Analysis Overview
Threat Level: Likely malicious
The file https://vdeokompany.com/Installer.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Detected potential entity reuse from brand microsoft.
Drops file in Windows directory
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 09:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 09:21
Reported
2024-07-02 09:52
Platform
win11-20240508-en
Max time kernel
1799s
Max time network
1685s
Command Line
Signatures
Downloads MZ/PE file
Detected potential entity reuse from brand microsoft.
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643857255286759" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Installer.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vdeokompany.com/Installer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe7e8bab58,0x7ffe7e8bab68,0x7ffe7e8bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4636 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4464 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5028 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=740 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:2
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RenameTest.cmd" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RenameTest.cmd" "
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2041153
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe67cd3cb8,0x7ffe67cd3cc8,0x7ffe67cd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe67cd3cb8,0x7ffe67cd3cc8,0x7ffe67cd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vdeokompany.com | udp |
| RU | 79.137.192.11:443 | vdeokompany.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 11.192.137.79.in-addr.arpa | udp |
| GB | 2.16.34.130:443 | tcp | |
| US | 13.89.179.9:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 2.16.34.130:443 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| US | 13.89.179.9:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| GB | 2.16.34.130:443 | tcp | |
| GB | 2.16.34.130:443 | tcp | |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 88.221.83.243:443 | www.bing.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| NL | 40.126.32.74:443 | login.windows.net | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.43.201.23.in-addr.arpa | udp |
| GB | 2.21.41.202:443 | c.s-microsoft.com | tcp |
| NL | 52.178.17.234:443 | browser.events.data.microsoft.com | tcp |
| NL | 52.178.17.234:443 | browser.events.data.microsoft.com | tcp |
| GB | 2.16.34.130:443 | tcp | |
| US | 52.113.196.254:443 | teams-ring.msedge.net | tcp |
| US | 20.115.155.233:443 | 27bcf74507ce814b89d326bac8a5aaa5.azr.footprintdns.com | tcp |
| BE | 88.221.83.243:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| IE | 20.190.159.66:443 | myaccount.microsoft.com | tcp |
Files
\??\pipe\crashpad_4292_VJGVNBCAWBEZQJZK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3748b0ff46982e4353e7b112fcd0e151 |
