Analysis Overview
SHA256
3ef5bebb9155874d70b1a6633815ec9720b2684313ea357488a9cd5fe0642e27
Threat Level: Likely benign
The file Minecraft 1.9 Survival Let's Play S01.rar was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-11 08:32
Signatures
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
235s
Max time network
255s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\villages_end.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
299s
Max time network
254s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\level.dat_old
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.22:443 | tcp | |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
131s
Max time network
147s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\data\villages.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
244s
Max time network
263s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\level.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
89s
Max time network
203s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\data\villages_end.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
212s
Max time network
284s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Mineshaft.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
131s
Max time network
143s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Village.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
213s
Max time network
287s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\level.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
244s
Max time network
255s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\region\r.-1.-1.mca"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
294s
Max time network
304s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Minecraft 1.9 Survival Let's Play S01.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc0043cb8,0x7fffc0043cc8,0x7fffc0043cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17809062637120325434,3145098421783520821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc0043cb8,0x7fffc0043cc8,0x7fffc0043cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1865295639065875750,11729302968083941775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c7e2f451eb3836d23007799bc21d5f |
| SHA1 | 11a25f6055210aa7f99d77346b0d4f1dc123ce79 |
| SHA256 | 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800 |
| SHA512 | 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34 |
\??\pipe\LOCAL\crashpad_4252_QSIVYJQHPEVDZNFV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6876cbd342d4d6b236f44f52c50f780f |
| SHA1 | a215cf6a499bfb67a3266d211844ec4c82128d83 |
| SHA256 | ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e |
| SHA512 | dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1701bc6207fea5bec19c0bcb60372d01 |
| SHA1 | e01fde11086e08ed6720c3a594f3b01b8d8e494e |
| SHA256 | eb4266697097f2745328a5f242256c23a446e9f4386db265786cd15b89d77765 |
| SHA512 | ad7ac68c7512e50349d1b0092006e56891de590e4b8d18729e3112d36ed649ce41c0e71c6a3f36834222b0ec818aa5801d26ae9d57efcf1610afdac3780ab771 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c6ee4976-f16e-4414-90c3-b0428a024a6b.tmp
| MD5 | a604b277abefa783d2753c58ca84432f |
| SHA1 | 5444a3cb6ea2842dc3f86d3df102f9d2a6384f37 |
| SHA256 | ed768f4a13b195d9d7355be20895002d2386eaa7c6cd4e2dd85bfd9812790adc |
| SHA512 | 9030ed2184d3edbc2cf4d486d84d6dc3185a64664f4d720673063de97b5a9feb7df7fa6a00458fb957e2586c38ef1cb34c1b3e1e114b77f346a7aa9cc784b701 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7831c33c907b6f3606ad2c6e5b5dee8 |
| SHA1 | f6b903a6e42505dcf793a8237bf8a5a299f89a9f |
| SHA256 | c6b934aedf61aa5e6ac2338b619d6ac2814a13537b0aaabb488ac9282e999adc |
| SHA512 | 129d55beeae84bc3a0d8186a7a6cd13f0de4c25a27609144cf86da4eee3be0d435e5a1e7e4e985d4cde8c7a7067ebf3c5b101117ab69251f64e9ed791d737257 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3ef968bc2e897914e597c5e38720607 |
| SHA1 | a4bfc6ccb04df1657cee2fdb48fc02e024cbd2aa |
| SHA256 | cf6789197e5af4914d3292ec985dfe5987e682dd09a3eda0453aba829e3086a9 |
| SHA512 | 99aa16d14b555bfe0945b2a21725a9c961578f6c11648461ab2ef45cc1740969e6ab4f1e7c5c6f36a7a3b790271e693da4cba46057827033686295964ed73202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4ffd46a6830776ea26eed0f2836648c |
| SHA1 | cd7a885e57578158ddd8e89a0b20a3bea20af127 |
| SHA256 | 5aa303338d7627c255c437891da0f18b63de6df7a6c43cb76681783581fe57b1 |
| SHA512 | fe41d7b0c987f12d303b91a07725f324862951fa3f9f4686672eea957b6589f718b5e8749ac4a7c1939da4fbefc457eff08712e08acfcebd1c226411e6bd259a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 825b1529c16afe41961a5d66edf206e9 |
| SHA1 | a08fd59c15c101d5f6e5dded3680636674c2a40e |
| SHA256 | 87dd08dda59d6c99edc617ba9dc9d78a43acd98ffdedfa52e24d3612297a971f |
| SHA512 | 74fbf770662cf322b97763ec0ec1806c429078be395c62af1053388fd26f9481e6a0d091587e20fa420754d2df06569c49ff8f05a3d96312a8014b1c8421725f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | a9effe12125a8561216678a1ad4b4934 |
| SHA1 | 9ec9e480d8509bb9ec8681aad63d934652e54333 |
| SHA256 | 200076046ca57f5ebafc35b8f98aaa8d08125430b7548db45356014753fbe16e |
| SHA512 | 601a04e8b1f75ef455538862d4423169b4bd3ca593bd92546fbdd308d175f6ba8c259c4af06957b9ee46211235a5ebf83a969b73e948f53629f19968971e365f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 0f7e085eac3c6c7a0b92dac973a1d20c |
| SHA1 | 340014ddcc7181d5418c14d42432e0d469fa33b6 |
| SHA256 | e87aed12c9f36fc2be9d498f47f9befa5f8693e4d8411a7840d7c035f3155d88 |
| SHA512 | 98bfbac2255beb89e9170ab2b28b634ff849c409ecb83048aa2c34120aa661c9fc4bd2eff0d5cd77437331f54b3c39eac7d4666a5cbdc898a2f9a42d364ad3e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362568382416144
| MD5 | a4544686ff5b64a5e0391b9bf1e59745 |
| SHA1 | 29503e2ae48bbcc4e7cc1dc5217f66b87fe5dbcd |
| SHA256 | 84a02b25a0e3a2503e8fb406a869d8ee99cd7f3ee939d2cb31a459c9ccc546ff |
| SHA512 | ed22c6d3b8b2f4a75e01ae9432d65dfb665ace1c0918d420279090c59594384c650fd0c0cda0fc596f50f2d5ba4a8b3e6cf4998828b8fbc4a313a192682b520f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 60dce8b62b891830f4cf7816a4431a63 |
| SHA1 | c4a012b73defbaf6c667166182eeb79a831daf1a |
| SHA256 | d523e69defd69e5db2f04b5fad282d54c35ef69c6e1d9b7d8bc2b43364b03c0e |
| SHA512 | da65f1bd396f3a5e41ef37a7e46a1dc4a5d4a0f398d55a00c95fcb7f20ffdbe51bf081bd46b3571a69b320abbb0fce8d1726c21f87e67a5a4498f1d380d0330d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 349e1a59605c7b22b7a5f47206cb511a |
| SHA1 | 8290c29ec4e2d15a19ad3fd147a09d33827d6476 |
| SHA256 | 6e413728b519449f997960034244854879aa025ea8cfcc85aa635374c2e52abf |
| SHA512 | 5b524623314ba7e8da725f096af4df37f8fa16ea6d0e69af0e301c0c118d15c8b20fc80388f48ae61734db50b6ff4ca4a8a22137baf094490fbb77b7ff70acef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 188b9a7406b477ab6b4bff4e419e2987 |
| SHA1 | af7d9fc99f0bc2b986ae4b2f883f4a417530b87b |
| SHA256 | 1bfe3f6d26354775c33038f65da79adfecab3fdf97920b57efad146799aad667 |
| SHA512 | db6a270430d4589c9b5b97791f77ba3374e8e2b88fb47d7e7c642016e4c91cc9e02b3ec5f1ccf078a18d31e7a6a073a7190c762b5c6806cba01daf612a14a06b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 0407b455f23e3655661ba46a574cfca4 |
| SHA1 | 855cb7cc8eac30458b4207614d046cb09ee3a591 |
| SHA256 | ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7 |
| SHA512 | 3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72848e24845273d3bda4f71292295291 |
| SHA1 | f5f33c7c083181e2e037fc71cc3bee7fb7ace798 |
| SHA256 | 7c1ea911e73f84aa8d5db942694101b0628e4c7b8f0175b95b411d3f611ac6e4 |
| SHA512 | cc4881eb65bef7ccd9837497c9b16e63e4b938bb78aa595e9b19c4846b1c9c25578f0460762ee15b6c7ac95b35ee12b3a48f09bf6b6dac78ea12ec64d6e8a34d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 47bccd8cacf28fe69e027dcc23cdfe26 |
| SHA1 | 402d40c671a8777cef52137c8043339da2766f1e |
| SHA256 | d954eafa1396f4a252f82399de588ba54cb0df49382509759aceab1b2c189733 |
| SHA512 | 2010e4f37b37466b50db144fe13663267ea7f2fa1a1dcb53b1a0433a9ed7497e3466b32cdf8f66a337e95fce566e448b2deb559381e826667442f5d764394e41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | dc32b5f12bcee037e025700903b0dcce |
