Analysis Overview
Threat Level: Shows suspicious behavior
The file https://google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-18 13:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-18 13:43
Reported
2024-04-18 14:13
Platform
win10v2004-20240412-en
Max time kernel
1680s
Max time network
1684s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{1351396E-8DEC-4E54-ACDA-D980956BE16B} | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{3A795609-F212-42A3-8439-DCA2EE199550} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\SystemSettingsAdminFlows.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault25cedb46h21eeh41adh8f64hb4937c133bcd
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10926222876320754499,11521178666100775140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10926222876320754499,11521178666100775140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdf3f78cdh7792h484dh9b22hcdfe764fbabb
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,998883424434857385,4475933760922884001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,998883424434857385,4475933760922884001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault49ed3661hcefdh4ffbh9700h971663f62d78
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,17218055812019695733,8760999663500725045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb6b57913h4151h48d0haf0chca6fa4ddd2c9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,657064611696242638,595563169383725201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,657064611696242638,595563169383725201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault943d2744h6ae6h4045hbf10h75f3df88b9fb
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6557080371992381096,4218460757624176707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault368f8b23h52e7h4248h8c02h2699d964e3d6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12487969765441079891,16634703844888098901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12487969765441079891,16634703844888098901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x4fc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17577394281674906153,6521631908581307720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 13.89.179.14:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| BE | 2.17.197.240:80 | tcp | |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 208.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| NL | 72.246.172.127:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | 127.172.246.72.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| NL | 23.62.61.193:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 193.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.147:443 | r.bing.com | tcp |
| NL | 23.62.61.147:443 | r.bing.com | tcp |
| NL | 23.62.61.121:443 | th.bing.com | tcp |
| NL | 23.62.61.121:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 147.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.ssl.ak.dynamic.tiles.virtualearth.net | udp |
| US | 23.53.113.14:443 | t.ssl.ak.dynamic.tiles.virtualearth.net | tcp |
| US | 23.53.113.14:443 | t.ssl.ak.dynamic.tiles.virtualearth.net | tcp |
| US | 23.53.113.14:443 | t.ssl.ak.dynamic.tiles.virtualearth.net | tcp |
| US | 23.53.113.14:443 | t.ssl.ak.dynamic.tiles.virtualearth.net | tcp |
| US | 23.53.113.14:443 | t.ssl.ak.dynamic.tiles.virtualearth.net | tcp |
| US | 23.53.113.14:443 | t.ssl.ak.dynamic.tiles.virtualearth.net | tcp |
| US | 8.8.8.8:53 | 14.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dev.virtualearth.net | udp |
