Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 18:38

General

  • Target

    http://circuitovtr.com.br/dayo/u4wzs/captcha/aC5sZWVAc2suY29t

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand amazon.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://circuitovtr.com.br/dayo/u4wzs/captcha/aC5sZWVAc2suY29t
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbab846f8,0x7ffcbab84708,0x7ffcbab84718
      2⤵
        PID:4076
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:3964
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4148
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
          2⤵
            PID:8
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:2608
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
              2⤵
                PID:4560
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                2⤵
                  PID:464
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                  2⤵
                    PID:1540
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
                    2⤵
                      PID:4012
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
                      2⤵
                        PID:1888
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4372
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                        2⤵
                          PID:4040
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                          2⤵
                            PID:3644
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                            2⤵
                              PID:5200
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
                              2⤵
                                PID:5208
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11196687181018956536,10107913021502996962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:468
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4324
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:984

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8AB1ABABF0945E38D11565C49B5119C1

                                  Filesize

                                  1KB

                                  MD5

                                  285ec909c4ab0d2d57f5086b225799aa

                                  SHA1

                                  d89e3bd43d5d909b47a18977aa9d5ce36cee184c

                                  SHA256

                                  68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b

                                  SHA512

                                  4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8AB1ABABF0945E38D11565C49B5119C1

                                  Filesize

                                  296B

                                  MD5

                                  d96ab9bcb20ae7c3d74f2a003a995d1e

                                  SHA1

                                  322fd59c4c68c14e4baed3a86000150b44e4ba56

                                  SHA256

                                  90ca59db4af952127c877e4125c77102f15605a068f64ec403ccb07155b90ba8

                                  SHA512

                                  52446907034dc587c8bf4acf273db2e77ce668e2150b7c706b757fa7974150766737bc25beb0a778dcb03bfb9673d44b6c37a1ecca9fd0974153ec816d1776ad

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  dabfafd78687947a9de64dd5b776d25f

                                  SHA1

                                  16084c74980dbad713f9d332091985808b436dea

                                  SHA256

                                  c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                                  SHA512

                                  dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  c39b3aa574c0c938c80eb263bb450311

                                  SHA1

                                  f4d11275b63f4f906be7a55ec6ca050c62c18c88

                                  SHA256

                                  66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                                  SHA512

                                  eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  264B

                                  MD5

                                  65ec9a24e1d490816b031d2df5e3ecc8

                                  SHA1

                                  3f2ffef0fe42068d8f6613970865e7193eeee87f

                                  SHA256

                                  1c431988d6bf08fcb390442c9861e7ca6f3a4d523f8974c6e6187845e10f48f6

                                  SHA512

                                  aa0ec709df17ec35b8f037bc234df6920cabb6c7d49f8be67c0bae3a32ba04a549089565ac7e5b12264cbb67697e287d7e469dc494f98dbc5060cfaeede6f5f1

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  3KB

                                  MD5

                                  f002927eecf32d8bc794696a068bd7c6

                                  SHA1

                                  508fc0f51110a2358cde8769a08952b26f206bf4

                                  SHA256

                                  32c53b43a0930f150ed48eb6aa29037f98d567163611795f259a790ed7862639

                                  SHA512

                                  38b596b19a684721e0b5837b2cd6749552cdb426108c935d1222b7ce45ca0c1f4f686ab089655ae91e3616e58ede80325e5078f6bf0e8b4d1f1716e02d1acc07

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  ddd81b6873a2dd28a332a564647bfa33

                                  SHA1

                                  fc8f6c777cdad44b61c6d66bb49d57f83fc93690

                                  SHA256

                                  8b734685474e691e5d6bc04a6fe8852d94464a6a3ec337898fe8dd91b8eb6239

                                  SHA512

                                  a74ed5f6dbcf9b736087f42cd21bb9e0726fb776481ab4d411bb0191255a44f65005cddfa824bf06b16c8a0d56fd2a6e49e78ae19e2d6f6ac1902a26df2cd312

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  11KB

                                  MD5

                                  00fc94c1cec9e34b85195c4219d7ecf3

                                  SHA1

                                  685fced36ba53cd5d88dc558b19363945d16d9bc

                                  SHA256

                                  dd9a12ee5457f914c55e18e7402c922c38113e324cdaf5c69b54e14770636a50

                                  SHA512

                                  8d691d3caa563af1ddc19329a4ce09354ab917bbb08746ccfbd849086776cdb4f0baf158ea8f2759e2ef548b93230c7ff115a11ff7aeef64d27dacf71df4128c

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                  Filesize

                                  72B

                                  MD5

                                  7286d8ca7794baa28122d979d1b9b00f

                                  SHA1

                                  908dbdc96b46de90bcad6c7a61d38731fe186428

                                  SHA256

                                  b03baf8c00e2f08fccd236e77162162e883c1720daa4d60e3560b357b7689234

                                  SHA512

                                  5b7587d42f9a2abc01b5056895d006375dd47ef196a7f743b088fe42115784711a01a772b4893288ff85bcb875075765fab694367ecb3742fa859921b08f88ca