| SHA1 | b0fe0972b5d88e98817404c8699e6654571fe960 |
| SHA256 | 8d6d7c1e4dc0bc636d152fce718fb43ac6383ba599262eed37caa9f1230e41b2 |
| SHA512 | 00e28de34bc9475c92b1e47a74a879043c4b090618bf9d88da43b42e3392bea49cb45734cf077991c7c56a0d75538e72f07e136e1ed7d1ef0f4fe9df1b732137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 0a7e858f0e05f39f9ad2f20c70f51048 |
| SHA1 | e6538c21b17dd48d08e95bed9b778f715e11dc25 |
| SHA256 | 5074ff3498be5ca5a1efa00efdacdb3daf75d02a1ee3024422268088237bc6fa |
| SHA512 | 14b75d511fd1ad13dc2d822ec5a50e7ba78f2f24a27a521aa5400bbc0236f00d5ff9a2ec4eeacb133148c96fb12f199be1b2ea111897634f9b8cd356d905b88c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 7ce0db5e153a7c961fc6418067c08261 |
| SHA1 | 200caa9d7b10888d357ca802905504a322b3b45a |
| SHA256 | 974a717dec1b37d657e588fd57c2baf056fa910ed7ce8bbdca4af44d9fa95537 |
| SHA512 | 94f4d56d774709fdb893d6afd731321eeb375b041da60c8a8c39935fd53697e290420b1be9c01c67dc025dff15999e97c0ba22de07a33780cc681f92f431193f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 35de7897b65c2f38b06695e637715937 |
| SHA1 | fc8e23e14b1b598614f326dedc938460ca8c9ee3 |
| SHA256 | fe46be39b8d7c0b60977f46e500b426dc41560abe930baf41dad02e149505487 |
| SHA512 | 01f6d2b1f740db52351e8e8aa78a56c306baa27ab73af3292973d7724510c04c72a530a56dba0445d8ba9918d0e01737706fe8ebdb5e56b5020ada91d0985b36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 2078f0b218cdc48d9fb9a72da3453f43 |
| SHA1 | abb73b0d30f49839200ed56ed82964c939d59abe |
| SHA256 | 2603957ab7c4ca7cfed51f5435ce43af4a18912834c22325d5affbbf5b413525 |
| SHA512 | b031a2ff6c9c36e17c002c6c7dc0c7240233aa2cf89fcdcb58387817d39dd7992d5a9f736fad9559b88e94da9c79a83596e9ffbf9a9d8073ae8542e20bf8cbaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 209e5ea0e08dc64f90530034348494f8 |
| SHA1 | a9850fce3d94974e9be429724785ecaabccf91e5 |
| SHA256 | a231810f3215d8ea95cbd81908017304fda28d62340bc46e64bfc858725ddf6b |
| SHA512 | 779b3284f7e07b434fb4406c7dc1fb189b4bb9dd551abcf6ff35428820b8837a9f631cae5c6b644afafc1b60ce289f1f625b48dcf234963d5f44a6ad6e3c1a33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | e7476feb104ddd630b84065dee0cbd2e |
| SHA1 | 387b9b392e926312f34026a53daff93b1d8db7bf |
| SHA256 | 54bc94dee9e71f7f2a327494ee1bfa4599a242bc9b37a87c6502a61f87bef702 |
| SHA512 | cb5bed84d168a55a991019ddd2c4cb5b405b14ea7cbd8e56fef46db466b663f16b59040d3de446ad206cd98e665120982caffb2f7ae83a286643e6b590894427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | ce17df139b788ef20f2c30ef02842a63 |
| SHA1 | c25ced3731d54a0fd0f3a3be880738ea75456a3d |
| SHA256 | 7e837b804e7b5f9ea1cdb8cab06a8731316f420fdd11a495c0a94db5db0b4ea7 |
| SHA512 | d924abb316c7635955f30be42e983c2eceef42e7dcae284cdfdebeb6cad6f63905f7a781a90f2b48800e08753f0e67be96b40debe699ac7406b10b936b48fb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e2f577871fb71beeb1139819a5e9596f |
| SHA1 | cb26049e6c30dc4ae4c3f7a0cee72e3feb100c9f |
| SHA256 | 5308632cf029c97a74c9ccc6aa411181295f62bdbbc998ae2b013d94c5c92336 |
| SHA512 | 37ad4f86a18076206b4b4f105c3e05dc606a76ceaa00202a6b06a089665cbb7c81202bcb9c12e4c899081d4fc3d3f534852f8808444085491d1ad00f96ca9df4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | d9a68b04c3acd7ae8b7ab84b30dadacf |
| SHA1 | 15fa5365fcb7f850c972a49bd8e4d17e1555b676 |
| SHA256 | 8e0551ab1f33d2f58d48228f918a1bd13ceb2f9837d3210e498be756681ddc5f |
| SHA512 | 9cd59753e3a8e750d37fbdb4de27cb7a4255180e85c9deff601a1824f17dc3d2bc1a0cfffea565d825cb27e6304987ba9456d733ab7af11fdbbe5b4460a1b6e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | ef9588ca82f853399e5968af99985e74 |
| SHA1 | 80d9df4f75c3e789ddf10584d9ff9de2b6154cb0 |
| SHA256 | 9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5 |
| SHA512 | a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
| MD5 | 01c531b6bbd06a2f0b438670f84804de |
| SHA1 | a5095fbdd8112d83cff24536d6c769ba85300587 |
| SHA256 | 28c2640e996c514e89ed0638447c3f58bd7a829290bf16d27d7960d2c1121efd |
| SHA512 | 61656b632ab006e389d8493ac008d3c670fb2f3a21cea44975c12a62f265f1c0de2ab4f516b302e298bba13dc9c5fc9841adb66f154c335416ce9b0cef89e118 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | abd0307c6d81690b52e635e61ddfa131 |
| SHA1 | 75db6ade2fed7738c6da9523a2db300d1a6a3d10 |
| SHA256 | 1f53964c212bc7093e19b1ac101f20d9b355e8271d23e4c5bbc90e78da915e35 |
| SHA512 | 65d3ab3c362eaa891b15af7eaa10585950d9be436313e64fdc5bbfeb0c948643efe4c1eddcbe7002366a56f4b034b1fec947722e9405bb4801e7ee97c3ade4f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 5cc22bbc54d8da01326db7f741e827c4 |
| SHA1 | 926f4361e47d8374c58a61d232279ee3aa3f2015 |
| SHA256 | a9ac2098dfac23f036dc6bf686223495952686dda126513c15a77d889b15c6de |
| SHA512 | f9c0182cb7e2dd1be11d07ba9cac54d1864ac974b770aa05802de42e3bd1ff25a23dbaa63bb8b9b4fcd3e70dc39221839ed216d908b1e25d48b87b3c44882286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | bd28801f831447f41bed3dcf9d9406f9 |
| SHA1 | 5600b357158a3031d97b7d30d81b50c98d924e3d |
| SHA256 | f258b0b30e0d976ca1087cad90eb0b41570bdd995ee29f55ce9385d2a2aac760 |
| SHA512 | 74cc4b36b2e6ff63d2294bd6f020948a28f553efb0ea147ced9a609906283ef82c78839b2bf17ede6580efb35fdf02520c09642083ba31bd76ab064c63c2b3c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13362568382233144
| MD5 | 1a34e26b69990f90c1cf9190dc0de3d6 |
| SHA1 | 17b87f235eb2c40960079bfb121b7bc8dea6bf73 |
| SHA256 | 87b7be296dcb64d5fa34c3687875b9861023413ce6f895bcb23eee409b312074 |
| SHA512 | 6fb7def04ea2e7fb65135c3ce6e71ad8f5926469b3a8bfe7dbc0629163f70a8f6e9c7daa36c13cceba07f639bda84c5506e9152a0713bb999440b36e91b45fdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 3d02c198dded13fa1d7cd7f2b393d7f6 |
| SHA1 | b586af058ff0d439a047c54ddc17895136f60b6f |
| SHA256 | fe6fa50e5eb80f7228926a6767ed50c8262905bfd3bf50bff14af5b4c3c59f2d |
| SHA512 | 9a740db1636c68eadc49af4a7e380ef6747f869f990df7fd9c5bc9892e7c9e737332f5a056d7365f45540bad9185bdd7d4d2b255337e36a4eec132472f78f020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | d87a48f6b335cee0ba7eefc98ca59ca1 |
| SHA1 | de1ab839219bdffc41c0faf2d79a9cd8a066d65f |
| SHA256 | 6411c65c46e6019d997caa7af9d31cffabcff8ba6cd5aea599a6c6723d53323b |
| SHA512 | ba91286801123746eab5bb88a686fdaee9dd34800c8e5fc2448a1c5cdd4486980cdd6a2994ef84cd8e1efd4842ee6a6f0720396305d98a2694974c60c7478ffe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
| MD5 | 9a8e0fb6cf4941534771c38bb54a76be |
| SHA1 | 92d45ac2cc921f6733e68b454dc171426ec43c1c |
| SHA256 | 9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be |
| SHA512 | 12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db
| MD5 | d926f072b41774f50da6b28384e0fed1 |
| SHA1 | 237dfa5fa72af61f8c38a1e46618a4de59bd6f10 |
| SHA256 | 4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249 |
| SHA512 | a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | 45f59ee7da7a9cf1f5bc2c5726e2b7ab |
| SHA1 | b13471a2a0759664aaf3a2e8b74efd4df0365f95 |
| SHA256 | 5ef7efcdea8f86fed582e256d2bff8793c1c0f3f0d25cfbb46b25c2f94239988 |
| SHA512 | c9a7d430154dcdaa21e1cbbb475f743314f972a816f0598594c4ac9fe8cdae6834237fe893dbcab3a61273a4e22189dc99435d0166128e159de2b8ae26f668e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
| MD5 | 5d352a03280eba57cb274d27ba6c6b7e |
| SHA1 | 8887766642a81a1248dd5f93239ce63e93839900 |
| SHA256 | 3b358849502f5cfd881dd035ff274a5753f90047a131884838c677e22f2305ab |
| SHA512 | b8037a046c4be7be120bbfddedc780a4175fc8e6c863e9095e39a4e16d2e8ced27c40f38c569a79df990057175e3db6aa35eac645598af3647caa5744052bb1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
| MD5 | 8be985ece811ba0a3f10087f5f4e6fd4 |
| SHA1 | c87c84d4fe182ffb8362f3cabd33349af94e9b55 |
| SHA256 | da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a |
| SHA512 | 901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
| MD5 | 22bf0e81636b1b45051b138f48b3d148 |
| SHA1 | 56755d203579ab356e5620ce7e85519ad69d614a |
| SHA256 | e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97 |
| SHA512 | a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d70a6f9cd742d3264adb0b53ef2562a7 |
| SHA1 | c121aa028b0be841c72faeeeed6fc395fd3461f5 |