| SHA1 | 07c0d7f27d5be2bda76e8e795d957557738ef014 |
| SHA256 | db5da97f0906ee42369bc1e7442cbd4df834f87ee6edbf62153a4c9b6fb810ff |
| SHA512 | e06591d9ea717446e78470be51d23fe14a0ec82441f4b83e6744d5ebe253c26e968f51a07a0ce547164bdd9237e7c980980548b194f7f983721e5e3018382aba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd1be06b03550aa3db388fbca5e94064 |
| SHA1 | 0309fda4f7d64656c1d6a5b7e440276e42b3f689 |
| SHA256 | 96ab1652fd9ef8d7747dfd7600161f17636498972224e26883164ec1def7713a |
| SHA512 | 471b9ec077b90e269d522726d9436785f724088f2f876d02d66f50ee1583364f82e3b1794a62952991de91d2145d729704a3f7dc65d605c2b29eb595a82e5d18 |
C:\Users\Admin\Downloads\Installer.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | cf4d76f1a9247b679411a23597ab0736 |
| SHA1 | ca7ea2bb3f8f7be7c59eb122cad5b045cf4e9c66 |
| SHA256 | 552fdfebf5efd5e7e3373b9030d26042a53a28197c2955a8dfa3eed3479c6bbe |
| SHA512 | a21e03a0fb43eb2f50e2ee98e9eee1ffcda02f5e418352d567904c4ff33ca536c938f0cc46aa258bc6df37d34f05799bfc8c7d99a34afba789a2286ec1c47a91 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 83704c7963de9f77ef9140f7c957c247 |
| SHA1 | 7e084166afe58930cc1663a3db722b34754f9ecb |
| SHA256 | 2f164fbe6bd7e11a243602c6cda5488794e237f57401071b701e2e82f9062ac9 |
| SHA512 | 1837f7d4e135c5a862d2875e9927085395a68e0cf16e3dd7cb556250ad9a478b22d2afb3050b0859f05a9aafd2c95e763d984d2f840dbfa343cc51598bd11019 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4457f2b68b3faf0c05a7ae06baa17d33 |
| SHA1 | f7b211a086d46e997784ac46ec30364c5f8e2b7b |
| SHA256 | 67093a85777c0f40a1494c96ed1b29f3363e4a2a6e27bf8dd70849205ac76955 |
| SHA512 | 5d11494c4471e28f55e36d0d5255817f1a009de4356cefde2b9f9ef692e55ffd1f76285388252ac05e1e6b7a66e8a6d8216867b1fbd6c031bdc7adcf3b1be34b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a681ee706a01ba22b9a9b55ea644b381 |
| SHA1 | 6602804f1c0b03f56f64119369069bea5fe6fbe0 |
| SHA256 | 09f3b075a974b368998101233c219223c5a957de81fca9743b955739b56ac453 |
| SHA512 | e5e7670dea5dc753818d3764af95d927d7be23b138e916362f0e564eb5f760738310fb11e40439ff80e722f287dc0ecfc90d53c3e96028d38f69cfbfbf9911a6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.922.492.1.odl
| MD5 | 1f4fbeccc69ec5f6d1e469f44598fc3b |
| SHA1 | 495442ed85cf5da273ab5bfe496a40a256ecd5c7 |
| SHA256 | c4c7a6591737d03f6aa5657fd9a938791722ffb27f39acd7add02d3d78afd701 |
| SHA512 | d1ba67faf54e10adfe9621695433b3d44c71336bd2a2d25dd3c9c4629b7a3b48048a3d8126962c2085be481ac2269d15cdd28a006ae4d6557db4a8c9ca964366 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a574075385e59c892ee6444f0c765771 |
| SHA1 | 30f4b5d9733b43e4211ffe7a2927ced58a5c7886 |
| SHA256 | 61e23a54658a0f749a958923297b83cba6cad8c63f29b9917c0abfa0ce8e4602 |
| SHA512 | 9f4f6baeb5d5a3cbffe7b307a7167d8eeabbadd098b2a005bbf8d9337a677b5e8d57fd380f1e301d5073f227d23aad7f0fa87ad8f39a5708039d131c7dab2ef3 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.925.4520.1.odl
