Analysis Overview
Threat Level: Likely benign
The file https://iscdoc.wimi.pro/shared/#/file/dc1e15d5dbca4d36a9cf906d9b2f4c6b4e336937331edb94e3f4e0f9bc261de1 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
HTTP links in PDF interactive object
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 14:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 14:12
Reported
2024-08-07 14:14
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iscdoc.wimi.pro/shared/#/file/dc1e15d5dbca4d36a9cf906d9b2f4c6b4e336937331edb94e3f4e0f9bc261de1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99ff246f8,0x7ff99ff24708,0x7ff99ff24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=3432 /prefetch:6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13913993480077685777,10521049141375729232,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5696 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | iscdoc.wimi.pro | udp |
| FR | 45.94.124.194:443 | iscdoc.wimi.pro | tcp |
| US | 8.8.8.8:53 | autorite.certigna.fr | udp |
| FR | 91.199.221.3:80 | autorite.certigna.fr | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 194.124.94.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | autorite.dhimyotis.com | udp |
| FR | 109.197.245.4:80 | autorite.dhimyotis.com | tcp |
| US | 8.8.8.8:53 | cdn.wimi.pro | udp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| US | 8.8.8.8:53 | api.wimi.pro | udp |
| FR | 45.94.124.194:443 | api.wimi.pro | tcp |
| FR | 45.94.124.194:443 | api.wimi.pro | tcp |
| US | 8.8.8.8:53 | api.files.wimi.pro | udp |
| FR | 45.94.124.195:443 | api.files.wimi.pro | tcp |
| FR | 45.94.124.195:443 | api.files.wimi.pro | tcp |
| US | 8.8.8.8:53 | 195.124.94.45.in-addr.arpa | udp |
| FR | 45.94.124.195:443 | api.files.wimi.pro | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f3dc6ad0.2ec37e06c0784e9c7afd712f.workers.dev | udp |
| US | 172.67.166.190:443 | f3dc6ad0.2ec37e06c0784e9c7afd712f.workers.dev | tcp |
| US | 172.67.166.190:443 | f3dc6ad0.2ec37e06c0784e9c7afd712f.workers.dev | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 190.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.95.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msn-n.com | udp |
| US | 104.21.56.221:443 | msn-n.com | tcp |
| US | 8.8.8.8:53 | docagreementdomc.info | udp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| US | 8.8.8.8:53 | 221.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.80.50.74.in-addr.arpa | udp |
| IE | 23.216.155.160:80 | r11.i.lencr.org | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | udp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 8.8.8.8:53 | 160.155.216.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | outlook.office365.com | udp |
| GB | 40.99.148.226:443 | outlook.office365.com | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.148.99.40.in-addr.arpa | udp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| NL | 2.17.112.43:443 | r4.res.office365.com | tcp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 74.50.80.130:443 | docagreementdomc.info | tcp |
| US | 8.8.8.8:53 | 43.112.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 719923124ee00fb57378e0ebcbe894f7 |
| SHA1 | cc356a7d27b8b27dc33f21bd4990f286ee13a9f9 |
| SHA256 | aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808 |
| SHA512 | a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc |
\??\pipe\LOCAL\crashpad_2320_MVUZELHRYUXZQVJA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7114a6cd851f9bf56cf771c37d664a2 |
| SHA1 | 769c5d04fd83e583f15ab1ef659de8f883ecab8a |
| SHA256 | d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e |
| SHA512 | 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6ee7560207b9d1c34a0207736bdffbc |
| SHA1 | 1bfc88730998b8381fb0665c17f044f4dac5dfab |
| SHA256 | 024a59aee467ae39df0308a502d1301fd68e67bb7926a101c663648b9849c2a8 |
| SHA512 | 2446389aa3d22a4b2a36e27934c737c00097729ea441a8aa8c1b77ac7871000a091d55bc7e15604b58fc5302eb2712462881650d34caf01c9e6bb21478aaf276 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a435981882b5377017d4f33e8cddceac |
| SHA1 | 6dcf749bbbb232626a86b0582e3d70de00fd65d5 |
| SHA256 | 6a52e8c4ccbf93ee77500e22ecdcc9cfa2aa852b59f67f5cd20154c850a0c1ab |
| SHA512 | 4cde3f8cdd413f50c475861aef3edc986efc43db5b32215f4e2e5041956fe3ffad5c2f6512b6f7e10f2d5e17ef50873f6b9cd851ab641b2b2793cbc2bc90d4d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 084e316e9fa6e11622050be4f4397b11 |