| SHA256 | be4818fe6c9fa80a1bb0011e9d9420349ddad705f8b8035bd46c5607fa2e14a3 |
| SHA512 | 183a71c65e3281c074eb47b67bafbf78a59db32f9c67ce1ea8b12a7b54bf6d7c5b7f46ed13203aaad87ea416980aa4c1c3901a7781ffa28a2559b9775e274269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb0a856337872a4fd57b341a7333fc3c |
| SHA1 | c9a93307e474052c80d2fa49be0e625f31d69ebf |
| SHA256 | 00f5c434779453b2145535e5c26cd000e15c5ad62cc3cf63ad183af709d2a610 |
| SHA512 | a233ee4f4ec4a6b573b611fcf72dac0461b8ccd6eba2898518c6eb791370571c38042fac79c4fefab670b1c4dafaa18e5fcc4ec8944021c1465fa17996c00354 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
92s
Max time network
207s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\villages.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:38
Platform
win11-20240426-en
Max time kernel
91s
Max time network
194s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\data\villages_nether.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.31:443 | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
90s
Max time network
203s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\villages_nether.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
127s
Max time network
143s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\session.lock"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:38
Platform
win11-20240426-en
Max time kernel
90s
Max time network
190s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\stats\4f4a47de-6925-3ccc-a93f-d9c7ef283e06.json"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240419-en
Max time kernel
265s
Max time network
277s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\data\Mineshaft.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
92s
Max time network
204s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\playerdata\4f4a47de-6925-3ccc-a93f-d9c7ef283e06.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240419-en
Max time kernel
255s
Max time network
266s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\icon.png"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:48
Platform
win11-20240426-en
Max time kernel
881s
Max time network
960s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{DB4D12D7-0F06-41E9-A8FF-7B719495241B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\4f4a47de-6925-3ccc-a93f-d9c7ef283e06.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0ce63cb8,0x7ffa0ce63cc8,0x7ffa0ce63cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,18067748631699587225,2324627686328123952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.171:443 | th.bing.com | tcp |
| NL | 23.62.61.171:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 23.214.129.109:80 | windows.microsoft.com | tcp |
| GB | 23.214.129.109:80 | windows.microsoft.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.91.34:443 | outlook.com | tcp |
| GB | 52.97.219.210:443 | www.outlook.com | tcp |
| GB | 52.97.146.130:443 | outlook.live.com | tcp |
| US | 151.101.1.181:443 | play.vidyard.com | tcp |
| NL | 23.62.61.56:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.56:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.56:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.56:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.56:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.56:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.197.17.2.in-addr.arpa | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| SE | 23.34.232.228:443 | assets.adobedtm.com | tcp |
| SE | 23.34.232.228:443 | assets.adobedtm.com | tcp |
| US | 104.208.16.95:443 | browser.events.data.microsoft.com | tcp |
| US | 104.208.16.95:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 104.208.16.95:443 | browser.events.data.microsoft.com | tcp |
| GB | 52.97.146.130:443 | outlook.live.com | udp |
| US | 104.208.16.95:443 | browser.events.data.microsoft.com | tcp |
| GB | 52.97.146.130:443 | outlook.live.com | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 13.107.42.22:443 | account.live.com | tcp |
| US | 13.107.42.22:443 | account.live.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | windows.microsoft.com | udp |
| GB | 23.214.129.109:443 | windows.microsoft.com | tcp |
| GB | 23.214.129.109:443 | windows.microsoft.com | tcp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| BE | 104.90.24.112:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | permanently-removed.invalid | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 40.126.32.68:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| SE | 92.123.135.93:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 93.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| SE | 92.123.135.93:443 | assets.msn.com | tcp |
| IE | 68.219.88.97:443 | c.msn.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| IE | 68.219.88.97:443 | c.msn.com | tcp |
| US | 13.89.178.26:443 | browser.events.data.msn.com | tcp |
| US | 13.89.178.26:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 2.17.251.42:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.17.251.42:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.17.251.42:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.17.251.42:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.17.251.42:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.17.251.42:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | 42.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 52.96.91.34:443 | outlook.com | tcp |
| US | 52.96.91.34:443 | outlook.com | tcp |
| US | 8.8.8.8:53 | www.outlook.com | udp |
| GB | 52.97.211.114:443 | www.outlook.com | tcp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| GB | 52.98.207.130:443 | outlook.live.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 114.211.97.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.207.98.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.vidyard.com | udp |
| US | 151.101.1.181:443 | play.vidyard.com | tcp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| SE | 23.34.232.228:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| GB | 52.98.207.130:443 | outlook.live.com | udp |
| US | 20.42.65.93:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.93:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.93:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.93:443 | browser.events.data.microsoft.com | tcp |
| GB | 52.98.207.130:443 | outlook.live.com | udp |
| US | 20.42.65.93:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 20.42.65.93:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.93:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.42.22:443 | account.live.com | tcp |
| US | 13.107.42.22:443 | account.live.com | tcp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d22039bc7833a3a27231b8eb834f70 |
| SHA1 | 79c4290a2894b0e973d3c4b297fad74ef45607bb |
| SHA256 | 402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6 |
| SHA512 | c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7 |
\??\pipe\LOCAL\crashpad_2028_UUQUVSODMUFMOQMD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 046d49efac191159051a8b2dea884f79 |
| SHA1 | d0cf8dc3bc6a23bf2395940cefcaad1565234a3a |
| SHA256 | 00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7 |
| SHA512 | 46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 747cab97c217fa45eaf48ffafd32d0f5 |
| SHA1 | 75c114ef1703921681f8c778255e3f84c0ca2e7b |
| SHA256 | d84a0b3f644111d49a0f6f997e74dc0b00328d5c67678eb47ce17ce1ab852f0e |
| SHA512 | d98accd50c587f3491e6649c64d30e92663137812af60cd597386298bbc44892e8a77477fc73d619c7166a6a4588a1cd45367b010c83dc74707930ea37d18bb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 023ec1d11fc66c197af60cdfde5e718d |
| SHA1 | 5c4ca6263e696f64159d7143e63ce1c79afc31f0 |
| SHA256 | f4b5f0cda60b7873a42362e163cec0dffbbd65d86a67127a5c763cfa497bc2db |
| SHA512 | 009e31e42de221bf01069728623384ada654a4878baa798d1613e5d78175499dc564d94049225426bfa5ee973ab06a18d35d72822346e1dec363a627ff0b5753 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be528cee67825918bbc69098f671705f |
| SHA1 | 48a09b308901e442ad6e3c142d4790905b0295ad |