| US | 8.8.8.8:53 | landmark3dweb.azureedge.net | udp |
| US | 13.107.253.64:443 | dev.virtualearth.net | tcp |
| US | 8.8.8.8:53 | t.ssl.ak.tiles.virtualearth.net | udp |
| US | 13.107.246.64:443 | landmark3dweb.azureedge.net | tcp |
| US | 23.53.112.159:443 | t.ssl.ak.tiles.virtualearth.net | tcp |
| US | 23.53.112.159:443 | t.ssl.ak.tiles.virtualearth.net | tcp |
| US | 23.53.112.159:443 | t.ssl.ak.tiles.virtualearth.net | tcp |
| US | 23.53.112.159:443 | t.ssl.ak.tiles.virtualearth.net | tcp |
| US | 23.53.112.159:443 | t.ssl.ak.tiles.virtualearth.net | tcp |
| US | 23.53.112.159:443 | t.ssl.ak.tiles.virtualearth.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.121:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | now.gg | udp |
| ES | 3.160.231.3:443 | now.gg | tcp |
| ES | 3.160.231.3:443 | now.gg | tcp |
| US | 8.8.8.8:53 | cdn.now.gg | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 23.73.139.42:443 | cdn.now.gg | tcp |
| GB | 23.73.139.42:443 | cdn.now.gg | tcp |
| GB | 142.250.187.194:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| GB | 23.73.139.42:443 | cdn.now.gg | tcp |
| ES | 18.154.22.14:443 | cmp.inmobi.com | tcp |
| GB | 23.73.139.42:443 | cdn.now.gg | tcp |
| US | 8.8.8.8:53 | 106.66.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.231.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| GB | 23.73.139.42:443 | cdn.now.gg | udp |
| GB | 23.73.139.42:443 | cdn.now.gg | udp |
| US | 8.8.8.8:53 | 14.22.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 3.77.60.206:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 206.60.77.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| ES | 3.160.231.3:443 | now.gg | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| FR | 92.122.166.115:443 | aefd.nelreports.net | tcp |
| FR | 92.122.166.115:443 | aefd.nelreports.net | tcp |
| FR | 92.122.166.115:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 115.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 49dde89f025a1cce8848473379f7c28f |
| SHA1 | b405956b33146b2890530e818b6aa74bba3afb88 |
| SHA256 | d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b |
| SHA512 | 53050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506 |
\??\pipe\LOCAL\crashpad_2768_RHUSEFAZBQBQYVVM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d94406b964753cc5222ab1343f54bb1 |
| SHA1 | a5e7de0781fa1fabb3cd89564f2e5693cb4dee16 |
| SHA256 | fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762 |
| SHA512 | 1ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34fafb482d96a0bba6b391aa502b4e17 |
| SHA1 | 69f541c9055e15be1dc807bba6becdd45966a2b2 |
| SHA256 | c960135e581c4de42309132e8c83a740912bb991a3d72e56c74e02452ebd8534 |
| SHA512 | c11fe7c37bbe7b2e2c9938dd0e9d26ae6d28f90f8dfaa5d8f6c00430397e82d8dab0543f8ffb413b62e344f9f01944abc81bf92b00203ea9c729256f3372758f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5fdbf7fa7f85991862b7f472f8e4d2fe |
| SHA1 | 13946517219a8621deef44821fc4ab8ae1f9700c |
| SHA256 | 53bb2c6dffad27b6e259ffb3ebe25b4fe6cc6b69f75b909fa5948347782f42f5 |
| SHA512 | 702e02263b833e8ac3fdce34c6f43c167a33468fa9b13e30abb0cab8766c096a7b630ca0c320f0993ef2ad8f33d53a566b78f07dda49f72e2be9cccc5599cf69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94adf075f073580f881a98da5b1f6c26 |
| SHA1 | c750a83da5fa50187a2025fe4c3c8abd0f00adc3 |
| SHA256 | e5175798860e0c00cf02805a7b3c04685e0bd0f0ca7ca3295f6cdd28b5bbd933 |
| SHA512 | 301601642d17ba6ac82356dde4cca220c95ecb3b1864840c41d2d1118ebb30102a30ff2f62436c5ed892f5d1fccfc0e6fc48eaf82e02f0f110ecc8e4755418ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7c43199d1e5acf5a31e1cbef990fbc47 |
