Analysis Overview
Threat Level: Likely benign
The file https://emea.dcv.ms/K1iS0tpuc7 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Detected phishing page
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 13:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 13:49
Reported
2024-05-07 13:51
Platform
win10v2004-20240419-en
Max time kernel
86s
Max time network
86s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Detected phishing page
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://emea.dcv.ms/K1iS0tpuc7
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffc2af246f8,0x7ffc2af24708,0x7ffc2af24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12195868374532135812,13534813376481886321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | emea.dcv.ms | udp |
| US | 13.107.246.64:443 | emea.dcv.ms | tcp |
| US | 8.8.8.8:53 | customervoice.microsoft.com | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 13.107.253.40:443 | customervoice.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.forms.office.net | udp |
| SE | 92.123.135.140:443 | cdn.forms.office.net | tcp |
| SE | 92.123.135.140:443 | cdn.forms.office.net | tcp |
| SE | 92.123.135.140:443 | cdn.forms.office.net | tcp |
| SE | 92.123.135.140:443 | cdn.forms.office.net | tcp |
| SE | 92.123.135.140:443 | cdn.forms.office.net | tcp |
| SE | 92.123.135.140:443 | cdn.forms.office.net | tcp |
| US | 8.8.8.8:53 | csp.microsoft.com | udp |
| US | 13.107.246.64:443 | csp.microsoft.com | tcp |
| US | 8.8.8.8:53 | c1.microsoft.com | udp |
| IE | 68.219.88.97:443 | c1.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 40.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lists.office.com | udp |
| IE | 52.109.76.45:443 | lists.office.com | tcp |
| IE | 52.109.76.45:443 | lists.office.com | tcp |
| IE | 52.109.76.45:443 | lists.office.com | tcp |
| US | 8.8.8.8:53 | 45.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | eu-mobile.events.data.microsoft.com | udp |
| IE | 20.50.73.13:443 | eu-mobile.events.data.microsoft.com | tcp |
| IE | 20.50.73.13:443 | eu-mobile.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | udp |
| NL | 185.108.115.39:443 | login.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | login.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | www.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | udp |
| NL | 185.108.115.39:443 | www.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | www.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | 39.115.108.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| NL | 185.108.115.39:443 | www.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | www.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | udp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.25:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 2.18.190.76:443 | identity.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | 76.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
| NL | 185.108.115.39:443 | ywnjb.fgvmaadxypkfwyczakndwzdk.dyndns-mail.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fbe1ce4d182aaffb80de94263be1dd35 |
| SHA1 | bc6c9827aa35a136a7d79be9e606ff359e2ac3ea |
| SHA256 | 0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51 |
| SHA512 | 3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f |
\??\pipe\LOCAL\crashpad_4244_DWYGGTUYBRORSJYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2a70f1bd4da893a67660d6432970788d |
| SHA1 | ddf4047e0d468f56ea0c0d8ff078a86a0bb62873 |
| SHA256 | c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561 |
| SHA512 | 26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1f9759cbca9fba9719fadeadd08cb4d |
| SHA1 | ff88401d268bbd440dcffc7350b08f26ba4e40d9 |
| SHA256 | 94344ca8ff5a4597b398af9594cdd5b50d7404c250f4d00f8e351533fda39c44 |
| SHA512 | 699959d2597e01dad6fc80cd732fa2741e65abf778bb44f034c551dc15764feb4afcc8670470ccf8674515c53700e2da3f40e2fb50ac2222840f6a7b8142ae3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f83f123b9700a83c327095e3f08902e6 |
| SHA1 | 52cb7c5fb3b18e6868701f9e5d534b0eb7237c4f |
| SHA256 | 706b897beb42cb9d5c76bf89804e0b5e6547f6f78ce6a6228da7c468411a2c81 |
| SHA512 | 2a7f108ce919964523899c9bdebad346f5d7d278448031d6871c8b774d6269b797ed40024dc4ad7381baa7370ef040901f660ca43bed969521ef00339432c574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a31a0427-c38e-41ad-9afe-c14bd85c6a66.tmp
| MD5 | bf9a75eedc42d307e352cbff8face231 |
| SHA1 | 8f79e5f1fcdb3ab8c8399041c72b34114312373d |
| SHA256 | f8da49e905594918bf3b1cbd7ae6ef676ba838bd6070a86e09fd32204df8f4d7 |
| SHA512 | d76631e54d207f6434d56dffeaf80ff87693ba364a95848be5eaaed0b4fc58e37dabefb9f2786f85fbb3b50d8040e21782215df0b01f117eb8de538c6d3ad5c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 878e7c8dbbecf8658e456c051afdaf6c |
