Analysis Overview
Threat Level: Likely benign
The file https://eu-west-1.protection.sophos.com/?d=mimecastprotect.com&u=aHR0cHM6Ly91cmwudXMubS5taW1lY2FzdHByb3RlY3QuY29tL3MvZ2pPdkN2Mms0eHNyWmpndnRRZjl1UWs0SzU_ZG9tYWluPWFoZ2xvYmFsY29uc3VsdGFudHMuY29tLnBl&i=NWY3NTYzMjdkZjE1NWQwZTBiMmI4OWYy&t=YldlVGZwbGhhbVFoYUdEbFpNNnhzMXRTcjhOUkExN240MStTTTdkRkR6VT0=&h=15c7162793954d46925eae2240082ea6&s=AVNPUEhUT0NFTkNSWVBUSVa2RnDQJ_W5iD19nr3Mz-HYL0A34d4DcGYsEpq0ow4XzQ was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 23:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 23:56
Reported
2024-08-12 23:59
Platform
win10v2004-20240802-en
Max time kernel
170s
Max time network
179s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://eu-west-1.protection.sophos.com/?d=mimecastprotect.com&u=aHR0cHM6Ly91cmwudXMubS5taW1lY2FzdHByb3RlY3QuY29tL3MvZ2pPdkN2Mms0eHNyWmpndnRRZjl1UWs0SzU_ZG9tYWluPWFoZ2xvYmFsY29uc3VsdGFudHMuY29tLnBl&i=NWY3NTYzMjdkZjE1NWQwZTBiMmI4OWYy&t=YldlVGZwbGhhbVFoYUdEbFpNNnhzMXRTcjhOUkExN240MStTTTdkRkR6VT0=&h=15c7162793954d46925eae2240082ea6&s=AVNPUEhUT0NFTkNSWVBUSVa2RnDQJ_W5iD19nr3Mz-HYL0A34d4DcGYsEpq0ow4XzQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff88fe46f8,0x7fff88fe4708,0x7fff88fe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1365194499565242118,16895151578865168665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu-west-1.protection.sophos.com | udp |
| GB | 18.244.140.56:443 | eu-west-1.protection.sophos.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | url.us.m.mimecastprotect.com | udp |
| US | 207.211.31.106:443 | url.us.m.mimecastprotect.com | tcp |
| US | 8.8.8.8:53 | ahglobalconsultants.com.pe | udp |
| US | 192.185.194.252:443 | ahglobalconsultants.com.pe | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0nline1.martinroytransport.site | udp |
| US | 67.205.131.225:443 | 0nline1.martinroytransport.site | tcp |
| US | 8.8.8.8:53 | 252.194.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.131.205.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 67.205.131.225:443 | 0nline1.martinroytransport.site | tcp |
| US | 8.8.8.8:53 | 40869a4d-f7351f27.martinroytransport.site | udp |
| US | 67.205.131.225:443 | 40869a4d-f7351f27.martinroytransport.site | tcp |
| US | 67.205.131.225:443 | 40869a4d-f7351f27.martinroytransport.site | tcp |
| US | 67.205.131.225:443 | 40869a4d-f7351f27.martinroytransport.site | tcp |
| US | 8.8.8.8:53 | 8150ffca-f7351f27.martinroytransport.site | udp |
| US | 8.8.8.8:53 | l1ve.martinroytransport.site | udp |
| US | 67.205.131.225:443 | l1ve.martinroytransport.site | tcp |
| US | 8.8.8.8:53 | 1e1d534b-f7351f27.martinroytransport.site | udp |
| US | 8.8.8.8:53 | dd2fa17c-f7351f27.martinroytransport.site | udp |
| US | 8.8.8.8:53 | wwwms.martinroytransport.site | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_3080_TLWTQCUOZRCNTTTE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1d7fbcb-9960-4300-b54b-6dc5541a5a1d.tmp
| MD5 | 9403ec617116d4150c16a15e4b8e14bc |
| SHA1 | 6b6d46a6eadc33764cea744a8eec67c355cc9124 |
| SHA256 | da1663084e0958aa6ef07319e493d1d6655e795a1e28e72444fa40250fe3ea18 |