| SHA1 | df7bd524b9b3175325c0aff3469ea7f2211d3061 |
| SHA256 | 52a6fd2a2fff53c738c77a6385e7e1677f8990781699f78c63d5a4b0fe566d22 |
| SHA512 | aae886642b40ffb0676534fd85abe43ab588526b8e952b12a1bcafc73cb05103c76aee4fa32cc18c74af6c59aa1dc84bcda09ebccb7d11adc79fee3bfc93e2d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c6532e2edf14cf9dd272abf5848f0743 |
| SHA1 | 9e0309b499fbb4d1f9a88ea635de3a3e4dbd8f84 |
| SHA256 | 0b3ba18887f7c3092de9c58cca5a63d04689193fc7b1ae4eb29bf42dc8ef64a3 |
| SHA512 | 44fdfad9a3da9098b528f7250ce56604ee1b4380ab0a3497173e9913795905dab18f6d5d18df0cb8fbed859561dc26e4e1fe8b124ec4b71dd6e61b88ad828a8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 71ca3f0ab84cfe3b3fd78ab09fcb579a |
| SHA1 | 386f698f2bed6cf229c09f6cd0ca961b396ca6c1 |
| SHA256 | 62b4bed937db62bb5296c36ca29f7dc8e2ecf21e022d51b10c7dfa4dc0ff0906 |
| SHA512 | 41262dc8d3805c1c69013180beb6223031dac7b0e242e39b77e271e63683fb779a4c03657d8a04042ece771a8306e6de25ea9fe2a4da13fe1ca74e67f794baac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2bbd3c440d9cf16f08d23246e4c007a8 |
| SHA1 | fae338a4be44daacf3e42f1351688a0e90f4e5c3 |
| SHA256 | d5c379d90a0271a4aba6f5b48b8342f05adbde149e4b513ecd6af95b64d829be |
| SHA512 | 4d2efb2b97f8487f8c700f6be7fb830ac545ab8eec9540a2c7c2f06939a772093086a1deaea9f47d6a7bb8ccc1aac87aecffc6a07519033e7d9216e723abd194 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8ba3b4a97d7d2e35e1f738dad9682d8b |
| SHA1 | 5871fb31c57cb2d7a9b3e23e29cfaa4ab584ccae |
| SHA256 | ebcbded4b54769af0c683030258eb09c317b25e7778612d8d7c977cc48a42340 |
| SHA512 | 58f734bafdfa2ef3c287556786070d2c5df1e8d90aa33659d78ec9b866e4eea1a1c4314b2cabfb2cb097dc2e9a4d48dd77e3956cdf59734474d277d5e2ff7d91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27d8e834fea5a6d5738bded5df914aba |
| SHA1 | dc57839efc2c69fc28b9609fe5c7ebc1e12e2ebb |
| SHA256 | 2807b610ba351e992e116f2dfb35e8419b2198241957d9e2a5efdfe0099b306e |
| SHA512 | 1d9bd906b2b9dd7239b2875480353045229ee2a83233595927d372fa72e4b30ce6daf3a8d168fda1780c95ec3f283f797de35345ad1336a2e2366af893333b26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82353221233a1e71f345a1f6f602ff96 |
| SHA1 | 0d502ee30ab4d037ffb4651ce548258c81c01051 |
| SHA256 | dca1f955e95e97186b36deb38b10592fe6be48ebec63409964279ecb44eb7975 |
| SHA512 | d4d0da3a12bddc98a9e6de858ae5d6fc7f9e1d77fbcbd7ae6b5c7f2b552ed8152c2afbcd80b5f143965974cae54ef1ca3be3b71a52eae8a72ab8d0a05d9cdd2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84e7fa9ff56ff87e4f984d864451abb8 |
| SHA1 | 14cc37ecaaf8e8b6261dc8e9ac5ad4e5aa7ab5f3 |
| SHA256 | 76d67f836d17ae149218dad3e1c20a19116b533c6d0a0f23c82aaebe7645f8a0 |
| SHA512 | 3b7f72a79c2158d94f3a63053ea3d90814f4bd84b4056e9d2b0c1a762c7276873287007d8d6b3f58c30dbcb69c974062eca381f6801c3b629f69570cbc5b98ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5ae2d45b73b6050a88a137c00d0df8d |
| SHA1 | cb6539695380585b4f172838c2ffb645823a7c91 |
| SHA256 | 82508b7dd14f5bf06f7ef3221035802b24719bc69160258e8d7dde78745ca0e7 |
| SHA512 | 73a61f2cdbcd474621a393fc08a7fff19cda68646138b5d6d8618d4a435bb3c6a78075fd055dc24a9560effe92df74ba429da5c1efe68649898a4cb1bae1edf1 |
memory/4564-246-0x0000024CF9CC0000-0x0000024CF9CD0000-memory.dmp
memory/4564-247-0x0000024CF9CC0000-0x0000024CF9CD0000-memory.dmp
memory/4564-248-0x0000024CF9CC0000-0x0000024CF9CD0000-memory.dmp
memory/4564-249-0x0000024CF9CC0000-0x0000024CF9CD0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d6ebc9b6e71843377313ef01f865ff15 |
| SHA1 | 918e90aacab219eea662aef2659fd61790ba0e6f |
| SHA256 | 1f2f5b27edc3fcec4a00a6bfbe64cfaa672721800475d775bec593be3a85bc3c |