| SHA1 | e6fcf7c122bc3c6aee370d580c613671022be547 |
| SHA256 | 3823b0fa211eea62d84f9d431d6e6c5e7aee4e669e0fac2ba695d0cfb0cc1150 |
| SHA512 | 4142ca9155607616800b4c88f2f1e1992c64afc6954403738d1103e4e32063e6e595f1b905b95fbc41feca0d8b03d42e5beea3c2e36209890a654fea63670605 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5788a8.TMP
| MD5 | 9ab340b2145e654f5b633a5255b86ae4 |
| SHA1 | 846280fd4a36beb82504c1804cb1af088ce9410b |
| SHA256 | cfb3944e7428be5adc4103ea836672ec4806237d68ebcc871655e6d0747a5c5a |
| SHA512 | f986d3e001d4ad653f9555cace370ef4f1fece42ef8d204ba937b458b02d1fcdda3444978429b333fcb73cb174ff6d549cd398f5f30bb7f912e976ef7736692e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf147a0c2789b25396edf30bc08993b9 |
| SHA1 | 5ed7aeb4ce281401e34f26a25521e1793d764630 |
| SHA256 | 717deefcc5bfb3e7f6bfa6078a46b6f98353e6ca10175ffa40b97c9bf9078485 |
| SHA512 | 0b1ecca76293427317e4656010473b664eeabbca69c7bab54baf25cfc40b6874f44a9b78704f35619af2b14eaed0c5fbc6061323cd2fc9c2ddeb59a96e0844da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5d3450fb3bd24be446804175a5acbb56 |
| SHA1 | 2123e1e96c4bc972bb7d97d389ad3949646e8844 |
| SHA256 | 6c07d08f409cd5e81f589c3741f2d56938104a1036ca3308b5c0cd9311d83b9a |
| SHA512 | ccf635516955cc0570996bce58904a38eaf6644b82261e0aff5511c428ccc0614ba730d7dec00b4d007ad22a416ae3a7127df3d4d6035ef46529dd4def3b9384 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 12e3dac858061d088023b2bd48e2fa96 |
| SHA1 | e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 |
| SHA256 | 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 |
| SHA512 | c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 656211d9a76bac600919c90942420204 |
| SHA1 | b8f12a890f1f0fdcc58b008b2ff35f95e92a4fef |
| SHA256 | 603f4ba8054778824e353f0ecdd302f07d7b4311dd8df133da0b4cec27f6aa0d |
| SHA512 | 4c73af8ae1f3f27af2bb41e279f67448ecf7f168657ebe3824fcbf182e32a02dad37006b6a5cb9a1a6319307dee04a09df6761e3acfb24b2f4652745df27f438 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 1e5b765b32c5f65973d835e9ee3ebf20 |
| SHA1 | 2ae4b7b8e6303dbb2424730062c2fb1d752219b5 |
| SHA256 | d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379 |
| SHA512 | 0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 208b2e5c9a4bbb655a8713a8398a35c9 |
| SHA1 | 99045b36400505f0362a0977ae8f25f47f0e0f94 |
| SHA256 | c23803951ca20e43bde28c53ea69372509fcd5150703fb34863772fb3df522da |
| SHA512 | 3f893fb239453dc394aca2dbdec57cdb45e9529845298f845c382b212ec222eb31a1ebbbd8b6814af9758617e820bbe56f54bc6068e0b1a7774eca0688ffbb6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f55d90a51e19b436b315e78dd48465a |
| SHA1 | f227f4b599bdf2fd9892eca9207e7a7208255d74 |
| SHA256 | 078594db1e94657f4630e88df116f5124684fa0d9d2da7312e5e529dcaa8602e |
| SHA512 | be4c99e07de04e3dafe2ced56e7aac3d243199b05913fc752407145571464b2f0431063a3198454038b1b9f8452cf23829e41a73c32651bcce0ab6a805bf8417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50adaf81-f635-4454-88bd-6aa7767c01f3.tmp
| MD5 | 3b467fe00b25ee3534e0222e20135215 |
| SHA1 | 1464d224e227173ac00a8b0ad7cd7da4a9cf21dd |
| SHA256 | f92afd72ec99ca10d303daccf51f9af595c4652b3fb3543f84d476cc58e35a51 |
| SHA512 | 6553bc15c511d889d507c272666d9b428e3808affe757640cfde026eb911f752bc04c36961cde88755d044954db1f624f9d4241aec30ea7ef970b16ea443ab44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 95afe2d1dd03c32ab36d27a914059685 |
| SHA1 | dddf42c446a989362c74a690e58e250a6b577260 |
| SHA256 | 7b92807881c2e1aa7ddb8acb49caa05a3b58f490d9f9fb80473ec3a2292f4254 |
| SHA512 | 7326c08c48b52717726672bc767a61a0bc6788e4a936cf3d2c146e56193b7882f398b8082f97d088f87f08d5b387fda444f910d97904d4b52285e1a0d91e61ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afe19ebf43bbd5f05b84ce00a889edc9 |
| SHA1 | 5d92db41a7ae5e0e88b73386ac10648ce8b259b3 |
| SHA256 | d5cba381364cf660a15431bcac315890471948e6762b39ed81695b140096a11c |
| SHA512 | 19368d0472ca20bbf96975fdde83ff02b51487c3699c3cddff232107d86a5c911361fa9126eac0c1dd492b0adf8041148c2b531421b578a66ad9eb92111239f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 51226bc69e6c872ea29a623376c6e68c |
| SHA1 | 08c648ad4ef2cc781e7c607523c2b3586c9b6feb |
| SHA256 | 0137aa13a6d8825dfed1c1389dfe4816780b8b1f924d116e89c36fcf31e129c9 |
| SHA512 | 03d837fb5c92cc05624f6712d81f1714a3dd38d3e208f7116380a1866b15f6f1611dcaa2d754d24d4793aa5e04990eb67fe147ca01481a6eca69acacdde7609b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5020ac60cf63c31b489d93f5412888dd |
| SHA1 | f45f5309f09c5104255d0b7e5323edfe9a8a1f51 |
| SHA256 | 911f25c024f357d260fb72fd39550e06e39b76795efdd2a09ba2829141f1b91a |
| SHA512 | 2925c235189e5e2384f3ae4e529509149ea589dbed6122b5cacfc73a14b011ee8c5c3e7c03be83f8c94ff8f843ab3882bcaa077b2ec635bb82696ce6df685ca0 |