501fe446273ce8c18903da98f7215d7a7afc6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ed531303ed96a2141df50faf7a44d424 |
| SHA1 | a9df6f6303232e553dea5720e5b226b52fb988a1 |
| SHA256 | 16bd6fccb05e5a8fb489b97ae01ce494de1be21051f4602776a97aced9d6adbe |
| SHA512 | 538ebb22dc868300a234881b5f7e595849cf602936d425bc8c3be4815379ae9a2944ec8d2861f637c6ec9847d8d8d9c564fd627995a89fdf59dc4c700568adb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91820c70062d56edb8e8de1c8a30e100 |
| SHA1 | ce8ceb32dc8171c5c9b44a21c6f2a006c5cc57fa |
| SHA256 | e5b75ab561b58e86db35915deabea3f6b6bc9520ca0d45f1de05c6cd968de99b |
| SHA512 | 0fbe0c221ba452a19b7e4efae9f8caa7089689750c76de4f65de76d7a7f55c4b885f9a1afc3f69f8d88bd8e508c77aeaf99019e2c2727f5b9786af686523b275 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ae95b57fcd79a132becf312ac255b10e |
| SHA1 | 5837292b5ddc291e40421bab899ec4ee19e18389 |
| SHA256 | 3fe009eab6edc953f295da4e4cc3828ecf540777fc08a1067a01ff1d7cbcc1d7 |
| SHA512 | 5f5f65b7eeb07d8bb00c65b0aa4558a933ce0dfb5f80802b0ffed38b83a15b2c8484d736ed719bcd8aff532743666f8cf80b743fcb4f87c83eb3bc2dcb881328 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa2f.TMP
| MD5 | 3e03a1e3a735d66ae8fd222dd7883f9c |
| SHA1 | 57a2eb6b615fbdd623c5e4bb6d09def471112bf2 |
| SHA256 | 2a3044aa3c8e9474b32f4c85bbbfddff34ca5cee47e4cf004969c4f718b7b864 |
| SHA512 | d0159550e7a2cbd59b91d9f7612ccd58b267a1c017f694c4585cf87ca89782568073cb45f9180aafa244427da516469b9c51b8f79e2b9496b8cb8e7f0e7af646 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 576ca58ea2e23ec7149ebde759eba611 |
| SHA1 | 2af0e9a95c48eb1666181c876e07b98a7fbe2219 |
| SHA256 | 8e008392bc8914f0705570affab0dcaf61ca6eb9dd5bfd87ebbeecd9484460af |
| SHA512 | dd59d4cfb01e9d54a502f3af27e93b1de9844e62a2266984ea2c7fd143835cfdba9ae643176330963f81301a9905ba68982cf161fec43d2b65f6d719fb31ab22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff476531daaffbc3abb8e8a03476ec58 |
| SHA1 | 5bc776e473cf87c76b4d28dd4d213399a0db60e9 |
| SHA256 | 8ee836648b70c74cfef743660cb3bc61b1949042fffbcc485404582dbc82acbb |
| SHA512 | c16916a4f71cb4c66830966c3417ab90c8803b9c9c84378dbdac88f3c97671efd60cede3d81ede212f13514aca5118cf236da55a16146cf93cd765dd895301ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7ed143044f95ac80266d004ea25d8fbd |
| SHA1 | 5bd00a72b02394f48cc09f53f02067197d6eba01 |
| SHA256 | 740a6f71bc0b360d721883018547cdeb47eecf1099b1098b52c7443c573a666b |
| SHA512 | 33ce0028713a7eb7056e3ea9606f3ea37a2330fcbb693f43fbb2bc307f5f113e8931d6328128b16fe103d8246c761a3fb279ebbb1cf439323dc3cf3f961e7b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 14e08b6deab7b9c011db4d682bf00265 |
| SHA1 | 2331a95a7a41e0e6fbed892caec2bb8c6e9e3ceb |
| SHA256 | 9ea20045e0471ded71d4760eae6be286a4a198ca12bf89338ce7c13b42c3a764 |
| SHA512 | acbf192071bdca7724b68384b7ab13cfe8af0ee8432585576e9afda4375e6a27ec3110584e2600797a9794f7683c67221dfa5003c4d5c6e3820690f9c92bee25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d162ad9060d61026d32997410d337ee |
| SHA1 | 97b403300a09e624eb7eb5575d63530c406b9f50 |
| SHA256 | c6978f04053516851ac5e3b7c97c89bdedadf58a2696a94c4125e1d822d0adf7 |
| SHA512 | b4e05fbe952f663ee159d18dbffe3a1ecc23eeb56f2e6cf5b5f8e14d5df689b70010089e019f4f19206aac22ec50f950b4857e48202bfd64eb0ef7d3dc1c1634 |