Analysis Overview
Threat Level: Known bad
The file https://pub-7bdbaacfdae14b8484f95c33c3e9b2c7.r2.dev/pub-secure4f3d2e8b1.r2.devauto-autopbanevblhs.htm#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-07 15:29
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-07 15:29
Reported
2023-11-07 15:32
Platform
win10v2004-20231023-en
Max time kernel
148s
Max time network
157s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pub-7bdbaacfdae14b8484f95c33c3e9b2c7.r2.dev/pub-secure4f3d2e8b1.r2.devauto-autopbanevblhs.htm#[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee5ec46f8,0x7ffee5ec4708,0x7ffee5ec4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15404289764639786929,10519628094684080323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub-7bdbaacfdae14b8484f95c33c3e9b2c7.r2.dev | udp |
| US | 104.18.2.35:443 | pub-7bdbaacfdae14b8484f95c33c3e9b2c7.r2.dev | tcp |
| US | 104.18.2.35:443 | pub-7bdbaacfdae14b8484f95c33c3e9b2c7.r2.dev | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 84.53.175.19:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 35.2.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | res.cloudinary.com | udp |
| NL | 142.250.179.138:443 | ajax.googleapis.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| NL | 104.85.4.40:443 | res.cloudinary.com | tcp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.4.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 172.64.130.9:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.130.9:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 9.130.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 44.194.51.130:443 | image.thum.io | tcp |
| US | 18.239.36.50:443 | logo.clearbit.com | tcp |
| US | 8.8.8.8:53 | 50.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.51.194.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84df16093540d8d88a327b849dd35f8c |
| SHA1 | c6207d32a8e44863142213697984de5e238ce644 |
| SHA256 | 220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c |
| SHA512 | 3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098 |
\??\pipe\LOCAL\crashpad_1980_NJLZOMYYAARIJWQL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4045efb17468479b514166876febcb0f |
| SHA1 | c8eeb67b2e9d2340af7ba24f6720af14cb581fe5 |
| SHA256 | 83b1702dbd47bba6d8727d41bf36515353cdb27a742b1962a6c344468c2c11a1 |
| SHA512 | 3b1fc2c41070574f6dc9d611e37a0dd7f5da8e399a0da8600ecb445fcc007561efa22a362e876102d515be12151aa8b9980a2296d379108f0d2cb4a4ab897dda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0e74020790d55cfa167b9c1f28771dbf |
| SHA1 | ae06c316b0fc4444f6b7dd79cf3365e490ee3a2c |
| SHA256 | bcc34d604d1f806914eeba3aa610e87aa48cb135658cdd736d89e74fc0b697f1 |
| SHA512 | 0ddef0a22122f16b049c42265fd175ab9237ef51087720cf5a3e1d04b837221659237f166ae260cabc05bb411bdbf71ad4c3fe5828e27893b51b501ede12dc0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 26869a39f1a72a75bcd363db42b2f93b |
| SHA1 | 6154a56cc0422cbfcb3e7e98ff28fd09cbc28571 |
| SHA256 | 16f9af458a37be41845afc9c0dd99c34b4ee54bfcc7e52dbf1de7fb0105188bc |
| SHA512 | d10ac9dd6c48ee3bad5731422af6f77414ccd3dd408b4f142e76bbd48bce07577b80485f175957211aa9f6d6c1269ca89ee37a8fd37c21294d24764aab2ff5b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 918ecd7940dcab6b9f4b8bdd4d3772b2 |
| SHA1 | 7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4 |
| SHA256 | 3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175 |
| SHA512 | c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bdf4327a02f4b63cc94e9613a2d5b941 |
| SHA1 | 7289b6c96d1186a42abf0403b11cc261247daf13 |
| SHA256 | 9cd4843db3c11a91e8f465909b1a928496e32fbc84b279ece604971b84bf01d6 |
| SHA512 | 0b99b090177caf6c4ff4a865d5257f4857ccc2bb70f1ab3ec54ee51ac6017943d05bcc62bf851c61e5cc9d92040390dbb181906ba4b32d50f7cf5df165e545f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f225b7f8e61a5be26f63bb00d0677e8c |
| SHA1 | b17004a6b6c6347925bef08d042a0b5f5de263a0 |
| SHA256 | 4eabcfb39aa657917df9391ca59e947219ef2a159cad6a140d7788fce1dcdeb4 |
| SHA512 | 522ce4a0a7b9da89aeece7010fdf2844921cbf93278e20fce5d14a6e0b263851eb3e8bfebcd27aab1249f14653f10836fe29f7a68ab71cfa7043f4879362b7da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5897a7.TMP
| MD5 | 010a3a4f060083c6d5d62260a7c8e365 |
| SHA1 | 8c466ecfa9cc5b37fea4a1871579328551487ff5 |
| SHA256 | e697c49deda8485977d506f660866aded42ca9c1b623771c04a2147f8d262f72 |
| SHA512 | 08aada47617172231eba9abf7a8dadd129e65774350d3837468d37af94cfde4cbc3801324e49fc984bf80be0ddb559ae14ef60bfec335b54695f1e376f934c1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7822fa1d84058c15e68ca580ceec6c4a |
| SHA1 | 4fc29d71f6577648125491ff678e1af7c1196b35 |
| SHA256 | 04f7a874db11866a11c0d6713beee113f89b88b69de81d24214a86364d883811 |
| SHA512 | 42825aaece36f444ed85363e67661760c72c1ee4e0b5d5eab67618e93b3f459ccc82035edcbcde8005c86e6944ab2048f9f164dcd4acddf2d49cf5a0349b0748 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1374797f1f0d77dc061eec62af4f19e0 |
| SHA1 | efcea734ec99734f48de8694ff15aa92d2507f81 |
| SHA256 | f0fd592ce664b3c267316306a4219a317c3fcf13e6e966e6088b679b7a356d96 |
| SHA512 | 96330b882ffb6d312a38a1b6c50abd8b9736953fe3849ca26c661bca26adbd6131180731e871b5b1768d5d07a99cbb209762478a616d88cefa19a3e1aac021ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e045626d8be8761a620bd6506765c775 |
| SHA1 | f6055c26ae4c688ce946f05bd6774c1e71134e64 |
| SHA256 | c5cb02320e043b26c511f20264ba8d852aaf1f79b9b27f047d53c7b28d060e1e |
| SHA512 | 6df993c0d8c03995e2cde8cdd165119f79a78326f364888561a91683c3dd67eccc51f67922b99c8e97fc70b9e896765df14a72c91129a7b0ac74daf1888d3b22 |