| SHA512 | abd4c62f139967c8bdf0350a53ef4f18fc1bbe94d7a4b846e4d125b58a840183a5f5607265828dd616d689b45a4f9b62daa859b1ffaf9001c4bf61eb056e63f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 47dfcdf960ecaeb3ed1f242c9cb4ef32 |
| SHA1 | 33edc34b87583d98c93db39446dd5b45d9dd7655 |
| SHA256 | 174969880e9bd93bc03804861614b04b53407f0718b102363138bc504566ae3e |
| SHA512 | e2fa80660a696cfcdef2e4d8142ea2e753af25d6b67830fb97190054a72e83ba1bc70fb5f0d8a7099f89a913981bfe440e279c11cd5acf37b4202249b31532f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9f32a40e744ad8f69f7cc65911297da1 |
| SHA1 | 477e42297df0a45c3991338a3ee9b1c7cca3add8 |
| SHA256 | de53573277868c4b5460bc3329a34eb7aab26a24c51dc803d5856dad59b4ada9 |
| SHA512 | a33d08870f0d2721f82a71d1c825d37cf3ea526bc4901d3f75fc3c588560c2d1982641464c7d5acf58b5cc2a7021b4886cd495ebc6a58eaad3415a5fc4f4cc88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b31356fc267d122b667d947e4579408 |
| SHA1 | 011d57cd814dcdbfc3036235ef5f518e8f157032 |
| SHA256 | a33e1fbd3d2b6040be2aba38de558ef03ce3058d5bf35790fbd8b42b8e2582e5 |
| SHA512 | aa9aa345abc96200bc11399b10add7f9f1e3f7543fd500fea765aa3363bfc54db891c82c61a7ec51ef47303f9390df7f87417b16d426b0dc6fd229110763b6fa |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1a45b334ea97adfd438ed67b26a74e4e |
| SHA1 | c80b1145bc88cab66cb146399ae4b93e157459d6 |
| SHA256 | 2b39976f2087b4175b782262602b0ab6a47f05b47039d781995efe50391ba9ad |
| SHA512 | 12fd5d87fddf0c9fe187373f8fbfc6c5c38a15cdf287857724ac3bf10ea16cfa6ef9d80b9ebdf266c58243865de1fee2eee9f16b9185b58a4cb66e049490a297 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 95925e102331112a49b1e5e10b59c615 |
| SHA1 | 854a0c3daa8391f8bf64fa39efec524c61129f4e |
| SHA256 | 4c9ef1cd560c622bee991e16a338dbee01969ed967bb3a857bac83a798aa5fd5 |
| SHA512 | 3f576cfda55f76f13ab336641afcff9edf83064c7a616166a1c51f1a13d5e737ffb6f38014ac893223c9e8ae50bcec49da8e0221fdc3f9099278a8ab152bc810 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf0426d2160dea7e626ef231eff9b84b |
| SHA1 | f9752bc8258386969201e14cbf065b9ce184a3e8 |
| SHA256 | bfc61ba157fce9c2b48e9d8210a39da1a9d6cff4778812f42f0aa89e82b372a3 |
| SHA512 | f5a98cd30d588aaa2a3e456bf0dd05478aaa630278d8818b9a814256cc6a6a60898ea69d629f3319ee148df702996c4a22f5437c4b659f60c895f9005f60899c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4147bd9928fcdb53633e223ff6adb92 |
| SHA1 | b3c221001bcdb2edc94fd31a6c8fc1e495df1d7b |
| SHA256 | e2394d04119801c0ca075fb8ff3cd84c9503a5da696430f564c9b28e39829c91 |
| SHA512 | d668d139a520a4ebf1227367537da22d24787d2c8b9bc5844c44db748007d70bd37c9bf06c85e7892ec7193b04dd6a834b66716420791bcb4de2ee298cd1546c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 955297197a6da26d4d84ce512ce1b4a1 |
| SHA1 | c9190a5a2eea4ba4c33c111cb430652a06446046 |
| SHA256 | 16c7d68a95f4c21c40905d01730649460621e8347bcc1cc1061ba31c8dd199af |
| SHA512 | e0d19e8ff1ad1f23e1dd1d41c86bba9d774db282ea6ffa5b39a53c506ff00164b186274fd57f3cf7a79e4666646a9ab609b26a4d595f344a2b99cba1923eb226 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e2c08ae82cec62ed3070e0157c7e375 |
| SHA1 | 6bdd9df31063c18a2cce8b5e0d9f08eef3335aa6 |
| SHA256 | bb7c7054e61d2a229224ca86c35a75b11eeb907d95d85945c9a3e0bca4c82ec9 |
| SHA512 | 86af9c54e7ee639b827d813688d0f1bf706f314d7b84208b00485c91a8aa94d4375c91371590ae1d7d4c731f65939417640d063f82de96cc037a0b1856d6b122 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b8e13.TMP
| MD5 | 49a079372e1cfa6662068728d4f91a30 |
| SHA1 | a1b0458e5fe50227b84cbb8d2b576cc93e2906fc |
| SHA256 | 9acba1f948d0a4919d24915ee34d45ac47a35cd4f5f34263109c23364c31ae9f |
| SHA512 | 6743bb5ee4b355fe17fea738ecdf072685daad9f312a07f21fc5b0c69efcf0cb5722a31d4ff8a3ec3a6e8a5f9023e200692f7d48b0b7545cd47c94ef3354b8c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | d2d55f8057f8b03c94a81f3839b348b9 |
| SHA1 | 37c399584539734ff679e3c66309498c8b2dd4d9 |
| SHA256 | 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c |
| SHA512 | 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 6b0644c6e5f20efea0c9c29fc45b515c |
| SHA1 | 6086cbc3fb2c0354b7602a4a32ef179f7fbbc52d |
| SHA256 | 322383e63b160b748d1f00a3be78eee6795ad1ce4bfa7fa84129de20527a86d8 |
| SHA512 | 74e7f10dce69b94e13cf11138c288c70c6c74e4584f42a3c80c3ac3f20a53eab965d1a389693ee62eefa1c348b1f6831f6220ec197e179301e99777a2eb4d942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | f258bf7ee3a79108bb08a99a33e2bae2 |
| SHA1 | 2478de785e5299c0ce6b9a2698d64a7a86712933 |
| SHA256 | 97257288c1f0219e45347261ad5d68ef6e62b877acd9ecd565e8de71965712c6 |
| SHA512 | dd17fe2d991f4634a7d02dd46a6b480f17c4021992f29c30c1a3dc95e8eccf149c6e9bc718844a62d12324052606c1bf40f357a625baac0faf59ff3bbc31a29c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab34f1f32f63821c0bb8731e39f79167 |
| SHA1 | 522fa88cc5bb070656c246c4c6ba8e1764f45840 |
| SHA256 | ab3e42668d4b18cbd7faa3436631ea1656ec18305c0d12f342f569943c235f36 |
| SHA512 | 32a5ca84b886bbd1b0ea9c9cb87a33852f5d952caa1ea824f5e1c03271790311e74848dfad97743d6e3a603077f98aab4bf7911f5540b0e5adefb4f4fe364141 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 18a8212b7123f35ba9ec82c75308cabe |
| SHA1 | fb14be6cbc900cdf16e9b35b96bfb4f20a662c43 |
| SHA256 | 2e33f5200b55d66c8c739edec7d5a5d6642b1a13df885c6d3fa7ab4f4fc20329 |
| SHA512 | 98dffbf6e306ae7ccccd9a79c1cda5eae8e5ad3dd4fb050d13ac0a4307bb4f367973e9bbaff15cacf8a803a2605d23da8b57ada91a7a5fd02efbd6874ccb7ac9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6e8c800d5e39b8c7e1af38349347dbb3 |
| SHA1 | 153f075e0f0cc815bedac205623d6d2bc7c12a46 |
| SHA256 | 91bde7d56f5fb5a0890776a6f601fe8339467a81191d13b844d282510b36c47d |
| SHA512 | 8ca37cb6504fbf979b59c0c0e59210f5e115390b5ecb4753ab487dac9c8fc1b0d69aa6ad0d98a8ffaec977169c7c92f0d17bbaf6d1985ec5df73bcece72d6381 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7962f737389d60f49976132a30d1732 |
| SHA1 | ca05c2b5f32a4363259ce813fb22d62c152a3729 |
| SHA256 | 00d698e2054a21f17cc01ca10449efabe1058ef6e3c16ae3af69929cbb30b6b1 |
| SHA512 | a4f4bb581ea1df1e208920a4524362cfb67d1509938f6a4169c53493fea12a63d256074204e2d7e82a1938a8f217c2325feb3a752152f1f3269cc033412f9431 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d47bf07edacad1850bde6d6f75693aa1 |
| SHA1 | 5f436f9ac821e2d2dfc81d2d0d80f0954d7de190 |
| SHA256 | 69b715d281a6149f3db963d20ef357c9e9da5ce4787f15cbd1ccf7ac0706be9e |
| SHA512 | 203d0ff0c46008536c4f6b9bb429f18d2dbed45806508e470661993522b89e65dc67f0389c9fb94ccbac61c9aedb6cc8cdfabb627024c70ecde1aa4f3b586d2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 399c28d4ff861ed999968878be0f0eb2 |
| SHA1 | 7bc450949a34b072f24580ac25bcd7990b168613 |
| SHA256 | 6180fae25ce11a7d77e8151675e6931aefdda45587f6a3d0277fdfea39fceaa6 |
| SHA512 | 1067aa135b7e1756996138ca916a56811eb22d16d1cfd879ead86afbf2751ad1d1ac0ddf7838c91ce50a394ba9859b9138ceb19d947318da915b26abafff6395 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 489593dde426eab017d0df8e60b82ad6 |
| SHA1 | eddc42b92d20d646b2b082e32ae0e249b85d03ed |
| SHA256 | 07fef44405eb45f36a4c1980e08f2c5a5c3f3e919fa7df5b11277f710a863129 |
| SHA512 | 4b92aeb2cca95f71131c0ea2cbb7dc21d5610219cdc24c23dce4dbbb4b84513eb73a6af08efea76c628784fbf86529a5a423a67625a4f34dfa277a02b07fb543 |