Analysis Overview
Threat Level: Likely benign
The file https://go.microsoft.com/fwlink/?LinkId=550986 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-17 13:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 13:48
Reported
2024-06-17 13:50
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=550986
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc825c46f8,0x7ffc825c4708,0x7ffc825c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,2697023446437218977,6087330781499141430,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | krs.microsoft.com | udp |
| US | 13.107.253.64:443 | krs.microsoft.com | tcp |
| US | 8.8.8.8:53 | 7.6.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.6.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.52.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| FR | 23.57.4.240:443 | c.s-microsoft.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 240.4.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.186.110:443 | play.google.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | udp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| DE | 142.250.186.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 110.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| DE | 142.250.185.68:443 | www.google.com | tcp |
| DE | 142.250.185.68:443 | www.google.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 108.177.15.157:443 | stats.g.doubleclick.net | tcp |
| DE | 142.250.185.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 68.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | apps.apple.com | udp |
| FR | 23.212.224.4:443 | apps.apple.com | tcp |
| US | 8.8.8.8:53 | is2-ssl.mzstatic.com | udp |
| US | 8.8.8.8:53 | is1-ssl.mzstatic.com | udp |
| US | 8.8.8.8:53 | amp-api-edge.apps.apple.com | udp |
| US | 8.8.8.8:53 | js-cdn.music.apple.com | udp |
| US | 8.8.8.8:53 | 4.224.212.23.in-addr.arpa | udp |
| FR | 23.212.224.4:443 | is1-ssl.mzstatic.com | tcp |
| BE | 23.55.96.225:443 | www.apple.com | tcp |
| BE | 23.55.96.225:443 | www.apple.com | tcp |
| BE | 23.55.96.225:443 | www.apple.com | tcp |
| FR | 23.212.224.4:443 | is1-ssl.mzstatic.com | tcp |
| NL | 23.63.101.177:443 | amp-api-edge.apps.apple.com | tcp |
| US | 8.8.8.8:53 | is5-ssl.mzstatic.com | udp |
| BE | 104.68.88.90:443 | js-cdn.music.apple.com | tcp |
| BE | 104.68.88.90:443 | js-cdn.music.apple.com | tcp |
| US | 8.8.8.8:53 | is4-ssl.mzstatic.com | udp |
| FR | 23.212.224.4:443 | is4-ssl.mzstatic.com | tcp |
| US | 8.8.8.8:53 | is3-ssl.mzstatic.com | udp |
| FR | 23.212.224.4:443 | is3-ssl.mzstatic.com | tcp |
| FR | 23.212.224.4:443 | is3-ssl.mzstatic.com | tcp |
| US | 8.8.8.8:53 | 225.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.88.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| DE | 142.250.186.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_2032_QJBQKAEKSUWDFJKY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1294fca6-9122-4909-8098-a106c2d48db5.tmp
| MD5 | 6113bec56b9de0db7c79c828814fd4c2 |
| SHA1 | 8fa5ee1b45b99da8592fb714465cbccf5b345530 |
| SHA256 | 85edeb9e003ccf691353761216e220aed38b4d6c7db82468bdd6c22249a5d659 |
| SHA512 | deeb298aa56dee96360c850c515f01dc00a261e7a180afeb5dcf23ae55c7c3be0aa6272d7078e29e1be082a6b5306bfc5fc77f9409825e65a7cf91bb2d2c75f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74cdf498fd0d13d0f2cf80014b83f5b1 |
| SHA1 | 7563d8faa5036c44de747177b1721dd791806881 |
| SHA256 | aca977659498f790ab3ffe77ac182ddb801b61988193ea73a187fdf44cfd798a |
| SHA512 | 02b2c86bbb0c2db5843a1b85a08b0ae90a9694dc7864e4368b203e389ebfc3f34ff62ba08ba0649a379884447772a0b4a465e36d502bdc8c090635c64c42f0d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58868d770ebf7344558fc9cde4e5eb75 |
| SHA1 | 45ececb3269494487033d22385b97e95efb592df |
| SHA256 | d200b1076ddc12815c949af9843964f86da7db1fa820ca0b08e19f85dfe98a6e |
| SHA512 | 0d2e3fc6da61ff4da6f704d679c0f07eff8d469ce333ebcf4cd9db5d3873ab1f5a079f8031aa3cb689f947a05725df33e37f9d88d366697a9a32bc8779353387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 99916ce0720ed460e59d3fbd24d55be2 |
| SHA1 | d6bb9106eb65e3b84bfe03d872c931fb27f5a3db |
| SHA256 | 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf |
| SHA512 | 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3961ba261b8600ececca9e28ac99f9d8 |
