Analysis Overview
Threat Level: Shows suspicious behavior
The file https://qrco.de/bf9aBI?okX=x5jMsWH70JvqLyQ was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate website abused for phishing
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 17:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 17:13
Reported
2024-06-13 17:22
Platform
win10v2004-20240611-en
Max time kernel
544s
Max time network
546s
Command Line
Signatures
Legitimate website abused for phishing
| Description | Indicator | Process | Target |
| N/A | qrco.de | N/A | N/A |
| N/A | qrco.de | N/A | N/A |
| N/A | qrco.de | N/A | N/A |
| N/A | qrco.de | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
| N/A | N/A | C:\Windows\system32\osk.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qrco.de/bf9aBI?okX=x5jMsWH70JvqLyQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b9c46f8,0x7ffa6b9c4708,0x7ffa6b9c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb7a4599dh858eh4a23hac7bh5a6d2897a2d6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffa6b9c46f8,0x7ffa6b9c4708,0x7ffa6b9c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,990829600600707182,8534541734898165238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,990829600600707182,8534541734898165238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x240
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4217261385324830982,13076922786709242766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | qrco.de | udp |
| DE | 18.173.187.98:443 | qrco.de | tcp |
| US | 8.8.8.8:53 | fipost.help-fiq.top | udp |
| US | 8.8.8.8:53 | 98.187.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.192.66.18.in-addr.arpa | udp |
| US | 43.135.133.80:443 | fipost.help-fiq.top | tcp |
| US | 43.135.133.80:443 | fipost.help-fiq.top | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 80.133.135.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.197.17.2.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qrco.de | udp |
| US | 43.135.133.80:443 | fipost.help-fiq.top | tcp |
| US | 8.8.8.8:53 | qrco.de | udp |
| US | 8.8.8.8:53 | support.qr-code-generator.com | udp |
| US | 104.16.53.111:443 | support.qr-code-generator.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | static.ada.support | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 54.230.228.19:443 | static.ada.support | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 54.230.228.19:443 | static.ada.support | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 8.8.8.8:53 | bitly.zendesk.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 104.16.53.111:443 | bitly.zendesk.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 113.70.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.228.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rollout.ada.support | udp |
| DE | 18.173.154.85:443 | rollout.ada.support | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | browser-http-intake.logs.datadoghq.com | udp |
| US | 3.233.158.26:443 | browser-http-intake.logs.datadoghq.com | tcp |
| US | 8.8.8.8:53 | bitly.ada.support | udp |
| US | 54.230.228.30:443 | bitly.ada.support | tcp |
