Analysis Overview
Threat Level: Likely benign
The file https://schufa-my.sharepoint.com/personal/jessica_schulz_schufa_de/Documents/Aktuelle Liste Kontaktaufnahme_Unternehmenskunden.xlsx?d=w7a795e091ccf4f64a8787c4a3841dc55&web=1 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-06 12:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-06 12:28
Reported
2024-05-06 12:31
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://schufa-my.sharepoint.com/personal/jessica_schulz_schufa_de/Documents/Aktuelle Liste Kontaktaufnahme_Unternehmenskunden.xlsx?d=w7a795e091ccf4f64a8787c4a3841dc55&web=1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff035946f8,0x7fff03594708,0x7fff03594718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4154507477809058125,9418652772636056701,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | schufa-my.sharepoint.com | udp |
| US | 13.107.136.10:443 | schufa-my.sharepoint.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.136.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauthimages.net | udp |
| US | 13.107.246.64:443 | aadcdn.msftauthimages.net | tcp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | autologon.microsoftazuread-sso.com | udp |
| IE | 20.190.159.68:443 | autologon.microsoftazuread-sso.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 2.18.190.81:443 | identity.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 104.208.16.92:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 104.208.16.92:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | ipv6.login.live.com | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 919c29d42fb6034fee2f5de14d573c63 |
| SHA1 | 24a2e1042347b3853344157239bde3ed699047a8 |
| SHA256 | 17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141 |
| SHA512 | bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b2290ca03b4ca5fe52d82550c7e7d69 |
| SHA1 | 20583a7851a906444204ce8ba4fa51153e6cd494 |
| SHA256 | f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2 |
| SHA512 | 704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d |
\??\pipe\LOCAL\crashpad_3116_OZXXMRFYUBKBCPAN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5ddfdc1beb109b7e4a0c0514466d70e |
| SHA1 | 9d6f3cbc5d1ecc041776258ccd4ae3d43b289adc |
| SHA256 | ff2c959a8b4b4c3fe6c57543f5838ac036c9760e6eb3fd54e6ae5bb875c70600 |
| SHA512 | 65f798ba398cb94cd82998697b74a5f06c1ae181c0d1379964c4946217add93acc63931902952274edc88bcfd5ade1975cdd3a14c2d296daf5fa7c9c523741db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1b7fb592d8717b8deb12a75c5e9d76c |
| SHA1 | 7defa8854cc28dd6625873d764e7a8802c6e290d |
| SHA256 | 8c4b128e911534e57c6c838455412294c81def282f593428c86176a83be05b12 |
| SHA512 | 40fd01e5ec683466513e6d50b3701175cae63ee7740aa1cc468be08639a248f94f31136d506be90c41a80398375da7b16a2a241d2f1c3695d7abb8a3a4003a48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72a5c838fe244a40497f506de3863471 |
| SHA1 | 9c5af1020e8cdfc26122b4dfb6608d12ba9c8ce9 |
| SHA256 | 5898603e2c10858cb18c602320c4f6183e3e765af9f0334eb09c513ba49c018a |
| SHA512 | a8eb1262520e5c222f3564be60784784f634652497f94552d99c20ecf331e5f01a90efd3b31e7b17b9b7a0374cb96e2265a9a29f02bebeab3ee67210276c845a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f005df47460b4e447a7e5012b035ad60 |
| SHA1 | 2110785efdbc50d78310e34e36b53c761c879586 |
| SHA256 | 931e3ee3068236a265bf5b981edf6bdfa76e537eeb9389e22a3d166e77e97310 |
| SHA512 | 4527caf1393f743366d3ac12b4f219c6ff19da2235efdf796bb316de3881920a5a47fb8fbc9e85cfc63028012eaf886f00b4fba94eabba8e629d7eec50fd97f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0418db10bda89aa7f02e5272308e2333 |
| SHA1 | d8f44d9269d4f285eb6fd6a2dd7c61a3a79c362d |
| SHA256 | 3fbc6507fda600d5f5a4d577b58cd10fa897cfb6cba2668149bae4a5effd615d |
| SHA512 | e769b7b5b249f719a74dccee631a06561dbf3bc47f9c1b57bce494ddd4f63e0bf9afbf5a7c92648e8e8eaf07073ae91df32db5a7ebc783cf261424d693186d4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58366d.TMP