| SHA1 | c17c2d21bbbc5920dd4cf4b5073d7b157b8f51b7 |
| SHA256 | 22dcc86be765b71c0c3cb136ec05fd1a679a7a375b24886925aba923698380ac |
| SHA512 | 503f7b565af20cef96d0ca365aa19bb80732310f469853f208fa8fc8acc372f65e6119d7fc733f64d663b123e7e18c6fcf848ee1e0259c09d398b109223f7501 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ca233cc8d0c5bcd74162c2dc0f4eda7 |
| SHA1 | e59d74c19e2998a0ac9a62d30315ee7267a350b2 |
| SHA256 | 1a6c6afe4d1925a64507e5ab6eddb62b9f9faac7c32c55ea95d2e3ff40f45dd7 |
| SHA512 | 6d40550665d51ceb751dc0abdcac279b02e7d454d8b0cf0f97a037d4054e2cfa7d28cb7c6769a57e526b637d3e77c480632c9d6e741b2e800bd1e5ce85cea1ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a2a8.TMP
| MD5 | a32a147d945698af73d465e2787451fd |
| SHA1 | f67c793db387de669063a4dd310000836fee6eff |
| SHA256 | 99e7c62d4d562be12467354d155d5aeebea54b149bfa8ed8ae9f14dcdb798779 |
| SHA512 | 05c5942692b5230d8a653cbda8eb0ac41784edb007522641b1f2293a4a1f51664ce7de7b455b3dbefc57f38c16d80bc1a31f6963d380e2c5e0dbd62cdf2f9ab9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | c654a623ad90bb3dcd769dbbac34d863 |
| SHA1 | 8719de38f17d8e4d73e2a5e4e867d63dd3965baa |
| SHA256 | deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432 |
| SHA512 | b7440cec44b71bcdbefcd878a860ee3cc0163dc0905dc688ebcbcd7c6f5cfdfc187ea0c2b6247a362ad462450c34020933df7825cf6ceaeb3138d65eb944abad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fb5d971eb000d4d9bb887a5646682cf |
| SHA1 | 665f669552aff96ae9594f4c476a5923e3e384e7 |
| SHA256 | e17f7949a5d126692b2a1f228f17a148bb96cb00662d38b5414dafbc9988c423 |
| SHA512 | 6a5e257311fd20a190ac942c66952c86da9ea0b35a199d8ed2770f79d29bd474b29ead961291b047924076f6d9da37196c9d771727ca5c79a802f7bdba18367e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a5ff6883e8eb63e1c197924efcfd6fd7 |
| SHA1 | 173a7a23302b76a57dfc5f997d182af3f2eb9663 |
| SHA256 | e841850413c695fb6e60cae09620a99de8c603a8571126ff981fb9f668971c66 |
| SHA512 | 9ca1b8c659221662cfa7ec92848affc5f62e463ef114024fb4961bf6e6d68b6231bca107a65b51a27b9108e10c044196efa96f9746e2a9b24422262aef5dc1e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a01932d9a5fed050d352fc5b37857bc3 |
| SHA1 | fbbd7e43333cd9b2e395563413a89084202f7be7 |
| SHA256 | 2cb15e8f9da6dd7e5468deb22335f0a8005613097cf837b8fd610df90895202f |
| SHA512 | 5657dc349c37bcab61b5fdd22855e2c04128e04f412b9f0b0875ab6298559f7495349b4f23ab35ecfb9616437e2d0c8cd438e8124ad1e02a34e826f0243072eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a574f1cc5c711eb2f48af34531b4e27 |
| SHA1 | a73c64432fe85e3b4f4f1fa1e4ba833d682e8578 |
| SHA256 | 49541f8cc4f9f0f0574c223ae5193e1095488ae00335b2af45c104b2e1335424 |
| SHA512 | e789f1245d3a71bb80ddeffa3bd8a95c247c9c6ebb45db19cc79d55ea902be23cba53aca0456ced73e18a09846118a88238cc98e32399f142e9cc23fef634798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 58134aeb285c2860e8427065b5ed1018 |
| SHA1 | 196d54bea1cb8c80ccc3470fbbad3b037c0b0811 |
| SHA256 | 57e91760c805174eae69044edf543c474862713e4b9cfa15dad67a6916259abd |
| SHA512 | f30dc7a260c13e3bca53079e650c25fbe6680265d2ed8f577f78b1719217728e7d2f26997c4525c9700b537c6f7cf4c885206da04d050e9044b682b4743da99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 93a389a5ff470897383a14f18e4ed01f |
| SHA1 | a7b58432313b36146bffb67c6766eee81e625496 |
| SHA256 | 05b3db2e1eb38e7de19a8e3998ba1a041ac08abe657f118a477a323238491949 |
| SHA512 | 58ddf67c73ca163a3dfd11040ecbbf6e92fce94ada19f3de7991aefbd27c043aa84f3a2f3ad7419926df1e93a98fa106886c5da0df3b444d06dae2936ad5b747 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b26ea3332df24319063479fee7da2b53 |
| SHA1 | 5732e55a053bd65949bfcaa5b43340eaa853a70c |
| SHA256 | 4749084e38377bfe763a2bd3edbd6d0123a87c38b0d2c991e3bfeb6e09caad26 |
| SHA512 | e5e7233a585c354a0ef9acaa87e81678a061cb8a97912858b57363a4cf6cb77ffb41ac566c493373911ce2732be949d0f4ddf95ccaf3a03fb85808ab1b5ddb51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 493e1f789d424f4c069dc95473f72cf4 |
| SHA1 | 2833adc961f8264e919f774beffe9c0d55862a83 |
| SHA256 | 02ea5897731b79c828ba7f344bf1cf22e7eb0ee72c6f1ca5841933d27c37efad |
| SHA512 | 58c2693ac66869c760bbb8e6dc62dea0923b4f8dec278868ac47f4e7ba5523af49d766e3b1e7f4c8b5b9f35653952125eae1f7360fa20bb9db2c7dbca5041ee7 |