| MD5 | 88a2b61e20512d95d24573d61fed11e7 |
| SHA1 | ee6dfb99174d19f929f67973c0b51ff9469c7921 |
| SHA256 | 4afe7ccca89adf0340ae65d97835182e924a426664a6c93c52a1eab584e9626c |
| SHA512 | b47588369a2131b35f1b826f0347ec084fbe053a7039a7fcf7f186a3cfcf2d4895c769d47a10e5b50d94192d501c604195d27f48d5cf0ee13fdf84fb80a1a6b0 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.925.200.1.odl
| MD5 | 4d7ab0344f834fd98d56ebb15db7cc7b |
| SHA1 | 48cda6a8106519becfcb6e850752901760fbcb7b |
| SHA256 | d309c6295fd93ff2e8e6caf5e495238498b7e652256d109ac4b16349ca655cae |
| SHA512 | edabb38ec74b89090d64b4afb860c8c3b705bfe0aca094bbea7547a9b85036fd85c45f1a0ab7c31c72e36310096ee27933b5a8c19320b1ae9413cf4fc497637b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.926.3260.1.odl
| MD5 | 3d25537cae85347fcf73df6fd760ca5e |
| SHA1 | 181e160394af7d090c304dbd1ad70b367964707e |
| SHA256 | 80729e2687d95a665aa84a4f22f8be97c47e0b0036632c02b03c6fbb50011f68 |
| SHA512 | 4bac1ddf9e812b2ab6167cb981de4637438f9ee3b8a976f61ccf1acfeeaf185900f4e16dbe4995519f2bc21fd530f95218014bb96c00846f9d1436156001895d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.929.3128.1.odl
| MD5 | 8c46b91a8c6dfe2635f7f78b52a47fc0 |
| SHA1 | de35f1a3f59d7ac9de9cfc7c943241b891facdef |
| SHA256 | 9c1fba16ba454c2d0630a398ce7c36f5d253d0ec7286a57447aa09d2bece7be5 |
| SHA512 | e592f3b9e2bbe1d403f411efd69856dc6c40e0ec0f7ababdcdb457ab3a7897b3eda70c234803f0a73faccdf3f40a2c7b937f88222fb5feb244505dfe9e7549d8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.930.4912.1.odl
| MD5 | 3fcb4c92ebf62d639d48ca82beba0134 |
| SHA1 | 11a39a7f0e5736c4a9265d851ae63e6d121792a2 |
| SHA256 | 0359f9f0a0f398650bac82d7ee432173fe9c905f57cd7617fc8082745cffaafa |
| SHA512 | f94cd9fcf76026a45d7b7130cf687bd6c8819be26cf5471503a38e692719ff79c52f2ccfcc22052a43c17005ad935c64a48bf2cd928b11e270a4c5c2c331318d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.930.4876.1.odl
| MD5 | e5bd117d8c625edf3eabd48d520ba523 |
| SHA1 | 4a1000081fcc372a1fc3535b9f62b84634262f28 |
| SHA256 | 76031d040d454549f90fe825c5b98d3e6024d3b11735eda26b8e95ca03fd7556 |
| SHA512 | a14d6ff811e3cecdcb0d8883d9052cc2961b5390fa19d4e9ddd73d3feb26d2358a961227c077d6e6362232026c8c2f917a58330acd704d9acc90cf23233f907f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c7e2f451eb3836d23007799bc21d5f |
| SHA1 | 11a25f6055210aa7f99d77346b0d4f1dc123ce79 |
| SHA256 | 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800 |
| SHA512 | 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55c52614cb9bd8969837550675b654cb |
| SHA1 | 800f75b7191a19bc10b41a461231a5ea09330826 |
| SHA256 | 691b90eed88b5a0411e423115155fa5800bd43c8ebf9a9b9af7080e6c31c2b31 |
| SHA512 | 86d628f8cbd2e87325839868642f019306a2df31fa2611da03cdd2d1a837f74f0e5ed36e7759da1ec4cf6017c83443773eff11b643f6abb965bc5f04d57a7a92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6876cbd342d4d6b236f44f52c50f780f |
| SHA1 | a215cf6a499bfb67a3266d211844ec4c82128d83 |
