Analysis Overview
Threat Level: Shows suspicious behavior
The file https://is.gd/vLV5K7 was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-06 18:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-06 18:09
Reported
2024-11-06 18:11
Platform
win10v2004-20241007-en
Max time kernel
131s
Max time network
137s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/vLV5K7
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa978846f8,0x7ffa97884708,0x7ffa97884718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17799121594671333687,8366653008637769819,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 104.25.233.53:443 | is.gd | tcp |
| US | 104.25.233.53:443 | is.gd | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.233.25.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sereanmcommnumnlty.com | udp |
| US | 104.21.75.89:443 | sereanmcommnumnlty.com | tcp |
| US | 104.21.75.89:443 | sereanmcommnumnlty.com | tcp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 89.75.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 2.19.117.13:443 | clan.akamai.steamstatic.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| GB | 2.19.117.29:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 13.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 172.67.184.158:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 2.19.117.23:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | community.akamai.steamstatic.com | tcp |
| US | 172.67.184.158:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.184.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_940_CENFGPBLNFQCOFKX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc8a536b784fe9a7a01f40344debb4e4 |
| SHA1 | e015434a763de0cb2f95233885f13fb7facb706b |
| SHA256 | 99fb69684c551442e1800108b184934e11883d1cd150bfd34ecd13053dbc20f9 |
| SHA512 | 4075560d365bb1f4569af4c1e2b3b5b5859829315ebf1d1a4324614f9644786378d26ea53c3b79c0f6e7f53c64d144006592be22c7e7bd98b2fa2ef741637cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1aefc1c75fc0f9a61630657e6f100783 |
| SHA1 | e48769169b925f5a2d44630c6e23737be0a1ba19 |
| SHA256 | ebb80f5225849aa45c8ac4802c85179c0ddfbaf882018fb10feca17a17e95d3a |
| SHA512 | 269f4e973af88f88d96fa1dd2269a1ecc1b46813f04d819e72f6466ee75d1ef42d7f17958f919959a03c05adfb3febf01bae1490a529113fdf09af7122cfa88b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e20da4b9e1e87d1930bc3c3705777760 |
| SHA1 | 7cbd55f45a49003295bbbe26f6af7983d87c7964 |
| SHA256 | a58b6c8471c2610ccbcdb4d1b1761334d3f2877497a9d9dc142356c125f818cf |
| SHA512 | 322629e3073c4f6c890aff32bd2e73578d2d778ddcb0902b1a5b881ce94d63ddc4ddf15d961646c41260bc07c0db2a2844e2d959e93f17b4fb5242539d6f8718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 63bd6688e5ce7723ed41399488f14b76 |
| SHA1 | bc7624eaf528389672dab776ed3ed6e3cbe69fa1 |
| SHA256 | 1b440accbb3978c072a758a16d50ada33506a3b16fd918b6c4090ab1f29b6e03 |
| SHA512 | d0e9bbc2fc0b3161fb4ae3cdc8e4fb3eeff8e9e3b9d9187957eb49f298013d6875b3e89aa8fd70e8252152f200698d448840374148f73badee9acf5d0b023cea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4b5.TMP
| MD5 | 939665db0eab256abe7e7b16e88a9352 |
| SHA1 | 3d342867d71dec3b5e828cbedd8c2fbf4f81ddea |
| SHA256 | 019627b78859aa652e84e2aacaa3fb8e116554b917b726e2e48b3428b92c8d59 |
| SHA512 | c7e4abc51c164f022cad5ea29fd6b3ef7ebcd802dbc5e47805579224a0e688b9a770e4050655b3ba15946515529c8f4d9d3c1e21aa989a28902b34c752274c85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b6d9ba1148c70776a27bab4c6f156eae |
| SHA1 | 051ccbdf3ff3927a125c9de50b28cf9f910eb99f |
| SHA256 | a767913fdac9d3607288232e3eaa0f7710944c30110fc426ecd6d1f09c329493 |
| SHA512 | 01d3fde142bf911b56169759aee034ddf949433bceba868f39ddb9fb285dab1cc74341c016d5d57c3b9a8173bd3d7d2844471e6b7d4886a4198c82225e9ab9a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f0815f07162566416c5860dea0e358d |
| SHA1 | 7ee98bdcf0fac67e626b02879fd72f93bbbd1bae |
| SHA256 | 3c497042b695eba31d37e193e2a0398c678fdaacee2509dcbda47555aa699210 |
| SHA512 | 168668de963d785f8dd2edfa01a47976088f83358e95e593cc90b40b4c8a7b31df5281b70632daf6816e92a9ae62be8b67a9a22aa2019910de89912187a04b96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7de58be957504d71053db6e7adf9efd |
| SHA1 | d576860cd0441f05f7316fec3bb3d280da18af60 |
| SHA256 | e7df4a23ccb54e77a62ef83da513d2bd1f0cdc436a2117ce813a8482cfbc9acd |
| SHA512 | 2689e274475bda86246ce9142b82f1c27dabec3b4b85b368f1055b781ca9a5f7f216b94c1b436238ea08a1a8c0d4cbf1142cdab32ed1a4c28040198115dace2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e4bbb48100dab047700972abcb5878fa |
| SHA1 | 1f3ae0794acab0b5b640b32f6567797e11d5da90 |
| SHA256 | faab212138f772e94b1bad47ab593f0dce51004b6bbf615bf3f78aff6b501db1 |
| SHA512 | 7d9c2297121a3d031e0293c468fe6deb7bd0d2eab6a52c0e24b75f97d974b14c6b9940f41df47d01189a7511bd5c346e918505240635bc093183d9ea681bf093 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f33ef287bb767b30720726867402471 |
| SHA1 | 0e85f2515594efcdc8629a5eb97b7281df683eb4 |
| SHA256 | e898d50acad5dd2ce16045ed04873f5fad8d0158d2f8f3de66ced7656b5d890e |
| SHA512 | 00b1140b4801de78e113147477fe028e0b490028f83d827be8a24471807b7588852de187495fbe66610e0a2ce331e1661b0abd9353aa9d82ecbf44bedd23b299 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bda0e40bf1e2c37e2c3c2524e2a1bc7d |
| SHA1 | 1bd4e980b825bcdfeb551d4eab440eda5db30bb7 |
| SHA256 | 6eae62bf2791806f7a3047ec10ce41b676f028b02db018d7614565f700ab4800 |
| SHA512 | 21c702d726367c29ecc3eb422668c6b13d1b7c04d114b00628fd6172470161265ec2c224c283242661bfe79e8d1456fede93b9069cb244d350bfa6e451492f8e |