Analysis Overview
Threat Level: Likely malicious
The file https://cedarhilltx-my.sharepoint.com/:o:/p/keith_jones/EjjWC_QLMPRFkgrKZQoRwyYB-QrOw2PV2uThq7MPK0dWVg?e=5%3apG1agg&at=9&xsdata=MDV8MDJ8Y2hlbnJpY2hzQHdpbGNvLm9yZ3w3OWVmZWM1ZWI2ZjU0YmM4OGM2OTA4ZGM5NWRhYzEwYnxlMjVkYTA0NzIyZDA0ZTJlYTA3ZDlkOTgyMjE5NzljN3wwfDB8NjM4NTUwMDEzOTk4MzM5ODg4fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw0MDAwMHx8fA%3d%3d&sdata=MlNucDB4K092aDlIUG1TSy91ZTd0QzhZMzVQVFByYWN0Uy9JK1UwQ013VT0%3d was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: 05|02|[email protected]|79efec5eb6f54bc88c6908dc95dac10b|e25da04722d04e2ea07d9d98221979c7|0|0|638550013998339888|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|40000|||
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 14:15
Signatures
A potential corporate email address has been identified in the URL: 05|02|[email protected]|79efec5eb6f54bc88c6908dc95dac10b|e25da04722d04e2ea07d9d98221979c7|0|0|638550013998339888|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|40000|||
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 14:15
Reported
2024-06-26 14:16
Platform
win11-20240611-en
Max time kernel
42s
Max time network
44s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cedarhilltx-my.sharepoint.com/:o:/p/keith_jones/EjjWC_QLMPRFkgrKZQoRwyYB-QrOw2PV2uThq7MPK0dWVg?e=5%3apG1agg&at=9&xsdata=MDV8MDJ8Y2hlbnJpY2hzQHdpbGNvLm9yZ3w3OWVmZWM1ZWI2ZjU0YmM4OGM2OTA4ZGM5NWRhYzEwYnxlMjVkYTA0NzIyZDA0ZTJlYTA3ZDlkOTgyMjE5NzljN3wwfDB8NjM4NTUwMDEzOTk4MzM5ODg4fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXw0MDAwMHx8fA%3d%3d&sdata=MlNucDB4K092aDlIUG1TSy91ZTd0QzhZMzVQVFByYWN0Uy9JK1UwQ013VT0%3d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6ecd3cb8,0x7ffb6ecd3cc8,0x7ffb6ecd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,18204532805449971445,5558991012970968687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cedarhilltx-my.sharepoint.com | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 13.107.138.10:443 | cedarhilltx-my.sharepoint.com | tcp |
| US | 13.107.138.10:443 | cedarhilltx-my.sharepoint.com | tcp |
| US | 8.8.8.8:53 | 10.138.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| SE | 2.21.96.113:443 | res-1.cdn.office.net | tcp |
| SE | 2.21.96.113:443 | res-1.cdn.office.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| SE | 2.21.96.113:443 | res-1.cdn.office.net | tcp |
| US | 8.8.8.8:53 | res-2.cdn.office.net | udp |
| US | 152.199.21.175:443 | res-2.cdn.office.net | tcp |
| US | 152.199.21.175:443 | res-2.cdn.office.net | tcp |
| SE | 2.21.96.113:443 | res-1.cdn.office.net | tcp |
| SE | 2.21.96.113:443 | res-1.cdn.office.net | tcp |
| BE | 23.14.90.90:443 | m365cdn.nel.measure.office.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 196eaa9f7a574c29bd419f9d8c2d9349 |
| SHA1 | 19982d15d1e2688903b0a3e53a8517ab537b68ed |
| SHA256 | df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412 |
| SHA512 | e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7 |
\??\pipe\LOCAL\crashpad_1484_WIEYOLKPHNCJPNXQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f717f56b5d8e2e057c440a5a81043662 |
| SHA1 | 0ad6c9bbd28dab5c9664bad04db95fd50db36b3f |
| SHA256 | 4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945 |
