Analysis Overview
Threat Level: Known bad
The file https://app.patientactivator.com/designer-smiles-168617248516558/review-us?rid=23153580693&source=email&rtype=review_request&templateId=895409&custId=%2BLq7pkjk0yZZugy0uk7%2Bvw%3D%3D&r=https%3A%2F%2Fsearch.google.com%2Flocal%2Fwritereview%3Fplaceid%3DChIJn6PTDJqcQIYRrae1YCV2FT8&sid=2&enc=1 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-05 15:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-05 15:01
Reported
2024-02-05 15:04
Platform
win10v2004-20231215-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
Detected google phishing page
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.patientactivator.com/designer-smiles-168617248516558/review-us?rid=23153580693&source=email&rtype=review_request&templateId=895409&custId=%2BLq7pkjk0yZZugy0uk7%2Bvw%3D%3D&r=https%3A%2F%2Fsearch.google.com%2Flocal%2Fwritereview%3Fplaceid%3DChIJn6PTDJqcQIYRrae1YCV2FT8&sid=2&enc=1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9eb446f8,0x7ffd9eb44708,0x7ffd9eb44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11255384560884461921,5316970924506531573,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.patientactivator.com | udp |
| US | 50.18.123.174:443 | app.patientactivator.com | tcp |
| US | 50.18.123.174:443 | app.patientactivator.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.123.18.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1azc1qln24ryf.cloudfront.net | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| DE | 108.138.24.161:443 | d1azc1qln24ryf.cloudfront.net | tcp |
| US | 8.8.8.8:53 | ddjkm7nmu27lx.cloudfront.net | udp |
| DE | 52.222.206.18:443 | ddjkm7nmu27lx.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.24.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.98.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.206.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.icomoon.io | udp |
| US | 8.8.8.8:53 | d3cnqzq0ivprch.cloudfront.net | udp |
| DE | 13.32.118.38:443 | d3cnqzq0ivprch.cloudfront.net | tcp |
| FR | 143.244.56.49:443 | cdn.icomoon.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 49.56.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.118.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | publicforms.birdeye.com | udp |
| N/A | 10.51.31.17:443 | publicforms.birdeye.com | tcp |
| N/A | 10.51.31.17:443 | publicforms.birdeye.com | tcp |
| N/A | 10.51.31.17:443 | publicforms.birdeye.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| N/A | 10.51.42.136:443 | publicforms.birdeye.com | tcp |
| N/A | 10.51.42.136:443 | publicforms.birdeye.com | tcp |
| N/A | 10.51.42.136:443 | publicforms.birdeye.com | tcp |
| N/A | 10.51.31.17:443 | publicforms.birdeye.com | tcp |
| US | 8.8.8.8:53 | 3.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.179.241:443 | csp.withgoogle.com | tcp |
| GB | 142.250.179.241:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.179.250.142.in-addr.arpa | udp |
| N/A | 10.51.31.17:443 | publicforms.birdeye.com | tcp |
| N/A | 10.51.31.17:443 | publicforms.birdeye.com | tcp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 10.51.42.136:443 | publicforms.birdeye.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| N/A | 10.51.42.136:443 | publicforms.birdeye.com | tcp |
| N/A | 10.51.42.136:443 | publicforms.birdeye.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | efc9c7501d0a6db520763baad1e05ce8 |
| SHA1 | 60b5e190124b54ff7234bb2e36071d9c8db8545f |
| SHA256 | 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a |
| SHA512 | bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d |
\??\pipe\LOCAL\crashpad_4080_DGIEQOTCYQUVJLRP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 393774ed148b6f2a82476f4e978ca040 |
| SHA1 | 7802ec015ae0c8d7f9f9daf469ba4ed38b306f02 |
| SHA256 | d1b3be8fcc9d4820054ab5df4d6834b043413d302397b218b208d9d4d08d91bf |
| SHA512 | 99545f21243ddc0f20158cf7b85baf40386300b6eee596e510d429463979b4a576de63d6a3d526e0e22f2a3add7b529d187155f2489871c350c6b7f9dc0daff2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af71313a3f76cb8b29acbfa861f83874 |
| SHA1 | b44bd4b8e996d1acf0e8b76c5428eba825f826ce |
| SHA256 | e73053fd7ef46fbb4bfe270bc0c6d0c4c41b2abe56652fa4ee84fa54fa983cfd |
| SHA512 | 0a947b150dade84965c6f0494b1be04d65acc2a1c0e7d248afc5b0b99a13d55a6bcd5029b4745ca66c6594954d8457589deba64960b4b67613842fa4d1678464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8dd31cd8d7a1f4ca16477a53c94fa1c5 |
