Analysis Overview
Threat Level: Likely benign
The file https://firstmail.ltd/ was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-19 17:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-19 17:08
Reported
2025-01-19 17:15
Platform
win10v2004-20241007-en
Max time kernel
397s
Max time network
388s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://firstmail.ltd/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f3e046f8,0x7ff8f3e04708,0x7ff8f3e04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,18128054706790841423,10385896246325559514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firstmail.ltd | udp |
| DE | 5.252.34.102:443 | firstmail.ltd | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.34.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | captcha.firstmail.ltd | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.firstmail.ltd | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.tenor.com | udp |
| GB | 142.250.178.10:443 | media.tenor.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.135:443 | r.bing.com | tcp |
| GB | 92.123.128.135:443 | r.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 32.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 169.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.64:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.firstmail.ltd | udp |
| DE | 5.252.34.102:443 | api.firstmail.ltd | tcp |
| DE | 5.252.34.102:443 | api.firstmail.ltd | tcp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_4872_GQBHXAIDIIAKVSXY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16c1406a08a556926d8c0d74e3a971ac |
| SHA1 | d0c371428246bc00deb5e2743f33d2b055102f1d |
| SHA256 | 4669d92538c44936e80a9419ca67ff344ac168622667df5ae9303f6a9928143d |
| SHA512 | 930367712b607fa715fd0838c4509755584589bd9389b35c75339f6cfa88531663969fa471e538f0dd489ad7f895bf7f040b3fb63510894a9eb74a964efc5352 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c96619c3788c98299193a02b9f9301dd |
| SHA1 | b45fa21a2ce13b9cbe881f1fe96db5a3bb569bdc |
| SHA256 | 41f68e2490082e00775b8ec94ad1d794eae14244536a44571606c56f18557fa1 |
| SHA512 | f4b8bebe5efd039b6f28fcb1af63b3372a4c2e47d24314789b731b717c3f7835ec46e140d5f0c728cd52809851d499b4779cc29e31752dd12dfe00e7a1968c1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7353897233ac6ea3a834994bc249b74 |
| SHA1 | b3db7839752dca30d122229c930c49ea3582ca99 |
| SHA256 | 9676c0292373724a0901457a7d200f05ec8a01dd1e0af88fc9c84edc4f51ad8b |
| SHA512 | 2cfd680d4e9473d5a3c374866416450f9ec1bc5e412c097fdd603637145d9eb61fac0c0c6f533bf236aac22968f69bb42783674432f97606df9e2477f9c9e718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 153c0e182edb1e197ef0a8d20422da51 |
| SHA1 | 53b6100d10a30fdd057e1fa2bd3684322119dbec |
| SHA256 | 3d6fefa09b32d7cb9c7dd89ed2531bab7e2a2884861aceb8066461db3ccafcaf |
| SHA512 | c5d7f1a7e6502a06ffb1d671032ffef0c47b0a06c4fa0a1588517f6a380300f3f9434c02e3e079505e3d59299f3e04cae70c313e29969d59a0d15495a8517c58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cf0f2069792e3dc66d3effd229e454b9 |
| SHA1 | 19b18cc1aa633edcbd3d44a1d3429dba6646770f |
| SHA256 | f394453848ab50ed524c08abf0d2e6df5ead8187409df39a248ca7108621a3df |
| SHA512 | a8b8a6908df7ea32f2888985b134fa945c532c70762befa8dbf225fcc9cdca77c05965b252edc4d8e95d72ee954d88bed89f38ae93861a59ba9a2dbd13777c36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e87b.TMP
| MD5 | 38d8e7449813635ff9a3a7aa3a845abb |
| SHA1 | 400ec2054455636355306d7c211c4ac064950446 |
| SHA256 | 2c111939277243c4a3c4dc4e8282311b621132636c257af3fa26c16c3d7224b6 |
| SHA512 | 82242bf06438fc7d3e02196b247d47485d7df77ec5d3c132039c0fd679057e252811e3ebad669b2e060233a38bbbbc74a28081aa4eb820f3fb3a54aedb2471a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 88381940c1a59925f6987ffaf49223db |
| SHA1 | 77c129368e42eedc7e21493530055e7713ef1228 |
