Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://www.governmentjobs.com/careers/houston/jobs/4540060/environmental-investigator-iv-rc?keywords=environ&pagetype=jobOpportunitiesJobs was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:56
Reported
2024-06-13 21:59
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.governmentjobs.com/careers/houston/jobs/4540060/environmental-investigator-iv-rc?keywords=environ&pagetype=jobOpportunitiesJobs
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb621646f8,0x7ffb62164708,0x7ffb62164718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7128257679724976054,11987431840737716913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.governmentjobs.com | udp |
| US | 162.246.160.80:443 | www.governmentjobs.com | tcp |
| US | 8.8.8.8:53 | 80.160.246.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chat.governmentjobs.com | udp |
| US | 76.76.21.123:443 | chat.governmentjobs.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 123.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| SE | 184.31.15.40:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | cdn.neogov.com | udp |
| US | 162.246.160.121:443 | cdn.neogov.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.chatbase.co | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | jsv3.recruitics.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 76.76.21.22:443 | www.chatbase.co | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| DE | 18.158.190.142:443 | jsv3.recruitics.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 162.246.160.121:443 | cdn.neogov.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| SE | 184.31.15.40:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | backend.chatbase.co | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.190.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.160.246.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 172.64.149.149:443 | backend.chatbase.co | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| SE | 184.31.15.57:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure.neogov.com | udp |
| US | 162.246.160.110:443 | secure.neogov.com | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.160.246.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| FR | 52.222.169.46:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 54.74.6.207:443 | l.sharethis.com | tcp |
| US | 3.165.136.126:443 | buttons-config.sharethis.com | tcp |
| US | 8.8.8.8:53 | 46.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.6.74.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.136.165.3.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4819fbc4513c82d92618f50a379ee232 |
| SHA1 | ab618827ff269655283bf771fc957c8798ab51ee |
| SHA256 | 05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c |
| SHA512 | bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b |
\??\pipe\LOCAL\crashpad_2164_XQRWDPVDVDGFYSVU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 257c0005d0c4d0bb282cb470925e4376 |
| SHA1 | f9b8efb511ed64292568977c9f2ec255509e8f7d |
| SHA256 | 8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22 |
| SHA512 | 2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b346f672036f3eadfa392105d73ed175 |
| SHA1 | dc57d7d17239c9af508e77eda4fbc2034cf6cc90 |
| SHA256 | 5064e43116b3f9c7ec8440cc182026f85a55b60af7d2276b9bef6ac7217ac77a |
| SHA512 | 15c2d764dd5706914b4dbc263301df5af5614ce5f99bcf1868292ed9a3a3b90c499d0efae0e168a52d7dbb44e91b8746fb00e3639fc8ca5aa1d446c027d8542e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 44fc4cc525a40cf4fe9fbef26726aa59 |
| SHA1 | 69e162688eb52088c0b4d4e30eec73fb9f7df1bd |
| SHA256 | b242d4e378cf4d6a3576526f12236aa365ac7e1e26b9a1f398cde031b5e0309d |
| SHA512 | a777c8e9c4678fa65360e4287da5a749a282b96bdc6ddf98ed8d652676cfd1e0695162c1890bf5a219fa202c0451a08d8e3feaebf872a7debf67e6cb4bf47089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a8f4225df2c8209c818ebcb506b0599 |
| SHA1 | 87f6ccf0de91aee012324c5d0f8602176f3eee99 |
| SHA256 | b96c31fd25dc9aed1bc1c70d48301743f7cac7648ef5dd83da849ca8ae4d683c |
| SHA512 | 448c985ac04c8c7fefe25c14d5f6efc2a5ca0aa26095e656bd455cb9739c60af32ea96d62f7045d970a02c4a20e29719cdb0f6bf9dc1a2e60390e55dee5985d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 95cd1581c30a5c26f698a8210bcab430 |
| SHA1 | 5e8e551a47dd682ec51a7d6808fe8e0f2af39e86 |
| SHA256 | d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9 |
| SHA512 | e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d694bf0b08b6e1ada28f18308a4f131 |
| SHA1 | 35589d89569ac54d259d81a24ed441ea7bd6fb7a |
| SHA256 | 3ab01a419714d5d2bd593c44ed6f9cd420bc09c232fddb529335dfc4a7e927a2 |
| SHA512 | 89fa559527ec3679f48146a54e84f7ae5d58da4ee3ad5594b781bf78b3ea2a4d6817b4387c03f6709be83dd1eca4e9ef813e58a8bc8e2ad467c699dd55127f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90be7fad83c3faed5bb867619072c45f |
| SHA1 | 5ef5261bb98edd023a74a9f87bf18d162cc88617 |
| SHA256 | 865708a95457625bff904fc6c9e51843270b4503b632dfdf132bf1352d9b95f4 |
| SHA512 | b880f52afa429eb7b360fefc214fd209eb436ea5b0d25bd4c15cc433dcb36325fc3083a25eff80043a0db033fb5d82994d556190b2fc6401ed8386a406324cc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6af513f66c05f28511c56126c754b822 |
| SHA1 | bfed949c26962ffc0f52f8f8af4220a77fe7f6ab |
| SHA256 | 77c491d53fb3901db74496962b16d9d89c3e94024d18470200f48f9d9921014c |
| SHA512 | 7d3240f1a7262b26ac786029686f0df5b85e02e53d20d4b51fccdff139f4ea1bb69efc3c5b4c2b6de48cb63dafc4e8106a1b0c4776e8e0de59d58f229dadbec3 |