Analysis Overview
Threat Level: Known bad
The file http://firebasestorage.googleapis.com/v0/b/serverdata-755d3.appspot.com/o/WEBLOG%2Funiversal.html?alt=media&token=12b7447a-c645-4c92-904c-9ed3ffa4e384#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: X@K8
A potential corporate email address has been identified in the URL: X@K8
A potential corporate email address has been identified in the URL: Poppinsitalwght@010002000300040005000700080009001500
Looks up external IP address via web service
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-02 17:50
Signatures
A potential corporate email address has been identified in the URL: X@K8
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-02 17:50
Reported
2024-12-02 17:51
Platform
win10v2004-20241007-en
Max time kernel
45s
Max time network
39s
Command Line
Signatures
A potential corporate email address has been identified in the URL: Poppinsitalwght@010002000300040005000700080009001500
A potential corporate email address has been identified in the URL: X@K8
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://firebasestorage.googleapis.com/v0/b/serverdata-755d3.appspot.com/o/WEBLOG%2Funiversal.html?alt=media&token=12b7447a-c645-4c92-904c-9ed3ffa4e384#[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17097598257584941053,12336605326163675033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firebasestorage.googleapis.com | udp |
| GB | 142.250.187.202:80 | firebasestorage.googleapis.com | tcp |
| GB | 142.250.187.202:80 | firebasestorage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.50.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | firebasestorage.googleapis.com | tcp |
| GB | 142.250.187.202:443 | firebasestorage.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www | udp |
| US | 8.8.8.8:53 | www.fresno.gov | udp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| FR | 3.165.113.58:443 | logo.clearbit.com | tcp |
| US | 141.193.213.20:443 | www.fresno.gov | tcp |
| US | 8.8.8.8:53 | 48.50.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| FR | 23.15.179.131:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | service.force.com | udp |
| NL | 160.8.190.31:443 | service.force.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| FR | 23.15.179.104:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | 119.139.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.190.8.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.179.15.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | player.vimeo.com | udp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| FR | 23.15.179.131:443 | use.typekit.net | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| FR | 23.15.179.131:443 | use.typekit.net | tcp |
| FR | 23.15.179.131:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | cdn.userway.org | udp |
| GB | 84.17.50.8:443 | cdn.userway.org | tcp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.128.159.162.in-addr.arpa | udp |
| GB | 84.17.50.8:443 | cdn.userway.org | tcp |
| GB | 84.17.50.8:443 | cdn.userway.org | tcp |
| US | 8.8.8.8:53 | f.vimeocdn.com | udp |
| US | 8.8.8.8:53 | i.vimeocdn.com | udp |
| US | 8.8.8.8:53 | fresnel.vimeocdn.com | udp |
| US | 151.101.64.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.66.109:443 | f.vimeocdn.com | tcp |
| US | 151.101.66.109:443 | f.vimeocdn.com | tcp |
| US | 151.101.66.109:443 | f.vimeocdn.com | tcp |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | tcp |
| US | 8.8.8.8:53 | api.userway.org | udp |
| US | 8.8.8.8:53 | 8.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.202.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 44.236.165.204:443 | api.userway.org | tcp |
| US | 44.236.165.204:443 | api.userway.org | tcp |
| US | 8.8.8.8:53 | 204.165.236.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.la1-c1-ttd.salesforceliveagent.com | udp |
| US | 8.8.8.8:53 | cdn77.api.userway.org | udp |
| GB | 84.17.50.8:443 | cdn77.api.userway.org | tcp |
