Analysis Overview
Threat Level: Likely benign
The file https://firstmail.ltd/ was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-19 17:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-19 17:00
Reported
2025-01-19 17:02
Platform
win10v2004-20241007-en
Max time kernel
74s
Max time network
77s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://firstmail.ltd/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1bea46f8,0x7fff1bea4708,0x7fff1bea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5936 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x3d0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9115703041369433006,6664185528905643705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | firstmail.ltd | udp |
| DE | 5.252.34.102:443 | firstmail.ltd | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.34.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | captcha.firstmail.ltd | udp |
| US | 8.8.8.8:53 | cdn.firstmail.ltd | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | robux-x.com | udp |
| GB | 143.244.38.136:443 | robux-x.com | tcp |
| GB | 143.244.38.136:443 | robux-x.com | tcp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | user-images.trustpilot.com | udp |
| FR | 18.245.199.47:443 | user-images.trustpilot.com | tcp |
| FR | 18.245.199.47:443 | user-images.trustpilot.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | desk.firstmail.ltd | udp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 47.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.iconify.design | udp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.71.67.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 5.252.34.102:443 | desk.firstmail.ltd | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| DE | 5.252.34.102:443 | desk.firstmail.ltd | tcp |
| US | 8.8.8.8:53 | cdn.robux-x.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 143.244.38.136:443 | cdn.robux-x.com | tcp |
| GB | 143.244.38.136:443 | cdn.robux-x.com | tcp |
| GB | 143.244.38.136:443 | cdn.robux-x.com | tcp |
| GB | 143.244.38.136:443 | cdn.robux-x.com | tcp |
| GB | 143.244.38.136:443 | cdn.robux-x.com | tcp |
| GB | 143.244.38.136:443 | cdn.robux-x.com | tcp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 106.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t4.rbxcdn.com | udp |
| GB | 2.23.210.104:443 | t4.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 104.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | create.roblox.com | udp |
| FR | 18.245.199.57:443 | create.roblox.com | tcp |
| FR | 18.245.199.57:443 | create.roblox.com | tcp |
| US | 8.8.8.8:53 | o293668.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 34.120.195.249:443 | o293668.ingest.sentry.io | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | users.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| GB | 128.116.119.4:443 | economy.roblox.com | tcp |
| GB | 128.116.119.4:443 | economy.roblox.com | tcp |
| GB | 128.116.119.4:443 | economy.roblox.com | tcp |
| GB | 128.116.119.4:443 | economy.roblox.com | tcp |
| GB | 128.116.119.4:443 | economy.roblox.com | tcp |
| US | 8.8.8.8:53 | webblox.roblox.com | udp |
| GB | 128.116.119.4:443 | economy.roblox.com | tcp |
| GB | 128.116.119.4:443 | economy.roblox.com | tcp |
| FR | 13.249.9.54:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | 57.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| FR | 18.245.175.16:443 | webblox.roblox.com | tcp |
| FR | 18.245.175.16:443 | webblox.roblox.com | tcp |
| FR | 18.245.175.16:443 | webblox.roblox.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | develop.roblox.com | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | tcp |
| US | 8.8.8.8:53 | gameinternationalization.roblox.com | udp |
| US | 8.8.8.8:53 | 54.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 70.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| FR | 99.86.91.74:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.91.86.99.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
\??\pipe\LOCAL\crashpad_2784_YWWPAOEONDEQGHVW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12124f542a517d9aaaadac01b7e2dd76 |
| SHA1 | b18c4dad140a97d4a93236025b582049d29c7484 |