| SHA1 | 6336dbecd39681031af2b9b376f04f57601f34eb |
| SHA256 | 91c440826df2badf07016b6fdfd5570dc7a83433e7c307efff8fccb28a584af4 |
| SHA512 | 985890d4afd64cee777f9cb33e8c942bc0e62d84a15fad55ec74ac94d268e3871cd088f91da797dc8bfd89066dad6cadf3248e2f7d2f057c2e4290d183679044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b70341af6bd88813bafdfebdb89025b8 |
| SHA1 | 03c9781c56554f51bd4d5c45e530523179e43333 |
| SHA256 | cf05166a4cbf608d157774d34f3c26edc6a8a3ec1380d4a3189c44a530ea3b0a |
| SHA512 | 26839bef9d735ce995a1b967883dc451072dd85dbec2f01a8ea820dc6955b00b7825809b504cff6e36cc34f63d6358347b442cc6ee6f6a70a95d8a20b99eb326 |
C:\Users\Admin\Downloads\Ondrive-Review Document.pdf
| MD5 | 861c3823faa83638784d554057c3c1f8 |
| SHA1 | 512db52879970ad66193908a641dc2586f5aa655 |
| SHA256 | 33e1290dd32400b1dbf3a790bcac480e376c87892a59d793e119d4d54e666ad1 |
| SHA512 | f80634fc23e6ee85e4b336710e56e2195ea49cabf9ad513e440321d3168d921dae02aec0527b28c8b5d5ab2b5bdbce0f9830c3e81495c5d3f2d546a549ff3a84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 330013e12dc74e1636d60a8f3680f50a |
| SHA1 | 84dd32ab745f12cb0b81761a337ce964a75f09e8 |
| SHA256 | eba0852489c4374ae53bb695c522b0fc59d6ff17d2b2a000d03eb6bc5d028ee8 |
| SHA512 | 1f4779620597b1c3ea11cf1fe373b937a8925116c49b7cb110c5c567259f889be7b74d73690c0acfa9658fa2912d2e6cc21775bf7017eeaffbed9ccfe6abf600 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ca73ccde651de199ae1d4588a01e2cdc |
| SHA1 | caf2d3521573a80b9686bcebe8cdbe9d57db9989 |
| SHA256 | 3cd176fa30cd80379865097900b49d1de62476915a6098904a9fec33d0a7bee8 |
| SHA512 | 550d2e63b48fcc71d71a2fe3000820a14e878e722aaaa120c1ef02b3805a052fea397a8b33eee1018f6b936a4200886977c8543a3d19ebac507310cb53fea413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584d21.TMP
| MD5 | 095852605dbc498b063f14b145c884e8 |
| SHA1 | 5d70ff3ed6d7ddb015e85b30ba150288af866f07 |
| SHA256 | 9f8fe0a1afed36bc66c50d1e59bc3ca9c02e00180e240f12e322fa5b76096787 |
| SHA512 | 913a3be7e18abbd6d58343d9895e59eb6b3bd5dda559d428b168649aae7eca2b4120d991f4923a1d48ea6512b1602329dc8e4d372714bd0f151a0b41868cbd98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b7124f264cd47bc1a31a067470a5135 |
| SHA1 | 8f22ef0a14db880db5f5e49f1d5d5bf510165bda |
| SHA256 | edd35460d2443b654e82ac6ba0cb58fc03c499b315e63fb3b2f125a63a6308a2 |
| SHA512 | 0585bcdf1f1da538c37e4c59d3ed441547a8d27d9ccdc7010005a4b06f30ca3b86cf2ce1b66870531b6aa3963417122f84e0746f67faffc790e3ba433d30a3eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0474b257854aa96091bc01b334ea308f |
| SHA1 | 08b394ffb4b584080f9db379535d311c8f0df0c3 |
| SHA256 | ed478c0edbc1c41ca2f224c9185295538aa0a3dd48945f356895f1518bda2faa |
| SHA512 | 773a64580db9f370cd8fc9f3356665f58a341d40f50305f742ebedc685b310a07156340af2b45a4289871319ea668e8ea60fba4d3ba586491b67a7c56c870494 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5886a0.TMP
| MD5 | 33992744008533c176ef9404e2fa5257 |
| SHA1 | 20ed7b882ddd4677e678f1966fea56b9c75bdf41 |
| SHA256 | b62aeae14006713b01eba82af551f813cc9078bfc42a737dda2878fa22236f29 |
| SHA512 | 2f150826d92aca3731fa41dabccf3e352fbea81693833460d129e4a7b43d308d342689dcf9afc0bc6e0df87d19b41117330e8987495b4534dfd6f7bd944378b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9f5231bc1bbe1719ed5b60defee0566 |
| SHA1 | 038fd7b55ef8b0a6e6db100b5a06829e79e52eb9 |
| SHA256 | 6d4c1251f0e3503a318581ae6d0645dd9d694ac0eb335ade23a002f991151489 |
| SHA512 | 7050a75767d09d9e76c7046efb7430a34dbdd092d4ceb3d083a101befd65b79e9460357b64fe2ae4acb12fa52f4585931a68ca077b75c4e3d8e9c0689fe21a53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fffc19bbf5ca72b880b41ee65196ac5c |
| SHA1 | e4a807d1f623e67744e64016a63b790e018c3917 |
| SHA256 | 542f16e631bd3fb79cb3e5c8a08fb5140ef04925c7de5d7abe6a09080c1f0789 |
| SHA512 | 22f68c16900fa1a3b45b18e8fe46c8ae4dc0ba3baefd1fb849976a7d3a819534f758b13d49007c16f991f700323c57a969756d07300b2627caa2affdfbd46e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6c49320f58475b016ef6af21f9a94f82 |
| SHA1 | c90ea146c0e1a3bc129aacada094c6120d856735 |
| SHA256 | 3ada8e7ece7c381c1317d185d56b411f18305c1263bfc3fb9a613a73a399a29e |
| SHA512 | 9e2b4573bc3cdc87de8809189427b2d1b9dc1769d24adc311b0b9fed1e711dc384cb2f92db5e59f5cfd91fecdc94074b7a07f509696b7deed5ba6f3c0a84b826 |