Analysis Overview
Threat Level: Shows suspicious behavior
The file https://is.gd/5fX4Bn was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 14:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 14:14
Reported
2024-11-07 14:17
Platform
win10v2004-20241007-en
Max time kernel
55s
Max time network
56s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/5fX4Bn
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccb0146f8,0x7ffccb014708,0x7ffccb014718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7637696370007398927,11552802152725044375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 104.25.233.53:443 | is.gd | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.233.25.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | syteamcommnumnlty.com | udp |
| US | 172.67.182.195:443 | syteamcommnumnlty.com | tcp |
| US | 172.67.182.195:443 | syteamcommnumnlty.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 195.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| GB | 2.19.117.13:443 | clan.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 2.19.117.4:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.117.4:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.117.4:443 | community.akamai.steamstatic.com | tcp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.117.19.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_2152_UBIVMVUEXVPLVMGF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34ed6a8a9a30e5db0bc1072d4af177b4 |
| SHA1 | 215697d4f0ef8128158ffaa8c42365606da88bee |
| SHA256 | c7a9c6e960e915d32b3a37d5b86c37ae708c6e2798d2bd4d8a73a4aada34df7d |
| SHA512 | b78898c221cfaca4f16a830a4a72cdb6eef13c4e2f90baee9fc7e3c7d24d279f12d8b7aac36b36a083a3f279217e6bbd9008abe7cc74b78cf3b9cd1ad15c1e5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 69da42fb5f18c1f0728955f97c996951 |
| SHA1 | de0755b7f7d5069b6fbd154bb102c17dfd905bdd |
| SHA256 | 86bca7f6e5b7f58fb9a676009731ea8773ac63f223c2023aa3b915172b70eabf |
| SHA512 | 89f64c218af2934b1f5d1fea746d2a842232b36cdbb8cefc0fa5408a31a4c399dc627f135c209bdee3fae0aa670a94cc241a36d95df585e4871a5fc3f473352d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 4c0c14ae85fd076151e687e9c7e9f73f |
| SHA1 | 6f54e3e4c6bcf7fe47077a72a8acb1d8eec512cb |
| SHA256 | f209841705977e44dc8ad5bd9a9e696e39e64a65f97dcf04efc956b684b622be |
| SHA512 | f567bef3712d3f0262be288b276d7738eebf53bc2884cb19dbc21c9ec26a80183e806d205db40221a89581fc191c1539aec7afcfbf267d20007a5234a86f5b0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d655a37d9f479a27862d858630a08032 |
| SHA1 | 3baf6197eb5a3e93645b8facc571de79452f613d |
| SHA256 | b62a2382530af6be8d48a3edafe85ce69107c8cf56b71ba5636c3b187cbe8513 |
| SHA512 | d8567231366331ebf001cdb2812bd469125257852ec97db34eeaa76a57a92892edac5d8ccb984908d0298721906a9649c7d6d1f201e00b54c89e3e2a88ea03bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd27f3ea03c7eaa3fd41e48067275b86 |
| SHA1 | 22477b2acf126f87e546f4ef615ef1d74bbefdf1 |
| SHA256 | 172cf4dd8fc5a8680e03d56bb076caf898e8b4037942357bc4eebb0512076855 |
| SHA512 | 28cfc93367702c7fc9a356ca3d0bc59b0b1ecd4ef054b8a6fc8c51a53853b68408e3ac1f41f0eb7be3a0459f16481f9b9d0864c88a3ef5675ea662d4a32c3630 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a94e4468e46666e82e00c4094b47e9c9 |
| SHA1 | 6ea0008cf77d0946821fca7eeaf19045c2bb4111 |
| SHA256 | 7fe5ac3a4bc061a8cc557c366d276e50a9593976a2d1bddf0752d82dc9edff71 |
| SHA512 | 18fbef33fa82a5b30679cad6652562944997be585ef05df894ae1f1cb5806b1726542762723f1843b2927133b951d2d3ddf1690a7fe8fc4626aa70073a746190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 231913fdebabcbe65f4b0052372bde56 |
| SHA1 | 553909d080e4f210b64dc73292f3a111d5a0781f |
| SHA256 | 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad |
| SHA512 | 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d6d9537b46b7b19afaab91b2aa8a90cb |
| SHA1 | cfa218a5ba89678d113505e4e5cbaf1c5ebef5cd |
| SHA256 | 00c8f0c8ba6619dded6b1b154258ca379a3390d098d21768f3b4c7e3b5f19a9a |
| SHA512 | 48587aa5a30aa0bf2a944007bbbba6181a6cf7802d3c94f5f7f1696d9db1b9b61ca48aff2c1182c8f472ac082278a00b41fe9f450d261e202309281b30de4fe3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5851a5.TMP
| MD5 | a9faee1e24e626b1bc06b2d59b0a63b2 |
| SHA1 | 0b74f01ea4c040ae864eca134d840cc9a8be7eed |
| SHA256 | 2c3de272614f3e5de1818a843fb31965b8b8c1cae3a1a074799bd56e45291d41 |
| SHA512 | 3d65084e16f636fc303afd840cda267f23490bb68f6559a58147d5c9a3bb47f9284f5d809c8b89a5413956f8ef99350d02a89d2a0694ef9899f76b3e02f6ad19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9db0cdda018070015afcf672f4f10ecd |
| SHA1 | 1a4520ff9dafb69838e1867150edd9e17c1b9dbc |
| SHA256 | 3ffad3df3dc9238825d0736ef3e1aef0dc646e71cdcbf9fab9f84682bc0270c7 |
| SHA512 | 0ca72a10c700962f923b65028831b80b1cdbad714a915f2c29d01231df93be1ed724eefd14723a676b25275f27322acb512c090c8cd5a709fd3d1e92d2ff2f3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 46edd3281fd37144f2a83712938b0a0b |
| SHA1 | f3a14cdf080f273bf41e73ebcc3d9411d8f881bb |
| SHA256 | 6774ae1702324b8fb124cbd3c2bc6b1990de3d329259639ed8896769b6c50231 |
| SHA512 | 2ad1b0efab402a26857d8f4a8edc4731bc33caf31a822e03dbd8eae33ae4e65e31c8b8d34b442df97bb595a61d3082ce5d40a3d66ee2c4ba45dc9017173acf59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 948de45a2270b78e98f925cd606fb2cc |
| SHA1 | 9cbf9028bda715fff41f5c689f438411abcd302b |
| SHA256 | 1e904f4ceb52d16065c855909d2df3e70e1c4cdbab2193aed4ebb770e1d8fc0c |
| SHA512 | 0a4f946487afd5e9e373c41dd016d9c8f36159cbe5aa05490071a25dfaf4f93917addd5f5edaa1b26875aa773b5848bdc0599d6c03236c573eeaaa7d791a4efc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d95982b37ee1eab1f86f6ffa23dda88 |
| SHA1 | 8f2677cc175c41e43b1b9e2ff1a688d14fc8a05a |
| SHA256 | fd63928d22787bcc776d4965b5946ab0e1ad24ad73d73f28bc98b35e45d1e0a7 |
| SHA512 | f7ec7757d728b4f44399ff7a0117e153c43f5d3110044623a99529996e99febf2d374f8651dd7e0ef09171c4c15445f0eff38f01d7955fcb86f077a35fe79c6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 976e5e3f0d7ebe31728b96c6c7dc2db8 |
| SHA1 | e07a0ff9999f20a5404e7a93830bc0c3291cb1d8 |
| SHA256 | f619422b9b28a512f5f283019dcfea4a76a93a2bddf5c03e18e383577a77e1ba |
| SHA512 | a518d1625c7ab4edfd95ea1eebd9a6bc43c2c46e97608cb25dba99a370290ca2eecb88910f97cf5304af4ecad0b5b19e1172a14afbb062d89dc68cb32952f9b5 |