| SHA512 | 7f5257ffde6f1142f1ec651b4170e0b47b3564642500d74265dfb1c6791ca9a8bfd856ff298f96487009b1fc80c650f76fcfd122ddf88cc427850b2db7d99480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 48d2860dd3168b6f06a4f27c6791bcaa |
| SHA1 | f5f803efed91cd45a36c3d6acdffaaf0e863bf8c |
| SHA256 | 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77 |
| SHA512 | 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d607b40f5d9445f51968301aa357ab2e |
| SHA1 | c15421c131ad2da2f9b6ffd80d00d5b3203deaa9 |
| SHA256 | 2a3af68de58081bd5b43e9a61c3cef3a08dffa3155fe8d39f77f2d2b7e4752fb |
| SHA512 | 1831383a8c60281a021328fbe4a4171bef8644e2712297b9036f0edd273a9c6ef4a454feb2590897ec4d4aee16c190eaa0209d95771094d9f9765a022cc71df1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca483e2cbfda155046067fc78b24ba95 |
| SHA1 | 298bc891c45d1b6833da66185d6151ab5f641498 |
| SHA256 | a03c46252ae0341811e2252d8d16bb1b511b1216e1a31765c220f61289addf6b |
| SHA512 | 58b826a7b6c3eadeb05b04454e244ec45db7cabd7622192062e4314e2a553c1d085cd394d1c0776248c227d8497f404ad899395aafbb380ab6102c2dd51883d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | efc7dbbef27be58f15ba3e41c8d487ea |
| SHA1 | c8d4d4eff148f129535f0e576188866747652b81 |
| SHA256 | 14b7cdcdaf89eb4a54dbf07b68fcf8b468eb152aa1586a69e6d6e94119fae1c1 |
| SHA512 | cc16336c43e80531b74061b791084681a00046299956a2ae88bc8eab74077543b30eb202418511bf059efd5e1148185d1b8195362de0c5b7f45663d3d9db69c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6ad02a15f1275e1d67b43a7c5ae591b0 |
| SHA1 | a6090507126fcbb59dbaaeb4b1ecad7a84c47f31 |
| SHA256 | 2659593a0be648fd451fde1154465f22a015c10df330a32d048f365fae20b0df |
| SHA512 | 8b856a9075f2758047736492a879f2fb12732c449d263aa6bc304b8111e5291c2b739700a9eb05efbaa422f84e7254cd1eb8a7f496c0e031bb3ba5cf1cab357b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05264c9a297b17466bf7d4ffbd86e140 |
| SHA1 | 528c039158727f29378b45c4ab78de269b566059 |
| SHA256 | 8f1f5b159cd3557535f3fe9068735fac33ff68fde12c9bf0f95fee104c75eae8 |
| SHA512 | 4b7dafc50ed278547d6576d0811f35826a9a4c8b90ea1b6a124b88e6f162bddccce426fa364f8a61ac199f748be97e0c95441bd1c981fbc829fba7b79f9aeb87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aa1a4918ac31751d6b60883f58ecb913 |
| SHA1 | 5375348628f6875603d56ed2050776a9f45df99f |
| SHA256 | 87772d379fae52834afc4fdd1106c04d634f5fb9ae352a1ebdc48260c32941a7 |
| SHA512 | e830a92f45069ae9b616516105873a26498efa9a21a6aa8582bdba4b657ca77636077262535d8a40fab1aeb81b8b0b32417d6b6627e0c1fc78d5fb0445f0e1eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | add3829aa096cf2ed5d581b3ab4211c3 |
| SHA1 | 6038e8f30f9ce98cbda8e2c566f6135d7a39fa1f |
| SHA256 | f79d659265a607df4f700492f2a5861879e02279d5506b5761ac88681398fac0 |
| SHA512 | 2f6a56783d4186d20badcbe5ab8043402af1e3559ed17b017d3aa8bfc71ec9cc7221cc0b9d02576da81a01d3d34259265bbcdaa17a5162ded63b0194c334515e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b9f5c8c5c141be7884ae8d3d10a5bd6a |
| SHA1 | f2b66261eaf1631ba77dadd5e7a9d7abbd7d4198 |
| SHA256 | 9dc8714d107f6a610dfebc2f73485efa27a1a8823d25dc304f4d449cc65d31cf |
| SHA512 | cbd5643171b0235c927c35c4b9ea693a315f3d3fa8617b012473993e346e4a4e7be87637f6b3f1d85e251cc9913667ddf6143feb07780cb5ff2acd3037ea2dcb |