| SHA512 | 61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bff0d2f2e2140c73b35adb4825e31819 |
| SHA1 | b2cee8970c8fb90f79e007c54f8906207757be90 |
| SHA256 | 54b54574b660ad2a4f8337a117d1ad3bfd5be95fe14b49fe5fb5ccdb83c2a2c5 |
| SHA512 | 8ca1665b52f7df1eaa37905985f73027293c54922c2bd65e643f1278fcc8f649228b1f0f64ba3b532041ac847c50968d8b73d3f41f79431ede4149350e2fc0a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eec10ee0de01bd16a172a6eb7ed9b71f |
| SHA1 | e3da0f3c7220e61465d5f7ee2e7e9dad2f71221f |
| SHA256 | 479fe2d8b09a6ee53e10c7f36fab6121743c660c31e2bb03ef1a4f15f7c8182a |
| SHA512 | 3b9c00928308c2b05bbab131cbd780f2c7790275053762854ba0f950066d32066bf3b11e740a857bb6334d54ebda394ee2898114db56e11d066914afa6881123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40236232f5520bfea8cc8acd9367a341 |
| SHA1 | 1d339bf07ef5b2faa9199c5bea7e79224130d1a4 |
| SHA256 | 1ed56e4ab6abd5ca3d16768653267d77d24aa4f8b9d6871070b031579233174e |
| SHA512 | 1238febac1361e843069ac5cdafb47035118392499809986d93b2bbc5fd74e533a80813f1a6ce4f60674c83bfd63313615e8efc66ca001553aadc451c91fd3bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a959e8f047294715960de4555e7dc20b |
| SHA1 | fe0638d7ad078d2cdb669eb8a56eeeb5af21c805 |
| SHA256 | 6c30673e3954f0a850cf60b9b50fbb881dde72939b6d4ed8615fd32655395b36 |
| SHA512 | 4def3f47148ed9e82451c52a5b80acfcbb49a51828e334103ce8a03e6ea2a9c491ae6dccdddb8b484710a653536f379b916716b71c68defed4f776384eb355c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 900b3fd8366464bfb53bca8037189761 |
| SHA1 | 7e6a29a90cd9b9ce0b4551ae97cca57c0d70e2ac |
| SHA256 | d5e06ece4e1c1bbcbc4680695f1b872dd60ea1a4170938858d80577a6de256ee |
| SHA512 | 2fb6b63939b634aeb23364c46916bf0893fec0accc156b5e542f453760fb380c046771bc32b4535e17e5a450c475ad19918156d7523e22c47ed8be708f020613 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7eee450d0b43d775123dfcf5b7c4dfc2 |
| SHA1 | 86710d1822a7a49e4c48d0b557c7ab03ad6e4c21 |
| SHA256 | 68bdec8970fe8c485f014e1fb63dca92e1e75ccce3e2eba8abdceaa2004d7c1a |
| SHA512 | 5badcd6a514ac245be0da6ded7da4619f7fd42d86247fccc24f47714482ac25704e14eb712b0d90a921a3ea3dee8ea2925d9fe40930ddf03c57e9d6d04a5de7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d9a7.TMP
| MD5 | 599180c5c469d41305c97880ff471d54 |
| SHA1 | c4f5a7a053d9c744ed601a98ae9a1d030c707217 |
| SHA256 | a1063098bf9dea11257b827071a0564099a19061581d1d1a409be922fe5ef988 |
| SHA512 | d09db45f800b90f522ed1cf157b8000449ce16ccddda18303c663351837653c9b1bd72810c2841d7eef9599491feea7b1bec6a78af45258eb0ae0f36e0edfd5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c3154b384c64a5106aafe21780bf77a |
| SHA1 | 31a0be776c53185745a448e4a8a84e7242c74b3d |
| SHA256 | afada05467aa332c234317a3f67748e84c064e327562aa536137e179a6b39c61 |
| SHA512 | 079fe114154c2839088fd66790cf37c5ac5c3dfe0e151fc0693e472c1e207970ac68fd81818385622b95d7654be8459a6fe720f45e28983c7c89b9b15a0cede3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 414606ed6aad05d4ad4e55c11c8c0a19 |
| SHA1 | 32e8634b21ad2a3337d28595f760f1022a9ee985 |
| SHA256 | c12a5c6a753ba930fbc260c04cc6bddce9983ded4553c099aaa15e52080947d5 |
| SHA512 | a4c6aa5919d0b41984897a3b51c6ede9c2b856862a4dc3a3d180d1259668b835648ba4c79c0467cf05d7ae5b407382b8496a33d2a911fd6a8fa68f279b9971f0 |