Analysis Overview
SHA256
f9fc805eb47ae743c874ff3c9b4447aed11e14e9fa78399a52e7c8ba6f9a4512
Threat Level: Likely benign
The file New Text Document.txt was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 23:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 23:02
Reported
2024-11-07 23:04
Platform
win11-20241007-en
Max time kernel
100s
Max time network
105s
Command Line
Signatures
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\New Text Document.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2a43cb8,0x7ffca2a43cc8,0x7ffca2a43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1944,7859398047741204686,5616432638672520353,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5672 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| GB | 92.123.128.144:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| GB | 92.123.128.144:443 | r.bing.com | tcp |
| GB | 92.123.128.144:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| US | 13.107.246.64:443 | vscode.dev | tcp |
| US | 13.107.246.64:443 | vscode.dev | tcp |
| US | 13.107.246.65:443 | update.code.visualstudio.com | tcp |
| US | 13.107.246.65:443 | update.code.visualstudio.com | tcp |
| US | 13.107.246.65:443 | update.code.visualstudio.com | tcp |
| GB | 104.86.110.112:443 | tcp | |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| IE | 20.50.80.210:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| US | 52.108.8.254:443 | wac-ring.msedge.net | tcp |
| US | 13.107.226.254:443 | t-ring-fallback-s2.msedge.net | tcp |
| US | 150.171.31.254:443 | ev2-ring.msedge.net | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 46e6ad711a84b5dc7b30b75297d64875 |
| SHA1 | 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485 |
| SHA256 | 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f |
| SHA512 | 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e |
\??\pipe\LOCAL\crashpad_1016_BYMKUHBUQAOQNCXM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fdee96b970080ef7f5bfa5964075575e |
| SHA1 | 2c821998dc2674d291bfa83a4df46814f0c29ab4 |
| SHA256 | a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0 |
| SHA512 | 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c173efb00ae7d969eb182bbb827513c6 |
| SHA1 | f97463610e6a332beb5a12c5b36b619d0a9990d6 |
| SHA256 | 73115970faf8009b18627b8dbd08cd6e5a6e8009825bfa132627cbbfb1c9cf37 |
| SHA512 | 7232a5bc04b27b90c347b46848d1a8326ad1ac499fb7a3ba043d022c972a21581d0228218a2cde67f830c1d6a0a8a31d05432add7bb38f99633452d244a3643a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0311c19978b488642599fb2b4530d4d1 |
| SHA1 | 914c41449a602762069bec9976f9262fad4a3846 |
| SHA256 | e671cb5c6b583dce97f5c4619c0cf465c4aa3f2a31863b1fddcb488d3721e2d2 |
| SHA512 | 02b9d196909c8f2a44311003f30f13c97ddea7482f23bac9c2ef443648b65ac1d12ef837f2ba1c0c21c53f7ad75b902d82a5123c48250e1153fc35ede93a7f0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94e105263fd07dc21c73de898b0121a1 |
| SHA1 | b9b61254a5cd1ba99d3a089591be9267f1bcb0b0 |
| SHA256 | 43c9eb1e60da5d2003ea1867bd64341601101648e307303357d3939d74badba1 |
| SHA512 | f5ffc7589a015c7b9f2ae9133a112cbe21d4b538bd60a62939b4ec08f0fbba15e0b914556ece7c8bc043c3f43163355d8e63e93beb25f9230f7613a42f8f3520 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 807dda2eb77b3df60f0d790fb1e4365e |
| SHA1 | e313de651b857963c9ab70154b0074edb0335ef4 |
| SHA256 | 75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc |
| SHA512 | 36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c27f8bb56720039191d13573842a923c |
| SHA1 | 98d8c4c080e242a1527c23232368daf662a79ab5 |
| SHA256 | 0a6693bf5f2a1c051e746f43b680f0589b209f2f62bf5911b94a53973555a1a5 |
