Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file http://www.northwave.com was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:03
Reported
2024-06-03 08:04
Platform
win10v2004-20240508-en
Max time kernel
52s
Max time network
56s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.northwave.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd7f46f8,0x7ff8dd7f4708,0x7ff8dd7f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5760 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4f4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16677047184633083847,18102552736038793613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.northwave.com | udp |
| US | 172.67.69.2:80 | www.northwave.com | tcp |
| US | 172.67.69.2:80 | www.northwave.com | tcp |
| US | 172.67.69.2:443 | www.northwave.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnweb2analytics.com | udp |
| US | 172.67.128.174:443 | cdnweb2analytics.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.iubenda.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | invitejs.trustpilot.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| GB | 143.244.38.136:443 | cdn.iubenda.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| FR | 52.222.149.7:443 | invitejs.trustpilot.com | tcp |
| US | 3.165.113.111:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | app3.salesmanago.pl | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| PL | 91.227.202.129:443 | app3.salesmanago.pl | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | cs.iubenda.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.202.227.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| PL | 91.227.202.129:443 | app3.salesmanago.pl | tcp |
| US | 8.8.8.8:53 | vc-service.saleago.com | udp |
| US | 8.8.8.8:53 | hits-i.iubenda.com | udp |
| US | 172.67.128.174:443 | cdnweb2analytics.com | tcp |
| US | 34.110.154.184:443 | vc-service.saleago.com | tcp |
| GB | 143.244.38.136:443 | hits-i.iubenda.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.154.110.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6ney.googlevideo.com | udp |
| GB | 173.194.183.170:443 | rr5---sn-aigl6ney.googlevideo.com | tcp |
| GB | 173.194.183.170:443 | rr5---sn-aigl6ney.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3---sn-aigl6ns6.googlevideo.com | udp |
| GB | 74.125.105.8:443 | rr3---sn-aigl6ns6.googlevideo.com | tcp |
| GB | 74.125.105.8:443 | rr3---sn-aigl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.125.74.in-addr.arpa | udp |
| GB | 74.125.105.8:443 | rr3---sn-aigl6ns6.googlevideo.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 173.194.183.170:443 | rr5---sn-aigl6ney.googlevideo.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s-img.s3-eu-west-1.amazonaws.com | udp |
| IE | 52.92.18.42:443 | s-img.s3-eu-west-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 42.18.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.iubenda.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3080_VLBLMUELLOLJKCUA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c81fd5fea46d9f4247be013d843895c |
| SHA1 | be56f5840612cd26fc2974615eba78979804853e |
| SHA256 | 1f12abdbb12eaa6c3bbc9828253bd2c7dd819a4b55189fd5494bc47efe053d50 |
| SHA512 | 8f4c49d906276a40f35066609d50254a1feef80a3c2b4e9895fc671bc6954c42b3aa7ac266b08b78a0be944c1aada78a0d0041d82f4f274bda89f11737492405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 6b48bc27bc102a88ac101ce2e1813f43 |
| SHA1 | 9b0888cc55caea0fa0ee2b58579d48965c5d6438 |
| SHA256 | 5b280f39d7bf1c46dd79a1e064137ff70c9dc1f752dea680cfde9a1530b9d6cd |
| SHA512 | 32408270b2d55fabc0ceb9be7d42ff5a5c0731d0ffeefba7db57f879a77cda501f46a26a4481bb3b2685e07cc5a6cab33950d8397ce87e156a76c0edcefb9f3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 78f2b814a745f6d09916394fb40b3251 |
| SHA1 | 60519380b2ea9cc667ad6eb842f98e48257b133b |
| SHA256 | 091a604696361bbd55e38fdec67342fb482802adf3dacf392c94a69be15bf27d |
| SHA512 | 56b01338aa4e2eaef54b9aa81a98fc2a13b23c9717a0b0f63cdde03206e875aa2420586412bc0c9aaca30a12eedd378d2437e38e03afd06b8d195622e7beb8ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 9d90da91857601c4ffb369f14de1d91d |
| SHA1 | c10120e1e60d41520925fc29c9e0824937461616 |
| SHA256 | 921c26da56ca271a9db7ced61dbb6ade0a41e6ec015ae6c4f3a0ed76ca55e40f |
| SHA512 | e6b38d91681eb12508a2bd14768bdb372c617f166468f1488a734dd70383e80ec3e48859bf2c264184cc24e073db0067b740cd606a15907d0fcdf9ba8c5f73df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dfece569076df89b9f30e1a8f83b4411 |
| SHA1 | 423a0177ef00e0ced4340ccb0491121d035acbba |
| SHA256 | 0fab5cbf2e2729e10d529dea26d86d3535ae4367ea491103b0258de8afa6d0af |
| SHA512 | 701aed4dadb0f1f6afac72834a39992b396bc79787bc1f0f8fb581de202a55b3085286b7fe25aa0e1e9b41a3adf724c299bd939fa63b4da00e4a9de3b930a414 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ccc89bb759efb766ff0d1ff286f54b1 |
| SHA1 | 50ea2d93be8eea8b8667d461ee45aac3d5fbaf7b |
| SHA256 | 8d49429f4e8767c46e38a05d9e0c9a4f11d428feb0123b659376c6759dbe2f10 |
| SHA512 | dbe49308cfa4509f5e244f5c75521f32d61a9ed1563073d8e184cd165cbea45e14127919f7b649c181fb23d5301762c7a619be90a314764c996af6c670d561a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a6fe.TMP
| MD5 | ecebc8c918804056aa3788b9144157b9 |
| SHA1 | f65f5ceb796f71650cac6f8824d5c9b16184fdf9 |
| SHA256 | d665ba539badf79e25efe42ecd853e4cb9ca598a625aff23328c5760964a728a |
| SHA512 | 0a1d5165229af90ab7589eb6244d3717719dd70d1554c2cc6703bc4c20569c3a139f19095ecbd46a8a45eb84b4f6d27d915b2fe3090d4ca75582f7d7addcfaea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aeb6dac1-ddd0-4ad2-843e-87690030a067.tmp
| MD5 | f861a399983e5c265fb233fddabd7d4f |
| SHA1 | 39efd9b4dfe9511532a766e56fb944e86dc6cab3 |
| SHA256 | bddf1641e84f31c84a93ee83b2e94c939460318e3a68d8ebfb13664f79bf1b84 |
| SHA512 | d88ce5666507c8ef242b585c5782a9560305101f6dbeebff78dcfac3c65e3cbd3da20a664f1335c93b3e52a3b4492d776864b2f86eb1a80af0348a200c3f2259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e40ab2160c3382705c36f784fe73bef |
| SHA1 | 77b4fa88b10890cf5f8385441f6bb25013c175d7 |
| SHA256 | 92d07fcf5adaf920995716a06bc612d275c07ee44d7024b23c1b9124b824bb86 |
| SHA512 | 2989b92baf011c5ebec8c30d14c111580b1beb8d0f13b1a87ce0a91548c9c177765c56fb57c63319f79b68d1e41c9099d21b14be54be9137859748195dcb593e |