Analysis Overview
Threat Level: Shows suspicious behavior
The file http://withdraw.remittance-investvoyager.com/claim was found to be: Shows suspicious behavior.
Malicious Activity Summary
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-07 03:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-07 03:09
Reported
2024-06-07 03:14
Platform
win10v2004-20240426-en
Max time kernel
265s
Max time network
268s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://case.stretto.com/voyager/file-a-claim | N/A | N/A |
| N/A | https://case.stretto.com/voyager/file-a-claim | N/A | N/A |
| N/A | https://case.stretto.com/voyager/file-a-claim | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://withdraw.remittance-investvoyager.com/claim
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5b1c46f8,0x7ffc5b1c4708,0x7ffc5b1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | withdraw.remittance-investvoyager.com | udp |
| RU | 193.143.1.13:80 | withdraw.remittance-investvoyager.com | tcp |
| RU | 193.143.1.13:80 | withdraw.remittance-investvoyager.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| RU | 193.143.1.13:443 | withdraw.remittance-investvoyager.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.1.143.193.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| SE | 88.221.27.113:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| SE | 88.221.27.138:443 | use.typekit.net | tcp |
| SE | 88.221.27.138:443 | use.typekit.net | tcp |
| SE | 88.221.27.138:443 | use.typekit.net | tcp |
| SE | 88.221.27.138:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | log.olark.com | udp |
| US | 8.8.8.8:53 | static.olark.com | udp |
| US | 34.96.127.16:443 | log.olark.com | tcp |
| US | 34.96.127.16:443 | log.olark.com | tcp |
| US | 192.229.233.34:443 | static.olark.com | tcp |
| US | 8.8.8.8:53 | asc5bxzoa3.su | udp |
| US | 34.96.127.16:443 | log.olark.com | udp |
| US | 104.21.67.89:443 | asc5bxzoa3.su | tcp |
| US | 8.8.8.8:53 | 113.27.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.27.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.127.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | api.web3modal.com | udp |
| US | 104.18.28.72:443 | api.web3modal.com | tcp |
| US | 104.18.28.72:443 | api.web3modal.com | tcp |
| US | 104.18.28.72:443 | api.web3modal.com | tcp |
| US | 104.18.28.72:443 | api.web3modal.com | tcp |
| US | 104.18.28.72:443 | api.web3modal.com | tcp |
| US | 104.18.28.72:443 | api.web3modal.com | tcp |
| US | 8.8.8.8:53 | relay.walletconnect.com | udp |
| DE | 3.73.141.134:443 | relay.walletconnect.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.141.73.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | verify.walletconnect.com | udp |
| DE | 35.157.175.173:443 | verify.walletconnect.com | tcp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.175.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | verify.walletconnect.org | udp |
| DE | 52.57.165.115:443 | verify.walletconnect.org | tcp |
| US | 8.8.8.8:53 | 115.165.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| RU | 193.143.1.13:443 | withdraw.remittance-investvoyager.com | tcp |
| US | 8.8.8.8:53 | pulse.walletconnect.com | udp |
| US | 104.18.27.46:443 | pulse.walletconnect.com | tcp |
| US | 8.8.8.8:53 | 46.27.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 34.96.127.16:443 | log.olark.com | udp |
| US | 8.8.8.8:53 | relay.walletconnect.com | udp |
| DE | 3.124.182.184:443 | relay.walletconnect.com | tcp |
| US | 8.8.8.8:53 | verify.walletconnect.com | udp |
| DE | 52.57.165.115:443 | verify.walletconnect.com | tcp |
| US | 8.8.8.8:53 | 184.182.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | verify.walletconnect.org | udp |
