Analysis Overview
SHA256
e04bdafc01429711c069136a2caa54cf8b20d2cee700e576569de57f09a2f3c6
Threat Level: Known bad
The file Run desktop apps online.html was found to be: Known bad.
Malicious Activity Summary
Modifies security service
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Enumerates physical storage devices
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
NTFS ADS
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 14:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 14:57
Reported
2024-06-14 14:58
Platform
win10v2004-20240611-en
Max time kernel
86s
Max time network
87s
Command Line
Signatures
Modifies security service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Start = "3" | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MinecraftInstaller.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MinecraftInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MinecraftInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MinecraftInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "120" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4204450073-1267028356-951339405-1000\{47A26AD4-65BC-4A64-80FA-AD414C165E34} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 691662.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\MinecraftInstaller.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Run desktop apps online.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff457b46f8,0x7fff457b4708,0x7fff457b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,8364373341365775758,4921666350877644326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 /prefetch:8
C:\Users\Admin\Downloads\MinecraftInstaller.exe
"C:\Users\Admin\Downloads\MinecraftInstaller.exe"
C:\Users\Admin\Downloads\MinecraftInstaller.exe
"C:\Users\Admin\Downloads\MinecraftInstaller.exe"
C:\Users\Admin\Downloads\MinecraftInstaller.exe
"C:\Users\Admin\Downloads\MinecraftInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
"C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe" scenarioMinecraft
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultcbd33ef9h74a2h4bc2hae2fh153590313681
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff457b46f8,0x7fff457b4708,0x7fff457b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12733876478631828646,22500614182114658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd6a44e9bh8966h4796h8c44h2e557374dc3d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff457b46f8,0x7fff457b4708,0x7fff457b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12172959347077307534,15227510438159123975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12172959347077307534,15227510438159123975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390e855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.runapps.org | udp |
| US | 104.21.26.165:443 | www.runapps.org | tcp |
| US | 104.21.26.165:443 | www.runapps.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.107.17.2.in-addr.arpa | udp |
| GB | 216.58.201.104:445 | www.googletagmanager.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 216.58.201.104:139 | www.googletagmanager.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 88.221.83.235:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 235.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.187:443 | r.bing.com | tcp |
| BE | 88.221.83.187:443 | r.bing.com | tcp |
| BE | 88.221.83.210:443 | r.bing.com | tcp |
| BE | 88.221.83.210:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.76:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| BE | 2.17.107.193:443 | www.minecraft.net | tcp |
| BE | 2.17.107.193:443 | www.minecraft.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 193.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| SE | 23.34.232.228:443 | assets.adobedtm.com | tcp |
| GB | 13.224.81.70:443 | cdnssl.clicktale.net | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.217.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | minecraftprivacy.microsoft.com | udp |
| BE | 2.17.107.203:443 | minecraftprivacy.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 104.90.24.133:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | 684dd328.akstat.io | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | trial-eum-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | trial-eum-clienttons-s.akamaihd.net | udp |
