Analysis Overview
Threat Level: Known bad
The file http://offieceqatevvay.api-loqin-run.workers.dev was found to be: Known bad.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 19:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 19:29
Reported
2024-08-12 19:32
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://offieceqatevvay.api-loqin-run.workers.dev
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8af4346f8,0x7ff8af434708,0x7ff8af434718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7542758418696523077,8949006633372414513,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | offieceqatevvay.api-loqin-run.workers.dev | udp |
| US | 172.67.164.238:80 | offieceqatevvay.api-loqin-run.workers.dev | tcp |
| US | 172.67.164.238:80 | offieceqatevvay.api-loqin-run.workers.dev | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 172.67.164.238:443 | offieceqatevvay.api-loqin-run.workers.dev | tcp |
| US | 172.67.164.238:443 | offieceqatevvay.api-loqin-run.workers.dev | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 13.107.42.22:443 | account.live.com | tcp |
| US | 13.107.42.22:443 | account.live.com | tcp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 22.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.182.143.208:443 | browser.events.data.microsoft.com | tcp |
| US | 52.182.143.208:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_1180_WJWTNTJYUSMNGDUP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1960cc6d7bef766e8b19966919134c83 |
| SHA1 | f25749530b0f726b9a91a52d54efcf33764e1a28 |
| SHA256 | a670a4bfa57e097ba96b1199c49eb744f6d61c61c21efc3bfae5ee50244ef96d |
| SHA512 | e450ab5ea7244d67c2098bee1393e384082b89ca228abee931990502ef04e316b708fb23e4b6ebee685326cc3af6e0bfad61713ce668b2e3c021bf8bddb7424f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09fe1a1ccfe4d762a8cbecefabe84f69 |
| SHA1 | f1db10875fd8555e4278b9fef90e3bbfdefc0129 |
| SHA256 | 30949942e429d9084729d5a5724c64625276d384edcc1663fb5916ba34a1b8f3 |
| SHA512 | 07cc9605d1e89740193a46f8f295ddf185f3e47645aa0461eafaf8d84ff5e364fe406ebd5fd466e1226a2b592c32f84ab202b6cd5ae09015dd0a248471902660 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a30bf9273579a9e2da7bca893a303c1c |
| SHA1 | 54fb67fb17c26fea38bdf3f67d252ac01bd89c52 |
| SHA256 | d3b8e772f15ec8a75e3b2568cb582827a502a954148658658e8890d2d2ca86de |
| SHA512 | 1f2f890f60e4e79f3667dc8c64f894ccc15a4d5f0c339ec809384bc644f52bacaf9d590964f906ea44816180004539e2d904925da6016c65590721cdaabbe3a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fe429f7e2142d5f2b7c16350b68c1851 |
| SHA1 | 98beebaf6b9249a33d0e703bcb629e6f4e9ed45f |
| SHA256 | 38070621eb721f1e8c0214392df0beb110e6ff80e187e4f8c8eea61742b47ae1 |
| SHA512 | 3d593238aacdf66a759dec981d8685ad0f1448175a82a91aef843da283e800c3cbb62410a8f605aa543c9206ed2c6f4d0f23157cb86a20ffcc19bed0ea29144f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d53e9992c25e28bda838b5cadd565b1e |
| SHA1 | 498b5b24f211d58dadfb1f7ad97317279209e4f3 |
| SHA256 | 21ed9d7fa85f5ffdd7928b7f1e17069e8bf489b6d0b41790965d66b49e61c763 |
| SHA512 | cd7ded3d1b562a750459096f8429e9324854283e989ac8dc6420cc18e8dc71fdc1d4e8b5d29ba87fd0971c904d06ea479b00cc7191449755cedcf2d5b96f4d1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586184.TMP
| MD5 | 262138fc3b669933797cada923b6904b |
| SHA1 | 98f02d3b5af0e50a79aecc66668d55bec5ca51b7 |
| SHA256 | 723461f2026102330bdae18edf22628e3de4bdbab9b31a024cd2453f412a88c2 |
| SHA512 | 7f5f1b0311d1ead76fb1ad57dfa9607f7a673e72ba0e75c7d74707021522a1476e901e6f5b75ad710efda3438b88f5fd0e2690c7b12adbcf2e4c29f5aa8c6da3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fdad41c92e0f5e40fbbc9fb14af2df98 |
| SHA1 | 192746872128e7154217118feff3f1b91275893d |
| SHA256 | 197e73742f166f2eae19dab08e987ab1ab7027c7cf156195bc9c5ea9104ee486 |
| SHA512 | 8e768645424a43521f3eda9e56eea2a7e531c1b3353b1c09736c7e12b0ad3a7af6a6b15d2e347e2e2c0fb850b03391a0850d5827d711d8f6af1fc8bfdc8b8b2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | faab47d7ca3b43ff8c54fe80b43911b0 |
| SHA1 | 33821cb01c439196685016e8d7fc5d348e7d6eb6 |
| SHA256 | e07ca0cd9f0abd630d5acb5de2f78a5a2cf1942a85d2bd0239187d713850be67 |
| SHA512 | 993a8c23c5540d3410cda33e0bf56de54daf32112f90782d13e5a9b007337a887c7cdcc84fcd992ded12a28bf8a2710b7e726a80ff850b6867addf4702a4c053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 89c54fdab0da2fafb706cd6ed9d4ec71 |
| SHA1 | e9a1c13295d3e3bf9fc9e7fced1642c296d88cbd |
| SHA256 | f837b64d956c1c24e5c96a088dc85b7ef8b0e5f3ed9e1b54ac01c466896875a9 |
| SHA512 | f86d4a860e6f3becfbb9d333b12e0cd367a39227d47b820e0c00551104bd2c83c383b6b62c1fe4b34751e32af444cf944cd225b260e46164e7715db63c3221e1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1479afe359661db45dd00d393c47a9e6 |
| SHA1 | 55ff59306faa7791e3432fe61a714eb90b08bcbc |
| SHA256 | fb2a7d6400ba768588d68deaa159241fd00256e79647c38b499bb8da54db38f2 |
| SHA512 | 89e7da634c667574f38442d69274c4fb2deb38300b0fbff27f1646a9660d401839ff5e42c2e15e479090e3fbc2c6d81a008b20d3ca2a0e3f831fc85dff612e81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f40e0cda76b3ed99f439c4d216631134 |
| SHA1 | 937c0f16d49fb0141e0055cbeaa069debc4a0d5c |
| SHA256 | bc7edd70fa7d1787ac5d70ff71c991a1afcf63d10934c226f4cc46aede328907 |
| SHA512 | 85f7c7ac6f6651680e1131dca05e348714ae689d959187deaf889b6ee098fccd1d8b217c07c1b3d2c854fc1874661fab11f20f0ae7be787032f5783546197bba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 66adc4fcd27710e47e9c35a3c25d2a67 |
| SHA1 | 83b8d03daddf97be493c01caaa0ad47cdd07d412 |
| SHA256 | 1ea01df2b2d3ba779199fb921d2c52e09a4abc63a0f8ea20f1bc4d5006240d8a |
| SHA512 | 0df259c43fb6d1c2b0ac5b06ca46c661a2fbbe7dee37ab55f36108da8c20624a1561c1e7cd0fc239c7d2cb8197073c2a8519d857f0813d41cba449bdd6fbf317 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00dbc41b2d2826319207cfd2428bf339 |
| SHA1 | 5b83f968dd168eb1e7142a57e4b51ca39381bc7b |
| SHA256 | f20da1b1e500db21afb2909975bd7b1bbabf9e07a6c057260f6c23f33b6cffca |
| SHA512 | 5db0c5fa9274b31be7dbddcf72d53a971878a3e152d16c9c01caac7a8faca7722d50a967349fd2389e52d4b9a761b8a228bb175ce9598d5d08690ca09e878ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35aa10fe58ccab3e6c9d53ea66d18925 |
| SHA1 | a14c979b73cf73661789092cc70bf15a6f4d51f5 |
| SHA256 | 649ead55baec3e834ef70fb9c4296c1f33ee82f69b0771c61e05bea1a0fee42f |
| SHA512 | e6a840a3f3c19972b1b5aab16601e9224e7492e2b1627dcafc933ac4c060be95c2a0e941b3d84d2aae9ec1e70b0d2bbb08a440929f891293b6e9b13d4d7d6036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fc0e4a2f53b59fe514502fea75d3191b |
| SHA1 | 8d627e536bb225cb7fc8c238fb54a742cb2853ef |
| SHA256 | d36f4fb427acddb080064ec336c35a576477716ba0f5df0a1fccc52d20844b61 |
| SHA512 | 3fd904892e6b4ab2e963d1a4ee66867e100f42d013d795ff46cdca4dd7848b2e05e8bf0044f8ffd829a8818bccd4aacc0e49f7469b3f85f4a2c68ca059390d26 |