| SHA256 | ea3eedbd3616b0473b647a5c789d9c904af12cbd73cdbc785edf029f63e6efbc |
| SHA512 | c392245a21989422e70621cd78b00b60782599c5197cf5c276ad34ca516d5ccb02ef12416cc2ba496dc8a97cd3d8cadeab7ee2d3a3ab93b2ec16da0a2855de14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bbad62ec2fb087ffe4cfde05ac6fa54e |
| SHA1 | 25b2f91468147ce75213ce41d8095fe99c34b982 |
| SHA256 | 1ab707035c37c9292c0c905fc3e2d178d405224e6f1b12953a2051bad9098cf3 |
| SHA512 | 5a66664b0d3fc066519decc2f3095c3fc6817ee0ab0cba22db195286e664c412b618e5f540228290d653c1ffdc3d00e401b364ce0c47d2366ae256afb8c712ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 86c90ad48e91721510bd420a3251e4e0 |
| SHA1 | fae9c3eaab11c7d8d1502aac558aacb5aa3b7768 |
| SHA256 | 2a5b4b597a2274443d96be556f57d56d64a70d9f21de753a0d7c510424b6f1cf |
| SHA512 | 9b0876463ec561ece2d223c5cf310983cc0af1f818080e7c6ddd7dfd0d46731d0914ea7835df98d8bc36b47deaf26e914af25121bb7fe2f12db7966f38455e12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | 6a8cb54e17f7dbfd60d1e84273c54b0d |
| SHA1 | 34e2cd148df8a963db2ac3a0b19be7f53aa15759 |
| SHA256 | 6e63f9be4ddd1a8a871eb1d49aac75d62e43ccddf64feb82c7b464d3f28f8713 |
| SHA512 | f17c585a5416d1bfc1d1b8f585aebcea7f8e941e5fff58157b58c45c29cb4038eeb67b89eff9386c0d058dc643f0d61f22a67830dbd345932ce1b04f7255c126 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences~RFe5a1a40.TMP
| MD5 | e9a8d1da6793ebbb87535e4b87fa6a3c |
| SHA1 | 57296539812abb3b6f2f0af44285633a327a87da |
| SHA256 | caefcc02cb0c2f0bbac23d09911b0800f3a7cb80754a78ad7ad6e699c2542f3c |
| SHA512 | 971eb175e426c7baaba0ae80e46accd3a732aeda5c013fef8439c4c0c0347c2a8c9617575428f0f431669ea02885b3fcb5c6d3a352e910dc4d13c8f8c192676c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ceb9c2a943838bd1e1c752fbd07182d9 |
| SHA1 | 3939d1944d5bcdeb8e880b6bd849708dd9ee5313 |
| SHA256 | b3d348e25876c11fdb4733f8a352124cc0c175fe8b38474dc1721172c034959d |
| SHA512 | 12b9af662ee3a3563b3df370876ab7ccb4cb0cfdc2c1343b1c3aba08a25dc259f63ee98af7456daadfd270a6ddf8566bac207ce4cdf7fd63c81b503a9480662a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\7e97b2f4-ed43-462c-b8cb-dc0be2f85d2e.tmp
| MD5 | 3428618e38ed98a8fe160af78ec325c5 |
| SHA1 | e3b440b593b4615e168bea088854fa28ecf29b96 |
| SHA256 | dc869d22fab57e2e0011c1679b7c1a240dbf4bdd83f740656aa76f7b376bdea7 |
| SHA512 | 1f1481fc29f109db2085115648fe44ee59766a12f2f8c363a85a6d010dbc8df071a9d1d5ba29c0609db6aa654878d589ed5c9185b68e84e1375b2e3fad3750d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\af85fd11-bdd5-4651-9349-16397e839924.tmp
| MD5 | 1a0d032d921fcede724b217e25f2dc2d |
| SHA1 | 34a370ebf0d2d57b2da416b64b1cbf37132b2b00 |
| SHA256 | fe4be9c9f4b81ddb56dcbc56b4dfdc3bf3ba35f9bea9593b90755f462ad98f6f |
| SHA512 | 50f1a66939107f9e321f2430f267089cd613280345ed250a3e2b8a164feaf15f6033bd2a0fa71ac0d2648e56a1c4ee14d0f411f4b155a354c853934ec3db7a3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | a5d388882cb3321b85d58ef87caf0563 |
| SHA1 | 207be297d9991124b22efdcba9d439b4fdb229a3 |
| SHA256 | 4bfaf525222e7a1381803dbd62f840b929675de6d950e9e98e17ae2010563ef5 |
| SHA512 | 79700c79a225b1456236e6fb8d9dfc8da70234876be566b3a8fcf3c1c11aa204c371c561448c6b189c197eb712ef928596666f291f23bacdf0dd31518411efd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000003
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000002
| MD5 | aac57f6f587f163486628b8860aa3637 |
| SHA1 | b1b51e14672caae2361f0e2c54b72d1107cfce54 |
| SHA256 | 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486 |
| SHA512 | 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | 528b5ba6b7a3af1a1642a0407a62c57c |
| SHA1 | 6f9ad530152214d08273cec431b58161409d2d54 |
| SHA256 | d04cd1cd57c7d271635b982c8aa0c529c64d6ddb69face3c8441453cca7a8deb |
| SHA512 | e938aefc0c460a123c53e273a2ffbef63e67548720b2fca0f87f1c2f209badf35ebcf582c0bd18bda9aa917ed6ab40b91bc795b5e5dfbc20853443bfac907536 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 001b3ea28d9cc50f5d2173831b276bae |
| SHA1 | 16b3806a46ae48c701e6a15d1b98b32f4dec9298 |
| SHA256 | c11ef66b5c3306febc7f1790c64a17868389ce808fe088f59cf31d0b778d7ae5 |
| SHA512 | b9d5a29e3bb6b73e91be1256cda8bd423123ebee396eefa62af39a4acb437a5d0289ecb70ce5e36d9f8da81f8146ebd8dd58a260a7dcd83d2ef1f034c812dbde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity~RFe5a8e95.TMP
| MD5 | 9b99a64f43e893b54abd9e227925e429 |
| SHA1 | fecd0d399bfe6c48a0911a1e2fb47356bfd70f91 |
| SHA256 | 6eaa34115611e28ee03cb0e614638eadcc62bd0e6d15a0fec93d6aa6b0ae6c64 |
| SHA512 | 5bfc043163c59ad35b112001e4448e60d8ed78f6ddb968e0d8b72c4cbf22a5e2bf043db9d026d19f55d706d78dce73e1c0842eef4839ddb5ace8a8eb5bf4548d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | 96bf41332e8ab25aeb1580bf2d1fca69 |
| SHA1 | 94b4e9351cbd444725c38a133578a40db80adf6a |
| SHA256 | 20ff6756ef9edf2ce92ab5a379b28045acf1749ab199999fda76cbb5275e716c |
| SHA512 | d12e6b7503914554f852315dd20d651cf3bd91f07421cf65724cc02a857546ea686f347610c9f7df9949ab0faea4b0203fc0e6a7144e9f8cea667e3d8e28ca81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 853e0a5368dc5770e2237884098f1b92 |
| SHA1 | 3fb1dd217d7b49007a02940062fdcbe2c58cf626 |
| SHA256 | 13626a05e5aac391399d8ea6138dce853f2f6655117bbc2f863915bdccb20a9e |
| SHA512 | 9d264335f6d6d33514a4e2f3e3fb78a11007967639e569cf185920f00a24a13df360068b8db3ce88b0e30c2dbd4b0d09ccf13bfbf596fc0d5a23a92c4ba53fb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_00003e
| MD5 | c0b23ab60efb763d27f9f92b50b6728f |
| SHA1 | 259f669d1089469b1485ab4c07942c8f32431267 |
| SHA256 | c066161623da6821af1d38fb2fc8b5026e89caf02416be88d9543d1a0d337f1f |
| SHA512 | 0a43c9a501a2b462b19abca689815b4a8ddab19b1abef51072f86686fe6c20f555b9d4edc62cc41d3dff6f364269507a75da6d43ec11eec129d28a44857bb717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000040
| MD5 | 00839cf9e884cb52278abd5006c08818 |
| SHA1 | 9f9c9d52b49057063d53979b344ae0008fa11547 |
| SHA256 | e97b2a9df9be5c6c082c55dea39cd7280025f0640ae8ea15096fa2993e7336a4 |
| SHA512 | d5b7b1e3f230e26eb98bcd8c8b6e1defbea5d0c8236dea931291049d04efa49dab641f0888d30cb3c4e5b59f4da5ef8cf3074990e8a6f3c47b735a39f6c063f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000041
| MD5 | 635efe262aec3acfb8be08b7baf97a3d |
| SHA1 | 232b8fe0965aea5c65605b78c3ba286cefb2f43f |
| SHA256 | 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06 |
| SHA512 | d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_00003f
| MD5 | 5d0e354e98734f75eee79829eb7b9039 |
| SHA1 | 86ffc126d8b7473568a4bb04d49021959a892b3a |
| SHA256 | 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e |
| SHA512 | 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000042
| MD5 | 2923c306256864061a11e426841fc44a |
| SHA1 | d9bb657845d502acd69a15a66f9e667ce9b68351 |
| SHA256 | 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa |
| SHA512 | f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000043
| MD5 | 77e89b1c954303a8aa65ae10e18c1b51 |
| SHA1 | e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73 |
| SHA256 | 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953 |
| SHA512 | 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000044
| MD5 | ff03576f7fbe3355109104ff990fa986 |
| SHA1 | eee3f52a1a3d56daa4265220f810a7ea8b0efcbe |
| SHA256 | c2d51a563604fcbf8a856c60d6375651c62705367586513d797fa0efd1fa6cd9 |
| SHA512 | a11325d0d5f5f6660036586b2705a6019796b14fa913b9efef158ff821006d123f88a7e38e638e0ff4eac70952fb6d2ebce05144aa3cb3d37a41e26fd9220df9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c8bdcf3b51c940df99bb590e8f153b8 |
| SHA1 | 4514eb92f06cfb598a965c65bc7d30a263628afd |
| SHA256 | 860c51a14489f2bbaae334548a5b7962d64970ea82e8c99c03ea685b236b2e44 |
| SHA512 | a94e238d5bf6e2360ee1e7cf07d5a5691d8ec3c6890c6e4acb0801f80579160a5bac3a7c8d4dafc7efb84ffe84cfc6b7f34e82f91e66d3a7e112b203f27cf319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | be6946da2fb0a2bbddd8eeba8e83d999 |
| SHA1 | da5fe00859dcc47cbaf316670ca08a8aec416dbb |
| SHA256 | a57d88e7f8f978e67ebf57381a1e2c03028155316da18be25921c30f072faec9 |