| SHA512 | be53c6670dcc81d6a3a546f6f52d677cee28fc1d1981c6795656acc622b6789bd36dc4cc29da2beb594d3c0cf648cbe9113af249c74e2312f09fee2923fd4b5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a95bae883957ac5ab6920bdf5e19b243 |
| SHA1 | 4a5313b57952c8c7f3de3fc317da701d98d97a96 |
| SHA256 | c7197fcc698fd9f88d7337bcf88903753088a22a6de31fa134cd83fdeac6ecd8 |
| SHA512 | fc18caba812025f7288877fbaee9c3e002d6508c5428869bdff923efc25cb427378cd13c469f2bee2d1c3c67c1f7c0bf757fbc584f63387ae21edc1cdae7f949 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5acc6c80e5c3e8b80dcfc5815e85855 |
| SHA1 | 85bc3a912535b49651a1e3c6ae75cae2575c23ec |
| SHA256 | 68437cfc871d93f68c672a153eaf66a44437ed0d175448b2ab92c0b809ae45f8 |
| SHA512 | ed70a454a0062a685623fe7cadb15440c7155f343ff5c0f14ca9f34af4ca42a7a05348312afd33833cd01065b7aba53ccdd15daa149668a5e7aea1a62650abac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5805e7.TMP
| MD5 | 612c5fab4bbb8c3824067f7ad89dbc74 |
| SHA1 | 8f6e2e92b6bcce19d052142eed822cf85e55c7a6 |
| SHA256 | 3923d3b2186d8672eedf1e0409b347e8bfe8a12e253933b821ed94374f574ccb |
| SHA512 | ff2388699b69589cb0285512153575ad6ec14d4aca10098905aa5cb369d3159e433daaddddc06fd1c99caa27ac04120f5c9b91702acc059b9cb558dad8323060 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 303e625b6b1fc146d10794a8a3785a50 |
| SHA1 | 189b833e3d0c74e812596549c851dc8833f3e6ab |
| SHA256 | d30cfb39daecfa03abe963bf1e66d7d4ad0c5760550cfc24a7ec2ceac2ce4103 |
| SHA512 | 59275870ac7134691132adf34047551b75a7d95527329d89808074ec9034ae202bd687362c53fbbe9e7bebd9fed6a4c63866c32c7718068f7438db43627ca270 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 231a0a506a32acfc5f8a65afa18dd41e |
| SHA1 | 85986c3e3ecb9cf4f30c509c3bec60c4f2ac18e3 |
| SHA256 | 37de58beb32eb8f84c3bd1d56c318e6af30043d2f66a8d5dc4a8f3635523c61a |
| SHA512 | f31f5025267907dd32c2096dee59361a6ee5bd4bd5cc233b4ddd5c3176a9860df3a07292e11501faf5341a65ca4011012ed8c1cf06fb4cf43b9626b643819726 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 19c7a8c80f65d39602d3f9ccec88d6d3 |
| SHA1 | 0311195be8a51e2a9d29064eff8c2b7e860d7fdc |
| SHA256 | 6d4fc7f215904b18d08bd1ba9074a21792f16caebb70d8b2fef1c8a797a6597e |
| SHA512 | a14b8a7474c834ec7b6c6da64b9ab92f8171130cee277f94e1e1169e473fc7b21ad44eb99414b8736a2f684516e846c9816cd4dbefe51ab5c82676ef5b962ed4 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c24ba116-616a-490c-a052-3a754386d886.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4335c929db92efae85080d0440099832 |
| SHA1 | 4bb84ecd64301a2c520b384d0ec6639e63f59bc3 |
| SHA256 | ad0ca2f6385b2c0f63a76598e52987504dd7da5871da0490e1f7e3621cfd529a |
| SHA512 | ee0a7171ac24cb7f084ee43bd15a3368a1f60092130801f5f46469e048a2de4590c5b6b0a3ae048329e47a9c0735361caaa53122681829b00ae10558a1b4f301 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22bebac03f57dbe18a00ca5741a1bc94 |
| SHA1 | 809f24a7772101b91bd1c37c836c7464760096c5 |
| SHA256 | 00783796e0077b91531a5b262cf330e8f279826dcfb8c2caacae64f3f00078cd |
| SHA512 | eb518615cec7e922d1d1612527298e61bb930411ddd0247c3cae1cacdf62d315d9661508ef58b136d788d45bf54c9bd50edea212a79f57ec723df6332fba6402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1fa8e140ee981d407c45fb4dcc1f98f6 |
| SHA1 | 21cbd012ed626b00599271febab075272a11b34c |
| SHA256 | 89bcb880b9208e3d932033e4c5e50d1853569fc99be88d61d5c34598a6fc10c1 |
| SHA512 | 3a6ff6f1ace78046042328f0be3c18697e285d7253465cf5d1c8a68528d66dc66201a3219a06e9fd08abe3c5640a44de60deb01638ac129bf770b3df023ca068 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eada95b2e77b2fc85ee83a7f8c5fabe1 |
| SHA1 | 734cb92b29fe6c7414fa60e87a4e8320168a27cf |
| SHA256 | b47476560cb494bedf5a1a13034a162bba20facfcb560603ff8fe918cad03894 |
| SHA512 | 8d13c6d0a4dfbb382df1fbb79d31df83da699f55af4928c09ce30fb874a5df26728358c46ad351702f9df8818a1941893fc7f3022f5496d5e308c923f95f1c87 |