| SHA1 | 7db529e790b8adb016e77c186293f3cacabdb5ca |
| SHA256 | 912d8f86f4aeee9d8c0848815a044751589713e0505ad55f6c407f4fabd38700 |
| SHA512 | 53d1bc7b192aff5fc9ffd81e154d50338e07453bde63b50af9a79935fff0f189f92d61eef588483caeb83c7021bdc7e1ac733e2c07a98aa8dbb1abe8b791f11f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 121510c1483c9de9fdb590c20526ec0a |
| SHA1 | 96443a812fe4d3c522cfdbc9c95155e11939f4e2 |
| SHA256 | cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c |
| SHA512 | b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6aef7a49b56fd3461d7f0fc84037ce1 |
| SHA1 | 947e2ae151f07d2b321b1eabb588066694f96b1b |
| SHA256 | bf1477bc10b3258a7475a16ec2b102609f9ce88427f5380e97a3a3c0bc8f3aa8 |
| SHA512 | 0fbe0822136dcd1aea5b51d1aaf5fa2a0238c17be502c4504632eb291d2a526ee3a945e717faf2f8b3370babb915cc2709bfb1a4774b86a4542933fd5c743fe5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eee488e89795887060883d8625ad5205 |
| SHA1 | 5fc3f2ffa2ce60a31b347191c9a2b088e6e8187a |
| SHA256 | 389ea7485d4b14c02d2508c4b2ef00b2c0fe0b048043bf5f47005ccecb300f0c |
| SHA512 | b5fa82d1e841d70db37f16c5de004955342bd317f13a512ff5c8b9dac52fd30603acda14c1d6e4414268daaaf81a0083f109087a7e9a767223119be1191e759f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b2d740181930824ed2381eda56bbf912 |
| SHA1 | dcd93712577b77a69b18e2244921ea0b567c25bc |
| SHA256 | 7650c07043232a2aefa061c0d3eed2901af2f64a5c75d5134470937cd22a5a38 |
| SHA512 | fe5b1c7711f5c9cd60109b559d6da2ac642bcf8404523824dab3ddadc8b65ba01af0f4711bc0052693c2ec7e86c5108898cff1cc21ba9ba5c3460c3c70c2a89a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fde4c3616fd833a785a62991f9f8c96e |
| SHA1 | 3be35a65cfe5e476f90431d3398c6d4893949c7b |
| SHA256 | e76ce9925d638e0c87921fb8469f93dd7e32d2c167d26e410d4f3eccdd1e5c4a |
| SHA512 | 5b0ee1623049f37c32ac992477f4e7b8eb3d46967a2b22ec37f2c7bab21a7195af23f29d8d19360bd4e9ff47de2b8502c0473edea5439841673f593abfd5df96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dde03a33a87ae854344a65441fe212cf |
| SHA1 | 713aae9d0dd718604a59a62f6d042b0609802eee |
| SHA256 | f3bf7d3e8643c642ce0acebdacac4ae02fa4ab19374200f9ec4bc067f54bc5d2 |
| SHA512 | c38867049b0a3ee031e7a8c8e996fdca1f789520200bc4deebe5370907700dcc6095ef385dfb4b804644e7efb1f85487c27b66d31c55fc571724c17b658c7360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dd2c.TMP
| MD5 | a658b55412e32f01fed0fec8611979af |
| SHA1 | 0117884d37061c0cc02370236e4faaa5843b704b |
| SHA256 | deca754dbb3812ecd40fadaa33eb8f46d86bb4c2938a430d657b220ed96ea635 |
| SHA512 | db4435a8f36fd16b607fb2044d48f3a3e2caab05dc9f391ea9bfc2c75abe01b00732dd178ac0518a71f114915b54e6a01ef0263d8c8b399eacfb674702d2aa5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0ee5ed9eb633ce7e4440efee7b478c5 |
| SHA1 | 1adedded3da6a6eea88597f47590ce8fefaaad96 |
| SHA256 | 0f839026ea7133b559b925711e52880d510b19f59b30d95a57bfb4042c5a27f7 |
| SHA512 | a0b71b2701ef2e594c17b6331a3802db24c62f835299ee2a8ba6a721bc6111453b5db51980e536e6525716bc2cdb96e7376d3f8d2452b7fa7d9f3e19d0d982d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a2e555774d40f251c7719ac81de1f6f5 |
| SHA1 | 4621c49a656f8768788a823f955efe52e732c498 |
| SHA256 | 82cb7142c4670e9e4590daa925cb0db9fb7dc23ea5899db8129367c5eb445a09 |
| SHA512 | bf6357ee318ab7f48655d797249f86082f941f3795f36e5914b258ea045f8e9fb92be8d80cac5cde943516edaaa25eb493720cb3bbbce599bbfb46c9d1639f55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cf36b8f26b7454a294aaab104d8c73b3 |
| SHA1 | 4d61c45c68534fe16a57c759410587a13015b44c |
| SHA256 | 96ab46f067946d4f18081ec921fbc473e8beed2732293a78fd20a04f5f97ecb1 |
| SHA512 | f2f30ad5dba17ce42c59c2655ab8858ce83e229f4e2495316b479b3bbcf8e18baee73367d44f0a17a282fb0262efee34f33b7a0495ddfd3a37c0617c63b9bb0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a84e1ebbbda1a23ee2efcaa5324fd9e |
| SHA1 | 486098d80b48d9860cc71b6bed4f46f29e9d154f |
| SHA256 | 2d2b8aa006aaafbbe11bd177ecacf4a9dbb30a8db795fb61fe29af3af5bfd2e3 |
| SHA512 | 724eff4da6c2fc0399f68700291eef7a2fe3e179d74886aeff02a28a1f8fa8032edbfc429e43cf84ff784296e38e83586f1b280bd2fa33c33ee31a5a9e7ee096 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 276b5088bbe8d3cc6aaf7ffcb4707346 |
| SHA1 | ef3f1ed05773440419492239d0a64422b97b42ce |
| SHA256 | c95c376c0e999341a865b33d042dbcfc2dfebea1b9e9fce9822609a1f8ee1f06 |
| SHA512 | 6df894954a7721a20c17dd1f7508263eda8916ca69c2d3923b7e6747ec5282fbdf02b5aeeffe6bdcd52b518a1e1e4989be061e55a46dae60e5c9b662182452ef |