| SHA512 | 26415d021d1f9580ad0d43fcd526aa590aa016901cf7ceb5a6bdf98b4768b1f83f88e09a64c64dd4a51ebc25d73daa9b8a39274a713842d5e9f363f427ce0c3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 2e3ab295f83bd49577dd655fa75b6ab2 |
| SHA1 | 868d88b3e02dc4f5cc0069cda21e96aa41dc774e |
| SHA256 | 9c0e16d29df132721c4b4a7b4ce5ca481e2495c25b031e659b4b45f926ee7622 |
| SHA512 | ba5f875330092c10f63350fac1a080cb16e6927e86c96356d695cd9c4c9bcfb5c3c8cfbeea082f05d884191b82faae8c0d48573170d9bdee7425e872ac8b6f07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Code Cache\js\index-dir\the-real-index~RFe5b12f8.TMP
| MD5 | ad18e1ad1b94a642796579fd086f601a |
| SHA1 | 94642758b26703a7298bfd26bf24dbcec178b592 |
| SHA256 | aeeaf826130d1edd8113dfb14e8e44a1fa9abdbee7ab527480adb694a7796862 |
| SHA512 | f96eb95f43a1c142c80269a371198167bb9ec5899d903c18e5a9675bca538bc26d8a10db239de3a1dfcd25696f60a532995d00e9564fc1fbd59f128b1f37d1fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | d07a70fcb661da45af1ab27a14738227 |
| SHA1 | 5cce7c4471975b08f9642264d24af14d447ab9ce |
| SHA256 | da0b9178d48e9a06bd45850a49178828258abf6f6826cbdac2155af76fb11777 |
| SHA512 | dd033f92ea11b7b1e21eceb4f6b49857ec03abcfd361c4f312bc85c490c2c8490dfaabc0a0fc9ecbdbb8721889361cdb292da47e36e6b93f8b19c4be0db62963 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | 0ef2eff04d0c3211c4c054b0314fea6a |
| SHA1 | 6c981b92662d6dbe6f6f8c7d9053ce99141b8e09 |
| SHA256 | 69d6373c7399f46b1029a420a528483ca216783a24826fc1c082ea0fcd8deb72 |
| SHA512 | 2aefdf37274b65c9ffbe634b31ee15120387965cc7eb57801aef6a968cd645deab6cf9921acc8140574656c0a24d181fe7c2fea79aa5fa4b0777aa1858336e4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | db929381e8ad62ad1b2ce3364a8343ee |
| SHA1 | 702433c327946738c0162b2300dd038844032011 |
| SHA256 | 019d063d080bbaba55c37b91d268128806648d370385df6ed9f27c733788882c |
| SHA512 | 999f1deae8ea44d30ddf8683926793b40182ec0ebf1cd6644428ebb0e3f0298e0fdc361814b3693775b39d5d0bf22e62513184801a382af5cdad12047e9d49c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Network Persistent State
| MD5 | 0d099956b2ee3eec3365fb4c21cbeb9c |
| SHA1 | 25273044c98b8948a04609d1301d36b0346f5b6c |
| SHA256 | c207fd88a8b32ccb420072a82a15f35c92f46e15b4a25666b31cfcbbba44dc8f |
| SHA512 | 13573c3b2f94434b7bfd6191af40b9bccddd81a564733ffe9582ea20c0a93b22bfc37b87436a9611070a8654799a857371af2c6dec8529dc4779d85de1bc1f05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 7c1d475495605cb4df065dd2b721e4b4 |
| SHA1 | 4917fa885602bdb74babd95d182f61734a8e042c |
| SHA256 | 580efd37048b4e6ada5e68a54a2ba86a9f8e7aae20abb013f5508d7a9a9718ed |
| SHA512 | 801f2e42b7b52d5c2b791196aac0e21a1958fdfe98a2d2f0d761e6558166c71230f0c6b49ad5dc90ecfa6da8ccb95e91c792329998443738425757a3b41218b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | fca7148ff3ca7b05daae3349149e394f |
| SHA1 | b762ffa6b93c28ac0e1cf641329144b76d0225c5 |
| SHA256 | 0c2d4ba90c3c2602bc5b278b45aa40810e54326c38f221529a4c37c45ef21cf5 |
| SHA512 | f99da14c5095469c465b6882c318ce8c14f47ec3ca786c1dfa6585f8c2762650c73b49b66c6df0b21b0b090db5027f1a69c09fd640e6f4be1cc3f00438e66b72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000053
| MD5 | 1e5b765b32c5f65973d835e9ee3ebf20 |
| SHA1 | 2ae4b7b8e6303dbb2424730062c2fb1d752219b5 |
| SHA256 | d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379 |
| SHA512 | 0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000054
| MD5 | 7916a894ebde7d29c2cc29b267f1299f |
| SHA1 | 78345ca08f9e2c3c2cc9b318950791b349211296 |
| SHA256 | d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3 |
| SHA512 | 2180abe47fbf76e2e0608ab3a4659c1b7ab027004298d81960dc575cc2e912ecca8c131c6413ebbf46d2aaa90e392eb00e37aed7a79cdc0ac71ba78d828a84c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000055
| MD5 | 12e3dac858061d088023b2bd48e2fa96 |
| SHA1 | e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 |
| SHA256 | 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 |
| SHA512 | c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 052bd95b8feb413b437b340921fb389d |
| SHA1 | 1e5986970512f04f901f1661be1d2a31ae5d9a72 |
| SHA256 | 062f32a74aaf34895a1bdad1e404209b8b725bb774c3c62c2909d75b0df3eec7 |
| SHA512 | e4b266b34316a4bbc0746708a08d61f38e48ebaaabe2de7aa09b042ade744a9d634e452f94910b98d442e63c533e639220a16bd410c87000c426d412b57f5eab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000056
| MD5 | 9196e81f8ed7f223d765423c1f9bc8a7 |
| SHA1 | 88f9d5c2a6908cf36b8daae803578ca9e1fd2929 |
| SHA256 | a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe |
| SHA512 | e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000020
| MD5 | d0263dc03be4c393a90bda733c57d6db |
| SHA1 | 8a032b6deab53a33234c735133b48518f8643b92 |
| SHA256 | 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12 |
| SHA512 | 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | d046628bb02b82e1f0b895c3ed5666d8 |
| SHA1 | d4a222c0fb9f35606744790817e62ff4ae0538af |
| SHA256 | e6438ccf51614f95c25c3c9ee190db870337bf5707e5e204ec2a390381036626 |
| SHA512 | b3988bb71c29395f893a5654ff027adfeef4d03712bfee818fcdf92aa229c0e97eea7a68008b5d67310824c5fc26d3665d55cf06b010152403fba113725e7973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 3d8ffb0b93a8b0d585cf29eca2f757ec |
| SHA1 | cd5953caa11881037dcbd50828526630af48d260 |
| SHA256 | 30464c38f297c9b44b0367d90c1b48d612d5561aafda0a72b7fb02f3c23f6c27 |
| SHA512 | 006f9476d858d2bf7e40389abb8f2a466dd2be75d3808d9b851321a590f69bd591aa2780137909a4c741467c25d716ed1cc9080ddf0348fbb42bd2cbab6868d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | f8bb4ce641360d92fcfc90120e0a8896 |
| SHA1 | d263ce1dcefefbaa12b80849cfba1c87af30a225 |
| SHA256 | 349a1440218dfd04246989ec977cbc6ce89dcc9d6b248f8edaf6f83dc6e6b9d4 |
| SHA512 | e8dedd808834b42bdaeb8347345e618b6805777df54ed7b68f3b061db7a5e2a5c0d81fbf7fb358ecd1c74f67a4c2bd67f9930875576ab535abd7fc8c41990e80 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\188f5ec9d11ded56.customDestinations-ms
| MD5 | 8be4822abfbe0e04b8625e029bc93096 |
| SHA1 | 7061652a6e315d3bedbf87439f0e4062f91563bc |
| SHA256 | 240b0aa017a745860d2c81104da1e77be558651128f75c8c94969c2b1474b4dc |
| SHA512 | d2107a869191a538fdf07653a973d36a46a520b8334f6336a1ceb6e0407f202036d8b386075d5cbb4b81176381a9ecd5447ea778396f0081c8331b8bda80ccc8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\188f5ec9d11ded56.customDestinations-ms
| MD5 | 8440bcfe8290c8e792ba7b22aa1dd623 |
| SHA1 | 368239f770cbc58e734c75fbb7819d8ff9284b6c |
| SHA256 | 3c5522e3aa9b4b1b5a2db18b7f1d4bf431a425c99753a9bdd51ea002d9cbe3fe |
| SHA512 | 00a73118e8d6e6d73530ea677c604c55c2a61a42dba5a1e62006e8ac23631c0efadad71df4a2c3c68b8103617229603e4067af3a5a5c6427c7d7c1d3358959fa |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\188f5ec9d11ded56.customDestinations-ms
| MD5 | 833a53a45f61abc692f4591d39e288ca |
| SHA1 | 654bea906791ed97ae883ad3fd1c79028c09231d |
| SHA256 | 54c547c6ccd23b79f67df301009d7f5dcae3d66cb2f873b101a2a0b39cf8fea0 |
| SHA512 | 0d3adfd43201924b4470d2d356e10764212fcb67f23a516e4e0e1b51ce929519cb4cfc1f27b58afac0a0044e75c207d327e8bc22967cecc4f5331290e3b07292 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 377724d0a7203b4aff02feb657dbe9f1 |
| SHA1 | fbe33849fcde8022e84f2fc8420615808bfa1ad1 |
| SHA256 | 2d012f451c37e5be6d31d4de4facb0c03bfa3efe328b62c528d52be2a22ea34b |
| SHA512 | 28afbff44a475f1a26599e5859610c28eb8435f2936e42b53264b7100821e03dc031df52b67ba425d16806a5b9c54a12513d7be787f61ae9ca47d28c401e1928 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 0caf0d82a3c61757271725a0016a1591 |
| SHA1 | 810695a1769aede5cdb38913bb736ead979e8a8e |
| SHA256 | d7126624af6bfe6c4675adb1d0a8d6231eacd4a58c4bdc2750bb08e4f0dd2ed7 |
| SHA512 | b7c2dca2f34e68111b4d4b0bd1d4c68cb5dfbb3dfca341dd801836994647c63d7a00ab254145a2a874f47a8f6711a1b8221d65111e918ff1e70d1792d73e55df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | b29921af0ff2c0d4721c39bf9cba2317 |
| SHA1 | ae260681867bb95999487d0d1ea522d1f29209ba |
| SHA256 | be1a7438b13f32cc2fbcc8bef96c4320a36f4b66050ba6df87f1fd118d6416cb |
| SHA512 | 54a54373834255b336867081c6e245609e7bc83af765de082010d5ae3e18f8a45aa4079bff69e19be4789fc8e84e3562f25cef6200d0697b05fd62c1ce59b95a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Network Persistent State