| US | 54.230.228.30:443 | bitly.ada.support | tcp |
| US | 8.8.8.8:53 | 85.154.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.158.233.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.228.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal-eu.onetrust.com | udp |
| US | 172.64.155.119:443 | privacyportal-eu.onetrust.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 151.101.188.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| BE | 151.101.8.159:443 | pbs.twimg.com | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 151.101.188.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | abs-0.twimg.com | udp |
| BE | 151.101.8.158:443 | video.twimg.com | tcp |
| US | 104.244.43.131:443 | abs-0.twimg.com | tcp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.8.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 131.43.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.8.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | appleid.cdn-apple.com | udp |
| BE | 104.68.84.171:443 | appleid.cdn-apple.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| BE | 151.101.8.159:443 | pbs.twimg.com | tcp |
| BE | 151.101.8.159:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 171.84.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| BE | 151.101.8.158:443 | video.twimg.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 43.135.133.80:80 | fipost.help-fiq.top | tcp |
| US | 43.135.133.80:80 | fipost.help-fiq.top | tcp |
| US | 43.135.133.80:443 | fipost.help-fiq.top | tcp |
| US | 43.135.133.80:80 | fipost.help-fiq.top | tcp |
| US | 43.135.133.80:80 | fipost.help-fiq.top | tcp |
| US | 43.135.133.80:443 | fipost.help-fiq.top | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_1012_QVIYPXRPZNYAQGGY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a02636e426576b46086b19dae53cf4dd |
| SHA1 | 01d3268de6bbe008d6122553f4ce38505821ecd5 |
| SHA256 | 375a34cb599d6a6a47614cda3a180c62049aa436865678bc5690e4d49a0e8387 |
| SHA512 | 1f9a58380ea8a773dbd1270c9036b5c1adef2044ee51751547c8d6b257d52c7a5e1f415fa30a7cf8276096c74f0bdb9a793fdd791e8339372b442e2ff751f725 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a2963c52c119251e1799bbbb271989f4 |
| SHA1 | effd6e6c6954a1f87237cf71e1b1a53f7e3fe792 |
| SHA256 | 00d09ef987b6dc1bc4ba10b1a179ce08daba5c920e79480b5ae55c7406ab08e0 |
| SHA512 | 39c5a55b7b80c505aef2a494265c6c6012246dba7612384db580fb3dfb44a10189703d8369e9c1d663716fa20b71b54a50feaf9ae7f1b62c583570b001bf6ded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9634c46-332d-4fb1-8df2-40e9c3213c37.tmp
| MD5 | 2b8b345592855919f734e26ee7aaf6ef |
| SHA1 | cecd3966400c2c8ad3a1f7a86fafcffbbd0a0fc7 |
| SHA256 | 9965cdf1b3e0b028be1599e50f256f72603444110c68450690b2d2c4b5781465 |
| SHA512 | 9c69ed268477f99c23be2f8f335d5a4b45285623890abeacf6956aa69644eda568b51065655ead9b3389fd70aa55192660d7ed8f0f0053e00d19125f0b95446e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7de7c87df3bb00bdfca0988a731b319b |
| SHA1 | 5077d87e457970c5efb7230ae91375342c7312f5 |
| SHA256 | 67119fee887e1d06aed63f9e9f358d42ba1159af8c81a285be62cd86cb607e6e |