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579441.TMP

                                  Filesize

                                  48B

                                  MD5

                                  b0b7f3199b48548be50f6bb859055fc6

                                  SHA1

                                  f0cfb8c2536f599e035f91696d581c9b73e3ec59

                                  SHA256

                                  1b100ffc0560d1d31a7ede4dbec8976919f4807c140324833c0863092ff34a03

                                  SHA512

                                  2168d7a3f2056792d7c74efcaff070582a60c0922c9cbc113bcea983191a5f12c67c75a0efd5b8459bc82c2a407a1d72ff7ee96e4094f9d7be5704ae4b2bf2e9

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  2KB

                                  MD5

                                  69e39af27b3b9ab69038ef5a1b48e6fb

                                  SHA1

                                  fc9d70a1233065ce6a27395db0ab808284a83afc

                                  SHA256

                                  64ec547247c82cc22e913004de70dba85422d562dc01320e53eb7dd0cee1dac4

                                  SHA512

                                  918a832f1793f9b546c31a8b1dcf58db59588017bc52cd7b0318f8d4ee2deef4c1a7b795772315771ac9c189d399d936ff606ae6d654b73ac73eba940780ea96

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  2KB

                                  MD5

                                  29a224360a145e4116e400a23dcd814d

                                  SHA1

                                  eb8fc76664286303d15c0ff9ea9092e8de61810b

                                  SHA256

                                  db7bd80ec7f773e6acfa717a9358e59b1d376b91f85e0d031251a26910e13544

                                  SHA512

                                  845b30f26438b544c36b1ce2b303706db679a30be4fa8c6fe2eadb716292ac234454d88c6cd3087501ad107f463c2341fa348b3738b50ccf20a954d0add86e58

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  2KB

                                  MD5

                                  6726b03aee40e7704e7b06a973989303

                                  SHA1

                                  244ea3ab89ecde448b7ee3e4880b2edd83d02cc5

                                  SHA256

                                  4ac2d73bccd8aa81a97a0141274e9446eccf508d918a9dd2ed7ee8dc8bb6dba8

                                  SHA512

                                  ef150b0196c147ee1efed5d6bd05a802c3cc86e053ce11b8272c54ed8c48a402e0828da8635436a6b0e0c09455794b5818af38fe9572806f04fb7da0ff9cbd94

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  2KB

                                  MD5

                                  559260df9307d2bb08549b4b5c0bae02

                                  SHA1

                                  9a5caa487db415e822afee928f6a5e85341d8fd3

                                  SHA256

                                  634d1637dc0b728595f7659c22015967cf049dc6de6f0e741ba2eb09421b8138

                                  SHA512

                                  4cd737c33e6e3ae920d1e4093955e8b35c981c84602b6ed0b89a1c82c39587bb951c3ef721cd022b4eadd4e1b9fdd330b941178f898f8c9b1cb4b9c13f828a86

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  2KB

                                  MD5

                                  dde59292467f6cec1b58837e6d573860

                                  SHA1

                                  f050aed2bdb85d0860c9bb3ad254e1344fb20114

                                  SHA256

                                  bcfcec9936b93b4d4475efc92a769ea6441dadae3ec93b693e0bf4c3300c7bc2

                                  SHA512

                                  26212c268e69807789f72781b22eeee75e1ee2d75a3b8d4a369f0a64628e937e565161dd171388652438d54ec186d31c7219e6fd7d47832e45730aba3f62bdc1

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579b17.TMP

                                  Filesize

                                  2KB

                                  MD5

                                  aebd4c1759f9828bac80d7beb574f523

                                  SHA1

                                  a0224cbe9bcf8934d466e206eb895f908810e914

                                  SHA256

                                  8d16f54b2b1f40eb10f575108f4a7e2af9957cd2292729513d007495be966ab8

                                  SHA512

                                  31de4b6832dd851fbf9a672c59317936f2bd5e53c6dd362eee9b9f4ad4a7ec752b94810487413e5706d743d9f049a75f197ddfc9fc98e357f2b96d0230b598e9

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  11KB

                                  MD5

                                  6b79cf74850ab08dbeb5691ed157913e

                                  SHA1

                                  d6cde140f5c054699bbfc7207dca282fdb1e9c70

                                  SHA256

                                  1b957b92b1d2397bb3bf1336c31fe9137b90cf4a86688895dd10a85b57e9cda3

                                  SHA512

                                  ffb08cbf8b301ec83504818d3663d16c00067e51a118425e6a5ccc7360e06f981af4ef17ea7a42e0543ccdd5a34a82b112a0da7b34cac6b0e21f69ec7bb9cdc7