| MD5 | 88b0185f8065f7837f70d68b693aa696 |
| SHA1 | d68ecf29d98cfaccb801ff4144b1a43b3b95911d |
| SHA256 | c6640084854036710caccbbd0daf22e2a242e1f1c8ec8bf33887f8997bd32fdb |
| SHA512 | b509bc6b5dac9bd06665d309274026c98ec8d99b4e08b4ee7c6ded1b05526769fd5ec43d865d2ffa1cde494e4d92ce110f1b86af05bdf14fe70b2bb10dbc2768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | 25c290b26d2bf14de9c7e464952f2600 |
| SHA1 | 95849f9cb2f1f14d79bc4577720a7560b3c0e2ba |
| SHA256 | 4ed51c265b19195cf5708394cec179577dd7bc7819aa2ca1e50eb7f2fecbf1f8 |
| SHA512 | 0ae5d942c050b804c86e185b1a88ceaa030c1eebfff7f498453b0fb55613e26fb870f99c228d6b07bd3ba0f46567787cdd121cdfbae94504a111eda9c7fd2cf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | f8acf9df3186f235d8fa06b9be05a5ae |
| SHA1 | 362d83ae1097a7ce7728d3252edee03e92713f44 |
| SHA256 | 42504712cc18b2c9ed93e159ec825944ffff31eb6e0c11a988757afbc32aa00a |
| SHA512 | a19d3380936ddc2394af0456c04830287d05b42ffcf373fb342b1dbffc13c27a01ac8d0e190c2102a4ae68a8b6fcfb04f6bdc5956c64cd73b124d341d083955a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | f27a813af2ce75a75c0472117dfcc947 |
| SHA1 | 1c02361ce165ea19bfc76badbf877476d63f9e0d |
| SHA256 | 08adeb860ccb80291843cd5d248904669b83c1a19f6c9c7a8d577ab3239807a8 |
| SHA512 | fd3f14585cdb1af91397d7e371d14aea660d6a84c7493d26e0b21f2bd68c4694d7c20c32be99c7899e85510574fb07e36717864dd29e097e630dd9795c73fbd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | a817df2dfa5cf8d12f6cdd58fa272d20 |
| SHA1 | 9374a7aeafcb403d890d1583adbc5f445b4f4a66 |
| SHA256 | 80d9bdde84005fa7602adc2c5238db4d731fa06455f4834c406aaa6d360c56ef |
| SHA512 | 601a82f2ed81c6da889ffd8ba3e44c84a0a0fa73bdb11d2f11191a3a0994a36e649d0655ba38a74aa0e37bc04eda9074c2e164ac457b2a5a2937a300b96a5533 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | b25a95fb84fe594a9bc04fb031c6d4b3 |
| SHA1 | ad2673d2e3c2743c9c00934bced4bbe0fa7188cd |
| SHA256 | 46ff4d2369257f962254a59beabce1935cfd5d3d3a98b1805fdce92543789801 |
| SHA512 | 24954b9ff2d216348d41ffd04c0cea055d91c965296932bdfae782f6454f9bd2718d4ac715ae5e7d52525ff265ab44fcff614ae01227076e9eaa78a4d98c2ab5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\188f5ec9d11ded56.customDestinations-ms
| MD5 | 8e16dd7ed6f3fa523124ead96a0b4aac |
| SHA1 | 318796cb66bd8a17ccab4a8cebb617f553762944 |
| SHA256 | ced4cacfa0feab3dab949ffbe7b6cb3145f3ffd585b439fab35a950e01eb94d6 |
| SHA512 | a8d6c5a36aa4cd018f4b54b990007c2d70334faeabf61d471e0c17e26e97cfdb75bf2ed1d703fbe146cde58aa5a169db7d0b98102e3a00e4cadcb608d8405b2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000051
| MD5 | 8f93cba86e325a41956310aa001ecf4b |
| SHA1 | d0565b11bad45befa4af49b2a756e1db92db9fcb |
| SHA256 | 0541883adeed709547f4b0ea224383435264888776b673ef21998aafabcda0be |
| SHA512 | a8684abefdc3fdf190daec2bc53660cadafafbec455124e1d69546232d16a662f0a6a473b2a91bd027c9245028edce53e36e8bdc90fc2d0e515b4c06de08ecbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache\f_000052
| MD5 | aacdb9b9582fb5f623faeae250129df9 |
| SHA1 | d3d9fe02d572783b26f73f90a1b588667dcf83f5 |
| SHA256 | c81eb5bd01870644ee06eb7de51771e608f41e42fb9963625c152473aa3aa232 |
| SHA512 | bf14148e31f61da372cd99175e520fa1f80a6ae2196b5c470c726b0418a12e25b1c8d9abfd0defa6742749275d2423fe9e622cf23953b9c0251888ad8b869072 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\188f5ec9d11ded56.customDestinations-ms
| MD5 | 2f93fa074761510ec15d3a123da151d0 |
| SHA1 | 2bc88cbdc6a189e5d3b0609bd6e53930bde702ea |
| SHA256 | c97063900c17f13ca2c6565186998111647bc1b213fcaef605330782464bb567 |
| SHA512 | e5457131bdb7b6ee777addf7315115f9a4493d858a081b8d0993743c5c666ab0c74d3268f298066fe18720cdd5cd8908a98ebe0255e3ed12c0e5abe9db881c53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\TransportSecurity
| MD5 | e88b0fabfc5ee3f5510fde19f10b5089 |
| SHA1 | 3ef1fc2700bbb2e0c6db2d8320fcf71b1019509e |
| SHA256 | f36c4cc75f190912ae350fbb97c7c5063f213fd9c2a31d24223393d19d8b1b50 |
| SHA512 | 0ea192c5eeba6188a615e60e670715174926ae01a56176fc82a1e9b481f6d491ffdc1f5d04f8b9dec7f99cd8fa7f338cae4f79ac9ad2a55e48592b8604f9a6f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 7740c032016ad1be6cd2e20a521e67db |
| SHA1 | e5e1fbd9de683f7f411c748e870fc632a06e6bdb |
| SHA256 | bde84c316f5ce7334a524ec3bcc88569665068b992fe543a559da1a9bb5c03a7 |
| SHA512 | 3899a44f1c599548917f90ca9e047ddfc0739a6ebe4ad7aa06f5e3c5e60b3af955b111c5c623da42dad65e286c42148b8d66250cc505e80df42f8bde583bcee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | f0ce1f7a0620e5ef8da827e673e8d51a |
| SHA1 | d21aa95c0551e63b978b5f154a20a9ec84630293 |
| SHA256 | 9379dafd8064820cc8330fc8a3131fd4893a69a5a3827a3b611e2c037d1de505 |
| SHA512 | b69c9a92e9ba0df9fa976ae04c47df79f8c1a67749949a3700c35b0fd2652c559eedf1c83942eb78f1f625f2579c2df35a6633a33c85315497228fe138239cec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | bbc7e5859c0d0757b3b1b15e1b11929d |
| SHA1 | 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d |
| SHA256 | 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2 |
| SHA512 | f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | d3e702c4b6090709751ccd616034a1c4 |
| SHA1 | dfc6249a8fad8ea7ee6d5d94b4086b0852ece5b2 |
| SHA256 | b1f3b9debc67625eda9e90e6bec39368c287462b9dbb073b2ea9d381b7b9f40a |
| SHA512 | 3207e07707ca6ee71da74d95f8d41e69f3bf29575a39cabdaa9f1eaff99d0ca735aba442c0157b5e63e7e2aafe64497f953da2aabeb171bff2d1bade6e443d2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 197266d246d0838107726e770352721c |
| SHA1 | 125ac2e275681b5bae9f1fcc252fee8a78127607 |
| SHA256 | 2b800f68e20e44b6c548e8ecb813b96bbd59f4f1bfdef1ce66d9b45633e6f5cf |
| SHA512 | e9cf9a54d7ec729419bcbc0e488fd6b217d4ab669a508ae366fe925fb728c21de4605670de83a90b0060c314d1050035fc272ac9680bc1c9b7946ce0556e4ca7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | b92784fd4b66d52c3f6874b8df4f6232 |
| SHA1 | 66d3e2bbd2dc6bf96e5f67bdc4799ff097f9a7d9 |
| SHA256 | bc79f20e25f0fb406d010c757e5cd1091826863dacb77f55fa92603b43b10953 |
| SHA512 | f59cad17ab1d50d8769689da0d4be43da48c8a7f275cb7023c56fb69ad8cf325fa3f7f72f9f9f9d90900b1fd81b050e642dffc71769614754174f867b8fa89cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | bd09115c83ccd3541a3ba8e2e2145312 |
| SHA1 | bd03ff7a4175303a07c5ef93e7db64b93304f3da |
| SHA256 | f8977fb24834358417c58bee7a64639511b11283ce73df2d3d3ffebb3452d545 |
| SHA512 | 434d324373069c7a39147a5c2cc952040fe6cdacb666846c22689f6f38716af8a93694e2818c6c35bbc725a16d13a3afa8df89ddc08afa48aa3c100250e78ffe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 8dd74b12a0ce44988458c184df29d5d4 |
| SHA1 | c9243c5c42ddb88f87c7c7e9198b8d250706d81b |
| SHA256 | 6fe59358b3d27b9a644677da7231fba6b31f10f2f230e5ee0a2db3a68bdf41cb |
| SHA512 | cb284916122c30fa92893cf8ef5a4531b6a06e94a216f55dfa74e7ee0d2d39ee97656a4276ec59ceae3dd368797ebe95d5a9f9bcda2e8cca7b808dde3f0d0f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | d6dd75ec215292d2c84b6cc005b82090 |
| SHA1 | 0d7090b99a2d362e41350472080e96b32fb62137 |
| SHA256 | 38fc9d2866788ef9ce597633b751d408d0f8e3b1291e1a4a009942904e849744 |
| SHA512 | a8097ad1709f6b0608023607a7d9f8d11bfe42d3a77e115357755faf152b2d7e560458708e71679aa4ade017534be09317ffc77e1de1b7ecaa5b5cb63c4f26ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 29e8adbb1f181bda7849f557436d5f0e |
| SHA1 | 4cc40b077262be544966a04d310f21571e1830f8 |
| SHA256 | 67a0c44adce6def26e98e04f623c3fef66e2c7478fb55808abf6e1da399ee8ac |
| SHA512 | 50dfa06c5c26cf26ec3519c95c18bf2a5f45301ba53968737d2c758522ef5cc4c452910d5fb590263493a734c1ceddeac3e1e5ea8925571ccaf210da80809707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | 612109e2b2700655a0020847697261fe |
| SHA1 | 0328b9c72982b69ea9f1c5aeb79220aeb6bf3142 |
| SHA256 | 6d3f599fee7c90b78295c1d632f36983034a77620d46a42f58d6a79eeae61f2a |
| SHA512 | a1768e796041db155c5b54eaf48609097f36ec579fe8c4ff740f0ca5a6448d6dba7f563d2fe7d00fb1f1a25bed3ad337148a377332f7ff9ba32fb6959948f1d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | 46aa4fdac0647c2d920b12a57d5c756d |
| SHA1 | 72956528a2845e98f575de023424fb79f4bafb70 |
