Analysis Overview
Threat Level: Likely benign
The file https://vxc10p47.r.us-east-1.awstrack.me/L0/https:%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl=%252f%252fchannelbox.club%252fwinners%252f6804995432%252fbXRhbWFpQGxvYWNrZXIuY29t/1/010001913678aa7e-b351e0c8-0093-4b87-b5fd-e1bc68ecad3a-000000/KjHlWECBpM3cWiXECXgW3LFKHDE=386 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-09 13:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 13:54
Reported
2024-08-09 13:56
Platform
win10v2004-20240802-en
Max time kernel
94s
Max time network
123s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vxc10p47.r.us-east-1.awstrack.me/L0/https:%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl=%252f%252fchannelbox.club%252fwinners%252f6804995432%252fbXRhbWFpQGxvYWNrZXIuY29t/1/010001913678aa7e-b351e0c8-0093-4b87-b5fd-e1bc68ecad3a-000000/KjHlWECBpM3cWiXECXgW3LFKHDE=386
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96d9c46f8,0x7ff96d9c4708,0x7ff96d9c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12488287083768033738,13721149561952513832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vxc10p47.r.us-east-1.awstrack.me | udp |
| US | 52.72.15.49:443 | vxc10p47.r.us-east-1.awstrack.me | tcp |
| US | 8.8.8.8:53 | hr.economictimes.indiatimes.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.72.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.9.84.99.in-addr.arpa | udp |
| GB | 184.25.204.40:443 | hr.economictimes.indiatimes.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | channelbox.club | udp |
| US | 8.8.8.8:53 | 40.204.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 50.87.144.226:443 | channelbox.club | tcp |
| US | 50.87.144.226:443 | channelbox.club | tcp |
| US | 8.8.8.8:53 | 226.144.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cavell-group.com | udp |
| FI | 78.153.139.159:443 | cavell-group.com | tcp |
| FI | 78.153.139.159:443 | cavell-group.com | tcp |
| US | 8.8.8.8:53 | r10.i.lencr.org | udp |
| GB | 2.17.209.162:80 | r10.i.lencr.org | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 159.139.153.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.209.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.143.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FI | 78.153.139.159:443 | cavell-group.com | tcp |
| US | 8.8.8.8:53 | cavel.site | udp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | udp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| US | 8.8.8.8:53 | outlook.office365.com | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| GB | 52.98.236.114:443 | outlook.office365.com | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| GB | 92.123.26.41:443 | r4.res.office365.com | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| US | 8.8.8.8:53 | autologon.microsoftazuread-sso.com | udp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| IE | 20.190.159.4:443 | autologon.microsoftazuread-sso.com | tcp |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.236.98.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.26.123.92.in-addr.arpa | udp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| FI | 78.153.139.159:443 | cavel.site | tcp |
| US | 8.8.8.8:53 | passwordreset.microsoftonline.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauthimages.net | udp |
| US | 152.199.21.175:443 | aadcdn.msauthimages.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msauthimages.net | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_680_QMBRSKJKJYPDQIIS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 994f86f003be865ecf4a7fc77b164bbe |
| SHA1 | b038b63d8488c12d913971a37240690c36d0db96 |
| SHA256 | ca66e71cedfb282325a1233a4f708c24629afe37a1766abadae9f32a9439c3b8 |
| SHA512 | b455ef4915e8940b423fd3fc14646b1714a2b43f642f453c8dac7faeaa518c7107f2f4d53b48794c2728fda9fe62c9efbce3cf3e69ed8f1b658d15dc69bc7c9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5970ac2ce6dfb827cf8e3cc714b12c3 |
| SHA1 | 311af7d706e3bdb1a669f4726c18748e60df4b83 |
| SHA256 | 3e4c161894fbd074b5e59d9a42bb8a11209f2b8e5e3357af63c9f9516421463d |
| SHA512 | 797e05ffe752f5c401a648279f6745e578d3d6c4e0a646ad617fdeb131a2fe9441393e9000efe49fdb44990257ada220073e350f2c9fe3aa87827305fcca7f62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60f818a9745ccf5e4ccb39eca929ccc1 |
| SHA1 | f8b94f54b5cbfbe3cb849f621f9098864b46d1df |
| SHA256 | 89682431643dcc4cc8012e004596fc86e3cee24e6537d355db4d30a461dd20f9 |
| SHA512 | 406e6badfa77a3a0991bddacee84281e57354a96de0b68754d1b68d67e6a4ef9040b9e4c1db9e9707dfde1207590801f8398eed5c32792b1ccc7ec6ce102c99d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ed2b76e9d5817ed8288148dea9ad4fd |
| SHA1 | 7a96332d173ea0cdb14b668e630de9cbf51f4f35 |
| SHA256 | deaea3cbe5e551f9355bdf1cd7bf07e9d474e0f53cf5086a8b13b2c72ca28742 |
| SHA512 | 6b86e59f718320607b628a58dd0026c6acd3ba12d7574bcfef3c83e0b080b9fb99e8615d9ef91c0916145b9090327680460888cba928c179eae3445e4b2e28da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e64dc337602c286cf8a8d8d64db5ffa |
| SHA1 | b760d8ab9b84de43b9bfd34667fbcae7f837c6b1 |
| SHA256 | c93b436fbb6342842a0d09e9ae256923ad0050ef44d349ab0079fc9c1108b300 |
| SHA512 | 7096f421b3c54b0d7fde1b9fc1822f187701efa1c3ec43f1c8f610415c37acf932eeec26266ebce1f8583b5c4ea5b9f7d8277c8407977edfa37a10ab71cd0c0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 115ddd1da1b6d0348ff77c6692b24717 |
| SHA1 | 3c973d1019814d86eee48da10403628b4aa2c1c5 |
| SHA256 | f2ae03014180874e709fde9fabc8bff1fb040d7d3347412545e79392961b8f8b |
| SHA512 | 90d6012020eef629b609910243a5346177b57588c5bb8798d21166e76353757be177f8091e154cf45d47a9493d6511e2a93367c3063cd2e8a07130721656fb95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 406a735c92fcdc883aa09258dcfeb832 |
| SHA1 | d9cbda33e1b3efb96fce1801cc4b1880cae95ff2 |
| SHA256 | 7fea2819740138574e6375ee93d99f54e39ebd85567fbb1ac6d90bbb3877619b |
| SHA512 | 03aea726b222fad1d4df228ec7c9602f428b52d8b793a4a1535bac0da0ae04320b5c98aad408cf1db863c7fb25e3cb6e1d849e600de3ed8292fe5143ef10ff55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b093.TMP
| MD5 | 683ef3b8781dd08b7f589aaa7e9b55ad |
| SHA1 | ba5161d5f1c18c7e803def05e8ed3df7e7fe1592 |
| SHA256 | cf0f6ed146e6d57acef93452991602e4c64d261a5adccb9328982961e0839f44 |
| SHA512 | aeabd33a0dcceada3ab082a3c436e7a1aaba1b00961aeaa83495fbc6bb5af073ac6a0b2f13577b676aace9de5568256729c4fd3be00ddda771f38fe1f6363269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4da6a556400c7c3bbc3e84d84404f764 |
| SHA1 | d6816a88d23670cf983c10554d310c6d27d31c04 |
| SHA256 | f86a34fd2d9d1074214570336190353398efbe64ea24a611f334371b17076fe6 |
| SHA512 | 5c2fd3c7046a7e2953abd0fee8d1f52cd12a332e5a63f401ba1e7e4dfcdbe5acc87e42d735f7b6243e786efe15e2aedd0182037191771d0fd45b73efc1aee900 |