Analysis Overview
Threat Level: Known bad
The file https://shorter.me/80DVQ was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-02 19:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-02 19:26
Reported
2024-12-02 19:29
Platform
win10v2004-20241007-en
Max time kernel
107s
Max time network
113s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{A1EAED7E-C305-4AAF-892C-C40BB45F0D21} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shorter.me/80DVQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3346f8,0x7ffbbb334708,0x7ffbbb334718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5460 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,7594893995306387379,12947113383579285416,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6156 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shorter.me | udp |
| US | 104.21.59.19:443 | shorter.me | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.tl | udp |
| BG | 93.123.16.68:443 | www.roblox.tl | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 68.16.123.93.in-addr.arpa | udp |
| BG | 93.123.16.68:443 | inju.cc | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.8:443 | static.rbxcdn.com | tcp |
| BE | 2.17.107.8:443 | static.rbxcdn.com | tcp |
| BE | 2.17.107.8:443 | static.rbxcdn.com | tcp |
| BG | 93.123.16.68:443 | inju.cc | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 8.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | 2.83.239.18.in-addr.arpa | udp |
| NL | 18.239.83.27:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.27:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| BE | 88.221.83.27:443 | images.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.83.221.88.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| BG | 93.123.16.68:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| IT | 104.104.52.234:443 | tr.rbxcdn.com | tcp |
| IT | 104.104.52.234:443 | tr.rbxcdn.com | tcp |
| IT | 104.104.52.234:443 | tr.rbxcdn.com | tcp |
| IT | 104.104.52.234:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | 234.52.104.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.54.104.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.32.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| BE | 88.221.83.40:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 40.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_2648_VOLALGNTTKWNDYRI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a719d50c2e91c3e7f92743294007249 |
| SHA1 | df75d07d4362162dd4213c0d71c4644c5065713a |
| SHA256 | 7b7d37d821bee525147f797144e9d26c123d239cf67fb45cfb04dea53955bd3a |
| SHA512 | 16f31e16df0ef2f292254c5aa44893dff67a1aad50329460062575fb1e220f0e666f9238689286c7033b5ac5f04eed8e2f316e05a9287110171f673d4558d131 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 929d1c1163f9bf52e2a7abfd42b8ee15 |
| SHA1 | d2721a5abd39164d464e2f5d451df88f7c8e3098 |
| SHA256 | c4835dc249a1d69d4bb59d5656ff44f56a9e43915fd92b7224bbc12c54c8acf2 |
| SHA512 | e56718d55d7835e8766ec4e330c25eb29dde407f1db5d3b571c0844c98e54c1eb6310626946e66c73ba1c04afab0d314c4c05826722331449d417103d8b13e88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 570953c087d66615bfdcec3f9e477ffd |
| SHA1 | 1e3a8db7759cbe2328032ebb021f8bd0f315f9e3 |
| SHA256 | 3a680db4d0de84c8c7461d57fc9bda981bc8c770107934346ede2e132415e483 |
| SHA512 | 8bf5d46d3e23c1f60700e941dd0d6f6bcdb8506b4a57ad45e5922941f19a8b64e5df3a2e8b401c61e3e1abc128f4393487139dd89c0ee9087ae45513266fa00b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01e8e3c46095666465772079669c8534 |
| SHA1 | 40c26a4052af6e17f1a91ab55101bc918fccc700 |
| SHA256 | 28cd4f471ec14d6806f15610b0cf7aee67f828a002d00edc9345408d126a77ab |
| SHA512 | c711ee055514affcd005ae79f4fe9e5eac17f76d33c3fe567b8946728d0283973aab25056ccda32c7f7a354ca7f21bd41415516cd87bfde0262a035006da4bdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582c2c.TMP
| MD5 | 8dae8e89731dcbc1d079e200c386b241 |
| SHA1 | 945d4413f7b6713e33e423eee3b2a76c073f4d08 |
| SHA256 | 93812b035a22b510c610c65a9b15198289abac68f491068c8d10ded46c363f53 |
| SHA512 | 90c0ad59dc07149f647bd149e11aaf8f4271b18adf97d3475f8d8e58268ed15ddf052b75611be0eb65b50c893f3c2c4d10d578521cc4cbb4b4b9b17b165b52d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b99b3469bd6e6e70ec7d0398783eaa7 |
| SHA1 | 1a1856af863d92f5e979269d9529af2b74d09e5f |
| SHA256 | 1b1094928c92dc25a0c161b78f36c814a9e796fbcdfaf576ea4171a9455da70a |
| SHA512 | 8a4e45bad8dd88bbe78be3a409651101de86bf9462a9b43fca76eba2c1651ca4ed71a69311998ad9210233e8264319db043ab254c8ac193f9a239e5a0b59c222 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7d0240d2409ff7212370eb4bff3d1f6 |
| SHA1 | c2340ed8c66a9932eb5c3806b9e5a3edb7b03eed |
| SHA256 | 4f04123691eae73df69135cf6826d6279e6077953f0b57692c2866b1ee12b1ed |
| SHA512 | dbe4f2893996436c2b174915a5b85ca262b5b200248af13a7f25f6e34693f3c57b2e071594ad1761fb8e58c2e701896df5b1cb15cd242966637fcbe959a02b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6fc6374b4746332d6bd4c8fb9165734a |
| SHA1 | 09a4ca2e72a44b91cd192ffdfb693b2e9ef97b38 |
| SHA256 | 135b648cc69afb92c25f2207298407d67cabf66b80953f3a36e31939bc46970c |
| SHA512 | e17d426c21f1fa27b188604ac0624e39bcb41be19657a928ab92a620cee21724a8e504eaf1406c21e832cd1b80871b4b0743c04d97f22e8047b07b7e122e04f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4f7bc67439d24863a7a7faa9d1a7323 |
| SHA1 | 3ebfc31297625524eacd47c24c1fdd06a655f9bd |
| SHA256 | 8e7ed3f3abcbb46566a6dd11e825c05d2b72ee6550840b8172bfe6ba6ae154d0 |
| SHA512 | 997dcb90afc028cc651ecd4d8f28ce5acc900aa4abd214cfb0f39b0522adbeff57c96332602c94da526e629a4b9fde55f783db789970513e8cf001c4277aa127 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 85940a631545fc56b66c5436aa01392c |
| SHA1 | f5176395079a65592b8f814e3e8e41695c180958 |
| SHA256 | a117c6bbdd1f88fb1d10791b7fb998b1080516683453aa669875ea13c8b8ba4c |
| SHA512 | c55ca4d9935c734aeccd16deba2f436489421ddf28cfabb87d5a5ba68628848eb046c2aff2ef0210fb4f4bc9713f24da85d3a1340aede915bc2572240d9a9511 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b8f17da4e6f913bc6294eead1d05fd4 |
| SHA1 | 46bf89d73985390cf8de9ddc6cc5f085376c9a17 |
| SHA256 | faa4ec62b8a49d7e6c430613a7d3f2df58f020eaba3bd92a1e029d6ff3adb895 |
| SHA512 | 83f38b3e7a30d6f1f6957d240ea15acbfe334220e50d7a57b87ef88192a9535817f9aee69da62bd154907195138a84b9b96330d2cde9c7ded3b2ad7e35dad0eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 667ac9ed77863347cb29625576135bb7 |
| SHA1 | 9f94eeb18d0ee3f7012334f19b34fbd8238196bf |
| SHA256 | 74fca46322e89c4512900b908095f8137ff6b9b6e2c2d4d5c8c457c74e511e43 |
| SHA512 | 8c992879e20f58ced5b424e6a72334a72e5690f71befbc22c7bdd4c309ea80c2ed664af9caf83ec7dad9ff546998f9928731c8199b8611c65b53c31638d44dd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 213db0a563169c4c7f8945ab7852552f |
| SHA1 | 78ee5d20fc1f9479e244f9c5d2aeb3ffbf5b5a52 |
| SHA256 | a8831414ff8a3fc3e7eb05ed6a9824a2f7f5d214f933cc7b3b30cbe674c301c7 |
| SHA512 | 19fd939c6a737c2d7d3bab7b2b987d80de554c14ba2385ece0be1a6c7e28e74e9423adcec66452a099f5f6718cfe8fabb140ac7deb8394df6d6e67d507a32611 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dc8635b6002c64c0479704911d0ae425 |
| SHA1 | 7a75a0075e6e58488dd04f9d97d9ffcc03d0e1b7 |
| SHA256 | d0716ecaf9d06b9a04aaec8eea1968592d7620c0bf04f7964e50dd653247f358 |
| SHA512 | e03a76fe523bca5ce85857fb23387db31db030e043c14b75b3ae820a154927115e919500b78a6cb9dd00a3894302142a4b5ff034ffb34ef804a91da8c043fc5c |