| SHA256 | ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e |
| SHA512 | dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 541f11282809f530cda6163414cdc45d |
| SHA1 | ae71afb771eba738ca1717d09e772fd4bf293a5f |
| SHA256 | d41001ced4a3247276701ed4003b849d6051a837b9d578b6238fb4f53a2240f2 |
| SHA512 | 35bd932ae3263a2d6b35e89b6199736ea0a900d8b0d77f83fa9029c5964c53bc44782fc8603a83630af7852a470c47ce2d204970fd6c54f6ef845c9cb67ac2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 07531b059d12e87f1822153103b05e8a |
| SHA1 | 31d0aae845c2b449f14e1069e92437caa959fc0e |
| SHA256 | 5c275c16f1ff474dc1158dd2bdc027a51a36f5c6e06851145c591c1337491d1e |
| SHA512 | 6b02db1ef6ea547f40068439bbb34214cf9ffaf778b8504c3cb7ad7c54faed67fe6678d86023b8349da7a6fcd7221d80be1458a4c8756723696ad0ab3c677dc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6586beb68fe226102c91653003f1d88 |
| SHA1 | 2d2e6f60d0f71cc3894010e3e0aad272b86604a2 |
| SHA256 | b2f04922ba5bd4cdf4a4111b8420560598858c6240c9f5f0d4396eae9e9da62b |
| SHA512 | 4f39615fbb15d950b041f0c03361f90a7f44b6fe5f30e96944f0cf3b7928817b610d5523d0be4c521f047480ca4031d0dc737589d3f51f9b7139f497607a04f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c0b29a30e0eb78d770364482e5367672 |
| SHA1 | f8395ff344c5ea95d054f71aa9b1dae35097bdc7 |
| SHA256 | 141ff260a150bd619e0e131b4ab808e5f7ecf180d24628ef6970bd2916dc1ad3 |
| SHA512 | 558e489df7ed8adf528cb421b210eced131cc14d75b20b7f9a994d3b84f2a941e75e501866d23e6971ecfab6ba60a820a731ff6047c6788dffd191fd714f4ea9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 005049937f89717301bb1d316bda777a |
| SHA1 | 6d527416cb5e0ab7727b266c46860dc36926a6d5 |
| SHA256 | 5cf7f3bcbf768a5e0b17f1244e3c063e8b870897c9eb197b71b02e1263879f48 |
| SHA512 | 112e01944052f30662ab4bf551aea8636339c75134b51fba58a9b588ba3828d387d6f8edadc537a603b6206ff3141bc9dc7ce55f851a0a1c328a2a8c3d1db197 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364386288760441
| MD5 | 7fe853b1698216293efa090800004321 |
| SHA1 | 531be2bddb7e107776c1c7469a2ef3b144295734 |
| SHA256 | fc1af92be914ae127d5b4b3821eadb91172bad7e43b39dfa7fbfb437048b2c48 |
| SHA512 | 43455af768933a8bab3b46b20eda1633a87999bce53a7a6abdc374161483aa25715b9abfce33440cb8c5e37fdd819a06980ab1a6ae9fe50a6800b49ce9c40608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65f23cbc-355a-4557-9b5c-2ce1e6410f5d.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3cd89e2fb3fe07bb2515e705c7ac4930 |
| SHA1 | 3bbdae5c68cef51348e81b0cf9cc089471fa3fdd |
| SHA256 | e69384769faa7106473247a8b7382ba67676e1cbb345dc0ef809040ab629013b |
| SHA512 | ad37af2037e9430c8a7031e0ebbfb72b6c76df6815c520ee7fe7f88e4fd08b25f5b8ff77822cb1a5a8c47e4bbd7f2c49cedc164aea4b12b39102cce16c462f93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | ea085e6a426562c686bf867459de7061 |
| SHA1 | 9bd86b0415b0706d51d1e4b983e97ec1ce232d52 |
| SHA256 | f89070db1f488db797d8d88b8c10a0cbb4381e36a636eb0ebaf5ed20354c9429 |