| SHA256 | ed40dcedc756e6ee4322622426671babc3801bd7bf88f28262c30cfd2a974d2f |
| SHA512 | 47aa9f28a11ec2cbf9309056843e0cac42491233c6c711f95c34f84152a93740b82076de1dd3ffc79c32bf5fcfe32b84fe6f79ab1506f5109279db7b89646c3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 137a8e0928f29aec501f7e527b6d6bae |
| SHA1 | cc3bd9805e9eff867b6e3e2a08a7ac5f96b8d3cf |
| SHA256 | c1e57b0593ac013214d421728a784cc2fa8fc44a031170a477bc9b646792b668 |
| SHA512 | 774ddddd618e403f0bf65fac8a37a9f9ddde17a5fa83f99296af4a9a1d07e1c4421d209daf86c0a372fe424664715ad4d641212d727b4631533c8d85deb44ff1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 42562f05ddde9dd7bf8b7a913bd187c0 |
| SHA1 | e0a31d1c11766c2beceff153e32b1e6618c7e1fa |
| SHA256 | 7b2323aa75907436c28433c2d01faca2d75f6c2c089606d1cd13e76f5e6b128c |
| SHA512 | 8febd1daa6a10df26ec4997f34f1756c3508189758774d29805414eebc99bc823619af2b5a6fcea429559d0777d0867c16ec3323bc7bd5d7af6b692fabebe358 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | 7d438eba3ba6139697a41f86ae035edb |
| SHA1 | a22bb7db3151bb544de8dc7fe9f655dc07e9bb25 |
| SHA256 | 1c3c81ba14edc3488cb57570b93e290a501dea1b07e126dfcf40b56b3ed1c4cf |
| SHA512 | 2ebd941be16fd273494611fbbb642a01b32bfe288ff928c7863318926121b93d47a498ca085b33d9848ab4a1d379783e18ae6aa7abec49148c5236fce9fc5210 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eab8d556617aebd038162d06639b4e2e |
| SHA1 | f9c9b738cbd990bc18e8b2f9f29f75841231f821 |
| SHA256 | 48e77ace30c6aa1b453e4827a93c5a01fe48f5db979752099841c14e1edafc49 |
| SHA512 | ff5af1c593a3b7ee1106844c57457e4ca1d82fa4574a2361c731d5e18174931f250c95e8a060ff9f9c38cb74c9b9f8c38e45cb3c8a3b97072d11bdbb542ba6d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d8f71.TMP
| MD5 | 9c3879cdd605c74376fcdfaf86239b62 |
| SHA1 | c0f979f3fba8bc0ffd1f52fb2fa7b4e9b22903b7 |
| SHA256 | 99bbbc596ae8ce1671d57e2ec47543af12101607068f14d77816ef675cee375a |
| SHA512 | b153dea90d2a80e5e843beed8d1134fce242c37dd94731626bd830dd65a5527c2aeba9ff2d1f97c932884038f1c0e6fe29c50c19626409a8c4693094612a8c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | a6203e76ce4f054d3a87adcb1e8dcf8b |
| SHA1 | 96f4dec43f0209c348123939b2da14b8a15a2380 |
| SHA256 | 16d90cd020dae1f07d2f40ebd328e1da721f6c4f58be474b6ff66170ed24690a |
| SHA512 | c5d06da9f1e5bbaaf13cea736cc57143ab0319921e0dd8fd3e9235d97d77b8ba747efc70d925c730fb2f0b10ded3a117b11b350e4837b5ca8a9ed2b56dcd2899 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | 5009982b60a0f93eac4c1728e5ca17e2 |
| SHA1 | c0f932d333b91a4b971a52ce88bc96320745064f |
| SHA256 | 2ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8 |
| SHA512 | 401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | ddf0acac33a14546cc4dc758f1111ff9 |
| SHA1 | cb717151dccb10c18355932db3d7028d68d9b00d |
| SHA256 | 5e3291d40ec88fd6410e49d6669626450b1771d2775c577e5e1d001b901bdc4a |
| SHA512 | c320c05d67c5f74ff84c25c4c4910be1a60e7631a48c9698ab772d04712107bc48600ada3d2872d76ab75fe64f53554b06fc791d7ccbc8c56f9e582ae19c6dfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | c539a474c7ca126faeecb6d2885d0f06 |
| SHA1 | 36dbc2e9703396554f88cd0cb08e1a22950d82b6 |
| SHA256 | e45f23324861b541f896f87580137066a83df04c088444e270c1584e12c9e184 |
| SHA512 | 6d5e63fa71d871dcd04a5190e168453c68a067a9ebd4a50340dc4078afd90c4f5a66ab6f385e645dc332c3726df674d1bf11f1d01f9b7ff43ce177101ef83006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | 75cef597e154640e431615e6e98f8194 |
| SHA1 | e0a1fd20b91a149f4d911e483817eaf28ec2375a |
| SHA256 | 8ebdac87927bd057f4cb22cb44364eba9df15b4fa8e84f796f14b91a7e69910d |
| SHA512 | 10ab259b6c9ff2cfff399c8564fe80650711fd764c54eb75dbd2f39b36ab893bd3e28405dc998fd984c11ba0f322c55f910c4dba29c44a6943415e361bc59a70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | 70a5e71a6ebf76e5605760a6ea4e9b79 |
| SHA1 | 510573fd39a2634ec7c57797b519c0c108d149fe |
| SHA256 | 7e9eabaca86163106c934acd7c18ef4937b500caf0a6028e74f83842e48c024b |
| SHA512 | f816b059af47c5cc5b9c851e995d39a503332d0ca372e18161c4d9d24ac974d009f5e518007d7dabc86c7a5e73b67298fcf6d0832cfd6e1d8d77829fc2be3da6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
| MD5 | ced6cc12877acc33108bdbe8a4402a36 |
| SHA1 | ec42b6fcd6ba42d903c2d8d7d960ee75691ed3ec |
| SHA256 | 0864fea7892a4ecac001216305d74ed7fb5c388f817f07860687bce216373761 |
| SHA512 | abb7f2f909b32837f384e3bc855357c2c88e7ffccc9d1e074c5efe6532bfd9abecef5cb832e6a771c6591aad553651610e6108c4208f35bda94c9515adf2a551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
| MD5 | c79981988fa65c407abadf881141a0af |
| SHA1 | e92f70ed8fa5e77a0d86b5c3cbc6bd06506f1ac1 |
| SHA256 | abade5566a56bdd4ed901b9f1eda09374555e94d440cd8c91ae11adae8e04231 |
| SHA512 | fabd8204773a30cb8b40fef13509f5e4dbd62477c68022b22f986c0cd3fc699a308500c18d03a9c6e66b5d79fa06486dbbcb62af6f19cd7b7cdd2acde797605b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
| MD5 | 4ecf40a7cf6c240e22c4b7bbb37a8e3f |
| SHA1 | 86414b546cd233295d016d75b9450d5ed41c7f45 |
| SHA256 | f1f865b9a807d96f6487a6f689b76d9343afd47e61c9e4b3dba75814a9a56fa3 |
| SHA512 | cb5ae6157333113f8dcce7ea96c9c46d97b39bfd9827ac384abca9e70dcac7e8372d4af0122a674ddc0697ae9473644d2b9af3b1b98e795183af386eb6bc4231 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
| MD5 | ecabbf1d194973e41a54f292c360bf9c |
| SHA1 | 74855b2633746809c89d0c4019b2438786d5e483 |
| SHA256 | eaefdeff05a1472df3f0dc4f4dd6a104745534a381301fbfb5355d556c5d2dcf |
| SHA512 | 0d47b71593db10da6268c11350a03f310b35d379942951c8b419e9456bcf812e89033478f5bddf9a63b073949101efc802bca9788a8a42b3f7484c5be00c786e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
| MD5 | f98cbad29e0f6004d292138fe0740700 |
| SHA1 | 862c514d05ee8c4cf72212fe88a926a2d7a7b848 |
| SHA256 | 3a890d41b7f37d1cc792e2cc99079023663c49f856d478d3108e9639e0b0d883 |
| SHA512 | e00f4099e3126533a862cecfd03c995e623cc2564357f3882babe803aad5f12c00c5b92a7f01ce7ec771549a697aa4814051b25f802a368656a030ab96ea7c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
| MD5 | ba441de02deaff1c0fae5fccf05aedd8 |
| SHA1 | b5d3c90a7f4b3e154a76d979212e4ffa6054333d |
| SHA256 | d2e948bbf6b718e09c91c78dad1e98edc156cc227e6d2fa03400e9e9332112df |
| SHA512 | 209c1079d1075e6a93f1b4cd9cd9aa4ce745c3bd658bc5cb927b7902c3c87e23d9bad352e6bb0f75c2bf81f5341caf580ef22cdf5baf78c505babc1bfd48b593 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 808fbf34a5d219a5f013299137a5767f |
| SHA1 | e1a015de1a82ea9678e2cce536fee37fafe1c672 |
| SHA256 | c6d0f89ed569bc22c288b2c7aae6fb7a5f4bed62a9abfffc185eb14698812b5a |
| SHA512 | b963ddf9fff1cf3f081bff5137f3fd110d770cef07c0c0e1a4fe5aa71ddd9ba808024610c9fbf851732e85aee817f14b4109ad26895af92a3ab834599ec5deb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | 41caba792bd0815c50d2586663a2f6e9 |
| SHA1 | 8ba297073f4502b840d2c5f0a24ba9d515e2dd84 |
| SHA256 | 8dcaaaa16bd33e6cfe7af170332ce93febfc6e8e7d1600d1465732e4405e08a3 |
| SHA512 | 0a8753df627984de1cbde85ab8b8fbaf49f9b76a5728675eb7973a0f072d31f00a4b6df1b9a459d3bc6405ff92a70acf9d1b5393daa0c1a0d34742800cc9c9af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | 260dc23920e822f72ed34da20935b088 |
| SHA1 | 60ce8af3b4c4750e544ce7545851135d2e77df8f |
| SHA256 | 0befbe8bfe9d3213fe8f4e9fd12b9c4074becc066705b07c9dbb92a254c70be0 |
| SHA512 | ba8871ede42020aa68b3c724e741e1c0ea07e4114cd2d41a0dd732798cfb782fee0e6bee3459b06bf50e5056fdcf97d6eb916d06672b2a337e89968e436d4c56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
| MD5 | a37c758618d1d80c574b579aecb2285f |
| SHA1 | 5a462b9a7f9d3793df0b5f58d24859d2ae8faa4f |
| SHA256 | 262381fe74ae374d5baf710b4e459f1c3cef206f63d87e088b75a1e2b883da47 |
| SHA512 | c92146eb0fac396c685d9fa53960443a25e756988eeba7fb9101ebd394526bff72e1dcb9e3532880045ecca50b7812cc359dd5eeb4ab00f4af60f863bcba46ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051
| MD5 | a6eab7c10d647084e916d3a101b3674d |
| SHA1 | b62ccdaec35a2af87a41e18dc05c0e7549b2fd11 |
| SHA256 | 309d7fcff266b2f83b4bdf3b6d34898d1b4562d0babba5a62b4726dd9d3675cc |
| SHA512 | f4642392ff36bcc0ddd36d2a3738162cdcee69f8d6a915d463bc6a13ffefa1cf74cbd6e380e22e6105ec0536eb2561502861838bcd7cb3bd3df0e2c29f31a9d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052