| BE | 2.17.107.41:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| BE | 2.17.107.194:443 | trial-eum-clientnsv4-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | aka.ms | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.107.17.2.in-addr.arpa | udp |
| US | 20.189.173.16:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.16:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.16:443 | browser.events.data.microsoft.com | tcp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | 191-101-209-39_s-2-17-107-41_ts-1718377085-clienttons-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | x5s5cjyccfv4eztmlj6q-pkktnk-15bf89fd1-clientnsv4-s.akamaihd.net | udp |
| BE | 2.17.107.177:443 | x5s5cjyccfv4eztmlj6q-pkktnk-15bf89fd1-clientnsv4-s.akamaihd.net | tcp |
| BE | 2.17.107.16:443 | 191-101-209-39_s-2-17-107-41_ts-1718377085-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | launcher.mojang.com | udp |
| US | 13.107.253.64:443 | launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | 114.6.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | b7b52.playfabapi.com | udp |
| US | 20.42.151.181:443 | b7b52.playfabapi.com | tcp |
| US | 8.8.8.8:53 | 181.151.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.168.117.175:443 | tcp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_1788_KCJRBDVYWQEMXPOW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be3fa9c954e26ae622b7427fbb4daace |
| SHA1 | cf18c3a34f570c63cfcf002ad95369c14cb41697 |
| SHA256 | b84bea8f01a74e6e2eef2a2bbb649441685b623ffe5e652f64b61fd987444877 |
| SHA512 | be8d339bfca0cf8a75a6a92d6c42c143dcee1adfcd305282999f986330cb7fa69c7ff6523f938149471fee337b52a7c5c971d34166960971020746d08da7cff9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 65eb5a74f2936401efd3d3cf409b67b2 |
| SHA1 | 838464a074ea7b9a1325678d40751936645533c3 |
| SHA256 | 34912f1070c450f1682919d41635b4427ee55633d8c0d974aab0b93d1228db10 |
| SHA512 | c8a1a3b0748c812a8cdd81d4bd83913d00c3fbd8ee22e3a7d2380ddddf9177e5dc541821958a54464259eb721202ad4f75c6e4c5f1d8785a74fd607790fc0ee3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb598f3675d83fcc6255c8b82a5049c8 |
| SHA1 | 4c502e3fc6eddb420bbd9fe418fc9e0dc0f727ef |
| SHA256 | 9b477094660f3b60022d1d070e5eb550f0326b66a2ad46aa524bf80b7c0b3dca |
| SHA512 | dee9859e0fe47447276de5fb57a538191d00e26cf0391c75fa2dd6d10c320c54f76f2f89399702a9a718c1d31a88909dc2d94e723d6276bcdca08116fc6e3c5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a862845b5f7b275db5c4815cbd958e3c |
| SHA1 | 21f20b59a762678c48dcc623bd5aaf4c6c5d0d01 |
| SHA256 | 663db9d71e7dc8ae904628aaa15d4e903a6eec6a104dbd07d598da1dfabe4130 |
| SHA512 | 7617380a49ffc805f75e40cfa4c0d4f3f89aba2cacadc41545da1983003cb67be49d3828d0260d2e9a68ce40a31b271ede9df616e7886a1e4cf7ca401dde8d3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c69c.TMP
| MD5 | cf97cd90e4d8e47c9ebe9b61af69b10e |
| SHA1 | d0d37a2d3c626466f421170b56f7851397b9e6e6 |
| SHA256 | 6779521282cca617612133f02353735c6c1850536caecea2d82626f22a39431e |
| SHA512 | 6429729d9ddef977df1748bb8572a91b2ba8df615ac3fd503331fb9f095d90658b5ee8b1fb47d7ebcb50d719033537208d6ac0ea2cfc8d7727430c01ad570c31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8a9442b396feed15f67905dcb2f7dc9 |
| SHA1 | a720b1c3ce381a11cbd7dc447270d98fd70f3d8f |
| SHA256 | 394890f8783dcb98fb85bc3c9f35a7d3b2def638fe6695df3d49d7295b9c994d |
| SHA512 | 3fa51aeb0b82ade8dfc77905f999ca763a85c45337b18f343e59bdb03c7f0d8429781740140e44d9738af2495f97ab7c6636658b2e6273a2fab7915b242c3fdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58d7ac2c32d54b6d6778a4379594cf67 |
| SHA1 | ad168ec849fee3f4755b07d0b2f94699f551dbae |
| SHA256 | af8b5e9fd7b471225e8f545acf5f92a32d292ecea63615a83f34e912d1d83bd5 |
| SHA512 | c8712a7d6a9efbf782726fd9f8e23f8d4dc90440deecef7f6bc211a1022180a637651c0f10dd2241d1537d0f4e6e78f747f8e84607a3a391b3e3b834acac700f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88f01f70ab3da3ebd6b5591b92d1793b |
| SHA1 | b9c6d8232848a4f2c40c6c895ac50bdd1a1d3051 |
| SHA256 | bfea15d4e887979d5f9cb246de66e002a8328f4ea7cfa5529f8fb674183a17fa |