| SHA512 | f02b30bd69689d351558179a161bac05514040dcec311158a42eb93a5c411e670085f161f935d5bee98c2673fa7dc52ca43d485b79ccf2742ef42264e419e74a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 142db32d6e3bac131479f8987e14cfdf |
| SHA1 | 869d1a83a5f41cfc6ef32737be8971f29042415a |
| SHA256 | 89544e770229bdc2bd36db25d6d3a64cdf0c1bb1da98ab835956f9e2954bfc15 |
| SHA512 | 71c4a632203060478ec3996baec9d1daa736b83e3ad3ced9be0e07841b665a7fe8d64003113108634aae54b9d7a61f249598ebd29531346dd410eea04b60522c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | bb207a804bf2f131cce691e17c601c6e |
| SHA1 | a79c85e4ef74680d6d42620a3e488b44846f7cb2 |
| SHA256 | e90dad5799110e63ca97098601ab8cb400852d6b7378d9d732194b0d448e3385 |
| SHA512 | 66be17d5b131b19f8ae80d150774ac0562da39f128104a3eef65f920dd1d9adafa7a7e29e55ca128e55050a62a365722483ce37152cede9106e2a73d072ed919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | d8eac1e6395bb3a8d1281bc875273acf |
| SHA1 | 7be562fc1ebf8086eb3286427f8e5a5c4d6ea0d2 |
| SHA256 | d65419d3bc75b16dc4f4e6cfd583dbb85ab9cceab030cf727a4afca36047d295 |
| SHA512 | 9b62d1941596114ab530eb51d29a4dff7b1317d8751a28575d16290668f6fe6af53c160699a5b3c37ba3586052e730aadde3750e6d3274e53449a6ce12b1aa1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 8368d75e41ae05edc37386f9d3bed2c0 |
| SHA1 | f8b02e982af0e9af27b336d0162d4e0a306850f2 |
| SHA256 | 62037f2fa221530ad37e5bbadec244ac14a6fa26d270a132db3c78dc58583571 |
| SHA512 | 6d26ce6ec74317e04d7b0734393dcda53865c6ffd9c56825b3e32c7d6e5e547c3c22313d120f38a1ca8525085b444dc775b30d8075d0a3514600ff789575bab2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | d33ad6810db15a1341608f83f714de00 |
| SHA1 | a8a9c0fba619cbae3dbd64f5af8b3ea5cda38cf2 |
| SHA256 | aef63e325683445b370fd045a5b86b6e8c80aa154aa55b9f1e635ce9781f56d9 |
| SHA512 | 3c4eebfaf6c7f6aa7468184e5e38f8d8d9cdd9066ffb0d206691c805305f23a7d72911b79ce4e29e2b406135dd6dc37de1023f560b5538926b42a94a48f50e5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | da403caf13f03f1f29588750ace8f5e6 |
| SHA1 | c20218131b725c42d98e2ac95cda0a0f453d3304 |
| SHA256 | 85b07c34350cdf77f8eca8b7afa90c3d62c655964f56a1d8628e893829d180ea |
| SHA512 | 67bb96b0ac22f28732deffd37e92a28d29a259b72e1459cf4f5b3eef6d52bd43068c6a23f23c7b77484d548ea198512fc34be1e1631e3a07945bb927c502f128 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 7f20e612f30589cc6c53dcb048b637d4 |
| SHA1 | 732095d36ad8e98c2d39c883986aa423af8831a8 |
| SHA256 | 54791c997c6ac68eb76b75b3d3aae4029cd9e4cd8bbf492b60510544af4e8c4c |
| SHA512 | acee308cc71923d2e89925b20e85978085c1d4f77b82a66db2af187c2be6c01eeb7782a64fef7d9eaa0f192cdfe53f2c6f31381d936ce72c67e07eb8278dbdfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 4cd4001b3817bd552543d55437d43f4c |
| SHA1 | 5a82b8dce2ddc71b10f9a0602476422da710f832 |
| SHA256 | 2c269e03450087524df3ac878e293701f0d1d68b86fc7ee44dcc472efdf33bdd |
| SHA512 | 0cbc08e6d71e85b2cf37971f73b434524e3785c92ea736b4170b0e91566911b40e62f92e7baecd2385ed76a8a8f1612437010d28a770664c024f27c58f399d27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | d05412f022f3dea643adfff4b76a0fa6 |
| SHA1 | 34c1cd03853940d982ede68c743a8da1995d7da7 |
| SHA256 | 41392e7b44aaf4d7d1427e5ea02fcfd2f881f696f57005c5117e113fe79af1dd |
| SHA512 | e7fc70b06d8faeb5c0a77c37c4325e243ff3b3a3eb1a858ced627be863a8e34f17f85a506675e305178ecf88cc1ddc418ff9c5949dc715d8491b34201190925b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 93b159a3c26d2abd5ae717aaaa905995 |
| SHA1 | 5f06f50a2202eeb46e57c959802fd6e6f5e8a079 |
| SHA256 | af1d2d66adbccc8d6fefe9edaf605e80beb4842872b5a88540d79aff2ad4358c |
| SHA512 | 64703067b2904f4474bb7abc86eb4c63b2011ef13c01da181a8532ff92583608ce74687b018808956838d42ce9772e80b82824cf2c682263ee95182f240ebee1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 53f43c110c268fd5cbb3b8af7ba817a0 |
| SHA1 | 80e9ccadfa21217a60ca17ca7fb62c6e62fa2f99 |
| SHA256 | 70c52a10563f671c4782d7322121c9995b40a11a9a55e383f2e9d9bbcb4501e3 |
| SHA512 | 025231038918535669fe65d46a9b8d8193b1d1f9b3c5fa56bb7a4092a5557a2e3b8aa6d6ecd2d2e3dadf501ccf1af335ddd030eff626090931125ca5b9ed316d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0fba3fbf88b10f5a5118204e2a14a60a |
| SHA1 | 55e3b99372f124d2e3d8385b90f5774355166b28 |
| SHA256 | 54d15e8005b239ef169bb40394acee352c031fb77d32c35fb583542c1e57d3ed |
| SHA512 | 8180bd002334ac5cbc1cf98c97e443174544b1c94ac23e9115f61ebbc7909f5c69c6a606527ac2a3b66672ed64cbad76536ee9ab24e718521a1978db1aec7d68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | af17021e6d530c14c27ad303536ffe3e |
| SHA1 | 5c1e25e44a8cd8e497f55005a847ce2373898ccf |
| SHA256 | cede1d231d1470db239138ac1f3321ae3199c678a10b5d515247d8cc9fbe203f |
| SHA512 | 765ec3de5874e894b5caeccf948aa1bb22198d54e31c0b3a457dde9f528e138ad0bf0a9a1d993e0c91d8269b009c138850b8edf844dcc0f4e5a869ba358e27ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 9817750f73ccec64c4e6051dcfe57254 |
| SHA1 | c5613ee16ca7da77580126d7fc9d26c85963eb3f |
| SHA256 | d3d3f5992fdfd9fb36b56b769353e4d6dd5bc2c594a2dd2ff03f8aa17f8c2e74 |
| SHA512 | c876b4f6a11799e192a361dbdd676d02234de544a2460a88d73bdbd5085bc034113c2bec2250a0aa0dba5589622f789a0726ea905693967a321beb40983c2ab4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | b5d8970ec3681b49e3f5a7cf0ea7bbb4 |
| SHA1 | 5dad5b79c860d7a9293ebe6b74fe5a6c51bebe9d |
| SHA256 | 6a3ed14aa2430a0355df4cf22f7ae89a397288baef1f3aff4f6a588730dff0ab |
| SHA512 | c401089515ba949b01aa4b0a4d35834a982e6fb8d67583e3cad9e3f7b8a62088018b673463a63957e960a60b4a84ef510946fe8c3786f17dc1ecf87f65c7ffbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 48a3d900ae5959504cc890c468d0f9cc |
| SHA1 | c61bb0a283abf7e95a08134a49f4e89ce753104b |
| SHA256 | e12238035a621818b1817bdeb8faa435553c189f918898ec94d6764941fe4104 |