| SHA256 | 7fbd4f590a1f62b92f165859dde510a037945eb2f8303704414d8648fecaae7a |
| SHA512 | 58b641e5fc6a0257dbf5408fb91a65b6a4ef0344050561a5830741168115cc95b621694f4023d8eec88e7b164c757b874119987e8efbc6340d24519a3114d6aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b8a295e93e3a5cfb3c8394adf39d7271 |
| SHA1 | a6db18de8ddb50f14a08b5a6a53980eed1a4c3db |
| SHA256 | 8899f1ff34524b7bb6d481bf27768109fb3b6eb429253e6431656f8271ae150a |
| SHA512 | edbda846dcd28908e2e601fe034b898dcb8c4ac99dc8206de547ab18e07e5aba51c66a806ae267a692032e5368ea32506ab2965f0e986a2e81e4dfe188325382 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a22570ee-b149-496c-933e-efd60fb2dc4b.tmp
| MD5 | 9ec9c3f108d72f1a32c1867ebec04b37 |
| SHA1 | ae8338eb8c08a01a1830a82a871a75602fc736b7 |
| SHA256 | b407355eea40731c96ebc53002c727c9206b29235d73f9e44d4f1398e7978ee7 |
| SHA512 | a05c583272835a193cbd6f3b06936e4e31f8f9bdad901bb2d6ff68c86262d94082f09a8701f9c0a6e5bb998fcda0088eb745e4afa0391f2072427b2ab8988d63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f8a6a381a29943f26c315bd3e9d573f |
| SHA1 | fab0f172df71724ec44f2b8bfc0c3e47771204da |
| SHA256 | 05c73617df0d1d056b1804966f7eba5a83c9a5551e8599b3207d469fd53cfef4 |
| SHA512 | b28cc1fb028ce9c082c093ed5787a631998e5d86e83329d7b02134672d074960009792c6802a5a9217406c3c4fae4669cef83931ff57c854f6250caacf9873e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581383.TMP
| MD5 | 1022d332558557321a2fd8e4ea34add7 |
| SHA1 | b01cbea1c625b4bb953cd0650001bc593590fb76 |
| SHA256 | 9d585605939685b6766a9890dedb2ecbcf01e21ac6730960041faf366a26ee51 |
| SHA512 | b37f6b7a6b0ba6a8d7f436c31eacc6a37defdf65c2cf527a555d7ccff6293c934166d32a9bd308a6f37edde5271ccebfe4ea4703264ec60c5450ebd4d09fe509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ddd7684bf16df1e74a7b01ab5e83e3c |
| SHA1 | 67adf2ffd25dd8afa21558ef2f1d37cf28f88aed |
| SHA256 | fe02d92590b19fb4a0a36dddcb559367a755aafa12e89e538c26af8723df513f |
| SHA512 | 45e2e2f6a1d37e8269b65cd1e04a0d36b2ca753b4892d9e41fee04f7ccb9609c812bb6eede4eabea1b0b8f907994229c10a9614f32dd5027597db6b239a70083 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 60cfd9c3025a86fd67eaabcafec1b3e5 |
| SHA1 | 3b2b61c8da104b4db05b702677effb42f07f095a |
| SHA256 | 839828451a6349cb08b64e9f0727278dbe434a0e9dc98fb38180788fbbbd6c23 |
| SHA512 | 5fc360b4c15b207ade8da2c81974660a581b98adb05d184fedbb05ea272cbdbcd8b307c7759fd40a38ac6da60c1c53338ac59f1c444c44da7be2b38116d39343 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53a7364e64a97d44eb3569a577699d67 |
| SHA1 | 2cee2bec72ca74e47fc801a1d20e286d30b8dff3 |
| SHA256 | 4f439b0cc98cd438ce21a9db5c85f28ceb7ca9a8558cb41fd206df574220532b |
| SHA512 | 447f8a94dea4a15f0a298da882883f9e7bc2321ab213b6c1439a96147d5b7eed199f6e29be0ff55c77d4ee0a6fb5127b23354b3480ce758b39fb5bbc9bbffece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3cf7c89914cce4354208074f0ce5f7b |
| SHA1 | e222b531b4c799772e3000187adbecffb958fc91 |
| SHA256 | dad04272fd7632f40b7813b85d7232f7dfeaf5c9c9bb2f4562238ef6433aa4b6 |
| SHA512 | c456cbae0a011deeca82446ea8c3a10c29c1e763e920100c951acdca42670c69d84097fc06b35454fe96a07ef821c3270939ac11942ad55cb934e4b22f57a274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cacbec9a72e28cdea70206e2c8bb8bf |
| SHA1 | 106b0c4f6912417c62d02915891df1f9c4f33e7c |
| SHA256 | 2e1d2e437cae00f2d9df10bf886e8be144df7265e186524300067210f6a399b9 |
| SHA512 | 5ba53445d1a229b0c5d9ba3de13c52a6d9f15243c92a9c52129b4d5d11faa9daae8acf3652fc3a6a2b271f07bd6a94af1099827254e1d93f56482a0b033d42b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bd9fc9a3cdd47ed1df6425f33c6b0ba8 |
| SHA1 | d7846979dcb88d9fbd0c177777a84c808ebdb458 |
| SHA256 | 8b3f41a6b6c579582d4b2a809bf3539523da17a75dfd74d351890736f79682a1 |
| SHA512 | a270688ba2d6e4089ae4001bf52ba579d6d56916fa2eef1dd48a4ccaac026db35abb3035f7db67615d62586fbf8ea8c4b73eaf9fb1ec2fe02382e073f15c65f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ee5994ee6cb2bbf1958cef9f96924eff |
| SHA1 | ed04281243457090cd956a38f0901ed6c6607c0e |
| SHA256 | 1b484ebf5c2bd1808c67d0c651807539686401d9ef9fd96ff538425a43389f7d |
| SHA512 | 8d999b3f9000599c3c5151daf377bfdfd2207ba882917fc39433220e1a8a43de1d27bda4813adc5eb4efb71677f6b8d0b0c292ae21d7889f28118d309ff49e77 |