| DE | 52.57.165.115:443 | verify.walletconnect.org | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_1180_EYJEGFMBLJWIXMMM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db1254a2e6139b466ef6cc3f62caaccd |
| SHA1 | 5208a27d627c28db9c3157ab975cfb00e2b2db91 |
| SHA256 | 47b2ee563680ab36d38d84c7687111fd1f4aad9eda6291a1c94a5ef0c2aa3bdd |
| SHA512 | a3d6cd8176e6214ed2a0681c9419868b58f7187ef9c7a2eda288701729d4f40c5fff392e2c9e078bc1633a3eb30ba00b3a6d2f8b62d2884421dd5d633555230c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a5c46c2ce1d6645372cb6d61c741f689 |
| SHA1 | c8eb4ddc28c0225cf74b2b8f5bc7848121803a46 |
| SHA256 | f2e14344c01f76685fd38016d775011f732326b52ed2db4c28ca1a672953b4ce |
| SHA512 | 15e571346d6f9ef5fe0260c009c45622263d8f47120131e8ab308e2bcce41c8ed8d9d0987cc7adfb64ce13fbcf58b5abd214c862c4d1e535817f30921e42d59f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00e834846a85f26672caad61bf75a5ba |
| SHA1 | 0b9779d7f33147dde30b6a4b20f8bccd8a4653b8 |
| SHA256 | fc09e1463dc0a319e5b6bde416b1c4e5ceed827fc6aa5802a634dd4075e8d41d |
| SHA512 | f159fee1604fa6c9860cfae3b62ffc60a5ab817e1c6dc101c5a9170729ca35f1cfb06a8f0ae9ee52f436524c7e8f5e296ffa33544df750b0e830eea67579971f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ead94185abaf64ea64d42f3ce48c23c4 |
| SHA1 | b44a9784e3ef416b9736d0ed879458b711bda9bc |
| SHA256 | 4c2b956cca409bd75c5c4f894c522c121c12678022e6891fa5a454932c24de33 |
| SHA512 | 4e8ebd7d764a5f3af1d17624b47f08e9837a5d5a1df52b239b9d35d831d1be9068510e07ad1bc1c9e021e6d4e758b02ca3d1403e7e5ba44e5352890fb8e4f4d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d18abd59a75862088874edba0d814bba |
| SHA1 | fa070ad161eff50a163c4d8a002a50b04d3988f8 |
| SHA256 | 6859b70fe5cef7b9bcfc6aa37835e3ccdfad747fbbbe06cb58f7fcb203736d20 |
| SHA512 | 6162d848c3c9f15662df267dfbb712948550e070cbdbf92918db9d64333ceef321acf537c426b356eb46155cd3ee1e1c9121801e3d00092bcf7c8413c58928cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87fda900b00cb60d21b8ea82628c4a03 |
| SHA1 | 1d5a2fd406ee0f2f2cec5a8897dbf23c0b32bdb3 |
| SHA256 | ae0fde51cdf1617f497793aee7b4c9c0185092890030f3842c839b9a87f4e755 |
| SHA512 | 44b26a3d2b74d62c8ccd0876d0094c8679314e36d8ea5347f170afd37276312b60aded462288c8be5cbd25f40f9953a0de7b2416f29da480dee1c7093c1088e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3c8ad40fdd436aaa786cf1c18274005e |
| SHA1 | bde75a123c38f58343b1d7470130d9480fec30fc |
| SHA256 | 6de3fc4f810aa6b2b00feec5762bf7dba06c0b3ec0c32ac3d332b918c5f10a49 |
| SHA512 | 1c64423cfd4c4700204b835a162e4dc0c5962421c9b4013016fc55da98560cf80f3efa51bcd832db0f7b42be077c93af437e43d52ac58fbfadcd4f5e28b26f77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0a4a57b9d98d84ac1dcb62a8bd3a1841 |
| SHA1 | db75a38a7114b25813fb86c646f678f72c7b6660 |
| SHA256 | 48983ea9c49c817346b9341481e1a2961aec600e1f6a4291cb2f2bad51b2822a |
| SHA512 | f563093974856fb6f5b853b32f1e788ff9a64c81a611946fbedde730973f5336173397fc3c6418a14c617f625f686cb47b3bf3628285d0f86749323fd51b4d7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 60a7c79fc0fd50a8fd31f80d4600caf3 |
| SHA1 | 5f89b31f43bb6d615a5f933344eecf06288fbc47 |
| SHA256 | 267834909779c1b12d648b1cacf97fcb6748f25ffe23d6ebacf9244bf43cbfa2 |
| SHA512 | c5b0896b10c0c708db81cd6de5adedfce81ef75605ad04feed31a7fde8acfe33b5825e7e2b3c0ac85e3d6156e36602db5abaeaaa9e6878dbedebe745e3573566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43364faf756c83699feb6a17284d4b92 |
| SHA1 | dfba2ba8ac66fa423b7daa67a195ac3b95433cea |
| SHA256 | ab4c7202664a32f807f24ac11244eafb90cbd6462d5d303e0afc0d30385f9f6f |
| SHA512 | dc39ff05d92a15ac6e1246bab965dade76ba8f2419142a5a1b17d988d7c1d5022629d0c937c2e13f373ce84e5d687e8135e1396a12bda4030ad464b5661d33c4 |