| US | 52.61.129.203:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| US | 52.61.129.203:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| US | 52.61.129.203:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| US | 8.8.8.8:53 | 203.129.61.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.la11-core2.sfdc-pu91w7.salesforceliveagent.com | udp |
| US | 18.254.187.8:443 | d.la11-core2.sfdc-pu91w7.salesforceliveagent.com | tcp |
| US | 18.254.187.8:443 | d.la11-core2.sfdc-pu91w7.salesforceliveagent.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 8.187.254.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.254.1.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_5088_RDFPVUOOXJKUFZDX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09f6201a68e45a46486baea08e27501f |
| SHA1 | 1ca748d639c9a16d2de6c1e747150c1489eb7e5d |
| SHA256 | c11ae6814abc72a5abe77a76ca71113f211aff88c863051169cdcf4b64b9d5e6 |
| SHA512 | dff78278b831e783f92160c5d1a6e439fd1b4ddc2c435f949220341e1f7c9c1bc231837203a395a98aa02a0a8fe24ff7d89bee105b9235017895adcc1a025c2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ca9787cf8849cae3918c674cf5e9eb3 |
| SHA1 | c1daa1dcaf00079421e78aa6df5b99fba4f3be9b |
| SHA256 | bb4a4329fecffe5c0022bde9aec2ef703565c3e909240aecbb5d34603d4a961f |
| SHA512 | 7efcf8de3a9da7fe72622aa81b4b7c01eab5bfeb496958020d15229295ffdf22aba2356fd5617da04db86b91d4bf01a705a670164cd62b6e56cf1a2b28bf1e17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37c1e4fc28b2e0a96320420b480a7f3a |
| SHA1 | cc7dc19ff2a85009e2a0deb136a253dd56a8901e |
| SHA256 | 31da47a83c277c52e7f56a8b8ba1fad475eea6761d50d39a567687a86c42bf21 |
| SHA512 | 055e793db8f2e1629f34009e7f9d5dea6d89a02984c2074d555c8f16f21d2bab229f8c9f226f3960e69d1b3e15a74f7affae20ddb7cef454c588323f1f4b28ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 0dfee889853cad843c8fa6c8f9089119 |
| SHA1 | 529756b8683e1644319568d8cbb9c147c819ad21 |
| SHA256 | ddc626114ff4bfa8969075c274b375f4a3aacafee5796a636e1173c9a5704f6e |
| SHA512 | d830edd8364e4b0c538c533a5005b9d632d5575b74d8201ed2f3eb5826968808e2e89a8b34400ef2393e5abc83cc9d607125b2989fabfa8dc70ff727a540d22a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 152f497e7569a48b19de8beb84f3ef7b |
| SHA1 | e7d3834afe2e7ef8a2e0bb9c9ac3286c167adcb2 |
| SHA256 | 7ce0d3ffce899b04ec45ac9c9e04861d23f1cf2128870ff4b246d08a7925e539 |
| SHA512 | d74929d8b6a7b73e70be01c3d430de356bfc8d9af42afaad4f9d1f329f89994527fb454b9c0cefb027870c7606c02aefba6b9354c1aabefd255ab53a57e39b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d703158842372be6269869e19a219230 |
| SHA1 | 6dffd7ff29252f68e403ccdac23137d96e7f1f51 |
| SHA256 | 269ef8677e1a005f264d44e84a6b10cadfe7effbf4a0011d1b04246148f55218 |
| SHA512 | ed2062db0435f7b7a9649981eff1820ab0560807b936714880957e22c1a7d979597d93f92aa14341ada22d763588f8e6602dfebbb114cad05f9512f14a69b862 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 28349e5922197edfdd350d5bfae40306 |
| SHA1 | 1a1ec36c42f07f967ea099b3b7bb209a51bc0660 |
| SHA256 | ef5c292a77baf7ddda686323d34d862be2fd40dcaad0edf21e838a81d9354d0e |
| SHA512 | dc3b4d1925042e3c81951a1c4b04318f3117f172a96e0c7f9bee9659ce184a4b88c0b91393a6287433dafdfb9cbfe0123560fefb31974ffa5c0f67f8e032861b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe94.TMP
| MD5 | 02bc091808741d01027301f71610fb99 |
| SHA1 | 8f9530a9c02e6d80ea24db68cf23b3b99604703d |
| SHA256 | 5e408da4da950afff2eb34eac73102c019eca6e2ba8f736c8be815001c84ef4d |
| SHA512 | 3c5aa33a6641a84d85253e1eea4982fe1d238b08e50ece9ef9d283affc30cb30b1a0a894439dc1b200b07041f9af0e09c1bd05401638ce0226afe144fc7a7474 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 08690a99ee7e2538375dbfbc26d06c06 |
| SHA1 | 948cd9a228411a2e80762fb84c7fff69a4f307cd |
| SHA256 | 9f71281c6c609393e8c0fcff0999429aec626780dd2c9740e1f1b1fc8a5da1dc |
| SHA512 | d7d5403dc9b43263e547a81bde5444609ed8f00b19ffd0ad364d6b33970fa55e526e0f1fc3f3dc9ee4dc6c94fac864712e16b0d4526fa426c457d06a6ac66686 |