| MD5 | a4a98ed295d81e6f77ceaf6cae78d1a6 |
| SHA1 | 25ff62dcca3ecc60abb869f4f3fe2d34d1cb6515 |
| SHA256 | 6cd98d694ca87f2793cce6c65df4a3a25e92ceccc81bb89fd127ba9efd773e85 |
| SHA512 | f943a1b4b1dcfaaf0f186900bddb63762f48933b4df1152d5ef33d2bc2a87f3ed7a23a1a3112654bcc4804eaaa1cc29e4fc7c1dfa3b3bef4cde9cef4de2b0af0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7b9779c29246cf561a03989371577f9 |
| SHA1 | 3405dfbbc62e11dfc4f61a2f6bf489f75728a6d2 |
| SHA256 | 77c9c2b3a4d4bc52db75960cfa09cbc28d36c14ee5e5234cc1f3ca642c64f11f |
| SHA512 | 040b13b435a6ffeb1b8dc6bf1b09106edd43e4dc6443f4d8439a290c1d8d1c24fe1c0915eba5b156d7bb87122df10c937bde1842842c98f313c9b4953ff4dc9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 407ff994fe64a6dbdf5af4ece202f23b |
| SHA1 | 8aca8b5da68666931942a3c777af83e7204e5ca5 |
| SHA256 | 0b650c1dc2022575fe7f5502777fb8598345d02a429075859db4aa258e227f4e |
| SHA512 | d3966aa03259b2d26d10eee602147cd39cebfa685d7b9cdb00e7bc77352ff9199f6896667c062b971d7a0d761debc682979af2fc038bcb2e06298d8082c48453 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c62462af633e4b725380bb101593a5b5 |
| SHA1 | 46549bc6d2d20337e83d943ccba16fedf5e687a6 |
| SHA256 | df93aca1a4de04658c2dee9ccd6ca94043fb860bdeb2b472773fff2f9fb4bd2e |
| SHA512 | 9c5961c01db16373e381a35d8ede9580a519f143b1fb7ccdbe306b9d561729718fdac1250844ddd80adfa3ff996d2f01f7f8bbd2eb957461e5b72cf85c26f898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9b2188b962ad19832a6db42dc992f4ac |
| SHA1 | 058108325bbfcd3aef49e5fd6648f468a4de99dd |
| SHA256 | 4c43616b22aaf5dc30560e9d7112a4ab6dab76478303179864a7cf447edbe571 |
| SHA512 | 2f7d81db0e49478c5f42d8c486be11fec22ee36c4ed3895c106d4e648a2b1fc5a6364df83638b43c45c27741725ffb878cd5e28cf07711ec3ad4a3d249939c48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 656211d9a76bac600919c90942420204 |
| SHA1 | b8f12a890f1f0fdcc58b008b2ff35f95e92a4fef |
| SHA256 | 603f4ba8054778824e353f0ecdd302f07d7b4311dd8df133da0b4cec27f6aa0d |
| SHA512 | 4c73af8ae1f3f27af2bb41e279f67448ecf7f168657ebe3824fcbf182e32a02dad37006b6a5cb9a1a6319307dee04a09df6761e3acfb24b2f4652745df27f438 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | ca03486bb578d533328b0ccfa46a6f9b |
| SHA1 | d666264956382275aaf3450463d5a1d3d296138d |
| SHA256 | c2889b0aa5e49434d623135fa71b32c87f699c13518b7c063b664efc820d124f |
| SHA512 | 685a6b372ae2bbf0afb7a9535adf4b4923812c7a1f774f45fe1b2b839369f18a4095c5f5e604d97f7bfc9e667446888fdbb704d70c2225a09af26d15b8e2bebb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 1e5b765b32c5f65973d835e9ee3ebf20 |
| SHA1 | 2ae4b7b8e6303dbb2424730062c2fb1d752219b5 |
| SHA256 | d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379 |
| SHA512 | 0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 696f1a6921bfb3770c5296f505e7703d |
| SHA1 | 048c4258e6d3eff639613e13ed3a2014433a3b2a |
| SHA256 | 24457af1db851cb8f3001c4b8ca55033a00d73553900a1664c9c5e3a2b9cc9ee |
| SHA512 | 220ffabd7b1c0e287af3c68e6eb016e5c912c02453fd10ed3594e639e19a9f03d21a4531ecbf5f8fc5bc1bb08786167e496d7522a3688750f999d5a9a935b427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 052c345016ce5cf60f7ad2936e3b5612 |
| SHA1 | 26741a2c3f3d027ef0041b5c092a0d6ece1abb93 |
| SHA256 | ec707faed3b5b7f6e745d12686514ef46f7f68ad3a488bfa2fc1022cc9dc52fa |
| SHA512 | 4b29e72fa48ef3f209eca40438d51e9246e2d6f31bda060af991236968e6f7f06f329c7db775c7d34871939ed882a10a0632cc9246b8c074da18239867c0a021 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f583226d31bfecbe026cd0edce616079 |
| SHA1 | e3f09edebd726a0f5fe2eecff39b4fd9164a26af |
| SHA256 | 93bc91af8364485636df57a341bb2e168f6169635d08a07f467dc95cc6fe844a |
| SHA512 | e984079cd72ab4d4a0755872d5a0164ddb64fbc437b4c2367380e26c1c6347a13c2cb4fe362f5eb4a537b3c9ef105a92535b5abd8f7d9d8b99664f358e9a40d1 |