Analysis Overview
Threat Level: Known bad
The file https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxVkEtvozAUhf9KxYLVEIx5GCqhNiFNptOSx6RKaDfIwTYQDCbYIW2q-e8Tshhpdvfe7-gc3fOtnTqu3d9phVKtvDfN60ooo42ko7YTgrWibNQoE7XZwwE-nMKb1LDHaVoIRTkva9zhZtCkqm5TnYTTczzDaz0L6Wn-IVWG36ac92X9tPD36JB05-OSGb07TiPS5s2WlWUc6104SY-LC7qgbH7Ik32fS1CAjYri1c7hLwntDeod3DQDKRzrddj31mrxu_u5MxLIn4vklLxWbIXtsxdNYhSp5eLTY2vL_6z41HAqkWy2r9Dl0XMt1ruifNJlKAzaBvj9Mnc_Nl_2jPrVL0vmUy_a-tvga1mUR9i_LeVsomKdhtqPO60aumqoEl3OFEII2kFg5uz6f8VEpx7_TbghUjTy1pxFCPV8Zw-wBxAJMPMBCxwbMB8Ci0BgWlcfF3m25YwgHGLoLQbzq4N4xBdFM1zXg9cAyQD_O_75C-4tliU.MEUCIGCTUJYQT5-VanQzq1VIvFGhfyGZtavaJnUbdai61s34AiEA_BgUSURRBn4yGaiUonx_tjHhD3-L9hRZnt-UwOnBEKg was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-13 21:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-13 21:20
Reported
2024-08-13 21:23
Platform
win11-20240802-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxVkEtvozAUhf9KxYLVEIx5GCqhNiFNptOSx6RKaDfIwTYQDCbYIW2q-e8Tshhpdvfe7-gc3fOtnTqu3d9phVKtvDfN60ooo42ko7YTgrWibNQoE7XZwwE-nMKb1LDHaVoIRTkva9zhZtCkqm5TnYTTczzDaz0L6Wn-IVWG36ac92X9tPD36JB05-OSGb07TiPS5s2WlWUc6104SY-LC7qgbH7Ik32fS1CAjYri1c7hLwntDeod3DQDKRzrddj31mrxu_u5MxLIn4vklLxWbIXtsxdNYhSp5eLTY2vL_6z41HAqkWy2r9Dl0XMt1ruifNJlKAzaBvj9Mnc_Nl_2jPrVL0vmUy_a-tvga1mUR9i_LeVsomKdhtqPO60aumqoEl3OFEII2kFg5uz6f8VEpx7_TbghUjTy1pxFCPV8Zw-wBxAJMPMBCxwbMB8Ci0BgWlcfF3m25YwgHGLoLQbzq4N4xBdFM1zXg9cAyQD_O_75C-4tliU.MEUCIGCTUJYQT5-VanQzq1VIvFGhfyGZtavaJnUbdai61s34AiEA_BgUSURRBn4yGaiUonx_tjHhD3-L9hRZnt-UwOnBEKg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe565b3cb8,0x7ffe565b3cc8,0x7ffe565b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,15656013661304584307,12300759441625703585,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3516 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | shared.outlook.inky.com | udp |
| US | 8.8.8.8:53 | shared.outlook.inky.com | udp |
| US | 3.233.34.230:443 | shared.outlook.inky.com | tcp |
| US | 3.233.34.230:443 | shared.outlook.inky.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 52.204.90.22:443 | urldefense.proofpoint.com | tcp |
| US | 172.67.156.31:443 | hotellimaran.com | tcp |
| US | 104.17.73.206:443 | click.nonprofitwebadvisor.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| CA | 23.227.38.65:443 | careerlearning.com | tcp |
| CA | 23.227.38.65:443 | careerlearning.com | tcp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| SE | 185.146.173.20:443 | shop.app | tcp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| US | 104.18.72.113:443 | static.zdassets.com | tcp |
| SE | 185.146.173.20:443 | shop.app | tcp |
| US | 151.101.2.133:443 | static-tracking.klaviyo.com | tcp |
| GB | 23.214.140.11:443 | munchkin.marketo.net | tcp |
| US | 8.8.8.8:53 | 113.72.18.104.in-addr.arpa | udp |
| SE | 185.146.173.20:443 | shop.app | tcp |
| NL | 185.172.149.104:443 | cdn1.judge.me | tcp |
| US | 151.101.2.133:443 | static-tracking.klaviyo.com | tcp |
| NL | 185.172.149.104:443 | cdn1.judge.me | tcp |
| US | 151.101.194.133:443 | static-tracking.klaviyo.com | tcp |
| US | 151.101.194.133:443 | static-tracking.klaviyo.com | tcp |
| US | 151.101.194.133:443 | static-tracking.klaviyo.com | tcp |
| US | 151.101.194.133:443 | static-tracking.klaviyo.com | tcp |
| US | 192.28.144.124:443 | 130-joo-519.mktoresp.com | tcp |
| NL | 185.172.149.104:443 | cdn1.judge.me | tcp |
| US | 192.28.144.124:443 | 130-joo-519.mktoresp.com | tcp |
| US | 104.16.51.111:443 | careerlearning.zendesk.com | tcp |
| US | 104.16.51.111:443 | careerlearning.zendesk.com | tcp |
| US | 104.18.243.108:443 | api-na1.hubapi.com | tcp |
| NL | 185.172.149.104:443 | cdn1.judge.me | tcp |
| US | 104.16.108.254:443 | forms.hscollectedforms.net | tcp |
| US | 104.18.23.183:443 | js.hs-banner.com | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| US | 104.16.117.116:443 | track.hubspot.com | tcp |
| US | 104.16.140.209:443 | js-na1.hs-scripts.com | tcp |
| US | 104.18.80.204:443 | forms.hsforms.com | tcp |
| US | 23.21.254.249:443 | tracking.aws.judge.me | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea667b2dedf919487c556b97119cf88a |
| SHA1 | 0ee7b1da90be47cc31406f4dba755fd083a29762 |
| SHA256 | 9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f |
| SHA512 | 832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72 |
\??\pipe\LOCAL\crashpad_3552_UQURWXXEHWXSFMTS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2ee16858e751901224340cabb25e5704 |
| SHA1 | 24e0d2d301f282fb8e492e9df0b36603b28477b2 |
| SHA256 | e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c |
| SHA512 | bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99c48c03b022d931e0fee8c015b89087 |
| SHA1 | 9d5ab136a7b0f2b6fff2e96f905c83fc69ff48ed |
| SHA256 | 308fb4111b4b59ed8341ab9324880accd6e5d503565d591eb2a2cec4450cc93d |
| SHA512 | 02ad636480b5a9b5e6d264e09920c4798e37e221361a303e08faa4bd042ff4513bec5c3f6470de045f7f7ad41ad77ae05097c65400058943826645679a8eef93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6f81bb7024e26931f11e0e2df69936d3 |
| SHA1 | e235b002961c6a3c35febefe7a42fb439f5078f0 |
| SHA256 | e75b908d92855d6b254df0f9d392658641b872ed4241a2691d99ee7f5a80e8f8 |
| SHA512 | 5e0da7395ee1f2fad3e6794393a40c6de1a54c06de8dafc5a7f037e96277898c26bd53700d76083327f5c5e54a0e667debc4f31af2470a2176cb7b05f42f8f7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cffc39461694709cd6c743f737e4852e |
| SHA1 | 5075d799b5933179ad51125c2f7c3e270e160119 |
| SHA256 | 5d3e67f7a1fce28959fc890511b72aaebcb62f3cce60ef5b65d23420c7a9ba36 |
| SHA512 | 5642dc7977a2ef8ea8682a2d262cc71c28d8b839a2b548a85f8b7dbbfc3cfdcfb0b948c45ba6f2b9e964ab263e36efa392d81c8b7191e3e9df9f6e41393d6c97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c07018d6cab12d181bff4755c0c1d259 |
| SHA1 | d63287ca03f90cb5db92d11218303868a33952fa |
| SHA256 | 663029b6c2c30249a72fe29fe8a2625ee096dc97405bd058dbdfe271e33c8655 |
| SHA512 | 4e2f3e634c80c27ae60bcc8ceb4d823ef99b7cb29ac3425eebcfff6a34b847690a61a0debe7b2019b5cb30a123cfe7c2031cb3f1ca8a79b2bbd97201fe762091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 67c770a3bdaddb990a1ccf76e487d734 |
| SHA1 | 4637c11da28537391c6a00981953a4153bb0f189 |
| SHA256 | cd079f9b8f062d539cc262e35a24b8b14c188c59fcff1084ff931c7e3293aaf9 |
| SHA512 | 0e634bb167c8752e2b2ea7388ed4f25c7b6e64423b69bee324028411c388ee18606f43659bd36f4c7779d0f220ed479e15d2beffc2da0be5666c54792e17a2ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 247c37bceab8f5957f6bbcc236e9e0ba |
| SHA1 | 295facabe97bc327ccecc04cf1322a51f48454fd |
| SHA256 | a75a5a6fb640ae20dcd035451632171442f9fad40b6a97df2e431dfee1cbbc43 |
| SHA512 | 2b7bdfba17f5aafff9f0dec654cbdd7f626726a81108d999ee42e90cdb149ee4b9c6d2dbfa1c5ae1818f1819b6dfbd9af17b79d99fd7c21d256ad3cc5f750fab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ecbb755f6a8a4d10ea756cd735ed131b |
| SHA1 | ddeee95ac2a17d600de34a7e7df0e101238377d1 |
| SHA256 | 13d6c9a54b2a67f92d6730716effdb8261431968072890dfa7265371367324a7 |
| SHA512 | 6f8835634be30792fdff8ec33d4c6e70b6a3f12c489dcd2df54144ab04fc90bbfc978b08f5c124fef633a4ab6c0b8291a7884040f48bb4ee4767fbb53bef237c |