| SHA512 | aca4e1a75ab08975fc205f7fb2603c2d78e2a4a0695a664f00ef1f05ca8744fa9191b4a7716c2a29b1f796507bfdf591ee1e12162c89d25239f797e69f4203f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31a53abe04f39e83d4b81d62628f0b03 |
| SHA1 | cba11361002be86ac56f8bbcea189c4586d250af |
| SHA256 | c97f8769fe507f5a933504bb7db6295b8fbfb19a5f6d5c8f62f0473c70b5da0b |
| SHA512 | 66de2ce824b43880613ac0a029f99c3083cf191f7d1c92725f556bfb50653b802ac66c2c16f6ad143d5d37657efe913980f4749d3dbc8ce6c902e76ac931e97b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 36aaddcc2259f3ceddebeb2ddf12ab24 |
| SHA1 | c63c3673e5f564b0fa5ef4308a7a12066ef81b06 |
| SHA256 | 4715bff4c0d837ac5d66b1bc484cabd097bab81bf54c0bc83f51aa87d39158c8 |
| SHA512 | 9de54e763ec7f7530919f5ce7f176af0a7fe1b6d0a278bd0355baf0b4eb682ab3d8b1a4afa81323418ba1f3e94413a42ee106c787ab50d6ea5dbc0ed120ecb32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74a6daf1a52a30efd92d0ba1df4c1960 |
| SHA1 | 6f4fd188f9db9f5b1fc427f9cdd5bff7264a8592 |
| SHA256 | 9ebda6d5e873fac343a14543838192b91fd47d0d6d8fe47e5c79db5c00a2b1f5 |
| SHA512 | c32e1977580e2263e5c34202aa767faf33eca9f611de442c631441617277cd73e67814fb573cb8bb701dd5fbc4177aa646d190591e98b2c595cd4a954805ef27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7f4a197a412a5c9b4b8995656b9160ce |
| SHA1 | a76138272e410a6e20a47b42fe8ce0227111786e |
| SHA256 | 46a2d9818704d18f910d59009e33b47465826b32b4e6ef3498511936f38d78b5 |
| SHA512 | 510321a1f58e5002f4e3f93c4fd99fdec8039bd258bf7d1119cfccda151518e61928ca445ee8f0b273cd2320b87fa65d96ea62225f63ddb9bc76517ca7b21acc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6400987153dba057d703142281ddea3c |
| SHA1 | 7408b93e491b9a2511a91eafce10f488e3e1ec2d |
| SHA256 | 32ee5631b3cfd9da160bf8533f4e8cc0b3da2508f6582f9ee5b37fbe3aae7996 |
| SHA512 | 4b501efb61af69846b0a11ca93fda7986e943025ac0906c3a075273f990e5620903477bf6ba48c37dabd901d04e1357a0f71e472b2bde1e5c0b1aa608597b57c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 502d82d31a614d5341ea43efc71edbc4 |
| SHA1 | e34ef27d652c1aa19b1a87d5faea2260fd5aeb0c |
| SHA256 | 6019e92accad6ac9c9052d9c8f6bc45777a5cfb5d09c11ee2c18470947d67986 |
| SHA512 | 5945e4fd73705216b51e8e28a663e3d4f3144435562c0b3ed21785ee44d842663f516411e021d981d508cedd38dca3415e75182d86907b36c6a471411492f467 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e38e4164059bc9f4a9a9571c8a0f124c |
| SHA1 | dfe839770c24834108afe296e5b404bdec9f4c94 |
| SHA256 | 48dea8324f915f504fc63f8a0094eff727cf0b1c6c41be59e281a8ca70e665d5 |
| SHA512 | 0094a06208c0a01d763edf7698ad003799f70f32ffd28e5c29d7e851d78fb43a258493338a4c83eabb6b04725d9d0566133c9bbe4df87090f30ca6db5da4ad46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e463068de57809fb8ef07b31337ea082 |
| SHA1 | 7a9600f53ab089580ae9a93f9e227e2315c957eb |
| SHA256 | de941202b98ecd5216212725b7bf10ac801a1e3f76c6b9cbf0e74586101f7144 |
| SHA512 | e556595ab3a7fe917a7d5d48a6d4debba6d135b19766f16f1d2395d2e712133728efb2254b118d64f2123abbf0c828d515338c2c95c51ec163a41234b7aa64c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5f45ff3836954e526d6ddb39dfacb74 |
| SHA1 | 5323291e23f21249d6bb6f0c25495d7b62d52def |
| SHA256 | 1abe6112fe35abfebc75b68c0fb62eaa193adc4ea95b0403f488f68b0e0bfea5 |
| SHA512 | c4e2cc938a28794eab4627f2db92c91d8e55df0f8ba3639af3ae4f8e5921d5592d9e0d21fe7701e79cd935c8d3d0c37df4fe878f076a977758dd24583f6603f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4c24c79e98e5b48f2e6bcf2d91694196 |
| SHA1 | 33557e3201a8c35fb2f14f2371ed6a0a73551b93 |
| SHA256 | c0fca0b590998d66c20e699cf6a14ce50697e14f32d903d42a9afb4d0e3eb3d3 |
| SHA512 | cd7b0f272765e934a66c1834b3f0e9e03096b758ac17da620e4fe013a35790295bed79a7f15b650974b885fbebd6e389d91e9c6ec74f2bad260453d474f89a81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bddca.TMP
| MD5 | 8faddf8e233083a7c5b0d3d029eee823 |
| SHA1 | 092dec6894ec3b5d8670c7682cc495539cf97ca5 |
| SHA256 | afedaf080f98218548b95b512733e3ca5dd285b56c7cce12bb553fd160a414b6 |
| SHA512 | 99b9f111970585202e534331e39d39c7d60817c6128bad1a37bba58431a4e9700bfc682624d538a2ee3681f7e60a54284ca5bc6654a5f080a58673e28cf2abfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e5dc39f0c9054bae8b571eaf588954e |
| SHA1 | 3ef0bc64bba6e3472797b0f7c15b582215e49182 |
| SHA256 | 81e740185d8b042e53ea469c350b78fc7e8b06b3e1c0cf2775f476245237628f |
| SHA512 | e331a4aeb9f56095ff37ec546004925d7b9f4ef79b3052258c2c65fda3a3073eab241ee7955be7e97e428cfde1fd25033b198ca2a62d9156b1bc8b762105e1e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 91d8ba6b4721139b194719cb1c1c19dc |
| SHA1 | 1fda579e487b39f691b1e9a4a388ddcb826752a8 |
| SHA256 | 1635300d1ffc4bcf94ade82965870b0efbe382a3776562ba043c3ed51a2ff5c1 |
| SHA512 | fdd7535b98a41cceb82c064aa13ca8c18a1bef4e181e3a5603a209785d26784d13136637221bae0e1af782d01b7fd40882ac64dabcc8144805dc7210a959c3b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cf76b8d938411df2bebcc536367f3d6 |
| SHA1 | 8f60841b41da1daa7a17eabfac0de312ea7874cc |
| SHA256 | 0a3e35c40fe7920e6ab9354b9a3c9627eeefb97823e72fba49bc6df7159935bb |
| SHA512 | fb339635fb619ff6c8fd54305fc12b63763624b3cea17143849ba25d05979cfaf4df3e1da04aa4f0c72ce24032a82ed4b5b07a99a7bf6611c8ddb48352b5b486 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7c32dd5722db8a7a2fd8c442d46cdba2 |
| SHA1 | 002f8bca27b8196bcfad55e31d50ef20b781027b |
| SHA256 | 127246b2cb2b0009632dadf86aaadcf579ef7184ad3f0aa3c18f913742f2020d |
| SHA512 | c5c246eb7ef1850a3edecdc5183acaa8bb6abdfa409b0f399ebe224fac12271a473e2a42a004b74930fee9d8d6cfe1cd644da77d3ece9a122b9e396cb632f072 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 1a12c0b59c49ba300e754b69b9be9bb6 |
| SHA1 | 3cfbdb614b6bd2ccc8713fc3af6c06ffe5e5e0f3 |
| SHA256 | 9b4b8b3acc20f5ea8cd9efe9d1d210f29a3c91f35c32639e1b951f1b33ac0473 |
| SHA512 | fbd5d0199ce81dec79ae02ec5b584589f53a239cd8d3e67a36f09c24b8a080f2bdaa79b04c24bbafa6d8e7e73550d2d3597c654d4eac563930a8fd568cea2ac8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 59c9b204850d09277f0ef5fd626874ba |
| SHA1 | a0c9097fc0859e15d1550aea934331d94dccf9bb |
| SHA256 | d1a5ae5fb74b560ce4ba602e6948f685d219d6bd74355ded6bcefa53d7a2e124 |
| SHA512 | 5012868fd812a9a713a400576f6f3c4db21ac11a668f588bf981c4a278e8d991987803219d9f28e55ad540dae506a1549e987fba128dfc83bc061d25ea869a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | e84eae550fbb0e28f7956a17e9d0292b |
| SHA1 | 0472a69a6602df1bb7cb3c5a428f81ca46db4db5 |
| SHA256 | fd0611e685bb8974d53d234e9a3427605b15e12f29ebde3e3ea2b67a3e016907 |
| SHA512 | 857a51bb266d391e79d2165f7f4cbf4b48cb4e33b4254afa79b644e1e0b59ad5c47fe55dad9a8105881a9f782c248ec3dcd16c37ed873f140c8e2e39bbb13d01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 7a483288e82f48f8cdcdcc975544b5d5 |
| SHA1 | 595824817ad3b180cf0500ba4e2cee0f28d43da7 |
| SHA256 | d2dec720512133d14bfe30b6327f55fec8d64a171f7c0156edf1ef1e4f5b9404 |
| SHA512 | cfb70f3ba88f84a8fb9631af70ce8ebe3f4316c002dc822a4eb821610e377939c0675e75526d8b3fc370a375d78b96600927d4d002f0c89c67b6b83bb93e1c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 96518cadd4c0f82a51eb4caf07921262 |
| SHA1 | 19b1e16ec0750213a7fa92490d20461b711571da |
| SHA256 | cddfcd19917df279b417c0ea90991bc991c1f929d1411725c6508121bca8e25d |
| SHA512 | 94751aa487fc0f915b038dbaae74d8dc6d7539c9b0ee721c780cd0780ce5e69d8afcf504b16e41fe33e46fa3520896e74a1bb1ccb08d0eae7aeec0b621fe58c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 21f69bab998a04f6075342e363926688 |
| SHA1 | 51362f9886a8926a08b29a0355b5b1ad6ce6424f |
| SHA256 | 4ec6a0b295da4273d28dd223054deeb5cdcc7528ffdb4470ad4ac5011c2e9163 |
| SHA512 | c0029e9a3fe000fb238912eb4100e636f14be6376f84d94bdd6a3bf073c9a2ebe9a03e97fdcc203fe155ae0a23a784f7d4abb00349f64b8200fc55c12be20458 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c7d3feba3986dae0760492c6bc55969 |
| SHA1 | f04efbc8ae492d568383d691ccd4d771daa53628 |
| SHA256 | a369300e6cd8789a89cd37decfab9d45cc4ccbff28dd836c64d7a767ab25b621 |
| SHA512 | 243648db78211adf11ac08cd63b5d32e1449d288ced3ce069ce4e80401ec644905c29af4baccd86b601d5742e8a74fd7f27eb6092e2c8d9af6e91bed401e633d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf379b60e533b9aac70a75aa62a7a89a |
| SHA1 | 0c91a014df35fdf11750c164f8a84f431a261e37 |
| SHA256 | 8379fbf64c94e44d72a83df3f918b40784915faf008dd85e1c851b5045156ad5 |
| SHA512 | d33a2dda4f3567ec49065b67ea56a8362c1bac403705941fdbe81600693f990d0c792b4fbeab97914e61cd850b9075c4f0531d2ab799f8a092e8df97801b85fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e68856587eedff406d1dbfecd5522a3 |
| SHA1 | 9870da462c1fa8c3a10e93ee72b39f3016dbe20b |
| SHA256 | d478538129c29fa719d38826192ab55e81c34921507f2d8c22b12d9d4c04fdd5 |
| SHA512 | 5d32f2a2cc2f588dde5d0ddba625d9946357e54f567747da5bc8ea0d380ba7cfed15024484999530ea183161e061610d5998dd2ce58ac9d118ff1f5427178fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 835cd6fb385f39be604906ea0f6594b6 |
| SHA1 | 68c5057496bdc3a5cea2a69033c659842e6dea60 |
| SHA256 | 56ca62c0a227abd15f1968578b72661d5ce990436f0c57a7ac236977ac2626cc |
| SHA512 | fdf7f2cf30f4f9cc13bf601f4b332e9d165c5f01b8e7d9b6dbb59f83045ded7d564983f52c21db10c5100a485c48503d3dd444b05b420646305a5a368d28368d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c9a3d4c7a151e3d1e19957ff965efb0 |
| SHA1 | 7276ccc591bf98e047c967a742806069aa174d6b |
| SHA256 | ffb53dbd25a554f44d478069c3ec4f3419423220a8a6eba64af0ac1c56a52a01 |
| SHA512 | 785776105b05b1dc1b673324957962d198c18f9d71b8df92ffc55b6363d398dc39b29eae6ba1deef26e2e406f88073b96dba21336b14d30b98e1d6c1e7cae8c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 842203b1e6eed04feb5d5c0fe3ea4eb9 |
| SHA1 | b8333e40e164a81614bd5460a0461c17b154db2f |
| SHA256 | d1fe5a69a3c1a926c5ee977cc538ded1f7e58352458e65f2197f9273fbc22a35 |
| SHA512 | 0941d7c1b3e105370ea6bf372e327be0871779c0a32a4782e003f544eb7a74e7fcde4f57d44419f8b40c53371f9980ad72ec656fceb1890eef8e4aca64e3e340 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | ebfb5414bec69b5eaa8fc14334a2471e |
| SHA1 | 9b1c5a9dd0a3e5274f5a9085c232160fd2afb9ab |
| SHA256 | 1c1036d71ce1796051288b23cfd33fe3ad1991c75186fc62494ebc0e191d3307 |
| SHA512 | f61b6febae4ee8a14c6770077ab796459ead067f5373d21da39e2d6e7784999abdbcb9a74b910b24b93415c1152887cf13fa3875fe750ce9f66501fda9b3ea67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7159b1654282ce919dd34ba141bc6926 |
| SHA1 | 548ef3625a818d42d124606fb1fbdf8c37294825 |
| SHA256 | 008f1d49016aed9a601eab4712179865275737ea3a91e2116066f99b6bba00bf |
| SHA512 | 15dcb34381ff7c1161c01c578a37c716045b6995caf24d96e1403840297e36146bd9e3ad57d26dbd3a5abd6b2fc366da2cea24756e4c2c98446d44147915a73d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 91e154c9fc012351e63a0afa07be7224 |
| SHA1 | 85b02bc964e023b35cc623e774d38cedc381c3b1 |
| SHA256 | aa6331727833ce33ac670765175331b34eb97e52d6c88df656e602b8b35a17f6 |
| SHA512 | b5d490c2d572a4d7169f3cb760d3be7b4dd35ffa5edc863d38716165e001927ef9925c68bdda2f122535eddbcb897be48d423ecfb7d27cdbb5de77ae665bec09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | caa90770e8b8817bf93dbf6636033f90 |
| SHA1 | 37e09cd080e342925012a9ed7843d42302091299 |
| SHA256 | c71133a382437226ce0ba4fed58ce2950d0f6078e7bbaecc0f7854069ae0ab72 |
| SHA512 | 38e96cc66b580024322039e9c025df45054e494bbfe8e2570572a78927c34bf0d3991f87bcdbdbaad634663c9d44c0b8307f8536c74e3d3567a3b3e809b7df1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ce343daeb54c99e988d305cbe7b7f1d |
| SHA1 | e74ddc5878f3335be6fb35db588094584451cdd7 |
| SHA256 | 4a18d53e62e6cdea71a827b39bf648894293bb2f2cfe7b9efbb6637a7e9c7955 |
| SHA512 | 50becfd33a79ea385d18e392b31bc5543f443cfe8e7163891be642389dd16318b92bf1413249045f02f960142886397c097bf9bba0e9beebb7fbcb3ab51a3118 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4d684137f164e1b794df3d62d3019264 |
| SHA1 | 4b7ff50a4b410e0cd76b3878a2a9413930fe372f |
| SHA256 | 9a7e9d53b9a89f0752df5c6458358a7c770cb6faf758322a7abffbe2d481c312 |
| SHA512 | 5a93644c332724723392df59a96605884f45243c5f7de351d7d147fc4206e0d41c94d09587201bc9b02411f48102209ef52a8d4fb894b7c54a0cb9fee9bab196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 653e85fd34beaaa589cca93fc4cdad1e |
| SHA1 | 0e2a381698be0faa83d79ac1737bc5fcdb8247e5 |
| SHA256 | 8422fc0013bbd54a57db7263348cc85b232803a2b2a120f2997caa80703f8115 |
| SHA512 | 757d8d0fbdc0a222ff9f6181ab6bab2557bdd334f66094fefa1ce92fcc3be154e8df4a21ba6133b677e18fc145ef25738d510d2c44f338a4351594b3d947b2db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58eb7af620a3d87666565b69ea9fb60f |
| SHA1 | ad95ac7ecf024fa8ad5df2fe96e9fb062759c253 |
| SHA256 | 8915363d695093059581e4a86da6d9a2afd2d824db78c467af1a2d9f945839de |
| SHA512 | 2ea19c136719f0502d3b02a76846b812d8d18849fa931309d83e937f1880a5298b9cde4e20ff8d6cc5d6f6e1f1ed38dd37fac4b9074830cc598310c98fe27e52 |