| SHA512 | 8174ca9489b4b3a9a9a8115ede8a87d14abc60498c522e02a5d6e89be4daec4712c63ab3410e8cf675871256e5eb0d4006facc1492f9d793aabf23f28e919125 |
C:\Users\Admin\Downloads\MinecraftInstaller.exe
| MD5 | 4f02ac057355b5dc73ea28aecd2d56b4 |
| SHA1 | 32591cb75779a3e308a44e75a76f821e7dee11e0 |
| SHA256 | 83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4 |
| SHA512 | 9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368 |
memory/3740-424-0x0000000000640000-0x0000000002696000-memory.dmp
memory/3016-426-0x0000000006DD0000-0x0000000006F92000-memory.dmp
memory/3016-428-0x0000000007A40000-0x0000000007A48000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MinecraftInstaller.exe.log
| MD5 | e57a6e70b8ae6940ed761121e5f86bad |
| SHA1 | aa080336f2f6fd47ba55b7d9b5ff21ec27c665a2 |
| SHA256 | 3f9e9790ecc228887f345c8cc495b550487c345c2ddb63aa8d81f45d02741f44 |
| SHA512 | 16dc9d8b849f4a330e81fc8dfbfdc29823fb9fee7983bd9de7b936d14ccf94561b6697d67c237fc11d9720ad212b7c3b34b37921eb50fe315ee1b9678f058d9b |
memory/3016-432-0x000000000A800000-0x000000000A808000-memory.dmp
memory/3016-434-0x000000000A860000-0x000000000A86E000-memory.dmp
memory/3016-433-0x000000000ACC0000-0x000000000ACF8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c4d60ab8e1d442e8138a75bb375f80a4 |
| SHA1 | 38f6779547eec1a79829ee33f10609da48851181 |
| SHA256 | 65a02e7e3ea2e478596525eccf1cd7988cb135b846359668e96aa0f0a76e9c42 |
| SHA512 | 638efc8d6e95d63a04134e1351f20eb3e013b068aed1e4354344c9fff3b7fca8a38318eed028f7c59ae91e9bfe1d84f25d84e0e49b17ff90cccaceb973173e2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e958175de4d2f623799f93cb35e9f77d |
| SHA1 | d3757028769d95d89d07e481a6d2d4c0919f753b |
| SHA256 | c73f50e1424406e34d983bbd3d53f63b1f0428340e9a4ec862083dda17258458 |
| SHA512 | fd2041ed53a41e1b2978b5ca6c8eca42974b1aa358f737beb120d2446ee2e2a9f9aaf15a9f6bcc0124378e956a5f76cc22be65b97264d598a4e640a2b18b5964 |
memory/3016-467-0x000000000B310000-0x000000000B31A000-memory.dmp
memory/3016-468-0x000000000BC40000-0x000000000BC66000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
| MD5 | 8a4e72a29c08ae2cd13bc8ec414b8fc6 |
| SHA1 | 26f8d73bc6f5ace5cec6e3652fc6410a71298498 |
| SHA256 | 6513546697c3c9deb50d8dbb0cc9aa0be55487538ed482ec16b6264579de1539 |
| SHA512 | 77eba566c65de1327bcacadb1483f538b4e5da67c3607398d745173ade25e987f59524a5ecf065dd5f95e26654cbb5a48dc80fae995d5d2dd63c63b2cd98fb98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e3af14d2-66eb-4f75-8262-4e8d7bde2552.tmp
| MD5 | 169200c5fd77ec51e8535136d5c8a4c8 |
| SHA1 | a6e0ec98239416906dee461806d03c95b876a282 |
| SHA256 | 150625e6744de4e27bc9408159957a4d36cc72720040e756d9a5c49d8203e73d |
| SHA512 | b645d2d961ec3bd9d222c03d03dd6a78892dec94b187e9da74b56275dacb47e472cc07ecdb703b6152d789b19f0d566bd2370d10f9c7570c258eaa8c1c1b1892 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5e2c71219e052bcb49590d66f813fcec |
| SHA1 | d90d391dd58f40701eb537a7c6f0168364aca958 |
| SHA256 | 70f42aaceee42f5605d7a17b9178d8a3a5cbf8ad24b6c97f5a0a09ea0efad744 |
| SHA512 | b874d10b4b62e33358618a7d8c58390ea84eccbe3c9ec8c07332b357f1c98c9b124d2640890c3d512716407e12ef0554ab0dd95c88d40fcd33f54b0c4a088517 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 82189e26c57d45de7e292966a2dade7c |
| SHA1 | 24692165dd8801f6203f32b5ef7336b0f87abe02 |
| SHA256 | 49622e3f1a4e45513eacae89203a194e49e16cf4938158624ee8fef219931316 |
| SHA512 | 6a4da19b81e3d48a459b3c165c8a1330f84024a8c9def78ed49d361d772d469f6f52f82b8f795e3d022536e40e52cb5b964f87e335dd5f0d237bb968498047c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a26a50f3a582f0f5945fe864dd636cd2 |
| SHA1 | 49ca50c73cf79c8f265fe37abb986d88a81c3c90 |
| SHA256 | 77e1f5e82bf2ef09de40d23980053295dea893f8d125ce917ca3c2f897aaaf35 |
| SHA512 | 13e6eb3ad293be78e71a7724d033f07263a1904f701be09ad0dbe33ac56fbc6ba3bc2eb022a41e8f21e37d553ffda21170c9505e5806b3022ffe96dcb757d4b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1a785cbdaeeec2a4d1d56ce9b1b44e96 |
| SHA1 | f23c1a01363338d10d87f092144b902125900406 |
| SHA256 | 087ab1e82bce2d0cacda2010074fdd8deaff86275183999f1bfed7664460f489 |
| SHA512 | 59606ee89b2dcfde43247662f60ec10c4f571fa36fa8cc8302c77c1c82fff42948df8d7d4f0c83628c80b13a7f8674d0eef03cad251080a536921bcec5d0c3d9 |