| MD5 | b9cf5f15dd303e54285b51efbe26d8b4 |
| SHA1 | 2c5eface553f11dc67d0f2f46833f4e4f24f3461 |
| SHA256 | 6ebb4bd416219a0ee16c47bd8c08b43529bb1eeec4160bff34b03c18753d55cd |
| SHA512 | 08aaa778042bc5a5c62b0d5f5e6432773c5ea3818ea75ee45154f63b0c8b0fbeedc40a08d547cc7108dd5f3bf292778495f451c214637a396e2cf0cc0052ee72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | ae451a4d68560ed4fafe22db101c5bf3 |
| SHA1 | e853eadcb427c6bfcbf686f3aa443241cf6875ea |
| SHA256 | 196d0b4ac422c02560d155d1c477441eb65539f83acb974edf0706f6d7f57719 |
| SHA512 | 8c87ddc5bc6300b0297d7b2cc5b36cca3b50630cd9302d53c2cdff4ab50d738d8d8acb7c3c8e5bc4c76e7fc7af45de5b037ed7ae9c4f8ebe5c04d5fc5ea93fd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 9b4cec7441b4a3b88b8e250765954685 |
| SHA1 | 10b8e8154dcd995de74abb9babd70d3b3540e908 |
| SHA256 | b46f8c8c255e2a064a58c7da417c4e57a91699aa74394f423ed7ed468cb7d62a |
| SHA512 | 2f38277f2ec48acc51454ec5f058588cd774299064129b790bf5a1eaeabd7150764ee48bf145aeed4c258757dc1ff9544368bf09d03cb0d2cc6979f270fa044a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
| MD5 | 26a94eb681491ff7f45483042bef31bc |
| SHA1 | c1c8057c25189ad1f0cbc9a175fc3e9c229f05b5 |
| SHA256 | 47fa8693a300e3ac12bb91caf8046b966dad8778250f98a560274e0df2905da0 |
| SHA512 | a44df4a8e5656b0e7d5e38e8f63b82a4e347f9daa2eb3b09c878392942fd8ece51cb0ba08edde1435904220a2a9d8c7c3abb7133cf019281301a687947b72aa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 656211d9a76bac600919c90942420204 |
| SHA1 | b8f12a890f1f0fdcc58b008b2ff35f95e92a4fef |
| SHA256 | 603f4ba8054778824e353f0ecdd302f07d7b4311dd8df133da0b4cec27f6aa0d |
| SHA512 | 4c73af8ae1f3f27af2bb41e279f67448ecf7f168657ebe3824fcbf182e32a02dad37006b6a5cb9a1a6319307dee04a09df6761e3acfb24b2f4652745df27f438 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | 8d79e1903f8b246f136690165725dad7 |
| SHA1 | bd4b47248af24855f04ce40fa8f87cd2d4ddffb3 |
| SHA256 | 0a84329b6d3d564e9ecf4b0399523316c8a777bb35d2a75fab1bfd1811487176 |
| SHA512 | 7419416d6e1e688d61188b2da713e810c29cb4a7e7b60d5d8df736adfe6a3e253a5483c094500e383aa11d6f60ec3f851efccd17574bcd9a253437571de4147f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a
| MD5 | 942e2ba31d132bbe2486ff1e36883a86 |
| SHA1 | bcf42c590a69f66c3a2dfad64842e44913b69778 |
| SHA256 | c592232c7a1dc346f52af20881107d4f337fc6ebb50cf671c03a3fd01f64da83 |
| SHA512 | 5f52f31e1882e074500897243b4ba1413758fdcf535f47fe9ecafa15436c68195477f51cd3469dad4d8ffc391c30e6e966280c088d4b7a5c50736ce85b157caf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ac090fcbb461a3faed2d1ac8496f0f3 |
| SHA1 | 2d7605439e3d24eef69dacee818e22391fb79f2a |
| SHA256 | 229e38eed8f8857627873c4731464dfa452b93e0534bdceb3d0a15eef2d8b68d |
| SHA512 | c3fb075e7bad49f29a601565905d29891f0c21a4f58c8b1457f0edda0d1ef6d3c8c610836d1e2ecafb2f40116d85a8ea54fc509944d2a44d543b7550538e04fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8cf732e2fbcfb603abbffe3d32e31ed |
| SHA1 | e91c787f301729a87c622a097ad3a26d0b6b967c |
| SHA256 | 5e9746ace4f76619c916e60260bfe7bcc06013e0db3672874e27c42fd3d53302 |
| SHA512 | bde58414892b72d219ea55b028231712f92823f4fe194b300ebf97c0ebb36c4704518d3350428087c309deb93be5f92af15af7a0f616057889116a4435c3038f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ee3b6b75018fbc15f5cd5243e4bcace6 |
| SHA1 | 476317115393c3823349a3ef67a41cd655bc7b7e |
| SHA256 | b0a91f713b2ec156c7a448f4f32c64bfda5ddc5536f85b2617d083d455d4b5c5 |
| SHA512 | c20c219257cc6bc4937637505f9c8653094f40bd24db485d0a2f8df9a128e80c1220d8804e09874ab637497353182d5f1894b1b2f2d44a8156d45e05a2606b65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d2153883b738d55149bdf6798440982b |
| SHA1 | 5b2490667a584cbc336b163a494dc7913900fd12 |
| SHA256 | ea7006ed06e3385d5ae7b03d9f74fafb0c9c687b2c00b355d8a8bbad0e5eb600 |
| SHA512 | 3f13a8eac6f2e36a4f8b9207bdf4324016292d0dd9cb862de56b7f54fca249e114d61d339467ec8108590b3c5c2a6aa6ec43fddd85921052a7214402b13c8a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 501e8c576c3a85627c60face1b2d9f6f |
| SHA1 | b28fbc87564e35782d6026831700734246fb708f |
| SHA256 | 5b6ea68640b475fc611bd1d80aced80d12a85a9275bb4401edb5feb6304a6840 |
| SHA512 | da0ba80b690c0550b5e2277c2450c18205a4a6a6eee91eb0d281d3698080a9d27a3600abcc1e0e28ddde4c410ca7ca083ea3e5757258fde179623ef6fd06e9d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff269aaf5218cf890d883d37c022a46e |
| SHA1 | df9d28dc51a2cc680b9586ccfd6220e70e97c286 |
| SHA256 | 9279e4d7e4b07070be2a2859cfa46e810d02ea4873ee0d7785462a334e40f6b1 |
| SHA512 | da1728a3ca547d1cf759edd031aad4a65de45ae17a3199d19542ddaaa24c40a27fc0dbbf5d7460f745d571d2cc4a2d4df8ffdf607dcef788ad9d69467cf36e17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e371417b78bc2e78cf9ce6e6fbd051d1 |
| SHA1 | 0e4ef4ca3a8f021423ccc891914171365420d013 |
| SHA256 | 8d698860d27321e5d8aa4ec7af0fcdaac397136547ceaa01a58a01eb4fe24286 |
| SHA512 | f8384baf4c562e7569c36ad73abbf1fb61c0f8966d203b7aaaa7af32e85239c132c0b3dfeb27a6bb6689b09699d5c70accaeee6f0985941c9c74bcb5e1d21fc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 427a77b1ffbe280ff99b505309932621 |
| SHA1 | 4e52f3dc65354e38727723d868eff81ad98ef148 |
| SHA256 | 3fd83a92fcfdc09825eb907f914bfc7b9f1fe44043744eb8c2cf6734655fa85f |
| SHA512 | 9d94d549089aeb549a7cd2bb7c956947adbc1f583ac03afa01d4890ba4ae237d64d2927b69058fafe65c1f63cac2f620d344898da2c5d6480884aa5634efa5a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0733e72b915860a41977b7520e79cee |
| SHA1 | 0ba482b81c8b1a84917393c61c88a449c567e31c |
| SHA256 | fa67e5c2a8011039792bbfda1c3fa5bd43b72c6d900c05274f0925d3a59a9aa8 |
| SHA512 | 6ca3d329f045c239c559127b88905eeabe2f03dfebdacf09dd20d542f706ced6229cccae861046f058777136f22fc381072a590d522e6b2f20f7304644058b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c85b285cfc2482546d4d8a3f47e8fa8f |
| SHA1 | 68158e7d681da603c6287c6a3d8e26156b1dbe77 |
| SHA256 | 54d12cb22278b3a69716120d4589b2bcc6dff96fc9656786eb8218f856392449 |
| SHA512 | 8e47b56ec9ec02a9f673cd261bad8567fafa6861a017e0f73183858ad3826c419991893d2aab4d900e24a886f37f1ad5cc3ddd444e458f9248fddcbc54b01ac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b5b2b429498f83b1d7e0a2c1a1dddda |
| SHA1 | 787d1c97436b995068cb4064a965524da0b5a529 |
| SHA256 | 067197ae1a5d87e46866c24ad892bfdbfea43c4dae3c886a74e69cb008fdea5a |
| SHA512 | 0dad362aadaf88b75ea00fe101ce949bde599a39d5bcc8a98d2b27e43011207dd7f75492a6b0a0fbefae251021cec22f2208b521737083af503381f1c009c126 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6db6bb6c23b3e6d052aaf305afa8e940 |
| SHA1 | ce35adeb317ee50797f64660ab8dcc45cfc4327f |
| SHA256 | 2c4cf792bd2a2343e0632b513d87bf3eaa8a4b844e2d112f21c5f8597535db74 |
| SHA512 | 11e1c40eb3abc5a7cdbb3fd77a0e3603cdcdab7119cfd373a248d77cf2b7c00438c2565f302e0bcceb6a4de4b6518bc89958b30698a81aaa8f1a1715554579e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences
| MD5 | c29beb4e4ae0ed8a324f7837fcdac765 |
| SHA1 | 7ea86e6aa5bd98712d992ec123b99e53af5c8dde |
| SHA256 | f80914dbf6d242c9c5a08e69be0a3a5097ae3b551a1a786aa4884bff18943d3f |
| SHA512 | 068a09c66114a86d548ee91c47ccf430724552d84b56deb499ca14c6b6f3124f3f333e4c9b69da6f47510943f4ab90c5b29b9d722317eef35e79c2b1224d3a98 |
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
233s
Max time network
246s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\region\r.-1.0.mca"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
242s
Max time network
255s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\data\Village.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
146s
Max time network
275s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\level.gz"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240508-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\region\r.0.-1.mca"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.11:443 | tcp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-11 08:32
Reported
2024-06-11 08:37
Platform
win11-20240426-en
Max time kernel
92s
Max time network
203s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\§1§lMinecraft 1.9 Survival Let's Play S01\region\r.0.0.mca"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |