Malware Analysis Report

2024-07-28 07:57

Sample ID 240611-t11dyateml
Target Submit _ Triage.mhtml
SHA256 d69183ae39081db93073ff53aef20893330e3c93f4423fd58f4c900fa63abe15
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

d69183ae39081db93073ff53aef20893330e3c93f4423fd58f4c900fa63abe15

Threat Level: Likely benign

The file Submit _ Triage.mhtml was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Drops file in System32 directory

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-11 16:32

Signatures

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:39

Platform

win10-20240404-en

Max time kernel

314s

Max time network

401s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 217.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:52

Platform

win10v2004-20240426-en

Max time kernel

1165s

Max time network

1168s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{C73D13A5-686C-4E9F-9D75-666678C7F23C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{E1F0A0B0-5CE7-4E4B-92A9-1F7FE4AC3928} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1332 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 5088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 5088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae98646f8,0x7ffae9864708,0x7ffae9864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x498 0x404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18446720165016292481,10119127130404133405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffae98646f8,0x7ffae9864708,0x7ffae9864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17867134416023110910,10824101327131103247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 windows.microsoft.com udp
DE 23.212.210.236:80 windows.microsoft.com tcp
DE 23.212.210.236:80 windows.microsoft.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
CZ 2.19.217.218:443 www.microsoft.com tcp
US 8.8.8.8:53 236.210.212.23.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 outlook.com udp
US 52.96.172.98:443 outlook.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 www.outlook.com udp
GB 52.97.219.194:443 www.outlook.com tcp
US 8.8.8.8:53 218.217.19.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 98.172.96.52.in-addr.arpa udp
US 8.8.8.8:53 outlook.live.com udp
GB 40.99.201.130:443 outlook.live.com tcp
US 8.8.8.8:53 194.219.97.52.in-addr.arpa udp
US 8.8.8.8:53 play.vidyard.com udp
US 151.101.1.181:443 play.vidyard.com tcp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
NL 23.62.61.56:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.56:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.56:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.56:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.56:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 130.201.99.40.in-addr.arpa udp
US 8.8.8.8:53 181.1.101.151.in-addr.arpa udp
NL 23.62.61.56:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 200.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
US 23.53.113.19:443 assets.adobedtm.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 13.89.179.10:443 browser.events.data.microsoft.com tcp
US 13.89.179.10:443 browser.events.data.microsoft.com tcp
US 13.89.179.10:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 19.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
GB 40.99.201.130:443 outlook.live.com udp
US 13.89.179.10:443 browser.events.data.microsoft.com tcp
US 13.89.179.10:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 westus2-2.in.applicationinsights.azure.com udp
US 20.9.155.148:443 westus2-2.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 13.107.246.64:443 acctcdn.msauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 148.155.9.20.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
NL 23.62.61.194:443 th.bing.com tcp
US 8.8.8.8:53 res.public.onecdn.static.microsoft udp
DE 184.25.218.240:443 res.public.onecdn.static.microsoft tcp
DE 184.25.218.240:443 res.public.onecdn.static.microsoft tcp
DE 184.25.218.240:443 res.public.onecdn.static.microsoft tcp
DE 184.25.218.240:443 res.public.onecdn.static.microsoft tcp
DE 184.25.218.240:443 res.public.onecdn.static.microsoft tcp
DE 184.25.218.240:443 res.public.onecdn.static.microsoft tcp
DE 184.25.218.240:443 res.public.onecdn.static.microsoft tcp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.253.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 240.218.25.184.in-addr.arpa udp
GB 40.99.201.130:443 outlook.live.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 ecs.office.com udp
US 52.113.194.132:443 ecs.office.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 132.194.113.52.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 storage.live.com udp
NL 40.90.142.226:443 storage.live.com tcp
US 8.8.8.8:53 amcdn.msftauth.net udp
US 8.8.8.8:53 eu-office.events.data.microsoft.com udp
IE 13.69.239.73:443 eu-office.events.data.microsoft.com tcp
US 8.8.8.8:53 m.adnxs.com udp
NL 185.89.210.244:443 m.adnxs.com tcp
IE 13.69.239.73:443 eu-office.events.data.microsoft.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 m365cdn.nel.measure.office.net udp
US 8.8.8.8:53 exo.nel.measure.office.net udp
NL 2.18.121.196:443 aefd.nelreports.net tcp
BE 2.17.107.219:443 exo.nel.measure.office.net tcp
BE 2.17.107.155:443 exo.nel.measure.office.net tcp
US 8.8.8.8:53 226.142.90.40.in-addr.arpa udp
US 8.8.8.8:53 73.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
NL 2.18.121.196:443 aefd.nelreports.net udp
US 8.8.8.8:53 accounts.nvgs.nvidia.com udp
IE 52.49.228.255:443 accounts.nvgs.nvidia.com tcp
US 8.8.8.8:53 219.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 155.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 196.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 outlook.office365.com udp
US 8.8.8.8:53 consent.config.office.com udp
GB 40.99.201.130:443 outlook.office365.com udp
IE 20.67.205.101:443 consent.config.office.com tcp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 8.8.8.8:53 cosmicpimg-prod.services.web.outlook.com udp
US 8.8.8.8:53 outlook.live.com udp
GB 20.49.133.244:443 cosmicpimg-prod.services.web.outlook.com tcp
US 8.8.8.8:53 255.228.49.52.in-addr.arpa udp
US 8.8.8.8:53 64.92.85.52.in-addr.arpa udp
US 2.16.106.159:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 login.nvgs.nvidia.com udp
DE 18.155.145.93:443 login.nvgs.nvidia.com tcp
US 8.8.8.8:53 loki.delve.office.com udp
GB 52.111.242.2:443 loki.delve.office.com tcp
US 8.8.8.8:53 101.205.67.20.in-addr.arpa udp
US 8.8.8.8:53 244.133.49.20.in-addr.arpa udp
US 8.8.8.8:53 159.106.16.2.in-addr.arpa udp
US 8.8.8.8:53 2.242.111.52.in-addr.arpa udp
US 8.8.8.8:53 93.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 images.nvidia.com udp
US 192.229.220.191:443 images.nvidia.com tcp
IE 52.49.228.255:443 accounts.nvgs.nvidia.com tcp
US 2.16.106.159:443 res-1.cdn.office.net tcp
US 192.229.220.191:443 images.nvidia.com tcp
US 8.8.8.8:53 eu-mobile.events.data.microsoft.com udp
FR 40.79.150.120:443 eu-mobile.events.data.microsoft.com tcp
FR 40.79.150.120:443 eu-mobile.events.data.microsoft.com tcp
US 8.8.8.8:53 191.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 120.150.79.40.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 eur.loki.delve.office.com udp
FR 52.111.231.0:443 eur.loki.delve.office.com tcp
US 8.8.8.8:53 0.231.111.52.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 dc.ads.linkedin.com udp
US 204.79.197.237:443 bat.bing.com tcp
BE 104.68.89.134:443 munchkin.marketo.net tcp
US 13.107.42.14:443 dc.ads.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 134.89.68.104.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 res.cdn.office.net udp
DE 2.16.6.15:443 res.cdn.office.net tcp
US 8.8.8.8:53 15.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.246.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 bat.bing.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 204.79.197.237:443 bat.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 play.geforcenow.com udp
DE 18.155.153.70:443 play.geforcenow.com tcp
DE 18.155.153.70:443 play.geforcenow.com tcp
US 8.8.8.8:53 pcs.geforcenow.com udp
US 8.8.8.8:53 gx-target-experiments-frontend-api.gx.nvidia.com udp
US 8.8.8.8:53 public.games.geforce.com udp
IE 52.19.220.18:443 pcs.geforcenow.com tcp
US 72.25.64.41:443 gx-target-experiments-frontend-api.gx.nvidia.com tcp
DE 18.155.153.104:443 public.games.geforce.com tcp
US 8.8.8.8:53 70.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 18.220.19.52.in-addr.arpa udp
US 8.8.8.8:53 104.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 41.64.25.72.in-addr.arpa udp
US 8.8.8.8:53 www.nvidia.com udp
NL 23.62.61.96:443 www.nvidia.com tcp
US 8.8.8.8:53 96.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 prod.otel.kaizen.nvidia.com udp
DE 54.93.61.66:443 prod.otel.kaizen.nvidia.com tcp
US 8.8.8.8:53 66.61.93.54.in-addr.arpa udp
US 8.8.8.8:53 prod.cloudmatchbeta.nvidiagrid.net udp
US 8.8.8.8:53 events.gfe.nvidia.com udp
GB 77.111.248.40:443 prod.cloudmatchbeta.nvidiagrid.net tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
US 8.8.8.8:53 mes.geforcenow.com udp
US 8.8.8.8:53 gx-target-rconfig-frontend-api.gx.nvidia.com udp
IE 52.211.208.99:443 mes.geforcenow.com tcp
US 72.25.64.11:443 gx-target-rconfig-frontend-api.gx.nvidia.com tcp
US 8.8.8.8:53 40.248.111.77.in-addr.arpa udp
US 8.8.8.8:53 153.68.136.185.in-addr.arpa udp
US 8.8.8.8:53 99.208.211.52.in-addr.arpa udp
US 8.8.8.8:53 11.64.25.72.in-addr.arpa udp
US 8.8.8.8:53 img.nvidiagrid.net udp
DE 2.16.6.25:443 img.nvidiagrid.net tcp
DE 2.16.6.25:443 img.nvidiagrid.net tcp
DE 2.16.6.25:443 img.nvidiagrid.net tcp
DE 2.16.6.25:443 img.nvidiagrid.net tcp
DE 2.16.6.25:443 img.nvidiagrid.net tcp
DE 2.16.6.25:443 img.nvidiagrid.net tcp
US 8.8.8.8:53 25.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 lightstep.kaizen.nvidia.com udp
DE 52.57.181.52:443 lightstep.kaizen.nvidia.com tcp
US 8.8.8.8:53 login.nvidia.com udp
IE 63.34.50.234:443 login.nvidia.com tcp
IE 63.34.50.234:443 login.nvidia.com tcp
US 8.8.8.8:53 52.181.57.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.nvgs.nvidia.com udp
IE 52.48.226.150:443 accounts.nvgs.nvidia.com tcp
US 8.8.8.8:53 login.nvgs.nvidia.com udp
US 8.8.8.8:53 234.50.34.63.in-addr.arpa udp
US 8.8.8.8:53 150.226.48.52.in-addr.arpa udp
IE 52.48.226.150:443 accounts.nvgs.nvidia.com tcp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp
US 8.8.8.8:53 exo.nel.measure.office.net udp
IE 63.34.50.234:443 login.nvidia.com tcp
US 8.8.8.8:53 uas.geforcenow.com udp
IE 34.252.178.107:443 uas.geforcenow.com tcp
US 8.8.8.8:53 userstore.nvidia.com udp
US 8.8.8.8:53 telemetry.gfe.nvidia.com udp
GB 77.111.248.40:443 prod.cloudmatchbeta.nvidiagrid.net tcp
US 8.8.8.8:53 games.geforce.com udp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
IE 34.252.140.218:443 userstore.nvidia.com tcp
US 72.25.64.16:443 telemetry.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
NL 23.62.61.96:443 www.nvidia.com tcp
US 72.25.64.16:443 telemetry.gfe.nvidia.com tcp
US 8.8.8.8:53 107.178.252.34.in-addr.arpa udp
US 8.8.8.8:53 218.140.252.34.in-addr.arpa udp
US 8.8.8.8:53 16.64.25.72.in-addr.arpa udp
US 8.8.8.8:53 gx-target-survey-frontend-api.gx.nvidia.com udp
US 72.25.64.41:443 gx-target-survey-frontend-api.gx.nvidia.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 104.18.20.94:443 www.epicgames.com tcp
US 104.18.20.94:443 www.epicgames.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 static-assets-prod.epicgames.com udp
US 8.8.8.8:53 components.unrealengine.com udp
US 8.8.8.8:53 cdn2.unrealengine.com udp
US 8.8.8.8:53 cdn1.unrealengine.com udp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
DE 52.222.191.15:443 components.unrealengine.com tcp
DE 52.222.191.15:443 components.unrealengine.com tcp
DE 52.222.191.15:443 components.unrealengine.com tcp
DE 52.222.191.15:443 components.unrealengine.com tcp
DE 52.222.191.15:443 components.unrealengine.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
US 8.8.8.8:53 cdn3.unrealengine.com udp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
DE 18.155.145.83:443 cdn3.unrealengine.com tcp
DE 52.85.92.47:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 94.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 4c596c9ec80a.us-east-1.sdk.awswaf.com udp
US 54.235.201.208:443 tracking.epicgames.com tcp
DE 52.85.92.107:443 4c596c9ec80a.us-east-1.sdk.awswaf.com tcp
US 8.8.8.8:53 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com udp
DE 18.155.145.32:443 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com tcp
US 8.8.8.8:53 graphql.epicgames.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 3.225.63.49:443 graphql.epicgames.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 86.113.220.23.in-addr.arpa udp
US 8.8.8.8:53 15.191.222.52.in-addr.arpa udp
US 8.8.8.8:53 47.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 83.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 107.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 32.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 208.201.235.54.in-addr.arpa udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 3.225.63.49:443 graphql.epicgames.com tcp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 49.63.225.3.in-addr.arpa udp
DE 18.155.145.32:443 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com tcp
US 104.18.20.94:443 www.epicgames.com tcp
US 8.8.8.8:53 epicgames-privacy.my.onetrust.com udp
US 172.64.155.119:443 epicgames-privacy.my.onetrust.com tcp
US 8.8.8.8:53 store.epicgames.com udp
US 104.18.2.64:443 store.epicgames.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 64.2.18.104.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
DE 52.85.92.47:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.22.33:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 33.22.18.104.in-addr.arpa udp
US 104.18.23.33:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.23.33:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.229.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 33.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 21.229.19.104.in-addr.arpa udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 2.18.121.196:443 aefd.nelreports.net udp
US 8.8.8.8:53 outlook.live.com udp
GB 52.98.227.98:443 outlook.live.com udp
US 8.8.8.8:53 98.227.98.52.in-addr.arpa udp
US 8.8.8.8:53 components.unrealengine.com udp
US 8.8.8.8:53 store.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 cdn3.unrealengine.com udp
US 8.8.8.8:53 cdn2.unrealengine.com udp
US 8.8.8.8:53 cdn1.unrealengine.com udp
DE 18.155.145.83:443 cdn3.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 23.220.113.86:443 cdn1.unrealengine.com tcp
US 54.235.201.208:443 tracking.epicgames.com tcp
US 8.8.8.8:53 graphql.epicgames.com udp
US 44.217.191.143:443 graphql.epicgames.com tcp
US 8.8.8.8:53 143.191.217.44.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 img.nvidiagrid.net udp
DE 2.16.6.27:443 img.nvidiagrid.net tcp
US 8.8.8.8:53 27.6.16.2.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com udp
US 8.8.8.8:53 play.geforcenow.com udp
DE 18.155.153.99:443 play.geforcenow.com tcp
US 8.8.8.8:53 gx-target-experiments-frontend-api.gx.nvidia.com udp
US 8.8.8.8:53 public.games.geforce.com udp
US 8.8.8.8:53 pcs.geforcenow.com udp
DE 18.155.153.99:443 play.geforcenow.com udp
US 72.25.64.11:443 gx-target-experiments-frontend-api.gx.nvidia.com tcp
DE 18.155.153.35:443 public.games.geforce.com tcp
IE 52.19.220.18:443 pcs.geforcenow.com tcp
US 8.8.8.8:53 99.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 35.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 www.nvidia.com udp
NL 23.62.61.56:443 www.nvidia.com tcp
US 8.8.8.8:53 login.nvidia.com udp
US 8.8.8.8:53 prod.cloudmatchbeta.nvidiagrid.net udp
IE 54.78.209.59:443 login.nvidia.com tcp
GB 80.84.161.232:443 prod.cloudmatchbeta.nvidiagrid.net tcp
IE 34.252.140.218:443 userstore.nvidia.com tcp
US 8.8.8.8:53 games.geforce.com udp
IE 99.81.100.145:443 mes.geforcenow.com tcp
US 8.8.8.8:53 59.209.78.54.in-addr.arpa udp
US 8.8.8.8:53 232.161.84.80.in-addr.arpa udp
US 8.8.8.8:53 145.100.81.99.in-addr.arpa udp
US 72.25.64.11:443 gx-target-experiments-frontend-api.gx.nvidia.com tcp
US 72.25.64.11:443 gx-target-experiments-frontend-api.gx.nvidia.com tcp
US 72.25.64.11:443 gx-target-experiments-frontend-api.gx.nvidia.com tcp
US 72.25.64.16:443 telemetry.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
US 8.8.8.8:53 gx-target-rconfig-frontend-api.gx.nvidia.com udp
US 72.25.64.41:443 gx-target-rconfig-frontend-api.gx.nvidia.com tcp
US 72.25.64.41:443 gx-target-rconfig-frontend-api.gx.nvidia.com tcp
US 72.25.64.16:443 telemetry.gfe.nvidia.com tcp
US 8.8.8.8:53 lightstep.kaizen.nvidia.com udp
US 8.8.8.8:53 prod.otel.kaizen.nvidia.com udp
DE 3.121.250.221:443 lightstep.kaizen.nvidia.com tcp
DE 18.193.59.194:443 prod.otel.kaizen.nvidia.com tcp
US 8.8.8.8:53 194.59.193.18.in-addr.arpa udp
US 8.8.8.8:53 221.250.121.3.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.72:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.72:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 store.epicgames.com udp
US 104.18.20.94:443 www.epicgames.com tcp
US 8.8.8.8:53 components.unrealengine.com udp
US 8.8.8.8:53 static-assets-prod.epicgames.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 accounts.epicgames.com udp
US 44.196.8.242:443 accounts.epicgames.com tcp
US 8.8.8.8:53 epicgames.com udp
US 3.233.246.226:443 epicgames.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 242.8.196.44.in-addr.arpa udp
US 8.8.8.8:53 226.246.233.3.in-addr.arpa udp
US 104.18.20.94:443 www.epicgames.com udp
NG 108.157.78.70:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.58.236:443 tracking.epicgames.com tcp
US 8.8.8.8:53 70.78.157.108.in-addr.arpa udp
US 8.8.8.8:53 236.58.205.54.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
NG 108.157.78.70:443 static-assets-prod.unrealengine.com tcp
US 104.18.23.33:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.23.33:443 talon-service-prod.ecosec.on.epicgames.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 104.18.23.33:443 talon-service-prod.ecosec.on.epicgames.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 104.19.229.21:443 imgs3.hcaptcha.com udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 2.18.121.199:443 aefd.nelreports.net udp
NL 2.18.121.199:443 aefd.nelreports.net tcp
NL 2.18.121.199:443 aefd.nelreports.net tcp
US 8.8.8.8:53 199.121.18.2.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com udp
US 8.8.8.8:53 outlook.live.com udp
GB 40.99.201.130:443 outlook.live.com tcp
US 8.8.8.8:53 res.cdn.office.net udp
DE 2.16.6.6:443 res.cdn.office.net tcp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.246.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 6.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
NL 52.178.17.2:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 2.17.178.52.in-addr.arpa udp
DE 2.16.6.6:443 res.cdn.office.net udp
GB 40.99.201.130:443 outlook.live.com tcp
DE 2.16.6.6:443 res.cdn.office.net udp
US 8.8.8.8:53 ecs.office.com udp
US 52.113.194.132:443 ecs.office.com tcp
US 8.8.8.8:53 storage.live.com udp
NL 13.104.158.179:443 storage.live.com tcp
US 8.8.8.8:53 eu-office.events.data.microsoft.com udp
IE 13.69.239.77:443 eu-office.events.data.microsoft.com tcp
US 8.8.8.8:53 179.158.104.13.in-addr.arpa udp
IE 13.69.239.77:443 eu-office.events.data.microsoft.com tcp
US 8.8.8.8:53 accts.epicgames.com udp
US 159.127.198.158:443 accts.epicgames.com tcp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 8.8.8.8:53 cosmicpimg-prod.services.web.outlook.com udp
US 2.16.106.159:443 res-1.cdn.office.net tcp
GB 20.49.133.244:443 cosmicpimg-prod.services.web.outlook.com tcp
US 8.8.8.8:53 158.198.127.159.in-addr.arpa udp
US 8.8.8.8:53 loki.delve.office.com udp
GB 52.111.242.2:443 loki.delve.office.com tcp
NL 52.178.17.2:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 eu-mobile.events.data.microsoft.com udp
IE 52.138.229.66:443 eu-mobile.events.data.microsoft.com tcp
IE 52.138.229.66:443 eu-mobile.events.data.microsoft.com tcp
US 8.8.8.8:53 eur.loki.delve.office.com udp
FR 52.111.231.0:443 eur.loki.delve.office.com tcp
US 8.8.8.8:53 66.229.138.52.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 accounts.epicgames.com udp
US 8.8.8.8:53 store.epicgames.com udp
US 8.8.8.8:53 epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 3.233.106.70:443 accounts.epicgames.com tcp
US 8.8.8.8:53 components.unrealengine.com udp
US 44.208.186.63:443 epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.epicgames.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 www.unrealengine.com udp
US 104.18.20.177:443 www.unrealengine.com tcp
US 8.8.8.8:53 63.186.208.44.in-addr.arpa udp
US 8.8.8.8:53 70.106.233.3.in-addr.arpa udp
US 8.8.8.8:53 www.twinmotion.com udp
US 104.18.9.77:443 www.twinmotion.com tcp
US 8.8.8.8:53 www.fortnite.com udp
US 104.18.25.192:443 www.fortnite.com tcp
US 8.8.8.8:53 77.9.18.104.in-addr.arpa udp
US 8.8.8.8:53 177.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 cdn1.unrealengine.com udp
US 8.8.8.8:53 cdn2.unrealengine.com udp
DE 52.222.191.49:443 components.unrealengine.com tcp
DE 52.222.191.49:443 components.unrealengine.com tcp
US 8.8.8.8:53 cdn3.unrealengine.com udp
US 23.220.113.86:443 cdn2.unrealengine.com tcp
US 23.220.113.86:443 cdn2.unrealengine.com tcp
DE 18.155.145.82:443 cdn3.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.58.236:443 tracking.epicgames.com tcp
US 8.8.8.8:53 192.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 49.191.222.52.in-addr.arpa udp
US 8.8.8.8:53 82.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 graphql.epicgames.com udp
US 35.173.5.247:443 graphql.epicgames.com tcp
US 8.8.8.8:53 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com udp
DE 18.155.145.32:443 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com tcp
US 35.173.5.247:443 graphql.epicgames.com tcp
US 8.8.8.8:53 247.5.173.35.in-addr.arpa udp
DE 18.155.145.32:443 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com udp
US 8.8.8.8:53 img.nvidiagrid.net udp
NL 95.100.97.7:443 img.nvidiagrid.net tcp
US 8.8.8.8:53 7.97.100.95.in-addr.arpa udp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
GB 185.136.68.153:443 events.gfe.nvidia.com tcp
US 8.8.8.8:53 static.nvidiagrid.net udp
US 8.8.8.8:53 prod.otel.kaizen.nvidia.com udp
DE 52.28.140.179:443 prod.otel.kaizen.nvidia.com tcp
US 8.8.8.8:53 179.140.28.52.in-addr.arpa udp
US 8.8.8.8:53 developer.geforcenow.com udp
DE 52.85.92.94:443 developer.geforcenow.com tcp
DE 52.85.92.94:443 developer.geforcenow.com tcp
DE 52.85.92.94:443 developer.geforcenow.com tcp
DE 52.85.92.94:443 developer.geforcenow.com tcp
US 8.8.8.8:53 94.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 als.geforcenow.com udp
IE 52.208.218.92:443 als.geforcenow.com tcp
US 8.8.8.8:53 92.218.208.52.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 media-cdn.epicgames.com udp
DE 18.155.145.40:443 media-cdn.epicgames.com tcp
US 8.8.8.8:53 40.145.155.18.in-addr.arpa udp
IE 52.208.218.92:443 als.geforcenow.com tcp
US 8.8.8.8:53 play.geforcenow.com udp
DE 18.155.153.99:443 play.geforcenow.com udp
US 8.8.8.8:53 static-als.nvidia.com udp
NL 95.100.97.10:443 static-als.nvidia.com tcp
NL 95.100.97.10:443 static-als.nvidia.com tcp
US 8.8.8.8:53 10.97.100.95.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
NL 95.100.97.10:443 static-als.nvidia.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 collector.lightstep.com udp
US 34.30.133.12:443 collector.lightstep.com tcp
US 34.30.133.12:443 collector.lightstep.com tcp
US 8.8.8.8:53 12.133.30.34.in-addr.arpa udp
US 34.30.133.12:443 collector.lightstep.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_1332_PLMXMICDXTCMDRGP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 58a8f9ac5335a3c7afb50cc77b768293
SHA1 a3fd1718f1068d8bd2adbf612966433f85b25095
SHA256 d18aec3adb9e94cbe0a8d9d3fd681f097f7faac5d984a819fda3676d4ac2b72a
SHA512 b23d59c6f7685ad9bc380144330d9574d503ba33013fc45acbc0d3658ce9eae15f4ef1acf488e264cc2a1c37a90a8aba712d24b088dd5f0b801d74d0082374bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b81f81891aa29ee8c987a2da4c1b22a3
SHA1 d81fc12edf1315d6897ad706630a4c5350798d3f
SHA256 ec31cc21156e58e0a955c1d5a2f82ef9113292c3b5bd04f98c72d238a990297e
SHA512 7dad8a526bd8007ccc426d206df5694589367a1a709b1014debe6ee3c2291722eccb9ec3fd20a6e3a7db62ff0086bf5b08d9fedfbc8bc465ae92ce4b6c2b4aa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19e069094f523d2c5fc82995026b94fc
SHA1 f6ec40c89e6f0a6e8c28a7e57ce6ec09bea0ed47
SHA256 4e4b6357d2512d280b4fb477055aa4f11bbd4a84e1ff9334181fba9ff9457b7c
SHA512 8349d01129f9957259246c516f448e85392fde4903fcea8f3dd58b74c882b41bca1e9ec7e97ce74da7a9018841dbd2cde803c7e1ae51e8e3e14207bfc1aa0fce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0437f2d3292702a19edf0ecef5a03cd6
SHA1 00b10f88e664e438100b31c048892d360ba8a0ef
SHA256 c20c1411521c00db39cac03985effadc1c6dada47e751dcc0dd55aa68c098a3b
SHA512 85787ddb77963eec7eec49dd181585d205e38901e2c8794100be22c87e6ba70ad1e068ab448ba3986784b8c622408d751cedd2e61eeb63a48d37b1b4490ca4cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa445eb3344037ec58513686ced9fae6
SHA1 0a69c97e9824ff7b0697f28c363996036aa9147e
SHA256 3b93a9c4e1e45cd521893bc7824cb7743183fd175dc11eab24abc4b78726421f
SHA512 9836dd0c99c433bc92ef7628cc27473b56c9343eac19c38043e4c67edee8ffad437b00bb854e4837fd9343f4c7c8647039b3449021040fe114b4b4304dbfac04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582759.TMP

