Analysis Overview
Threat Level: Likely malicious
The file https://apis.google.com/additnow/l?applicationid=180181176205&__ls=ogb&__lu=https://214.164.205.92.host.secureserver.net/finanzas/[email protected] was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: https214.164.205.92.host.secureserver.netfinanzasfacturacfecuenta@cfe.mx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-27 17:43
Signatures
A potential corporate email address has been identified in the URL: https214.164.205.92.host.secureserver.netfinanzasfacturacfecuenta@cfe.mx
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 17:43
Reported
2024-06-27 17:45
Platform
win11-20240419-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apis.google.com/additnow/l?applicationid=180181176205&__ls=ogb&__lu=https://214.164.205.92.host.secureserver.net/finanzas/[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe69113cb8,0x7ffe69113cc8,0x7ffe69113cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4000 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13933665001320821597,2563336864992402925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 75.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
| FR | 92.205.164.214:443 | 214.164.205.92.host.secureserver.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d0f84c55517d34a91f12cccf1d3af583 |
| SHA1 | 52bd01e6ab1037d31106f8bf6e2552617c201cea |
| SHA256 | 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c |
| SHA512 | 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171 |
\??\pipe\LOCAL\crashpad_2464_XCPIHEVQQMMEPKEB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ade01a8cdbbf61f66497f88012a684d1 |
| SHA1 | 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f |
| SHA256 | f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5 |
| SHA512 | fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4427b77ff9d448b26488338fb567e737 |
| SHA1 | 28427e080c3b2f7d8da9cbc004554c8b3a949fe9 |
| SHA256 | a15b79416bd1c264ec71e23f084f87c4fdfc6e70290e95aa5affbe61202a6078 |
| SHA512 | 2d2c0adf24234d68c1af082dd2de159b003aebf1bcbe2d79e25826d420843f277476e41a636db3dfdf1343eb7bfae7720fc24685e9939756bcca2509c212e6ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5aae6142-3a9f-4177-992b-922f29cdf02b.tmp
| MD5 | f3414bbe8b7cb18d9341fabaeac61038 |
| SHA1 | 9796fa3947cfcd145b2a30a92e4aed3ee6325bef |
| SHA256 | e218f17cec1b708be40507554e904eb0d4bb6f0b6ee1212be30c54bbae639bb0 |
| SHA512 | b1309951060f5a1b31d902dfa07f433a73632449f44d088098380af87bad199a0275a8ed1037c14835960279b0e3b7f8a7e7fadfc4d599b6af8542b2eaabf123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cc498c1463cd3614bf4440cbfd012c8 |
| SHA1 | 5ac2655003f0c2f7f1e2fcbb076cdc3247906da1 |
| SHA256 | f07f3f14e55022019318806526a81fa48e78242e88eb6e0dbef4db1e81eb9474 |
| SHA512 | 23f2def0130726865589c58b2afad79922615aa4d1c73a4faa44f1e014c69b1aac196348fd3cdca5872314922a41c11b3ed4a7da93090745a521e00b42e20517 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d76bb2318802d373eb90cf62772e4dea |
| SHA1 | 55a9434cf5b240283dac47162ec01e9972e7817b |
| SHA256 | 289a45ab4e162a33c5c6a0a90d21ec7db98ad18876476676be157079a6ee8a3b |
| SHA512 | 896db839533b828cb0e0453ea2afd4c018927d2d8ce7b97ba7e31d0b8b0ae48f230c115d7c089a18d58713676d07b6c5c78c8e4af79dcc0a1be18d2ee7194a3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cace7e4269dd19c7dcf8196ffb921f1f |
| SHA1 | b77a52a747a0b4f6a91106da9c5b7719b601f9e8 |
| SHA256 | 42bb0e48b8455c334d883dbd6b95d2d2da38ee9853b8f37249cc60afe79afb35 |
| SHA512 | e872c9e70c818077ebba42aa41716b94f9d7442a6d9037f456b33919a3285f6d4a3630386edbbe9ae2ac27e095f9031a65809a08132a6b13f2fd63fcf7fd6fa8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 9bb2b62636ff627f9e51bf88d7e9f970 |
| SHA1 | 9777537e0d1323b31417a1749a7e9c5828f8532d |
| SHA256 | 5fd61c02400ecaecdd042767a2c1880cc14126721620d7e177c9c6934819ba33 |
| SHA512 | ae2d88a6a877faa01f8a10be7155cfe981804fbe4782d7b285accc4e85da24b41bab541c014f00be49924a4155ec23735464b4a06933634cef40504dfea9dc79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f1b7810ca465169015afaa25788829f9 |
| SHA1 | 83072de591d2afdb93b7f68698833d7a6daf1549 |
| SHA256 | 7b262eedb9f164d43f2a0019d7ffd411748575a0fd363d61399d6b3fce792c05 |
| SHA512 | 78fac2e2dac745fd3ee7dd439e34a9ac354161353809639169a8a275fb8caf5719f8eb552a08afbaa7756348b5b304bcb00aaf67986e0b9400edabd46cb341d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811ed.TMP
| MD5 | aaa6f660e547031608edcc9584454a92 |
| SHA1 | 55854683cefc04d8d0732b45756f628a58f60622 |
| SHA256 | 52414c0d07ca164d6f329dfb1e1c46663ac109b428004cf33a6e680c3b0bc475 |
| SHA512 | d3cf81dcfb06d7eb361007707cd8dd7d7db0d2684e5436dd7ecce42c6ef74f596b56439f22be725a6a38f9323760c6106b51c2d7572d093956c52ffc27d9c1dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8be17f9f5c483247f230bcf00b95146 |
| SHA1 | fd7390f633374f167539fc7f46b94dd23c3ddf1e |
| SHA256 | 0c9e0dd78f7c88431b1815141227a86ca84622631da3fb5a67e92f4c86569a85 |
| SHA512 | 209c4e3cd65f52dd0c536f57b9a58a31f2951001826cd3610854decee4994c22569dabc3721870602a23eebff66cf2a6f4f5ea5c952b73de27f05bd0ba2e00b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2988a3b0b64702820a1e78d93fa29cea |
| SHA1 | f92ae4f87e36c8300d7631e41400cdde3879feec |
| SHA256 | 8aa85b8c9f231c9f0e9e85be6e730a5af73be55c21b41ba2101caa34575d109c |
| SHA512 | ba1a430589fc3e1bd0f9eb848c8ad8dd4a871d9ecfa4fc4f74113a748a6452ab901d68cfc04a7945c4da1f93b1da13b05013a8a86fa4692c75aa1889b50abc62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f74fff8c63c40d78711ab2ccd3199bfa |
| SHA1 | 90a3e3f04f511192a1bc0c42b24b3e8f07d51e98 |
| SHA256 | ed60503e62ea537fd9ed077137b7f0ce5f154177264c710fbaa3bae4685b2d6d |
| SHA512 | 456ce8798556adaf0e9dc98c40f6236051c62973f72a080ea5fd0e3a54b0fc49913ec481c08aaf591276cc6b9d673d5e58859712df76b9cda706eb57b5687007 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | be0f73953dccede65acbc317343daf5c |
| SHA1 | 07f657049e52446e0532321af6f0187ab1ded78e |
| SHA256 | 396f8285f9fbf637836d26c99ebeb0232ab169e6db1bef117080d55639913cb5 |
| SHA512 | cf100daa85e7d4b6d3ccb8e9f0fc366043cf3376f5d1a76e51599d8cc3fead7d16fb2944e437229c7d63a6996198cfd7c2627ee8a48bfd6f1fc085b0ab550b2f |