| SHA256 | dea70aef7e2c68ec4520e1660b49b3dea3d8a14f0ca5eeaab74016a059a7abf9 |
| SHA512 | be25536fa05adef1342b2b4df2799efb4db7ce2d9ec7af3aeb277b0d4edde18ef06737212aca4750b81e8e61f2296a5b9c1ae940e8b55e5bbf71cff0ee763d09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 770dd0f7309aa62426989ad5c946d303 |
| SHA1 | 30480e6008c18a94e06cfbe20f62ff9587c50d9f |
| SHA256 | bb12129076cfe06ef40e3360ad03d075574f995628d661a59b17b6c05e0e394a |
| SHA512 | d1385aeb6b99897d2d6a6c38ee7c9c0fe7b5b5be951d9cf2f7dcf117b539c5375407c1d9ca81befea657d6de38945b604cb4f908aefca04c12c3af15e8c461b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ec1783e13c4c7d26bd5886073eac0086 |
| SHA1 | 1ca4900f2ef0ecbcb0630a8bcd4b8b8231dc6d4f |
| SHA256 | 1afe638030a1900bcc74c33f3faa9e32c83e271f456979908c296ba264d60078 |
| SHA512 | 5ce250ffac7f511b6586b96a529535f00b8bdb0340d2cdb45a287410321fdb2d6c28fb414b8f041bf61280fc04d4f3b436fc295711fd4b03ec1ab3d7705b6ed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | c391c001de7f9505577467414e82dc47 |
| SHA1 | cce4ad3ad84b5cb27e0931aa5c880de859930dc3 |
| SHA256 | 21f69ac7ffdc176caab474264a253f6812a827152db7a1823fd08d53f6efcf54 |
| SHA512 | dc66580bc7a8c6c484bc12707bd88c514c91f6d0bb6f26f914b9507a8b4e842af02524e41e3a525fe89f8eef2ed83ab9ebfc3870b756a3eca3e52308b74d91d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 68b548c3ba19f9dcc395cedf442e2a92 |
| SHA1 | 4c70deaa511465feec5606c85194063a363c4321 |
| SHA256 | 325253a4b7d0fd16e5f5aa48ff8cbc9b47f07784d1d76d1a160bc7a30126ad4c |
| SHA512 | eb3b0cd4a127978fbd32ef3b2c0270e60629d35afa821f4f0947b25679d2c03f36ca126db5cbbe8be26ebdbc5bcf362c5d1990582af4cd4772f89eb98a1e831b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 18c3d9241e8724c95a65af186b68e128 |
| SHA1 | e11cf134f410d8bafae3b48d53c37d207406d3c4 |
| SHA256 | ff0625885666113bb42a4473aea52cae7c50c24c883460847e3c21599e715d80 |
| SHA512 | e0b18afe920bf1451a5f53076d9da4a6620006484bbc1ee11e1444e7ced0aee3768814848581485e3b818cdfaba5d47160925802371e64847bf32cb6ce38b804 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 4234e246eed051e4ff0fb93e9f64307d |
| SHA1 | 11db22678fd39434144a9c46b0f1228babc1f011 |
| SHA256 | fc5694ddf4c66426364669756c01b9a92fc86c5cfc9405f1d577b423902999cc |
| SHA512 | cad8ea1497bbb6dc95fd55090a944a4c49e88d5e6bcea7a2a813e6c90fff7227703cb0ee3356531f997f01db1e40fa106ee5670e83a1067a383bc61d7c74d7b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8908d298512131aa01a8e27b6e5916bf |
| SHA1 | 3ddee9daf30b2d30a556d73fcacf66241c9d82c9 |
| SHA256 | c872486eb5d22f1e2fc38bc3c29c1e62c27e8933e97615c55bf8162fa25cedda |
| SHA512 | ea2ca797312d1a05f4b2b2a52b3773c66d5066dbc7d702b825584542517d44d64cdaa9723cf309ca2e09f0a717d12f5236483f843774bc3bc87cb4962a57ff21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cce5c0ea23801cb9d6cbf58d5832b706 |
| SHA1 | 25f86c111575d9a626b01bcb5dae5d38cdd1fdc2 |
| SHA256 | f3c7b1dd6c7c7e5734d0d72b50cfe3024caf2c99a4e678056dafc29154d2f23c |
| SHA512 | df50e6016ade3c756e082d0d45a35fb52d105ec41172b21158ede0e74f8321fd24c9afe603e7370f7910fd7f10f9bdfcf8c7a18f9e64c0ec5adaec6de7e02b48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cf4ba62f269413ff1f8544c57e7f84ce |
| SHA1 | c35a89ade01a3a4a8a68e96108dabba13cc93227 |
| SHA256 | 5cb40e5cd14b39cd34768d33250fedd20270f7ba31afd7f96551db215addcc7d |
| SHA512 | 305b57b2d47e9b59d3fed634322e43354c5002a7d87f4f9b33a04a68b7487112e61adfd6288b8c772aceaa2fa8fb34dacc1fc1ed3df783ff66f38d243f4821be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f842376181e14d763b8222c8baf347fc |
| SHA1 | c91637e3f5bbbb71e92434a0f42e795d4c95d678 |
| SHA256 | 694a5c854f80a3608517dcc2632059e612a94d7d2fc92a491768d34c9fa7c7c6 |
| SHA512 | c23632757b07f7fdf3d93ae2a10c920cb2cfd0d2c9ac9825205ad1f2a375865cbafcd862507fa102e822d004af382e49bb94e3aff87a53b0fcf4f5dde8fb9c79 |