MD5 e34b73d1ab2d655a7f85f45f90ec9825
SHA1 ecbb02ef56080dcacbf7d309ba4dbafafa742969
SHA256 b01941f40c0fd34eca40039dbfc8294749d6dd9a42f115666b24a521d3077e19
SHA512 f1fbb04a1223c86a5d3b38adc679ceb1ed85762ee8a0e1ac217b7859be3bf4400685ac5a8b7eb0cf47f3fa6176546631d949b105447c0049e6b3853f2b1d1b96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 5d0e354e98734f75eee79829eb7b9039
SHA1 86ffc126d8b7473568a4bb04d49021959a892b3a
SHA256 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e
SHA512 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 c0b23ab60efb763d27f9f92b50b6728f
SHA1 259f669d1089469b1485ab4c07942c8f32431267
SHA256 c066161623da6821af1d38fb2fc8b5026e89caf02416be88d9543d1a0d337f1f
SHA512 0a43c9a501a2b462b19abca689815b4a8ddab19b1abef51072f86686fe6c20f555b9d4edc62cc41d3dff6f364269507a75da6d43ec11eec129d28a44857bb717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 635efe262aec3acfb8be08b7baf97a3d
SHA1 232b8fe0965aea5c65605b78c3ba286cefb2f43f
SHA256 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06
SHA512 d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2923c306256864061a11e426841fc44a
SHA1 d9bb657845d502acd69a15a66f9e667ce9b68351
SHA256 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa
SHA512 f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 00839cf9e884cb52278abd5006c08818
SHA1 9f9c9d52b49057063d53979b344ae0008fa11547
SHA256 e97b2a9df9be5c6c082c55dea39cd7280025f0640ae8ea15096fa2993e7336a4
SHA512 d5b7b1e3f230e26eb98bcd8c8b6e1defbea5d0c8236dea931291049d04efa49dab641f0888d30cb3c4e5b59f4da5ef8cf3074990e8a6f3c47b735a39f6c063f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 77e89b1c954303a8aa65ae10e18c1b51
SHA1 e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73
SHA256 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953
SHA512 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 ff03576f7fbe3355109104ff990fa986
SHA1 eee3f52a1a3d56daa4265220f810a7ea8b0efcbe
SHA256 c2d51a563604fcbf8a856c60d6375651c62705367586513d797fa0efd1fa6cd9
SHA512 a11325d0d5f5f6660036586b2705a6019796b14fa913b9efef158ff821006d123f88a7e38e638e0ff4eac70952fb6d2ebce05144aa3cb3d37a41e26fd9220df9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c97bfdde5f6f37a5b17e0a05456b2c7
SHA1 59a44c177e7e291f206d64c713cf7e75963b2bcb
SHA256 2741e6c86596b3043fcc817855ce395ebb8e4a44fa0befe4f8f0ad189be9a861
SHA512 fa5822e407cc320568cd43a98e0106ff534339700d12ebcb35d4204f0627050da940acc99f28f32477a71caf493a8ddd9b839c7332abec113a5499d75c98efa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0dc830abdb3d4e73db70c5e3cfc6ff51
SHA1 1875b82a76c255369f02e430444f84bc64a934df
SHA256 a54d64253342340266687f52739db8b7685bc6a2ea7019e13d62a143ce0278ce
SHA512 516d64560b318bc1f5f0dc1da0c69aba24398f41ceb82dd1c34174f72079bb832f68df8ece06e4904f5f5d29f9670904d8d24eeb73f2b0aaa4cc6c65f1179a7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c3b0eb0-b70b-4e77-9d02-30ff9c3957f8.tmp

MD5 80489b7d6a7d71fc1cc6972691b371f3
SHA1 66ebd952778d2e5ec4331835b51fed895c4219b1
SHA256 7e5ec7da876bfe9804932f0fb683a14e4c1e2b0f62afac88fa631fbd35dd44df
SHA512 d95d6657fa46f47a7544b809b6496e7e05ce7a578a2c16d6b2ad11355cd0deddc02bfe0fc35e87d1881c5b4a6ca7b39907912fb6043314ad3051592d2c314eba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81c45545f7d7c86f5125102264aaad7f
SHA1 8aaa6261e432e37d567082ff3738d02c8cd715e2
SHA256 6cf989d229956e0b89d1f4e54f6f9dbc83343d94d0c64030cefc5ead31a55e6f
SHA512 5d5841f80127170df53644b1bec0d83bfb43783bfb4b0badeab75ec3dfec3c7e4062cd5e830f6ff2c0a556efc9884d8f654f9d213f92c791c0a50877156b214c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a1b9ce1f6c6c55e992926f35a85ad31
SHA1 2858aa62710094bfb46b9e382b40eae1aa270bc1
SHA256 db873267b6fd2533e4183b47ba20b28c9b3b91a47915760494b0e6a00623396e
SHA512 32f8fdc21342217800c6bbd7b776d077a522a7b9ba4b5225c61664b38cfa1c000a61ca58c2f48466bb6c77bb3d381f95e0b99141abebabbc94276cb5a7773dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 694fa8350fa913737e0801a815fc378c
SHA1 edd3d1ae0afdd45509e40a9e1e182d7c9d20eb33
SHA256 3002fdc2ba6e2f96561bfbb1c226f5900476192224f65fc05c1a7951839d2649
SHA512 9164472d471f5259385b178c3f70f8f5f950c42bfb5ccfdfea84e3345414e278a883cefcbd5cfaedc8617e24e8277627c3d36d99e1e4218b04406a00e938f085

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b149bf0c6600b41a1e398d3af2ee66fb
SHA1 9c03e25bbad2378172dea08afa43c6af8727a92c
SHA256 98e008330d2950aa57abb8c7dc6c64694d459825074c2ae9eb9cbe6ec6f20ad9
SHA512 8ba2c2777e70ebdb0e1f54a1489dd0421ccfe37e546e3cb781c6da5fe0d3ee9181d546b06338dc8393c225d8e5b69f5e621c5ebcb832d3240dc7f16de046d90a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9bfab2473c7bfdf81430ec7086ad0cb
SHA1 992af5ac3dc5880dae35d11595971112ef5a2fd4
SHA256 cdadb5d43886d15e0652f606cfbd7d67b803aaeb043a4b74e44de9f9e599633f
SHA512 4fd75d46c6165ccb5fdaf70438612bb9cef44feb78ccfc44db3788c35489cbb81794a3fd6682c7e167306c48bb69af7e8f1359fd8ed0657f8d824fe26c1d6a24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 03c8528ff9f7f2b930acc046c8b96144
SHA1 fca41b4cae9e7343dc8c2da091c6c4b1004dc366
SHA256 70c02793d788978486fde9fd3c5f513b7e71e1fb8b99e39843d67f882f155127
SHA512 04f12b7e2b27d0d5b750706bd9b0e8e211c79a18bd14ec1423c3986364e7c28568dd02257886267603e6eca612a2ea5f9e34119a3136be0c8b39342c01bc7dba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 97d5f65881dcf1370e0f450c74916071
SHA1 8356aa6595b01f1b3d60df82686d78c6b573c033
SHA256 3ac8ef666dc310ef3a2a6f90247aab7bcbdaf26b21147f7b06f1bd39bdf848cc
SHA512 7e5da137492e2d0f42cd6a7f1b36fdef012af3282eeaca25b3da50eeb5420b199fa65bcc6d3f67da371c31173a10ff06804a368872cbf4b63f9beb44a2d30f4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 540dfe41f452b3578961fc0144685e45
SHA1 3734be79c570f1df46506c1271bd98e68b19c51d
SHA256 7468bfc006f8458b6e1fb90d1aac64918cfe867a8a424c68337737ab7cec540a
SHA512 f9fe46c5aafa0938d97a8f4655d1a911a752d6523e28ed109b07964b21f445841131daecf5ef3d22657840ba5b04ead2c6bad765521dff905086f065d9848bac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 92fa58e4836893b3bb57dfc175e58eca
SHA1 c841f057b9679b2c544746b7d2db5d00909e391d
SHA256 ad2adb713d26bc398ef5afde148e23fe8483e16d41f0872634fbe0b5afade76f
SHA512 b3801a7a9649421f0c230387a73701f465e4bfd9f62fd797c1e8771aed0b09c8029effebce8f8055c8cf206a0d4d032b37d18d82d29c80370c55692d4e7ae304

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt~RFe591eaa.TMP

MD5 2879782f6d3b907f3ccad89577e8d293
SHA1 b247cf7022ed1946e4a202b3f2f9887591b406bf
SHA256 bf16932295273ae52f8fa099c3470d04c1cf430f20a987f67979234bf96a9a2b
SHA512 9aa96873e3428eb977af6ed67f7ea8777d46cd0e22998ff4bd52f4b2129319392efd320d94b391ce28992b9cc8a1024b218b65c1db19cf768e50b2a349dca4b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 19220ce43591c1973a34b52bcde61738
SHA1 a9c55af370a4c7f945409bb27c6f963c6235725a
SHA256 756c1b0e3658445858ceaab157df782fe3b6b0822af005bd9b5e302c4041595e
SHA512 9de4499bafb00db61ecd50eef8f759aef06cc06a3ff34bd517a57fdc663fdf564d59b3f1c898c64b375738a5667300d4775c4782e6e963d2408f316ec363e2c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 4ddbd7de4361173aa28c2d515f7446c0
SHA1 11a4cd55a7054793bc04a6815f6ffb7748485327
SHA256 77def5f1cf19d6cbf896096fe3932ea9f62e74e9aecdda99adcb4877d46186fa
SHA512 86d2b97baaf2b555a7435687b484b048aa3fb1ef27260cd3e282bdbe357988461ccc59f4ff75e84854ca3c04f9cc129f9f5876b4f58cbecd79a0b553b999f5cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\755fbcdd-1669-4761-b61a-c68d580a489b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

MD5 9d445aa60216e8860fee9894716f1c24
SHA1 6f6b0c3b5d4d1c452af7aaefba88b447436ea50c
SHA256 f987fb6723668f43633dcae774adcf7f8d496e9e693fe9b9f766006d3883575f
SHA512 2bc50e3103ba6a98280d63ef67d879c5d6392882727d8c2255d95449aa26e038acef1a301d778014fbf11c272725fa8d8c85d6f2968d45ddbf7fb2ff2ad9b182

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bd

MD5 1e716406133e63853729cf416f065351
SHA1 e6a54a42a36bfb5c781b6873a79431b11e016f24
SHA256 241d46d249782fa9b9163f89ccd2d1537b55a567438863c46001a86cf12eb3c7
SHA512 d3aefeddd21de9f8fef8ec288224131f78049475ac449b193bb31584bea25b6844bb4f75d561d93dfcd08d7f442f659c301ffec210e03bf4f3403e994c63156a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf

MD5 12d0c6aacad574881a5f55670e94c11d
SHA1 7aadf8d1038e32609557c5169f45ce77175b42d6
SHA256 3b455652ce5f370e939b8c79efca8193db3a55924d68650f584c963859704d54
SHA512 428dcde26e1f97d8ad74f8f9f33fba5d74e8c4fb869119cf36d236a8586ff7223490ffa988a6dc7df3e912a471616c3cab676056dcfb9835698f050bbaaabdd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e692bacc4a2ac8c435f961fa6b454f2e
SHA1 49fa76bf232acc5db6a23335f0b314b32982605a
SHA256 7305a54afd17108fbccbf6a1fdc8df910d8af61691c6bed6b313c2b5b2bca0cc
SHA512 cafcc5e4e785c89bf587300557dbf999e7c0f4578b85e402a13ced75a7cc5831b9b840298e087bbd79f3e5042e7864ff66fea4108a494fef6dd80f1be5ab62e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb

MD5 70a56a53ea0a4817270909fd611b2190
SHA1 5d117d612e344a227583fbe2fa0f015bd265b10d
SHA256 2a4d27d1dd6e38e26e4f931305f546c24f9bebaf6fb57ae93002f73caac54e94
SHA512 88a54ad0ab113bfa470050257e5d041b218d5829e93514be83df935f9d04bf46e86c9527e57d895b814eba33ece32adf5c7fd1582a43b6b34a2d276d02f52c3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac1e5c9e64b7351af589509a52bc9ce3
SHA1 1c9e81a8739ad4bb5988906ca584f4b5a45df6c7
SHA256 23f1635518624375bf3bf8d53cc4dcf75a3fef62f85fad9b6e98378902f7d2fb
SHA512 be627e0769ea02e8aa363a7c2b53273060ab94ee087601a03b3390058e287ddad990ea37a6545c99f61a8804dfeaaf49325bf9740ed73197d18655c3ff50f261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596cca.TMP

MD5 278fb3a44fb21d353f7893308050f235
SHA1 7588310e85940a3c51969714f47ebd6f71ea38ff
SHA256 804efcf79c506b57004b2ae71966c24a9cd12383b7829c821148af109912d7cc
SHA512 cdbfd1c57c1a36341e8cee225c877068c54120ac9d628373cc496cc45027f7dc52dc48bf8939248948f889f9949b500fd34797e8ebc600dae870c4ba98d3d4fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 37e1a24523dedecf462ceef84d1a0e3f
SHA1 c851fd5afc82ce1e16530e7bc2cf34d7b3dc9ef4
SHA256 c2273141305a5dfd9d1c9e2cca8106ef35ddabad88bbd58ef0a05978c6a13548
SHA512 67324825862a3beda04e611fd0984240c64f3515e3ddad6a6591c94d926c43963a1a284837c94271b7a674c6f2343f59450bc9b9c699ffb518922d53260e96b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b5e2ca2d-43e2-4dff-8e8a-3697eaadd748\index-dir\the-real-index

MD5 123f9503458070161917a7f7d810afcc
SHA1 a17e495b54556b50aa969f9fb56d91a22a95f3bd
SHA256 46c25ce573d6cf7c670cf0102561ad492fa6076a55cdcc6c25c98f3ce1bc0bb7
SHA512 f68b95f3687f2650ab1e73ebdc5b87287c084d9d8520dc26cb4edace449e2b0eb94e65fe903dc53eba203a06fd18b82a9ef3ea055000b0f5090c5c5827118ab1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b5e2ca2d-43e2-4dff-8e8a-3697eaadd748\index-dir\the-real-index~RFe596cf9.TMP

MD5 ba867eb79f9494d1234a959ff8609566
SHA1 3164c11fcdf4a7eaf36e588cd69dcc0daea4c86a
SHA256 e4a8254d69c3ae32b6a10ca74409e9fb2547cd08823910582e1db34254083e3f
SHA512 7c9c9e89dea0adbcd253b700be93a6a21e1e6ad7d7a6128f3509679d7a96d8053fb6388d4df9c246172c352fb4fd69fcb8f5d4ef9df7a729b837623b25d668e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 399d428b18a666b157f2a81f039ad46f
SHA1 af5994372acf48c3cdae373e22b3d7987a8a69e7
SHA256 4eef70a562ceb2d52131296e7d2c239dffcff9c62dcfe11308baed1b295ac21e
SHA512 13857662e8a234c9d8972b06db015df7d4b5dbcc73cb6a69fef73309c27445a29d8aaee61d3fcee033617871b5ea93c278f8ea1709ec2c8cc3304923e522a838

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\f702350f-0a13-42ff-8d09-f3d3b7d223f8\index-dir\the-real-index~RFe59817b.TMP

MD5 dd6e73a99e57095021bc3a97a8a27736
SHA1 14eb9aae32b475fb80afa0d4b379e01d67b23b2a
SHA256 05ebc4dab4152e6d0b733edb19b215566c88e1b7f9624f8753d6c575454298bc
SHA512 d1d1d1bfe8893d0d925e00c87fa0302a62d7f6b81cdd501e75ce587fee66d70b3b98598370de2f7d1fbac9932c2da454101dc5a07f4cc35d141e98cf72ae5b62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\f702350f-0a13-42ff-8d09-f3d3b7d223f8\index-dir\the-real-index

MD5 409ef3fed0a4ce70aad71eef38bc99fa
SHA1 41d383a500dca76273c10bcb009f3ae9d3a2959c
SHA256 ef8c52eba42d2032988e63447640ad9d030cc87335f27786816277a3170f435c
SHA512 69edbea5b0ad7d9baf29dd4a9cc7f6c233c7359b2a434137f7eeb98dd2fef4d12430e9c5a48bf3224c36d607e919cfab2fa329a7a217565cf713493d63add774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\755fbcdd-1669-4761-b61a-c68d580a489b\index-dir\the-real-index

MD5 53355ab4cc677f9fd5a03fe4c36f3019
SHA1 6c1eff94a9ce50c46bf32c2d9c821d7479de050f
SHA256 c890f1dd4d6013cb832afef782933e6020cedd969ca2460472063d10dcb290cd
SHA512 386e422f72aded944b3978ab9024b89c019d7dca31aa2084b01a45044652ae22aee9bec993ca9076524a24ecb8ed90bbee69837eae4394174790cbf4795c6204

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\755fbcdd-1669-4761-b61a-c68d580a489b\index-dir\the-real-index~RFe59817b.TMP

MD5 9ad5dc06ad4fe82f2b0c2f5c289e4943
SHA1 9384011d11ab1ed81d5290dae6dbbb81841f8622
SHA256 8bc94e4a0debcc33e7276bc796e25508b6e886cb3735309ac656cbadbf236bb2
SHA512 5e555e0e07b92560a4c5bac5850d5d0dc228b425baa488211f9a068134de570e421673842002c4994a869a206163ff7700ca0859b9c88f4a0a632dab5ca7c525

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 431f900191cc8513dd1b3917cb810e5a
SHA1 cba64efc5184cc6e3901fed301aa2871c21025e6
SHA256 28502b1a9dca13147bf8bee2d75d773a021f8a025a9f4d7088911d81e364a3cb
SHA512 5e73c78a640bc2a57eab84ecc2479151c57bc3985c75dd42d9e2a5882f6227c82ef32c506db2e119df7c76f555a472cf6d21d1418f354d64614bad73a2660c9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 04d7fdbedc4e411a061dbe88985cc7fa
SHA1 41e7e34c0069098bff3db2e07ed9be5d6e170096
SHA256 32e1b1e33dc1ad4a3c9bd7c70369b6cb8cea7e4e15f3588ca034582b2133c115
SHA512 71caa543549220e58f8e810cab50eb2f2702321610fd52d08a5239673b86b401c144e4e44e3136eefbaf5faa44e1aec7b154ab52319051d0a3b228c29fda0e8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e6464ef8de447342d89905ff3e1ac426
SHA1 496283df1d867fa7b7218dbd67eecb5697480ed3
SHA256 04c452d057da4cb667d0532ead919cab263633177e860ec2d40bb9a7c2f0c3fa
SHA512 20882af93e80d26730bd356630a6ae07ca734a2dd69ac911f001485bf7e101d98f200012a609bf85f0a89a85f0f2bf84cde1e60ba66da64e700a5b29f2be5e61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 039498e09653fedc399e9588ae8d3367
SHA1 88d1a3c2dd700ce0b5f8f2f854441581d59f4971
SHA256 d85f1230c4322cd1aee90e8a675654ab098d4a3317f094d9103a284167b61bbf
SHA512 d97ca04509f77feec34f586ce0cbb655a96bfdb3f9663d650d50f33a0c09d876b3e628541b4ab12354a8ab6da6e2b504e2acc2a304f13655c4397912f2f9c50b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1969228cc4c9521c658991a8f757c07e
SHA1 a222cb9c2d484ddf1806faec0032996b55e1e7f7
SHA256 14ae4358f852f9ee2cf513a91303cc7757bd080b59c13d109b5b67ac05a5e343
SHA512 6fb0a9184681fe9f25422141cb80fd2eb253410e4b1362946e52abd3054e0935dbf47f035c8eb9ea6889f7c09395a371f98ab0e219d947112096bb3bca2d6c1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52b6a264aff72cc59a24646b08c1e1c5
SHA1 23dac72cd7c056d405f634fd38f1d422ecced0b2
SHA256 9c7403606b74fc8d038aac21b98eb0427e1d62ccb23c9011dd88d2369d52d2e5
SHA512 a6e60ca8c87682eebc4fcd5c7100fc2a8a71fde79f1b19fd6d8c66266bd3db39f9adbe503162092eda841712808ac60dfb9331f2031542c8d244f45919226564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89efe08a3589b0ce4b497fcec533c805
SHA1 78e5fd3dd339d2caa8bce7f86fde8535bb5bbc6c
SHA256 445791ee21db6a470833aca014ea939be636ac8e69fed2504e53271bf3cd9d46
SHA512 56387eba2d125179bcbe0d4ccec85752e22f6b90713856a3c914c0e88c48b074f62127b4f623540ba889a4b49daccba05e82a4b7c5460292ad39c1c445bf0dc5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f95bb975a4e4a2770b58606503cf5fbd
SHA1 12a73a09fe8685f8b8632a01784c3ad0e37dfc3e
SHA256 e8c0f4aea11a4289c22ed6dc4d9700853cce61fdbfb6e8c3ffdd2ccd1584f8c4
SHA512 e4f325dfa4f00b576a6e784117dfee33cbb734e7de1e63fb1d0a3d13843665d25a9bdef90c231e2bcddb9ed9c551d9cefac0842b5a504e935f21dcb00304bc64

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 067585bdb41a1c0ee8942a090e5dafed
SHA1 0fd7d179ec4c17f05e44642db174dcd05a7f6cb7
SHA256 b1df53241c5c7ad28723ec5d8463f4434dfe0cdc50660114c94ab8d22b87aff7
SHA512 9838b7c46aae16672e7bf48b63db047d94a435577c3386f57e50918437623b6633dfe3ae8eb9a47c25468e27d5a6651b228e4a0ab73e676d4a78c14295afded7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f6ff55e574525a8d5049b82254289820
SHA1 7507cd75479a7dc377e145859bb0ac1b0c25e989
SHA256 223ec5eacbbdf3208e4830df0830bedcdb58d1031377958e380c07349df8fc65
SHA512 b08c4c6c33ab70ecc9c862dec3cc4598fd026f537d648d559972648d92408b088c3f6f2e2f291371996bdba94651befb16a8902f6c44748eea9d77d345f7ad4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 88140d6fff59e30dbf67889bc7cfb8de
SHA1 0c67a6abf3de7c49f0cbd654c4b42e754ee244ac
SHA256 e8845fdf065456f52ae65da4ddd534014c74d408eed3a90b8ff71ec2ab214738
SHA512 b147ddd968eb005856ed9041967074bfd87eee612e379728f5e49de20563035254b7f079f39f1b3f6633d6a1b4169ef0726b747ec95c4ff865b7daa156a937eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 773647c3c088ffd8e3f2d6381df83b24
SHA1 78dfbfc2c596cfc908277167e146270927bc3dbd
SHA256 fd3212ee53caae486cb2674aab45c1c93fc69fcce9c3b5d5983a0640ea6cacb3
SHA512 14f0da16e695c6fe94e066468637ca332788e473518753f2595ad26fabd97fa22a9f4735a655f0f1dd3872cd6ad4afeca38b560ebbdc0bd3193fa317892d9eed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 f7c0e32a054c3cd01031b0fd27754927
SHA1 107441264051a9079929ed661a901f9601386586
SHA256 928e8a9bb9407148b2ee34c6a1884647afcb19664dd04c88e73cfdf05e24819d
SHA512 2f0c49d25b7e88b56ca378931f23b35d09c5d4bee54aec92212dc36563b1fe7bd99533557d6b11ea8170c52b5790c755350eb499d0ea965028dda5ab982bd834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d2409444ade535917b490c2974016fc
SHA1 14f39fa4e3954d69df017569ec944f2529aea579
SHA256 9ab95433aced7bcc579727633c98b702d985407b8ce2adc1a37c04bacc8b78e7
SHA512 956eafc4ce9192f2201a95899f74483eabc2e002897624e66c0b9d0389c12651dbefb3938aeeba203c644ca76dc5976245dcad3476378123363b9b7d9443ecda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 efecb25d94dbc400b71563b43a5187cc
SHA1 09b0748d0a478d7b8c994a38eea53e86f2ba3837
SHA256 5eb8b3a6b18d4f0df8f71084afed14df14a01f4c20ef180240727329c43bbd5f
SHA512 0c675656baa032b62240c8504fd4d9b6050e9caaa20ba706d263872e804da0759dab3932f9c276fb0de808f7ecc6c20600a5afe5c4f95ebfebfb2540e94dd6f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 172ed7cb0b186b3e6d89bbcbc828cb3d
SHA1 6f48f744f8c906c7ce589a1f20f915f5bd369f10
SHA256 5e3114591ca8e269610e5df71da7febc414ed7be513bfb6ee3c729e3199eb9dd
SHA512 f7eead880dfe250e0a2c4713e17518776d24ede8d41c96b02ae0abc83f0addd38a8285fbdab8ae21dff8616ada0d6c444e21aac4fc645c15961982d05b482426

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb1e53f70e45294db8e2702db2a0b0a8
SHA1 82501832cac1d44a8ff732d20f9ad85740493c54
SHA256 8c9f08d93d56647f73642d3fce4d85453c8d1d1ce19bdbcf54ccf381495e0c4d
SHA512 cc992be1add0ebf01f319d51f9bf3dcfb90b8f13fea1ab36682fa143d9dd6fc2ee01f890a0afb7e85b15e86173f8ca91f39d5492d26d1de57797e1e943791d57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\LOG.old

MD5 d88873197ed25419f184accb06219424
SHA1 14393c6a18a6fc6fb265655bd57504d199cae809
SHA256 20704997b46b55cdab438dac1cff553702ab0c31190937cbbe0ca9e876dd9a30
SHA512 a6614d9aa48d3410a1048f73e130148c6eb35ad6578a4db100c9c196d2518479018817b7c64f559533b6cdacaabb20751387e322229ad624c8ada16de7c6728f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\LOG.old~RFe5c2746.TMP

MD5 eecdca30ca30b853093c2dca80031a47
SHA1 eb5cc09b7ad0d934e5a2a463f220349556485646
SHA256 b739afac60c3ac0e15133fecc9f7d4b6264987d5f8e798090662dc3016df2971
SHA512 2e44c80fc8a8547399cf59a1b3eae42e8c0e214b8f37e019cdac0da8e35eb2f562f0ca291a1a9b08463446e4734889236526ecc34d4aafedf5e52662aa3ad4d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135

MD5 97d1a97bd934ee00e0d0ca0d28581f7b
SHA1 a4db373570e94295971edbe3130820483bf61502
SHA256 76f66ac988167e3308ba5970ef978c0dab250258e0568d14766caccbabb43a59
SHA512 40f221c592340aa0921419d60e651086928f48753abe86c1451333c2000d6a49a6b07385e446eeff6d553b6b8198b58cfab2bccb96d249cadfa0e89258ed62d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000171

MD5 ea0780fb18d1b36e6a9c10128fa05c1a
SHA1 a79fdc975308795ec81cbeca6e3c98a39876345b
SHA256 206293d69f9ec2458030ecfc650a1074acf15d0761e8f50d77f56f478598a337
SHA512 55bc32df579aadebadd00e6a45b15c40f0fa94512a565e274d83eef90f2460e0c3f000edd74daff97ed182211bb03a8e0d0f00f42b241d467fed4c0f8e09ad92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

MD5 75a598c35ec56ded54428d293733d353
SHA1 2b0e9edbc09b3ac448ef0fe34f67b21a53919236
SHA256 9bd1fe12752724704b30572d794a6cb9cee1fd547019212b1848aa8fd0ae8cc0
SHA512 9ec27d300f9416d2f83ebaf6ea39c3e33cac039f8adb04b536c2bf6d8af0366cfe816055f7f1a9295e19b889fc3a7d33101f6e03f1a6c3d62f384a402ff0e83a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

MD5 dc1c0e69113c315ecaf8f686c4ba29c9
SHA1 82cea16780b5476c2a32cc642adb4a88452ed370
SHA256 f4b60fe1729ef78f1e427f19a4cbdc0f5b82610c1a47271aa34b6c99a441f703
SHA512 d06762806ed3d4e5a86e6abdda9d00c93d94a2abe18fa5faff7067981991e9b94d0da813244ce7191295028c960fb786a65ea24932cbb03d7951f68f3ba8bd56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

MD5 e790efe72f0d755122f70817e145b234
SHA1 c2f8cc715b26a45daf2d2e8fbb65c0f68a58742a
SHA256 24e5ce5b401c4b51219563623eced24d9ac2c806ac5e460170e627ad9c37cb8c
SHA512 5aed2a5ed60c4bb07e91b6c8a856e94119ec1001573397aad5f6f8457249b7488d0f0378e9ce4e0bea6f60bb95c8a6b731504d6d1bf9833f4d24dfe983a11990

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

MD5 09788e6dac53954a2d228e2edea24407
SHA1 6578b0c4707dc732a3975a13b57ad22f38ba29b1
SHA256 5766a125857c9a911964938964568e3a56263a6f4017bddadf49390da44d94a4
SHA512 3275db61f0cb64f130971ef6f05985f2dd3af4828a793470c4a9caf55b463bf268937ce924e058f8ff7648e8c99618fd4d861df9eccec56c59a7a84c31f27691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

MD5 1575e8ea4920d08630ffdc58766115a6
SHA1 1eb860cf198742d40f12345f6b3b3dcac1f4b0c3
SHA256 5db01cf19dd97b36e4bd6cf30054f8f5f519b174424603d95160c1b8611c6e53
SHA512 b8c5ae706bbdc72fd533789959004cb16a2318a7879706aa1884928a3f20d3c1e2628076b10454483ee83912317357fbee29eaebbbecbd77e409849975dbb646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

MD5 0dd9517338fbba63a9f85dccc7c4813e
SHA1 e3da74d8ab4389d584d8bf9bbf2cf74b48a749d3
SHA256 f016a826a02397f3ec13e039c97417257f713f2435177236eddbb4203d6f288a
SHA512 112a3dbc7fad139c8160bd8caa388392ad08a308b32aa0029c5e2c48d5fb7b39bbc76ba5f81b87f0d58b1dbe96f465a28eb3923df82f1e7756dc0d39eac850ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

MD5 667e52385e6bab9da1ce358fea429d17
SHA1 56eabd2e722b76fa7e9eb2d13cfe37c8a18d616d
SHA256 74cde93f5f189995bf2373067a1bea6ae5995d29b35e7c97ab0fb7dc97adb71f
SHA512 64e5c95174ad2d7470898244296bb90bc8ded015e9f9e2ebd6bf5f54a8268de3d72cf8eaa25aa7b4bea80bf436984e56f019f544126760641670b36fad0c81bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5dab4edd2404ed5ad0bddd5212d74e82
SHA1 65e633f175b17eae2cb852f4a4067087c452d1a8
SHA256 8d0f6fe73e71d7285ba6285dccad43e3d8d6d5a0d3a423ced73b7fb395cf0d29
SHA512 58390b968da2643d891cf065992dd7370d12d39940b13f493f1260b4de4492fa3b894536380e7a4b8d3be3a5517b16c90174c8f87f58c3f2697ffd0f301f1dd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\000003.log

MD5 1fe4dc3f840ab3bb1aa419e5f9b75ad2
SHA1 e3d11553837bdd79b3fa8cf77bcde42f7bbd751c
SHA256 0032ea505d81cf3a8805eee715c65835ba247b53e5737e570f1e497ae7240e56
SHA512 e701ce156543f60b088d4b315bc26b0fdc4c8720b01f41cdf83907b3323c8539be3ae0825cf8b0c4d75dda5a0ecd4ac2841441d9b21243a68cad144c267e62f4

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05d580730ba781a256573fcbc4213dcc
SHA1 3056cc989bccd93377e5e5619d9989df45091d3f
SHA256 d0f9a3ff274120d98c49362f3093f7a288147066e7292657974661d10cfff036
SHA512 d35501d77d50c2230dd6bf954b214f8af069e722092db58596fd18cf41b0807fd92de4ec1629bd82051ba16d2c7453e1fb70ef044ee27c131d1a126d45ecf857

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\797f6949-09a0-4762-a980-1d5ef7c9d71e\index-dir\the-real-index~RFe5c8719.TMP

MD5 205f2319fb730d11d6155f9b8a19dc40
SHA1 00aead7ff25898905fac26ffdcbffca28d8a4148
SHA256 09592f70f0fa214635b5cabc7d16ce073120985da88ce3b7299ebc202b406c9b
SHA512 a45076e524e058b49bbd159efb56e01ae84d2383a0336a6e9692a89de4f7fc687ef2b7ae98f600bbd6be6d0f7127828cb7fb5a4fa086c4d0f45290a4820bd1e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\797f6949-09a0-4762-a980-1d5ef7c9d71e\index-dir\the-real-index

MD5 72b8c3670afd3e1b7e3a0e8027c63552
SHA1 98681388f002f250c0108639d7a1372156dece32
SHA256 c03460ae6a8fb173364e5bcfe29a87825bd8e59d9246f17aa6b791eb08b6fcc2
SHA512 d236c1408d2694c7c9b13a60737ff9c907269caa89633fb1efe8b0f39a25c8976bb785632ada0e2620425a2af04065bb57478963081ab4f9bd717d8ca8cc094c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0198c704edaa46db5be9ac56ad16f782
SHA1 6235144b56cd1a0c2b82f69b55f3b28bc43ecb09
SHA256 76495107ff5fbb48d985c95d3b8a2d783da91e924a598de339ea6a756accf04e
SHA512 75b19f5a6ec8881368d1940092d91824096e92738011a060bf4d2a98fcb611c29f7d53b31f73cef0fcd37e995cd88a62f0a85db6b329b2d5ef3fd2a6b22ba14e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a81cf78e356dc7f4ffb4577b9d69e3c3
SHA1 0ff2bb2f29ce4d4ee5aaa94ec09226b10421c92f
SHA256 847f45cd919de8b396e3da3a5f8400ae397cbdf3cf79b7790c30b7c9beb6e5a3
SHA512 8568adab56d922f6826d549022dfb98902dc8e5b872f883539c8219ab753cb9771a7ea2befc35f9ffcb6d329b8cd2de074a40d18560e13f40386779151cdfada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\LOG.old

MD5 94882f16fae0eca52dbbaa464fb2d405
SHA1 77519bb93f9135640125af85b80426e5197746e0
SHA256 799a536e48474f22434c73b2ddb15d4087073435e7da66d381d9961cbb891719
SHA512 3d3e78fad3cca2a7a335376660d6769ef9955222eda28516757360958cc92bd6460627891e476cee591c363211731584e6488363a795eaffb4457a28668b7789

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\c4af534c-f158-4ad0-bff9-1a333d5b3472\index-dir\the-real-index

MD5 eb9a151b8f7130e16e85285ce0a8ad43
SHA1 1af1dfd7d38710535700abde317c245a4461905f
SHA256 2e8371d9fcf5ff2255dc041db7ef10c00566635a4974b28db92ce7d187bc2579
SHA512 d12091fd25ce31be2783758532e7641628456d7ba3b94d1816eace820da60c4dceae9f1b0f5eb9245621b4d1ba98cfdbb40a1a9f50b85b3652bbad326112cc67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\c4af534c-f158-4ad0-bff9-1a333d5b3472\index-dir\the-real-index~RFe5c91c8.TMP

MD5 1b494ce2b00b58c0f96e25c58989a075
SHA1 903f3d8fb984c3f18ee8246e46ab4bb7ff60f2eb
SHA256 08a392961f33c3b05bdf816f076fd2d521ccce78823a6dce7b086a49a2356970
SHA512 2dbe92894aa61c99beff5077f1c88c986e119ee9bcc833b6be3756ffad0379ac8c51b4d73b86d7a244340053ce8c9d38bc465d6904abea7405cc942f47d89d92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 17319ec7b4287e748554138e1629f1e3
SHA1 d1ef3f917b34712835c69728348a1d45f2ab9c74
SHA256 aac6b5fe71bff427a696caa4e896f6ec5e86eaa30d177819ba64648c4bc4c3ee
SHA512 f9961d0d643f78677003124077d08b3a6d3c06216826f1e7c4deb7e035892b26a6605dad03f13daa312f1fde952c2ed28772597ee9f6e7d969c2799b2119583f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 62ad229f67689b469c129b72e634655a
SHA1 78a1cf3534a51285c5d1953d498499c755574ac0
SHA256 e2e3d37973e89f6cd470a425c4653d9046a70166b020535766fd4903760657f0
SHA512 976a7accdd581aa136b48fa899c5e3f1a7599f4595d99767787acf5ebc358815d2e15ea3cb5c44567ebd70e820b8dea2b5924dd246bc8b2bab0c969e1067273a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 521c9080f52496a4ff99ce48336c4783
SHA1 14216f91120c62b9d919f248e72bdd3295a9e65e
SHA256 06c89f9f2e2f1a305e7bfd33fae80aea6b6eefd058d59cc0ced438f7c1b69aeb
SHA512 d49d760a6d45ae740e6eb93c42f7b25868d270b920aa3bdf461e37a43c1fff94bee31668d2d63d665ff150734f4ae0238c493b4f30f5d509894ba9756452c57f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 cc46ae2aa50f50e60e1897c29a60dc9a
SHA1 f66e590f9235b7dadefff7a960e2f6bd16044315
SHA256 476eb81a103ef16d4650be24545b790922d257c50338fca920f2b5dcec5d7131
SHA512 e28788e4180569983046d41bce68801187ecda53212a5a5a542fa7bbdbf717de0994d4b212b1b501da1713966d38e4d91d39cae6f0a076890eea0121e187a1eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 7f9caa93691eff2fc672c1586ecd7b79
SHA1 3eca7d5222dc14ccecf9a04d021a98c86292a8bf
SHA256 7054eb6fd65a2739fcf79301261f92d72ffc318273561a3fd66f513e12205cf5
SHA512 f8d22bf6ef43bec46692df786dd1179a22cb2c0b77d60c8c43d8fba4e7ce0ca03349e808ee9476b12f329f2a6656e0d4c78fefe5d8d60c05311bb463971ea737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 08cab69248f437659f8fdbda86effc92
SHA1 3b25afab43c98ac091e746b9ea4d4dac63991479
SHA256 3956c5814745c1472b099c3b5b4605c06d80d5ed8b86996196adeb754d78368c
SHA512 d694d99d606b6d7b125900e5592254b32f7146bb0bff3167039fbbbf13e4997c64722529fd6441d5a32a67cef6f89d89db55bc48657208810af1aa72b36e6581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016f

MD5 ed5f87baad6333d42f31cf6cf1bedd9f
SHA1 a69194f3677d0ef35c56a6cec565b3efaf57eec7
SHA256 435d5271db5cb3ae86c69652ab69490869b2303e89a0ac6c3bed0ed6bbf129cc
SHA512 47ab3c9aefde7ca3212f49c0557196757bafa13e2b057e739e576af620efe14744be23e8c9a4ac9d9b5c5bcd24176e24505d19cee7fb00b01f19677ae592d4cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 d35b3b215b387b51924f0691c3840e02
SHA1 54fbf65048e972aa29ec421c501d8670866c5654
SHA256 8c2aecd858f2943cec12cb3a48530a98e5134a5e3a96645f10cc3042eb434981
SHA512 36cc0fb5f6937b99a21142c602be941e985e683d468874cb63271f4350a8731818354fb9ec8a2a0c905b4e0733438573f1b70e22c73d450eb22419afe2ea4300

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2495528568fc2f1e31cc63d2740625ec
SHA1 fbc11afe32245e1bc1dd10f77487cb7b1d843b19
SHA256 824256fae04aa18eedefff715e0efdd7e362498d940cd255d0e141112de84749
SHA512 818478839fd39d1b5f901a119eccbe9ca1367421546e93e9b26cf055807c9b73d03431982248b739a7fbdfcbb8b9115f7e408482da98e1785a7e637b15fb47fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b885e59d364d27c5704a62450a34f7bf
SHA1 883db4d3bab531988e95553794964167b09dd022
SHA256 3b8a8a6172ca92cfd96310c9c25d63b0ad27060480739fdbb4ba326dc47c5dcd
SHA512 97bdb438611458f2cf38029c718be60058897b931767bffbb617a421bd8f28d57bb414a4ff1866498c1b27cefbeb03d1b3c23223290e6a2b3831823137a0b768

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 beb958b374fc3c0c3dcc28a22f905db2
SHA1 3993bfb7dd065328d83045a9d46dda6ada6422e4
SHA256 8dc09ac8cf4db604a3f5b13e47d2fc2affd450e03e545aad003a27254168fb45
SHA512 5f5ee37b591ff4f6cba3ed8724ad8bbc61d2e1938d6885d3ba5481e79e4c19173e8ab4f1ace3555bdc4d6699f4b9d84cb249859045bcfcc01833de4cd7709748

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\index.txt

MD5 bfbf0420507999f2fb2108b49a19afce
SHA1 c3377ab95a57ad1ec30523ac884a2828025bca50
SHA256 c1fb98fcd767b7d72b0b5a219fd8fe893894d53820af51bd1684f9046e1057cf
SHA512 588b29090a21062b3d6ab2a698acbd88e029fddf424c7ba84686fe8d41c0128be7faeba2f450c4084c20826194c45ef2b3884538fbce30afc23e04ffd4b7d964

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\2eae365d-d6f9-4b8b-97fa-4f26a5fb3e37\todelete_90f5fc18a4c0bd49_0_1

MD5 dbb9b66d2b374149725833559db491d3
SHA1 07aa53a208b9a16db26609905c27f587604ed86d
SHA256 10b3d6101ba6889f789f5ade6e395e9d4e5d5b68cc944cbf112cf848288240b0
SHA512 8772b727d76c4c964c751b28959d5ce3b6f6729b767a84ef44af5ab746f88898d244b067d3e17f6d6e84a75cf1d042f86c9d5f0950a4caf8bd7c68222dfb3eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\2eae365d-d6f9-4b8b-97fa-4f26a5fb3e37\todelete_ec5f6147736ac8d4_0_1

MD5 8bac71f41099021ffbb62d7c8b20a844
SHA1 d9baacc6425dbfa4224f0b3746e84c5cddc6ee82
SHA256 d9b6a996415fc0e014c90820f2694229208df03dbb67d1f2210811677db46208
SHA512 8171942f6efe74226f57e362035e3772a8529a5a4a7a20ef677f42cc90a20e55672c6a527becdfdebc5380fe93b175744b4e063e0c09c300819d1b18281bf524

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\index.txt

MD5 78874c7e9d77b174c1bb19914126587c
SHA1 cb617ebbf95104e62a0f75aaa565f080ef165f12
SHA256 901ddfd9ff0a26f7b39061863d54cedfd21ef0a9e9f70d877d5afb0091c17040
SHA512 1dcb4db0240bd1dec51d017bbcf8cc8224bb1f45b22af70638a55e3848e178073120a8b8ae2c69d3fab08bd16c6b9af27a9ea1c3f7c8cbd7f2abfd6bbec1588b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\2eae365d-d6f9-4b8b-97fa-4f26a5fb3e37\todelete_650bb3d3fccf047d_0_1

MD5 b14e4cc056de139c7efc6db02f548965
SHA1 be70499668e67605fa74f29a1f3a817155fab87b
SHA256 182d0bc3448a3aa2df91f301962afa4faa2442c5c31f6d0c1be5ebe84a083c04
SHA512 2d2628980e673bf692a80d4d75e4dd5cdd6a8c75f37f0d420622bd0c26576238f56793da77b5a560e40e4985cff18625f11e638add8870dd44ec17ad5eda0b1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\2eae365d-d6f9-4b8b-97fa-4f26a5fb3e37\todelete_de57dafe0df1cff2_0_1

MD5 9a77dccc0f4126ab8bcf5c14dc807e0f
SHA1 54caf1b692860c535810ad1077fac3f7461b23b6
SHA256 bf397a629642cd672058adfb57fa32eb543d3cd4402bb0551f1ce5ee605fc24b
SHA512 1a8cbe0cb3c7a6599ed2bc0b34f400839f48ea9406480c4c7e0f27e48002959a2aa2bc7209dcdf63941b422a8cb47b6ccc2d5bf46fc6ed7c69d0c838f69e1c83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a4

MD5 dc131113894217b5031000575d9de002
SHA1 f96348260751ea78b1d23e9557db297290bdaf28
SHA256 d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
SHA512 0aa4420c7b7dcc70238371f9d21d521d0673caf4c1883eeb2d3254c5a1dad941f4569f418350ffc61e93303466c504179b90ba0acf008250dc9c2c6ddf6f850b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 1848c320b10118431f40b4dada6ba401
SHA1 78ed6e783a4af72d2266192aff32c715ff7274e0
SHA256 215ec0bca6e2e9e124d43ad8b9519dfaa1659be78927f85edec5807254804eaf
SHA512 9ea195928e662525f0f5d6583dd3b61af96e83e51ed991bb4334ab6a41fbd52f671390a2fc303379c8cd1fe783883b83efb94e3b1a26d746420c2cc397ae08aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\4a975d40-9335-4f4f-b18c-b7240344f024\index-dir\the-real-index

MD5 01e2de0b83cc19da3b720e275aa45b9d
SHA1 42d94ada168261f0f45a8bbeccf294fe6c02b5fe
SHA256 89848c5585a053213f12d0bd727cb1182f536b081051c0b223ae8b1bef5ab1f2
SHA512 6c6da1f4e7943f44047534c5e8e517be793dcb5290e525f0d948ef8be4f0ba17f9860114b87fbd5d2994a17149549dacc611fee301bf6f0990dd0ae63321c8f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\4a975d40-9335-4f4f-b18c-b7240344f024\index-dir\the-real-index~RFe5ce0b3.TMP

MD5 8eb111bfdfea1b014022940c38076c92
SHA1 85956d90342f6aba553a7a540969e1bcc34f01bc
SHA256 a6ec47629df2785178aa1937590286725bdb15e91e6213b344e3d9fc12729522
SHA512 ee0ff1ac46f530af5b76c8b3215eda45a4fc332509377cb017cebc92123398fe64411072a8ffca6225cd18bc41aa3b9390db13c38cfd4f05d42dfc0fe993b434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a1507dbe2eba7659fe360fb6d4fcbfc
SHA1 9a2a9ba1b905a616941f148695367287de8d685f
SHA256 967cdb87fbf9f0040baab6e1db3a205cfb9a79224b2f94e3bbd815594f76ac33
SHA512 23425868f5ff340f7edc1f7ce6abcbec346eaebbd87c04dea22d861f81c4ec90a3095d6dc42f30bea2ce2e679db10f4220b62b58c5ea3fcab246e7a5cab5e817

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\7fef9935-4fa7-4129-bd84-42d862e22908\index-dir\the-real-index

MD5 1f46c9238a54fafe9c5bc5d82f14a505
SHA1 d5cf88ef46287fdfbe670fa285b3b954c103008b
SHA256 c5e16a9fcc1e7e403a54c772efdd119d1571f9bbd3fe9a6e9425bea4e514f240
SHA512 44676d8f2fb7fb73c8e4d8586f09d913b6029581570620d0c734f18436c65c2d386d282ab0e365d68c62b1c03d25f49d22757331c5b2fe459466b7b6234de3c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\7fef9935-4fa7-4129-bd84-42d862e22908\index-dir\the-real-index~RFe5ce631.TMP

MD5 e96d1a6117d0854346f758092433aec7
SHA1 ee7430a6a63bd85daac7ebd0076ccf68174c4c0c
SHA256 c52e8c5dd4d3dd7bcb6307f34fd089cf4c8b7b7e1326e3de69916f69881935ca
SHA512 d00c6b37bd701422545cbc989708d12be732101c3a6af786211b8e6433973edbf4ab41851ef458b16fccfc2a9e42b271f8f6476117d33525253df6bb8607341b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\59bbdcce-e4fb-4e86-aa8f-6c07c8d8318e\index-dir\the-real-index

MD5 a4d11365fa026d7eec32ec056ecffd20
SHA1 f6945d6d1e0a205575842bc858df708747a54d22
SHA256 ef5cc5e13d57ecd2b13a4aa954f59ea55bd9994a068bda715c436e57c4a2f415
SHA512 ad36dd72e553b74ffcd2f27ad391ffaac8e5b0c7dd73b87fddb32f65bb44852df083cd143dc559b4a5633e5d27c779a5341d6c01977fd175e429d47b27aa499d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\59bbdcce-e4fb-4e86-aa8f-6c07c8d8318e\index-dir\the-real-index~RFe5ce660.TMP

MD5 bb8bd71689a9448356e3f0c1cd1c0492
SHA1 70aee9e6e4f50715eea3ef408dad52b91911602f
SHA256 07f0937e7b6cc711e6e7643007e4af1379675668091c34677c78b85362ada572
SHA512 de160767c27f07d84381091c9fe6d0b6f7a9af0233a3dce2a735672caeab30a152e1f385f7c7f21a098b6abf85f986ceca911572a6706bddae28bd55ab9d897e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\9e3afced-c6b1-4f95-b782-adfb18e9b105\index-dir\the-real-index

MD5 09cae33f37b0af890066d73eea5d3b11
SHA1 c476c85d6c258de04b79195fe7d134a8d6a69c66
SHA256 8cb679771682985dae94956a4761da3f54bc7d55fff602f0051f459ad73596ad
SHA512 5e2a505647f7305bcb1c28bccfe3e029bc2cc561e06e8370ab33c1d659fd8baa9f6d9a32492dcda4a1c5c89229aec95582447dc5d1c4cbe38c50de3a6922db34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\9e3afced-c6b1-4f95-b782-adfb18e9b105\index-dir\the-real-index~RFe5ce6dd.TMP

MD5 adf704651fc559555e261e21471e905c
SHA1 fac24b2443a743c1f4d906dd69c2c239840626de
SHA256 43c3f026ea6bb469bb9c16870608be507341b68904a3629e03225f2e5d06145f
SHA512 11af2c97400a23092b6ecefe2bb1e1bcb88d6403c7f8a924f8faf72fc650153bbf2cffc87042058a7217bc47956cdbed1669a94bf0dc29f0cbd5255936f74c85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\8eb022ce-a44a-427f-ab14-8d254c7727b7\index-dir\the-real-index

MD5 b3f22b2becac43e6ba54e817ea249280
SHA1 e6f0fac11d04d36e564f8da9607f627db397c2d3
SHA256 a9f5ebeca935b9641218173f96ae82534bcaea763522d8009812d008ea1033e9
SHA512 cc98e20d59d023e2438749d477967fe52dca4c3d3f2012b8c655bf8959d238bf42eefcd6d16b1416f4322d0525ad0d01c82cc39c3fb92029b644d3b7052cfda0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\8eb022ce-a44a-427f-ab14-8d254c7727b7\index-dir\the-real-index~RFe5ce6ed.TMP

MD5 8aaf53fa9da7f430dd69f210e217f7ea
SHA1 2d93fb777a8f871c89b4a9e25922ee22b2238eaa
SHA256 c2f3930a3c296668c21e616f39390887d00373c5917f40519b49b7624ccc661a
SHA512 86acd93a5d2325c84c046c68d5c5674068e84d298ae2e6841fc176993757c4a6052f645a79cfbbe944f2ab358305eb420d41f4533172d6fd3d0e6265227723e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\d5cdef8b-d5d7-491b-85ea-3e17c4aeb110\index-dir\the-real-index

MD5 f3b419fd3dedb58c9a7826aeb548732b
SHA1 3970a6633217b235be529b6d7fc055596c91e3e6
SHA256 fc0dcc9313226c2cb9ac2b3facd2101a4e9118146077ec4d1baf7ef810900b7c
SHA512 2190d9d6b141fe943a688b6479f504b81c6f12cccd00cb08388e3dc0f7b03b7b223d9ae402b88d43257b6b3ac3f1bacae7e6625b07552e159d566e8c1fd28c49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\d5cdef8b-d5d7-491b-85ea-3e17c4aeb110\index-dir\the-real-index~RFe5ce96d.TMP

MD5 4c2c843a6512bc1339bcd75ec92364b7
SHA1 ebf65272db15de75b4aad3775d12d8b999ad9309
SHA256 47610b67148700dbeb5abe54b3c4572413be9dea1839821eebff5188808e8e0d
SHA512 367ac02f6a724c2ec72d7d43cd367ff4895da7fa91aee6c53f4cce3edbca0b240a115d4d8ece51248659c380f3fd6bdc2aaeaa7e1e3cd460c44880bb6481647c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 4abc1f63a4c0dae4e984742b8b70082f
SHA1 42cf7f8e363397bcbe4aecb098f199315f80bff6
SHA256 0c19bfec62a1c33b8ed6061b2c2bae3ada6dcaf1369dc042951ae5ed1a67629d
SHA512 e3865b32ca4ee75e699f02cacbca08da67c44aef664ad3c3aeee3e574f436c02d820500a82fc1f6a01c9b0c7cd1785490b46c02ea47e8fa29835041364a2e6fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e066f4e157f1cfc2284def651155c6f
SHA1 5dc110dc577076428e9a0f3b7e8abec10adcb3d0
SHA256 6f3e1398f22a1fc8915082e128c9792c84bb64df7c03f7294c4f8c2b00b2e531
SHA512 d9974d3c99dcb31882eb600af726ba6d99a5b103df02731627835eb4724d9589f19de5e37be55b4db30a01fd16aead2740b13cea2edb21c86fdb935aeeb7c124

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e6fddf61e6e9c5814d8bc431f5d36ac
SHA1 363c6fb640c6b5d4eb4c1215196d2e5b7c797871
SHA256 33db860e85df1fb09634b610c2babb26bdb30632137c18e706074ff08fb2931d
SHA512 f7fb5f3594b9bcfe762ce2dd43b2b3904408e69bb7b231a872648350da6562519680a88d58a43668c66e7f1ed017bef7ecd6a053968f6241475f9840d641280d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 118c016ddaae8770feb666b502dcfd29
SHA1 15359d121036deb9ae91b4c483403d9333efaeab
SHA256 657f3ddf61dedcceb9c293583b257e9c0771a49153d71f381f1423064b3b010f
SHA512 a13a29c30a87f74405f23cc43bd2c7bb386658855ef7ab554c87d23ca4bda1d6a5f63bd4b70659cde5aa5c1a5d30a221c23acd4697c718db6addc3afaa000421

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\48cce754-f337-4f88-8f46-0a9169df2831\index-dir\the-real-index

MD5 5ee7cf0e9d112eb34bc5975389714ff5
SHA1 ed68b710d7f865e39bf8edd082b4dc1481744304
SHA256 0c76c80ccfbf49fdeaf6a523f46aa91dbca18c46865c5681e03d8d7203a622a9
SHA512 705733b61b28d4668ff7cd9cc3579bde5d49ea7058f6aaabb212e7259a33d9e395e7974a4ebfd5235797947bb4bf38fdec9f627519afd72c380fdd859a763873

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\48cce754-f337-4f88-8f46-0a9169df2831\index-dir\the-real-index~RFe5d1986.TMP

MD5 dccd3d019573ca3a9418df1160d53aa7
SHA1 8638ebbbd99a81e2daa90a0505c1a800fd6ef4f1
SHA256 f66cbb545df69a5489cb70eaadac223a0ac2afead68bbf7884698cf870e746a6
SHA512 125a180bf12ab74b1d8ba00b2af31f0645f67cc908eae98a1b5a36fca85bc2f06982a1d61d1e8bf53ca2a4c90bf275ae8a0334d3b1209bc34c2fd574b0442dab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\2eae365d-d6f9-4b8b-97fa-4f26a5fb3e37\index-dir\the-real-index

MD5 f2ae818162e08ddf2c86aecbb8311c3f
SHA1 00ec2abeaebf486003df6fbc9fe2e472402011c2
SHA256 835669e9b9b0d55041efbdf2c162172c82f5949f81ddac1523eeab52cb16cf03
SHA512 650d41b7296e3d272bc1c4e89f19ad15edc9cab2a2e382cc6d709295f59a8330094122eaef8653de15af35632960c7c691a9386a3d73ff7eb13696504378df4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\2eae365d-d6f9-4b8b-97fa-4f26a5fb3e37\index-dir\the-real-index~RFe5d1986.TMP

MD5 b221998073232bf80a3e39f2969df80d
SHA1 e3ccdeaba246862788fe20d06525bbc4b46055ee
SHA256 83195732938a2a04573426182135e341b6406fe71b2592a536c9d536ce22c4df
SHA512 6fef59bb3b491be0608ff58d7af935abc31b855f5e7b434a1f036db06fb11e36766418f8f2fe20297af8df614b991c080eb6b12fb4c025007df127da4f3e6efb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\index.txt

MD5 60ffa2ee629b6eee38b020ae61a9f802
SHA1 6e4f1587560b388e2d8437763cf4115ad939d098
SHA256 abebbd7ebc54e93ec6d393b6366e5356dc92c14c827d5ea06b0dba8e3642d1aa
SHA512 668463857d5b0ac9c4d09d584a4010f8f1acac66fc4e921a553e2983734f3686644d1141f8cbb36187b8204e856c644f8d7a1ce93b50a6b5196d57d3c291ccb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bdab200a97d3e0fdad8758ff3e6631f2
SHA1 55ab4a38a2ba21d452bfa3f0ebbb5b0e0737a40b
SHA256 d612308b165bff1693ac11ae7874fb560d43da7e6128c899edea77626c1cbe7a
SHA512 5624eee3a343e7dd3636141b63a1e3515bd57d427ec1af9ad17f95931c9fc85a26be32f5f141ba90253707a43918876320b52bf28d7eef9652361e51097300a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001ac

MD5 75db5319e7e87c587019a5df08d7272c
SHA1 92b30527304b5dc80f45e997e0b1ac4c70110a18
SHA256 1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6
SHA512 4e556d80b52ddbadddf9287f6cdaef0d12113d0fa4a07728fd67767b97806eba5fa0f82711f71e76ee2875192d7618a9b6c277ceb6d69a30f76ca8e3ebb74aa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 890154771ebe484fe2abe95412a96894
SHA1 0e015ebb1d0ecd71fdef71c556e7379bde945433
SHA256 0ae8a4f0e119b0dd358578837200e66df41149f14c55842c623691353c6961f4
SHA512 76fd3427eaa0ea2f4af295de8ee65a68c2dc7c5a5bafa311266b5c42011084cebcfd2e4f7193f5f2e3df3aafc2dcd3b07b3902246b9246c5a9f463ab6b22fa9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f52d37ed42285036de67b80cc0190c0
SHA1 f90bd3d27ea1d34bdc281055d80ae19a57c3ce37
SHA256 349a9b8e5008f227d6db112996467e424e0f2048b23e28f57d618dd1de41ddaa
SHA512 15f238b967a2e5507a4d9bf05321897fb4a51acdb9f25e4c85ca0dc906fea787e3682cdc3348e34cb196bc87b975cac566995413b1b4c23b74ef66867b8ba780

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 5245153845e24890945de9727564eb4d
SHA1 9397bbed38698dd3ab2544121baa4ac1416e4ba6
SHA256 2f5467e656427920304cb175dd6829158f357b719b570cd4062116d3de1f7b77
SHA512 2ac513d3d8819c6df74347832e85bbf969dc72c496aafed7f5fbef5b92b7842dfec2b9a921364a4c1f6bd9df3569c3e7a4bb13ec57841223c125cb58a9371d2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

MD5 a9a933ff3e776145d9781995a700ca62
SHA1 d9dcf081eeac205158b9b4b769ebda20eafb3350
SHA256 c81f7366b5732aeb41206d3445cfcc1e15288940ba384d877ff7f81b1ae2b041
SHA512 c11768462ce4dc7944cc4bc07abfb6434bf01e4ed3929e0857b2edc98ce6957ab46e98ad6363176836b239596b5f34349d1f0b8a040e52b50394431f51a6ae8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42f4ab2a0c6e61db736cad84f87ed1cf
SHA1 37abf228f8c0b3c7f7866d9119113c6e1922ba47
SHA256 03760f5f1f9625f17c29eac723fb23805a5df05467407488661eeca51afb74b2
SHA512 0bcb40b042b04e3b03d22c5caea1d689c0efbae56cf6d271dc31ecbd7712b37218ab23c0fb0b9f9305a4b2516fae67b0d1da23e10ad16cc9a83d635fbbcf2dff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 18a11a0f1051ce6126b6c5845d919bfb
SHA1 411a70aedb3512e13d06465892a47bea0a93eac6
SHA256 d60ba7ad65df2d0f1acb007c34ee738819b87c922f24ab72b70de8843bbfccd9
SHA512 6d2c56cc2fb25672faa8455517006af0536f435382e7e17858a76fb2fd11c2b39df2dc3c1fd13c5ce1196313fb747424686df7cc9302bd28cbc8b8d2e81642d9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 49b78e558910643b378937ff7911d745
SHA1 6d3d3767cc592eb30a32fa94619f8a9462593a77
SHA256 536c4d83e96feb641e052121481b361309685aaea86704694ef177eec67cd26b
SHA512 11c402bc6f82fdc4c2ee1d9de9eeec0993941fc29ff91f598bd082d4a20553e6421937f31101e9d17c97816f558fc7756af328c9b52fb59a76031560ce70c921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00018d

MD5 3c04e3540edb39ade37c870d83d68f9a
SHA1 d7e84c4167d8553ddd10c8ecdaa06694d68e7da9
SHA256 1add9d42a5f13c784fcb798e4202ca5ade07d39d757776f4e786c67188bfc909
SHA512 48a6c192565a6bf78ee4c8250090e363c18d2e2ea53963f5d1c70ab9537817a8eea3d2d4cb7a1bdf85717d45dba6c864767a8c3e5bd71d2d510ce997f03558df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000184

MD5 2e98c47a8951a096486d6fa9cf81c536
SHA1 a3bc21b062f36082b17f75df6530b4c9dfe3f687
SHA256 d3d1897b62784cd5e389ccb8d0ea141d2ccf44147d06d6ee9590304ffcfcde96
SHA512 0109a11c275d4a9b41d570733c82561c77323ce4b6a604f0313618f3848db53a1aee0a2bb284ca80c3e760ff053ad95d75ca9fc0d9b7b83c2bab3bfaf979ce11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66a565ec07cc5ab12105097f7fe9c945
SHA1 8ceecacfa451383d4ec34bdd18346fe672bea4e6
SHA256 b8cf9729c63cf1f8939ec7a2432143e22625ea22419551b8e45ce43482065005
SHA512 01261cbf680db66fe1affe4cf90ed1fd052929226136976e6f497c0c2f3fcf37291c924cfcc62690e018d27c2b8c22d83f91ab5b01921515c2bc26a490b9f5c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a7

MD5 171e6cf25882b3de492c41615a30e2b2
SHA1 a8f030a4d782753a125490db737e669e398cabe5
SHA256 8982eb7de3ace95b0bc0377bc1c343d73644a7557dd262ab44c1b9c60054ce1d
SHA512 0d09e0a7b84484dfc1b8c5a4ceaac2fdfbd8b543ab81ac3333be4cb449e01cdcbbd03e60ecac5c5d7b9a6924c23544493dbdd8385fda43d8662f4a189f392f79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7856a24dfdadc7b74aac124bc920ad3f
SHA1 3688d6aeffa74e5e10a182fd6710d5449ccbcc78
SHA256 167c1a902179a537e77f5c632d276c5dc1e0e829804592449c546c4ad9f022a1
SHA512 babffc7944321a5cb1365064b53602cc9e6bad42944b6b513d620cfeab70cd81295bae2001e97915dae60221576c042e63d9f05d2814f0103f7afda36cf92f1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38e83f166fa8dc25c5abb8b3010592fb
SHA1 21a1f64fe9ef39daa6dad09f05801e662dbf1ab6
SHA256 d4ba8b5d6bb4d76846a0c419c9c0fdfe6a5bd371c2537d59e7debee0e6dd17b3
SHA512 53b8428e44ae29e7501859a987473976061a30d7efa936ef3797b62de8f09cf52ffce41bd54a4ef35a06089b556dd2fd3ec1054aa4443e141c098e8cf3f20259

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\48cce754-f337-4f88-8f46-0a9169df2831\index-dir\the-real-index

MD5 822b3f80c23deffdabf325720ace2b05
SHA1 ddf7508df1ec41be967b9058e5103cb7d4a882cf
SHA256 2d10ac37de7eae433bf1d7f49e9fc0ab94dbeb2cdcb0f0b696bc5fa9540baa59
SHA512 a2ef8ab91a8a0ee9b103a458955b8aa0d434fd4f31aac263f7ca8ad8a57fa26c67f81ecdeb738baff3b5b65c5c667bc01dd9789b2f409848cc98d0a3792879b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\index.txt

MD5 dc7f236a84cfa8dd595dd8498506c048
SHA1 9f73273bc4e33a9795bfd459774d962060ce3407
SHA256 b5578706a518e3ce004a0998a2b945e7b94b3741cfdf50202f5fffd3342ab1e1
SHA512 f40672d054f1065f8fb11888b0c100d364280caccda345df44b9a75ac72825848903beffac1b6f1de7223e0d535a8ba9b9a9687db1fc98765d42f1e6ccbbb94a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a9

MD5 e839b57debc0f67f9345f6641e0ef04b
SHA1 aaebca41a76acfe356f3f1d33906cf0333a8f10c
SHA256 54bb00976ab0c91ac61a35ddc3b5d0b474f3cc3de0e46f74e8e3256427adaee3
SHA512 cd39128cc97385e431ffd7101fa1af43ea65272bff42d86fe0f1444a7907548cd4ac32c340dce0aefc736a8186c49732bb8f79705d1451bc0abfce7e0386934c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1ce7fc020a72a22d8c7a846f9ab89c61
SHA1 08ee6e745814ce69bb622e3aeb5c08f1208850ca
SHA256 d7f1b504411e0878e4192f2d4e04e58896b812cd103fb3b622267ce4d02f7fd6
SHA512 ffac18416f42ff1ff654f42af0a5d71d55e8a175f588f9c6e2e2301cc65c7d9276786bafaf94539d70f59fadd4b50ccb0c42e140f66deae2ae751ca8db069af3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fdd6e0cb12c1b43aee2e158c497eec58
SHA1 be0b839c752d71628f3e3205f0da944f17be5748
SHA256 039402bb4be0b0ff6d9221c0b93352238eafaf88e2c5cd04d91f3bbc70d21395
SHA512 20cf64bfb2f94fb7669f261d7b392d26e10c60c2f78e7e6910dee044edba24c24821e34d18a70949fc1681fe07047ca064aae7b6dd4847ce56469093594e5ea4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ef00cf40f2c8b7a7fa368c9d662abd8
SHA1 fb17eee304dc36a1dec1b2dc56b202570adf3c7b
SHA256 39efe57de59bc386cc52978f058ea5d55ccdafee0dcc65f01d3d92afefb3c460
SHA512 a6788dbd67ef8e22f2f6b8889324209d32e1e3c3db5dc4c5ff6825776b557374674a8092d24a4fe43da6810d5347782f1c657dd72d29c9e456a8c8cfc93fdd6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ac42dddd8d920e707f69a406999578e
SHA1 ea069fb7610d26f0af9a99250b69ef4498e96148
SHA256 9c04f0f3e25976ccc859794319c3ba6c20ce4c8663c3d9d74ea35d90299aa5dd
SHA512 f50f1bee7bc12d81639accfa68caf2b2f78f4c829a3c496a6b9486e72d2b0b0da6b2091c40bd3b85bf2bd38292d9ccccc1509a644a0150aaa239b0c8e998dd05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a5311019a17b1b4366c1a62d3a0cb9b
SHA1 4847b185f0bea014bc3d07c89a8cddb1395e0a89
SHA256 5b7893180b109dc10411315c2927d29d89c3c29c7ea157a59492ffb590fa0164
SHA512 37f5d15cd6a6d0864ca14cc8c5c2e8a329cddeb6f0496908c7d51fd77c8f477e3d4fedd335974a2ddc38026841fb3129a1446b1ae788bea344e36fb649eb4f9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8f70270ea2d577333954b33e5211ef6
SHA1 82453c9f73e9900646aeb2e8ba242e247b4f55ab
SHA256 8528be80d2182c2d5b6355bf6432855ab7bb5ae75f60c5f78b1b6ec509baa0b6
SHA512 6dbc75a1ca38910454264b17f386c96f2f673618858785088fa86c19d7e0e23d0e98e79055763a6a996dd3196cc73233b69217d133538da14f71676ae0ac78b0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 8d64b5bf4e94e2015278e321cc658218
SHA1 f5f946023540fd1ca04909f92ebcf122718c0a80
SHA256 948c4be606dfcc9a72c68548d7a0bdaa2d3ba2eb6b8930b1ddb36669b3bf1c04
SHA512 8e51136566beabbc29865d6ff6d446c20d63159c1683c73604f889ff54b14c91a7e66c824d65ed55df83776106c2bf639be9ed9b8495a60e3c7b721380e8da7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

MD5 1c1fb43e9e66bb4e04278129c0d98e58
SHA1 25e45e18f82b0fa31a4c7f7a256b991061fabf76
SHA256 a393bb0a0e5a15f1dd902a4514184e45dc3b1a07788c0d25ccd66ffee64f12fa
SHA512 f11776bb9c4a2e1fbc58cd72c563cbc77cf580dd1fa62b19f1aeaed7c6ea40e411ac9fd2507d66e6bb0926e99f6fa315c7119719c8399405ce5fa367d8bde915

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\LOG.old

MD5 7fd9187f9a35241dd813df6c43fb4cb7
SHA1 ecfec97df1d960b2a250cacab81acf718ab7f127
SHA256 46060b73fcdbacde90c5f63c0290210c44c007e5bb78a53eeb4b86382dca78ee
SHA512 af70b0a52b39fa702cc2f00c8bf535e5cdbaeb5729ad58f6bebd5be3a05a331bb987aa110cec1e03042e370cacae6b88abba0819e1f12e786a9719ced19dec73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old

MD5 cc2f06dbcf10bd287acaac74428a45e9
SHA1 b5899ec1fa6aa45a1bdd0a5684210ae787b7379d
SHA256 bb2fae3c4d0203c83abb2bab68edf3ec063cd4c1b30e54b760202978b55b8884
SHA512 da667296eee09e2e29de0e14ebcdad7ee425ab4673f509ea54a2bb6602f56475b36b157eded0d8c0317ee0aa47c3e4245b0640c5cc2b1d5a46e23467183023e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old~RFe5f0112.TMP

MD5 cefa7990b8da98da7914d0217469bde1
SHA1 e3e1a85155c7fb8d506b399384e1122a5440efd3
SHA256 5a6abe1d971c83d4361ba52d65fe88c137b374f2e508ceb6dd1c5ec8c4b75dd7
SHA512 2980c1b7af8312a9434a9c641192ec14fada00bad562d3f8178cfba29b2b8ae0c4c8a941c443a5f8713d0080b2eebc598384022fae1866ca425859098378e5cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a9fee7bb0ea5f61059f6e7def1178c52
SHA1 f09b1ff1e12cf5aa590b6deba8f9db0554467d6b
SHA256 c7152fe53c9989a7ad7fa85e7a184e1ba0f9e0258609b8136b73e1a720338660
SHA512 1406891b8eda8526c2fb11a3bce3e2b038cae0f40f39cddec9767e4e9c54779f54337ecf0a581e6ae265c244469ff49f24cfa8238e7fa063e0e1b9d1e1dbb5b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d5647331e1df56944e6180332c17515
SHA1 e5e83186817ad1ebb3caf4b933fe35aec2f19b5d
SHA256 3b24546fbf0e8b6c7f9c53c76bf4ecc7b71bce859df7d74b37309f85ffc61c00
SHA512 bd5488919586ac86cf1b02ff4ab8ef1dfac17e9a7d86af62fab79e999541a6997019449b176f8795a28897cb0f804d87addd147ca90cb2adb67d23f977685266

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 a36bb86d11f92b93623b1a5d50b400ad
SHA1 868cae4150c359cf046cd63cdbbc53fa759b689f
SHA256 8b6032b67ed4687fd7be4d0cd61614ace157d5827c3063225e07a20be117ae2d
SHA512 16d52cc2cbd22123072d12ff3df003dbc09d4af7937e02e5e4c2b7a16e80b98cdce5c4f8104661089a935278f06bf858580b63ef4af5adcbf56ab3fa6bb2a5aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 5551bc7ecd0b8bcc72ef51f5942d8255
SHA1 39af86ff3ee7132545bb581b0b7028b831da3581
SHA256 af5482e281b80e87f9058d07f42ca208be33bbb821e1c493c3766478b4d4e346
SHA512 bcd9a67c23cb8d70fb82164464be7599ca947832a65113041ebd52f32c9f738392b8fabb2e9a1be2d5791247feeccdc344d3e2ba11472e79a776af4f80bc5a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

MD5 8b271de2dc05ba8cf6e238724337b9fb
SHA1 4c7a21416d6027a2a95c3d6a38e97452e7ab07f9
SHA256 6e04b6b12283594a6c773a155557c9158e0a11b1845e458d2d54b8e13bd31066
SHA512 87ab59b1ff7cd911c3cf54835ee308cbcdb8cfa755bfcda07308d9058f2badaff0bbf0f2772ccfec45025ea7ee0c8b9f20a6b3d34b6dc060fa85d3f7ae6d01f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 c862fedb7dd6b7e5a2a2dd2e19a2d3b4
SHA1 76910ba386293dfd2ebeda67a0ed91e3abdcea7a
SHA256 be1fbb0891d64248740bbd405b154ed7474005b0b7df9956bad8aa83cc2cf1cc
SHA512 0e52862fc8d72c4afa8bcc8516db1ac194aebd59ae3fc09fd309c90ca65feb5b17e578dd14158996a672571c1ee2f430525123199cf83d92f61729904dddf237

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 a0a257fd1614f4919baef0cc2bae54c4
SHA1 d0f848a827514091d4bfd7c343009e74f3c2c101
SHA256 2a0a62a5b4719c647e6475719d0df76381fca5a25f439b6ac3a6647b9ef778de
SHA512 d18e567083ecfe648ccd23fbee1d091586e549fbf7f582dfb0b7e577cda0656b02daa9d5158cf26d586001726332c36f2bc844690daf868d590fc284501009fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 a780ea2f069d4fb4e811bf276cddc825
SHA1 a64dfa60b77103173389f313ead90d68b0c23af8
SHA256 91e9ad1efaf3282041ad9ee4616c3b3d1ae883029d771137997388f14b128374
SHA512 9504489431b1c02cf1c2838bf645b7ee3f06978780d799f02e202b5798cc27b10a0fc088eb2d5fae0fae05545f9226e29127757a9ba9b086433e7f7a5e8e67e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 54de8ebeb095ed68a96176a6e51696bf
SHA1 8e5fdbd5dea81c29058a6fddab2cb7681455fdee
SHA256 9ebb9a39b75dc6b7d755e5e7056e92e1352b647c062a9ab159220e60fd3f9dfe
SHA512 7e21e122ae65154ac327410d1d5f8654d05b623a4498f3592c592564656622980d15615c8f57ed911243e0ba8a2490fecd9bb832768778d7feb062dc17834a9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 ecea348292e8e253a71cfebcb385e20a
SHA1 aa9d12c0140bdefe21b7f5a5c42c9e9a4417b0ac
SHA256 3a2681734b46a7e0b97d1ee5a71bc7e15dfcd2bf0ef2b1f7266192de722aa00c
SHA512 a7ca0f95f7341e23a0505d44de20a09296321b22f0378970690925cd05f179e557cbbe130da8f07158ff3e3eeb9b5f9080427313e252f892be6634270a48fdd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d8f10b0d24ee870b89789992dada25bf
SHA1 c643fcd06d27546467d47b88b4d56c2d1fc80aad
SHA256 6bf825859a8bef66e28f70f4e82594f896306473e064e11e34b00514252746d3
SHA512 3e1037371d66d5019a5b3f418a0c35915e49e08ec15c45c76fb43f5539424d904013099cd1fee0a4e7c1f34835adb9a0416d2c1fe7b479def2d328ff4abd0107

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e24f9adfcffbb1a7b086ae35e6167b05
SHA1 81e9347aa477314633e7d6a7d4a28f97b25540f0
SHA256 e086d44d6cadb0ce577a28f5efb46ed65a7cf3885dd40aa9b375f08b0b12a797
SHA512 e4834a9baefc8ad65947dab11eaee41f347cadb0af62247901003faca813535b9e6dc4577c41716c74547d5916582393033127a604ba3f891e422767dcf8797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ae35f4885fb51521471bbd17ca911c9
SHA1 8dadf3d538464fb1db1539d53ffeadfb6074bd45
SHA256 e9ad7ef0ecb38fad606f25f7e7e2bc9d63d88ca7a71db83cd8e1c5bc62af63d2
SHA512 aa02e1d0f2a60627b141f9bf11466e1446e7bd99163b74249840d23244a5b5d0b8f8433cf270e52be6127ebd42dcccdcb1b2cf514af005d7941593773fc702ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4bf8280996368e24514cd2f05b2915fe
SHA1 cdd6335337eabaef1625da22cdf0c95a612a2c82
SHA256 43023c70043dab5408f6b4d4689c258ea60e95641ebf31ca189ba9eeea4e1e31
SHA512 39dd2cd125b4155e696ab5f0f3791545b04a56b8586260775ba7e1ad6a7e8fe218c0f66fe4bdc1f2bd838c1691687081d3216100d040dedc481bfc65f31a0e9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001cd

MD5 4ef5cb527d4a556d417dfa0f26ec16c2
SHA1 66760896f42db51b391baf2955a5d4be6f97eafb
SHA256 1b850f59b1bf988f07e32c949c0a28a84b78df0f68b99700e396ef06f0130bef
SHA512 266a7f41167dab04446a6b01a619cef8ba8f56db652903f0fa407a5ed960f65da6ba817c4dd2843661e4c7b827dfb14eb75b4f76639403f9f8cbe28967942bd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\4a975d40-9335-4f4f-b18c-b7240344f024\index-dir\the-real-index

MD5 86ee762d8cb465e2b5116f9a62cea933
SHA1 ed03a2fa9b98dbf34b21e0faaa9d8abecea86f4f
SHA256 95b6563fe2cd2b59a258027a7aeca15c693b24f7e74f89dfde5bbcb88b4fc505
SHA512 5347bf34995b036eba2d0ee7b6cfa499feee96291d77c93a299ba473d7ded5613e8a2a248d6af412b7cd41e5cf9e9872e72dfa2ff9e5a8edc15e3f1a15b8b18a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\59bbdcce-e4fb-4e86-aa8f-6c07c8d8318e\index-dir\the-real-index

MD5 cfd80bb4796f3824e3efd969b5a42f36
SHA1 76463ef632b36d7ba11f559d8a1c5301c81751a3
SHA256 b71af9ab09296019133c5b960195e21a9137c25daed6a3452469769649addc1a
SHA512 17f6f09d1573028ec9bfaba44471465ab2d1fa94b1e09a7807311288850ee1f5aab4fea252cd642c522dd1e33125c2e0e549e7685b46383432b24dca370c7c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\7fef9935-4fa7-4129-bd84-42d862e22908\index-dir\the-real-index

MD5 a5917b25de0fcccbd453b016f081d362
SHA1 65b4525805985b28f9e4dc4e12b981c3d40d72a1
SHA256 6b6712b46cf7bca62126e6fe23f157e7d4ed0f8fbc9d7a23f976b89cb2600e43
SHA512 141258ab5aba43b78e4fc8c34ac8094b6ac121b0f685fe433c0a8214d97bb4424cd6f0ae7212a91c3fa3ffae291f084da917248de4788758087a4f5a3548a44a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 674ff97302fa6db53f89d884344a7686
SHA1 17fc24c68947cc6399451166060cd8f39361ecac
SHA256 6e4f28391a443ff19fd653d6ad20827cf26e35ab82d2613b3b586dae7b413cfa
SHA512 50e1c3ab011cbb86f1cd84c3eaf58612d2ccc23d8e92ce26fd644bc819f19d5be6b860ab79ba6577cbd7e60a472698584a851ff25ccca75c24d05bf0956c5d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb5df090f7f0817c5491813acb8d515f
SHA1 1906e44ab272ffe2e8fac8068b70ab8a8514fdd3
SHA256 cbe379a952cc25d4548e8febb0f9f94f4b5c77c7c1195750c10773369143a072
SHA512 7ce201c6fcb0a00ba6904fc95c872e6b853f336ad5a863401ffec72863207a18232fc5959abe4a99524a10cb817722a1dad76709153c7f1408941e2037eaf523

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\9e3afced-c6b1-4f95-b782-adfb18e9b105\index-dir\the-real-index

MD5 0a89dfaa97b1ec4c076a9cdf1d67c391
SHA1 0eadfeba5a444010eb413d7038853abb7fcab8c7
SHA256 7511f9f5fe545250fa73973efdf9013096534dfbd6931fd2e8a10155a2ceb195
SHA512 ed8a6b28749491a5013a2909586bbeaab556f942c362136d31b2f66b96ae4e8d29179e7f0e68e23d64a8f72e99ae67904a2c3e3a2e1ad4dfe14d808beed9e421

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\8eb022ce-a44a-427f-ab14-8d254c7727b7\index-dir\the-real-index

MD5 0309057fa67b790b7eaaed0364f34fc6
SHA1 dac4afe9fc6bec75ddb28d9035c493a3904c0405
SHA256 0a10e37664477a7a579cfe5792f2b8bd8eccf18e9a5c4a6e935afb58602de800
SHA512 6523ee85d6362c0ff3257003595a3a40925affd71bd66af16e128bd30fd0a63c49d82fac23a255d3b2102e8e78fd23c9a53a18593b8a7ec8bfdefda1887a9282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\d5cdef8b-d5d7-491b-85ea-3e17c4aeb110\index-dir\the-real-index

MD5 d44aa89ac9b044c5f4b290e9cf7fb59d
SHA1 397382509ec5c3f2d379e29b70062b013d25797a
SHA256 28b559808808ab229fd2237444940dedc3973862a34d6ac6985fd3cfbee4f187
SHA512 5f98ce94fbd4916acd60aa3c456ea421f22afccc8f56bc3fd6467e085eb7f3ebb0879474d3dd993d29a98e459047a71d9425bdbce64c57829a45d295e9351397

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 1cf51d576b11f9d1a94429267bf165b9
SHA1 e50c5297a2669f4a3aebc1435ad8ae5f126dc434
SHA256 54d9b66e617c208d615a231b7c529063ee1a501aac7e7bfc24770376cad9fa52
SHA512 14beab7c64de374cda2b93f05c0e42a605dccae212384fc92c0be3306515c4d10b514ba4a370f628428557dd366f15d2d25f5a5bc6127eba569ae05c29c71e0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 73f773ffde5aaecf234202e5f9b81fe1
SHA1 d4576fd22cd1ba9b7fe063e8a3b4b9b160b5a936
SHA256 d487f8d30f9157337c6f7bb5ff15eb7fa44d51dacb2fee833d1b47cf46b656c1
SHA512 555f294a942879f09888337780ac7ecfcc19a8cebcb52fe13a1ea75f2b84a58cf8c6104b5b2e7d581070871e86e1da0d75f14a6b000b2fa0d1bd059a5fbc5c40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 828e29ba04e60caeda31361a1c889aee
SHA1 5f91edc7bd1717e9b7bdc265040c21871c185190
SHA256 8c40e3d83fface504b174c90f583396aadb306cb381c4856d40c84e0276297c9
SHA512 e2bc7611046d2e318a4d460cb2e78d0d97b9adf2b6bb2c5d77b70d6c57a0410e86c663818740f12b224b722d3e219e167b3ce8eeace5734401f58e0a350390c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d960111a842583cf0033b5baf7cef72c
SHA1 9418ba8a7685ed69e2d2a9834f49e23b44ee528b
SHA256 b7f3375d5915566ec4b81668f364c87674821fb1be7c409e899280aee5aa8b16
SHA512 fd2db229be717a98bbc9e39c82a3b6ab09b75d2ac666a743a724aec25c7349e7752321af32fec05724c8d5cdd1598b6cf8f0984d6d8eca6f4fa10ad9ea43bef6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 280482f24fdcb82668c181d1acf78bc2
SHA1 8d5f0c9db05ff8754a0e45459f861ee008501b36
SHA256 8ca49416b85cd00a81be17e1852de4dc132a2b76c5255c54883bc0b7e0f61b71
SHA512 0d6da5d217ae89e66fd2d0e68784f76b3ef73d61ced47e105f628f40cb0674469fe2fb52fb225ba9ef0f166acf0e8dd2e0591f3353e3d59bd3b239555b33309b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 54a13d0cbf23b13293a51610bd7c3d02
SHA1 2e76244c56ca30b8a61b203c6a47f0feb5fe0189
SHA256 74a84cec7a2a4845e43e3185b9198e078c59b650e54775394dd23cbd87414f13
SHA512 3fe975a062e7b6759350e3a70f580c0ef32ef12472884d75fc71608f6c6cbc9687012148a17c439e8f2ac56dbfa55cbe81a10c90d901532eb48c68599835e135

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c8855cfe4358a5b877a6f6a1086d94d
SHA1 094f451e0b51bac7633643acb3143ffb664c531b
SHA256 00286cf92d611389de6eb138e1603b8b0485bdd9efa657da7a9c11eba562967b
SHA512 8f3ed0058e21ee21634c25c30073e2da04e75b5404800852a99cb9d4085af0c4775042ea005662344c09c92a02c3bc1ad4bc60f0d0c5fa504ba81a7bbb6a4cb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7842c535632d832dd5d670bfb7c8c54c
SHA1 cdb1eb7475a2392e6d1fc15a8375fa8089e04701
SHA256 bf268a7a5663e1e230ff9441e4f4b781f5d91de148672e34764103c919b21ab9
SHA512 202bd271b64b229abebe4b84a012fd86e6305dce85d1d01188191e8e53b5d75cdc1bc489a9daa8cae3cc5edd58bfa3cc56cd8a092d2dca5df961dcb79e3b45b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 87ae31ad850acf1910ee1f976e83df3c
SHA1 908316e817aa9033567597b6d30f2a8dddc0ed8c
SHA256 bfe8fa90a0e7532a73c2400155447dc3077084098cda496ded17e4f5b20d0751
SHA512 0ae5828d938e9abe2f73949d30c024741aae5ff0a9b0d7751bced916572d445e55a3474ba801a8b9659bef81dc25913bb9720ecf2294a24b58ce27ee8b162805

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7eb10ab68eb0350b3525f54b3a39fedb
SHA1 46345c23115d219452102d3bfba533a5c2c2e375
SHA256 52d5d478c733c3fd78b6769ea95329acd2fac68a3cf8824d10665eef8d07e0e4
SHA512 cdaeb1a8240fc825807f7a7578f8d2f80e844b23da51357651a48d96c73b36b65998cdc797e0caf0b54d62b9fa297b11c57ddfe342800cfa8f9531e7052115e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\LOG.old

MD5 dc95c5795e858b79475265d7d2f30a69
SHA1 f188143494ef399be121fd7de9642f11f3faad5f
SHA256 8e0c90dddf0dd274017eb747b4e939a22e82872854c7ef0b2539be0bdd411772
SHA512 2c65c8521a7d331afb5f623ac89e167c850a656c6657be0770a0f4abae9bea4ae261b39091985a25558463392db4b9bb9f2bf68149bd9659c8b388289e72e727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b02f580b21cabad27718532e1b32749e
SHA1 b290fb7ff5ff68b933de5058d6ffba13ebaebe6b
SHA256 12c85717ad24953c3e09ad3bfaf46c1c861eb9ac4b2bf3ab3df6cf15fb83dc20
SHA512 79dfb2c5568e280f57d2e01414f6eb8bc5930bf53131142e316dfdf96bc2d95d811b93a12f618a5df8a38522ebc38395b4c858b2faa80d1f0b56bbf299c7e787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 244a9837e7e818f20129c7d736da0f04
SHA1 41f485c4e86653d027d0a4721bf550b13180df8c
SHA256 cb0bd8558e31bbcef1a7977f978dfcd5fd6286b00ae53e7423ddf5aa90594d56
SHA512 e7bb83b9ae103798e1a4ef5092e0ef6b8662b6d1164b7efba518375a3a83a68fdd2ddb1de303d1bb717f20db891037d2cae08d56310a3201c33fb886bcfbdb92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00002f

MD5 913728da90cf90d8e78af59c60b47c3d
SHA1 f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e
SHA256 b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82
SHA512 3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 7dba24a65813e3f6516cbd889b1e2c4b
SHA1 f212b332ef5917ce554fcd94a6d5af89703f72f9
SHA256 dce6665c8d1f76f41ba8100a769e9b70184f84bde5317cbafc2415f435336be0
SHA512 3ea9875227edc42c03aac5b68450e7e1e1d846f63fdfd6dc9a531084652efe712943218aebbda08b257b99ca639d22437be5a6871cea80e2770ea5c298ce4fd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\b5e2ca2d-43e2-4dff-8e8a-3697eaadd748\index-dir\the-real-index

MD5 0279b1f2e6efc909a20690102663a0cf
SHA1 65ae358b1ba9c3108230f70f928882460f864489
SHA256 bc0c3a867452df12c7069db38e6d8d91ec609536dcd551131f3d3679b8a33913
SHA512 2fdf98b40e11a1382040e62ea8f3dd673c7db2f38573202d1ebafd33f3dd8218e3c5db6c354c127519403a4a66b2fe100237db6b38953f6cf5d6971658a357d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\f702350f-0a13-42ff-8d09-f3d3b7d223f8\index-dir\the-real-index

MD5 2d50715bea535f2a946f0f3fe15e2a9c
SHA1 ffb2ec751e1eaea4afe97a60146399ad408c8f22
SHA256 136b7a3bd0ba1a7279ecd338abb68e5b2f9c896c37357a6cb2aa051d29ea712c
SHA512 376427b3bb35fb45e7753a9565ae2578efcc60b6c926e65bf979d92fee55510af9e8b3a37d44acc6a88c2d3345005bb024aeae4fd818d2952c3e161c4a223c3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

MD5 a1801469ab687fb757e032292ca41ba0
SHA1 73b853dbd2e329ceada43940f1a0da9f24d7afce
SHA256 56ee72622f7fb308aadea59e8ccb0d4b85a2510cb85274644336329dec08451f
SHA512 d8c202b777f57e5fbdb2fbd0cd219b3751bc0689625db28560bfaa78a60e1d00a272422d93cbdd2a8d2c387ff7ae597803448fd1d288f869d19d7bc1c00f251d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c4e068a8c9d33a37091786c720464bbc
SHA1 03f92f6f397bd79ab507ba45649f57a8fd8b5670
SHA256 c68ed6800a3c49b19abe82b7c9d45b4bf23bc3750497334deedd8dab5cf7017d
SHA512 ac528bce00255f632916ab4de605fdd0be312b6d93aff5bf65fb825d0879a1aa088a617f0c44b8c68f8922ced72df788739b99d49d318d598f6fc2cd1864cc4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc85f5085ccaa0d00c55b47781c0524a
SHA1 d086abadfc31e4ce0074a4148d9f159beacf9384
SHA256 9765fdb1c916e403a8027046b3e9ee11308407b24a678438d40c246beabac446
SHA512 dd66686d3f08e04477f49bdfcc82a26c1803637a650e0d4c878666df6d668043cbb2ecdfdd7cc565d52824bb2e3f6da9a1ec950502113569e392638be0456a4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old

MD5 be396751ce023c67d7cf86dee970bcc4
SHA1 7ee5e0bb4ee75852407ed28450644bdcb8334674
SHA256 d589a29e35c3bd77706927cae5626bfeb6e986ea8c9b56cc7bfb4dff5e1162ea
SHA512 8ff1c25e3b0d8d9f9ba9f99708420f01a50623b215710ac8f1ee4dfdf267d88ad0aa4328f71577a42105a712b8fd14df61d94a6b73351e03b1d1c74438ca41b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 391d5049b4f596ce18bdf1cbf081340a
SHA1 1941d7e81e157dcc89d21d092a2db99f6c185b48
SHA256 7ebcba972f124a8f3a0a9a5e2c77e7e39e14811df9d434fee8f2b23dcd942566
SHA512 1bade58fd694802dcae6bbb49f0cd5b2740d8fe58b2acdabeffac331815148179b4e7fe5db5a44ba3480232f4f7a581f4bdad473e1cbc860f40c782f0f1ba158

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

MD5 438e58f2c090181f65a422f8b4a239a7
SHA1 f788b11d34ffa10561b9a0cfaf5b3f3bc001f4ef
SHA256 bdd6a0b6625a03d282659af6b49f018e16f31c4ce541f72482ae2642aee12c36
SHA512 3773de48d0f26ff36106603ae92e65ebc9b0f388a0a3198fec4aa808b16cb2be22b679233f60fb99c4d2c2e0096c0338fddee7266f51c348acbe68a36d85595a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\13752f8b-bea8-4d53-b096-137bdabe7033\index-dir\the-real-index

MD5 6ccff4c21515740784555d0cbd28b227
SHA1 91a94cc550a38e3b8a9ffae48e24409fdb948dd9
SHA256 6925b8d2afc335433cdfe45a481366b78e1fbd15b642b62b9a5ac83ee4d0cbf8
SHA512 590b875e6171eb1c4c282f74bd86fa5ce6f5518d5a01d2914904c076418d1c59c1e9e4df332955f133fb7b2f3600d98688f56f48f3f88f5777277262120521c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\13752f8b-bea8-4d53-b096-137bdabe7033\index-dir\the-real-index~RFe627dc6.TMP

MD5 eeb614204768c793e0cb73e3d17f0648
SHA1 b9d2de888a45ddd65ad1bf40dab8d241c6e9de55
SHA256 9770b3b0d63945491a96467619bcc4c066ce0d8e09e51ef02783d9e3642f6994
SHA512 b2897b72c94250063b1f19d0a1d466d597260625d306c3d8a1a62217cf636568ee55d1372c9cd27e507b5ae71d8a4584093e428951defd1a8544f61ef16a9e9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e409da1a5e361c3f29141122e1bc605b
SHA1 db92ef662e6aba6722f69ddb1c1f14f0ff04a901
SHA256 ec712be0bed9f8f8aa62ba2d89fd45fd5c386a79d6052b25e64525ea47fef682
SHA512 fe2ad3ae585d0c7c6a56ebc896ea43d4855b4cc9bebf5bdf211fbad59d4afc82fca7c4825d0f64607972e766214b86a8868d3384f30d9ceb430ae0c6949e9674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f60d79467055f72ad0835abe37507acf
SHA1 df21888146358d1777051640f546563eb578b335
SHA256 3d57b6100db91310297d0736a72897e95f87eb60bceb420f54a2f7a4a993be6e
SHA512 17eaef8f9b7f97e62bad86ec41e09531ae6b463a1f0c4209c5e890e0fff1dc4a514293501b85ed9f3ab0162449a81906678ccbfd3efc17f4fc3edd5f27be1b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c09113db711ba3f88b862b046a84b49c
SHA1 d2535366ca6285f30f2dcdb6fdb9c39b195d7ce7
SHA256 421550a225762197c930aa310e6febcd8597c0f30b384fc614bba78e636ac465
SHA512 e35bcac89b53bf054784105db10820c051ecd6f5732cd81fa3d05e5ca858cb4c1ba89c7884444533923942c507ae793353713c70eb7986633beab005ec902270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3f64186ec31830881fa1ded0198d6ee6
SHA1 31e98d681bc47c6274172fc6d1dd7a741f219014
SHA256 867ecefe5cb46088273e38ec39d3883871dedb3c68701228038f3ec9e5fcd060
SHA512 5df271ab17d89f3471c23d7dafc55eaf4fe9b692f815562be96400f7e7eb44fc105716987b635e21d785e9e1467b603a7622c2844d475d44c42e34aa3fcce702

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 344230b07928671b8808efc42da07902
SHA1 c962a3d8782cd1a1c87bc9808417abf8970e7dcc
SHA256 9136915584bc976831cb6789fdf88f574772f135332910b6668432a758b9345f
SHA512 deda302fe4745956dd1ee43d49ce561998f95cb843b954f798322486c3af940f43d2340400e79bf877fc49e0b00ec10815630a5af025966a7204a3b56b2eadb0

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win7-20240508-en

Max time kernel

143s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000383b8e8ea58ec0d94f68681b0b0a589e646cc4bf33a9e3106c3b3c226cd2c6e0000000000e8000000002000020000000b20f511fc640689d633f1e32ae3f6b28240094e04699f198bd202bbd104608ef20000000c51b38a2134c030181c4e7d6e4bb42dc4b540054a3d32da88eb68e1970106023400000002fd028bd6511a95101559130f0fa116419bebd7c40147057c34f743b6f323949b2a16a4d25e7b716874dcdb241f444766f303b7212455268593b0cbdec49b009 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000824b18709f538537b5ccd86b9f5e99d00b0436a4a39b2c6a5de0a8856620f07a000000000e80000000020000200000002fea7483a54971410999f05f74167ead911905c5fa5df6e1a5724d6444616079900000001d40f7d8cc5534fa81f4a32d191f6dee13aa40059c2812c73419c6386a8c4b436b34d4b02bea486bb5f1bbb13729011f4ab42162d95dca1266a6c9428b0e5da841e0376d8a101b7465667282de88246e916e9a4dc90f8af8e55a3b202c445834f58bd79e0cc9df7f0d82cdcd85aef01bfa1a8036389e35d65f53b04eebbf61a04aacfbc40113cbc5ce6553456dfec893400000001679b5b4fba6bd3f9d1fc31f9c774f5c11b6a949cc3a1574df2ab2706d8a33667d169c17620d0f50e152fa69157408a9d2ae7bb1f52498456fe0a7405045a83a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{327DAEA1-2810-11EF-A18A-FED6C5E8D4AB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e523181dbcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424285440" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 2804 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 2804 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 2804 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 2804 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tria.ge udp
US 8.8.8.8:53 tria.ge udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10-20240404-en

Max time kernel

190s

Max time network

298s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 155.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win7-20240221-en

Max time kernel

122s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win11-20240508-en

Max time kernel

115s

Max time network

127s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-4

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10-20240404-en

Max time kernel

195s

Max time network

255s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win11-20240419-en

Max time kernel

136s

Max time network

148s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10-20240404-en

Max time kernel

300s

Max time network

299s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\email-html-1.html"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 92445af51cbcda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f43a25fb1cbcda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{076F37B4-BD3C-4440-B390-625DA34D603C} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "424285588" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "424919514" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cf548cf51cbcda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3192 wrote to memory of 3944 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\email-html-1.html"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 tria.ge udp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
US 8.8.8.8:53 12.71.61.154.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 128.77.117.104.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 218.217.19.2.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

memory/3508-17-0x0000018F02930000-0x0000018F02940000-memory.dmp

memory/3508-0-0x0000018F02820000-0x0000018F02830000-memory.dmp

memory/3508-35-0x0000018F06AF0000-0x0000018F06AF2000-memory.dmp

memory/4316-43-0x00000284D2840000-0x00000284D2940000-memory.dmp

memory/3944-52-0x0000021066C90000-0x0000021066D90000-memory.dmp

memory/3944-58-0x0000021076E50000-0x0000021076E52000-memory.dmp

memory/3944-56-0x0000021076D90000-0x0000021076D92000-memory.dmp

memory/3944-53-0x0000021066B10000-0x0000021066B12000-memory.dmp

memory/3944-74-0x00000210779F0000-0x00000210779F2000-memory.dmp

memory/3944-76-0x0000021077A10000-0x0000021077A12000-memory.dmp

memory/3944-79-0x0000021077AA0000-0x0000021077AA2000-memory.dmp

memory/3944-85-0x0000021077AD0000-0x0000021077AD2000-memory.dmp

memory/3944-87-0x0000021077AF0000-0x0000021077AF2000-memory.dmp

memory/3944-89-0x0000021077D50000-0x0000021077D52000-memory.dmp

memory/3944-83-0x0000021077AC0000-0x0000021077AC2000-memory.dmp

memory/3944-81-0x0000021077A80000-0x0000021077A82000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7BUKSPQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/3508-115-0x0000018F091A0000-0x0000018F091A1000-memory.dmp

memory/3508-114-0x0000018F09190000-0x0000018F09191000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GXEL2I4Q\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win11-20240419-en

Max time kernel

265s

Max time network

274s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

51s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml:OECustomProperty C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win11-20240426-en

Max time kernel

212s

Max time network

301s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml:OECustomProperty C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10-20240404-en

Max time kernel

195s

Max time network

255s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:43

Platform

win7-20240221-en

Max time kernel

616s

Max time network

617s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win11-20240508-en

Max time kernel

132s

Max time network

144s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-3

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win11-20240426-en

Max time kernel

240s

Max time network

247s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3356 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3356 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe297d3cb8,0x7ffe297d3cc8,0x7ffe297d3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,892029664512657296,1029139157353138012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3268 /prefetch:2

Network

Country Destination Domain Proto
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
NL 154.61.71.12:443 tria.ge tcp
US 8.8.8.8:53 12.71.61.154.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8ff8bdd04a2da5ef5d4b6a687da23156
SHA1 247873c114f3cc780c3adb0f844fc0bb2b440b6d
SHA256 09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae
SHA512 5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

\??\pipe\LOCAL\crashpad_3356_HYWTRHZUTDAEYATD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e4ed4a50489e7fc6c3ce17686a7cd94
SHA1 eac4e98e46efc880605a23a632e68e2c778613e7
SHA256 fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a
SHA512 5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ade994c6653d4890007294782e5cddf
SHA1 3ed0290d014469ea7a741c41059d9e3371708620
SHA256 bea7f605bb733dfc6d49dd79c4909bfc712cf9e119562db249ab820f3049661e
SHA512 bf69f1ebfbc2904c4b9efa7a1d36050aaeb6ebf6db4269faf86a6681ba5e72002bc40a97c05a73fb0ee5f13867b086e2f91f21dc3f7bfce8dfaced0a85648fae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ec8bea9ea0c2f90fbb1233df3631d9f
SHA1 c0b01cee5e120494599f862346bc9b7166a2061b
SHA256 58ab02be73b9933723540cf538e1a424f4afa36fe04772dea8e6c22eac36b46a
SHA512 4ab8597af4ba33db4daf14c630a43c235643bfdcf521ad5ebcc68200be598e90d06ffd70c2ad422f631bd48529d88c45c4e900a70565ee12b881f6af781a1c9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2532043974685449b2b6c01e971d3605
SHA1 aa07dd72c58f100c76b99f984e2d7b8dfde066da
SHA256 30c32285d09013f2e0765ce49f8411b0880ac0beb3bb2930de4bba695fcd2f1a
SHA512 1d04e57d4ee98be385d3cc0c2444382eb2c120ada6d933bdc3e7af70d339c6d31323904922e1e96ea30628574c56b3261cffe1379e7e5363df24e390137c0cc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 646fa6d91f6fa69c50080121706cb3b4
SHA1 49ffde5a81ae00bbe09766787257ee2bfc571c1b
SHA256 aa13cb680226025fca10d26fd98041cfb49371d19a96f9bf04ed94fd301864f9
SHA512 d4d6dfb81cdd500f02d0a2569f5679be5c66f23fcf42c61ae16215697523f0a8eed26af58d4135c964f3ea1dcdb83b42ad391ea2b99693eb23bf4195007859e6

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10-20240404-en

Max time kernel

194s

Max time network

301s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win7-20240508-en

Max time kernel

119s

Max time network

120s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

54s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-2

Network

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win7-20240215-en

Max time kernel

122s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win7-20231129-en

Max time kernel

121s

Max time network

122s

Command Line

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\perfc00C.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh010.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\SysWOW64\PerfStringBackup.TMP C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc007.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh007.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh009.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc010.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\SysWOW64\PerfStringBackup.INI C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc00A.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh00A.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh00C.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc009.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc011.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh011.dat C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\inf\Outlook\outlperf.h C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\inf\Outlook\outlperf.h C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
File created C:\Windows\inf\Outlook\0009\outlperf.ini C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE N/A

Processes

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\Submit _ Triage.eml"

Network

N/A

Files

memory/2912-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/2912-1-0x0000000073D3D000-0x0000000073D48000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 a62aadcc344d01eed73cbce2fb7142ca
SHA1 e927c20a6871fef4a3145511ac22568020fd2e66
SHA256 a75fc544dce8504ae1730a5b929a5553718706bd5d923c861b2b495662039625
SHA512 a3bd427b79846d7f57530a69b5a83d3f739ea6c64a59b7c1fd66806777ccdad7cba9cd34c535290466a062b034b381ee74ef43fe88fa0ec93b2c66d99b749f07

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 2af8511f209fb0ed75da19649e264d17
SHA1 e09ae9beb03a03e7e768e8e50bb4287ff5420aa2
SHA256 5298e6435bdc90fe31d76115007a694049b2eb212a726627fb59115f273b4b5d
SHA512 c608d134c6f787f0346222b0be2eb662a592faa61192648ab5843b5b6318d615f351639515f77c252d79cc2ba5143a70313d90d75301461133f30d67478e3333

C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

MD5 48dd6cae43ce26b992c35799fcd76898
SHA1 8e600544df0250da7d634599ce6ee50da11c0355
SHA256 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
SHA512 c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

memory/2912-124-0x0000000073D3D000-0x0000000073D48000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10v2004-20240508-en

Max time kernel

282s

Max time network

274s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1152 wrote to memory of 2300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 2300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1152 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9428a46f8,0x7ff9428a4708,0x7ff9428a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,4493806791701249888,15889444534930039075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 tria.ge udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 tria.ge udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_1152_RJIHAYJJQHILMAEQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 385506d4b07212547e7ad4bf7ce3e76b
SHA1 c2c4664a47f7c11555ff73cc842a56485af95bc1
SHA256 cac4e0e9b747aefa94893cdced43af7d9ca765d990d658a06e5544ab491028c1
SHA512 5948d8246735ec81e80e04d8d0ee7fc5a02b5f3b53a78be77afc78bd13568f4bc5871f46e74ca285e516730e7498bc662a20ee6641610a3dcdaf8034c8341caa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f87ca73fc7f4257a73fdb6efc8a80e0f
SHA1 cc15b7ad27e01defeec24f0f05493995ad351177
SHA256 3ccdfcaf7d32c1e1bc5044978b9ff25f8dd56a7dbd9a0539d2907a5858250928
SHA512 8c134cbb75d7928cfd6de259b78dd92a6d240494bee3a11d9bd42761f64cbf6580077cd58ded486452e6cad0c842c41c75c30c939fb13fc0496b2e53e400c925

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85060d42ca7703765af790ca87e40595
SHA1 34dc3c87724e520845929da713e40b26d61160ea
SHA256 64ce747e4c32e56018ddda4bf27ca58a15a22945395039ffad3cd783b5e67510
SHA512 2be6269d6db4429f4d84ccfc1489165721b1ac53ff5da4c7376c33121b160b00ead644eae17e6422769c463d53c7de918e83edf96a569cfa28aee95c2671dee2

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-11 16:32

Reported

2024-06-11 16:37

Platform

win10v2004-20240426-en

Max time kernel

300s

Max time network

203s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\attachment-5

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A