| SHA512 | 6b88888b8369b840a704666abd5c9961c1d14598f2ba2274a756c874bd383b571874ddff186b6bdd6dd2e4ecd12b6d4171ee6a7f743895f0948608f23ec0c289 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 36ebf64eb5bbe29430156d3bb775810d |
| SHA1 | db3e237a26489d9f9cd7a54505447c517e139583 |
| SHA256 | ebba525989a3b57559f426e12ab949e094479aa8e19fecd4fd76a90d1b6fff1c |
| SHA512 | acd57347bbf22ed8d8947baf4cc9d6d76e654a8de4fd99a5bc545e84cbaeb22b869e46663527d0ef0532e318b1e0cce17310440cc8315abb25a3e38c7fbe813c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | d155a5ff54ef1e97bc0ab0b509938102 |
| SHA1 | 765d1b791e8b921c0ace32c8fcd24e59d1f0c790 |
| SHA256 | 990d98901b1886c1a87eb384a7559d85b4c6d0ef58725e75c1bcfa77848f2dfa |
| SHA512 | 794d8de74aeb7b52e48ed4a271917746ea2bca3c85bfa0471e989c490e2226c75c8025627b3cc202b789c8a1bbc7726798607e2e9315903d4cfec5110d308450 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | ac8203c9fdb060799bea324babd59cc1 |
| SHA1 | 382fd392c333224d48b93c0286aef37274e225d1 |
| SHA256 | 49f7477d1eedc0b2e19b991f00e92ea1ffc146827a6a1c881d9060811181c4f7 |
| SHA512 | 9b9c049983c14afec8bb068adb8b909f3ee453c58e28743740012f8019790b9da7cd98b150e80e7b772d3c889e1812c4e5c9bbc94b83f1286b35523a55e4f3a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 019482648296f7a255402d3d15ad2ec7 |
| SHA1 | a62c8fea6b875afa780b10d92a1b2c9f1695ef78 |
| SHA256 | 1ad0ba29e93287c2eccf26ef4b4127c2d3a548ed6d5434254506885e5fcde097 |
| SHA512 | 5ebb2043e922d9028ffa3b97fb3dda096cd0099bd34adebce51a9a14f17915dc39f85dec048373dda46c16c562e7951ea00234209a43f36aac58d1d20f6b7d51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 854525dec729543f8df322388f86a08b |
| SHA1 | 061d816378ec1104389a3d4c10885fb17e03fb98 |
| SHA256 | 7006c20740e4bb5922390a50ef7b9f2b946d5aa91e33e52dd6a88f93da2e4e7f |
| SHA512 | 5ab7e184a794666d5f8db9251dd2bcb409f8ab42e99e7baabcbef3e51f30148840f46663e1b077b30898be7609c047eb4bc068d0c0ebed7080afa9d4892eec10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c89a2ae395e807fca47a2cf97b4ac41 |
| SHA1 | f53eaf45f2ad9bd1118c581db5ef6cb7c6d42b52 |
| SHA256 | 582b1a21eaad6d0525dfb55763b18fba2853ba0cb599216b65172430017da14d |
| SHA512 | 5150e137e3b47354d91ba6c5e88370a2c147081f30a863dfd635505369a98b4b0ae09640534e79f9f66ecec0c07f627f1a46a90eb2ad566505459f7e1bf76cfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bf087567156fbe0e872be11ddc82342b |
| SHA1 | e16077648f5c177491ac18e20ae988a1bbb9c09a |
| SHA256 | 274654078454d884fe9ac4a4d4c2623f50d1d64c0ba1dc018509f3537ba5805b |
| SHA512 | ba70e4215c79fe74a536dfcf9626cd0f983fa44428abcb4442289b95d64673d0575ca205688d019c03b30370c297986fbb7416310ded561804daa6fd7a6f7f6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db7f47e159dbdb1688543fd289201a71 |
| SHA1 | a8734d61bbc7d37fd1b577c285318151f90cb6c5 |
| SHA256 | a5cccb1493473e58bbbdcdfa12f385fdad7b0c224946bbfb7e57505f2af754ce |
| SHA512 | fbbafa049fe606abc4e6a40d3358070f41f15efa409530b7a61301583936a04c85f3d5fc120283f119fce277699536a73b568403f466bef3f13b75c2cdd5a5ed |