Analysis Overview
Threat Level: Likely benign
The file http://google.com was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-03 03:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-03 03:52
Reported
2024-08-03 03:55
Platform
win11-20240802-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{580B9078-C5C3-4608-B797-2A9060C68775} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb40233cb8,0x7ffb40233cc8,0x7ffb40233cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5132 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12597083399701561249,10390113324824340348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4044 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.102.113:80 | support.google.com | tcp |
| NL | 142.250.102.113:80 | support.google.com | tcp |
| NL | 142.250.27.104:80 | www.google.com | tcp |
| NL | 142.250.27.104:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| NL | 142.250.27.104:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 92.123.140.48:443 | js.rbxcdn.com | tcp |
| GB | 92.123.140.48:443 | js.rbxcdn.com | tcp |
| GB | 92.123.140.48:443 | js.rbxcdn.com | tcp |
| GB | 92.123.140.48:443 | js.rbxcdn.com | tcp |
| GB | 92.123.140.48:443 | js.rbxcdn.com | tcp |
| GB | 92.123.140.48:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | udp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| GB | 88.221.134.170:443 | apis.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4bf4b59c3deb1688a480f8e56aab059d |
| SHA1 | 612c83e7027b3bfb0e9d2c9efad43c5318e731bb |
| SHA256 | 867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82 |
| SHA512 | 2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9 |
\??\pipe\LOCAL\crashpad_3472_MOFREHRXUSSWBGPY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4ae6009e2df12ce252d03722e8f4288 |
| SHA1 | 44de96f65d69cbae416767040f887f68f8035928 |
| SHA256 | 7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d |
| SHA512 | bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d7adacaf4ee6d91c093e86ddccb0a19a |
| SHA1 | 256dca946c57715ad80c50f34972f720c73f858e |
| SHA256 | 329e9c3fadb565580cdfd9c4e4e43c9f7e8e63f71eff0f17eeba4f58a82e3d30 |
| SHA512 | 207e48af73ac1b42ea5fe613ec6530431b25a6e2e7ed9559077e81e345fef7c5ef8727626526d032a5526cd3377f901e4667c819b106145c8513d0a659e0409a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39eb6dd213b74c7d2f33f1c952f120ad |
| SHA1 | da6ff08930d2e46ae4d5591eaa8a46d288b22c5b |
| SHA256 | e7286e85758a44b60cd8a98027d319d05d5c2fa4a8eead769e5031578e4216fd |
| SHA512 | 4e0a1f9af9c8ffd5f06c8439f8c300215c356dee0f179a16fb24ba795b8c29b603683110002236f1a3c0a23180fb52d4e5ee1b345fbf84c740537e259ff7d5f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5fb04b55b70b0ba8deeb1231fd9cf59f |
| SHA1 | 1be939b872a03f377d94a1193abde896c2c53037 |
| SHA256 | 437565e517ae32286f10a33b272723da6d49fe5fe2ec9aa3eb47c9e574e335da |
| SHA512 | 08912f6f87d515d7c09d78a04a2addb20b9de08b9e882bd60d08e5fa63d8d71595779dd6388bda0329deac9b2514e7b2902dd6c41ea0306f1fe69a5899eb3a53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce2c09606e11abaa5f8dea783bc1eb51 |
| SHA1 | 3abbd963a5ffdc6894d2de7f49560b447b7ae8d5 |
| SHA256 | ccf38d595cf705c41f02879af07672e92e396f0c7febdf938e1be8ad545a19d8 |
| SHA512 | c8efc6818985b6c3d46e1088cc2e67bc21b6e7c5da4c93b5f19470cf88d0f5b716e9890d2e0e1f19174ea537708ee99e752ae0f8ea0f0b5343c710e51ad3f9f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 127fdb49cd9b79688a237ce4af2ebe8c |
| SHA1 | 1a5bda8dcd520a4ab464460811783ee09b1c553f |
| SHA256 | d1ce5f72ed4c11bc63671fc66dd75b6c8418b1087b2c5236d7c755bc0dbd4c7e |
| SHA512 | 54678ee1920f46cbe11ee08eebddcf66dd7104fc37f2c71faa12c530429667b99d05732fdbc5fe455c54c05a4e8a8b5b556db8c1a3d31f5036513a0efd0f9bd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585280.TMP
| MD5 | 898d755ddad1d6f1afdfd34a2252ac8f |
| SHA1 | 89fea2074fa4c21bfff56e8e2bad0bdd21e9f095 |
| SHA256 | 33922612ce88f70e104d669b3b457deba458067687a06dcaf85af78a79e1df62 |
| SHA512 | f3a15d7bf3e2ffc0cbd1bd96fd0dea937e9285e9e5b06634021d8c78bb8e06d1657cde033f25118cd86a65773d5db38126575b3f1cc49cf08a39a1999fdf7428 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f1dd1d4-ba39-448d-8047-575b121c9f63.tmp
| MD5 | 3087796fc1063209173586016a32652c |
| SHA1 | a84c1d040bb0d91f821b42d29feacd3aba2c9a58 |
| SHA256 | 74dac711f9e0425dd2ad792f870f779b35e77e4d7bb9226475894018d5213082 |
| SHA512 | a03aed51d25cb8820301f51e3d264da1825ad5ab6592e927ee0e5fa54da9fb80b832607f61f755f7785a7875664d49e14f7064f9ed4ec49d149a6cda700d84ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0be5519be4cbffc404469c8d4edeb82b |
| SHA1 | 7f5c7e39ccabf9afd6aa86652975216628fb0d00 |
| SHA256 | bf6f5aa32641f65964a9ed6b7be5556921a5a17222bade68829074f501ecf6b6 |
| SHA512 | ad64214b72f430569d1b2c8610ffbc55a02024fdaacd89bab0fb5c29f4286d2e349ccc03b4eb541ea761f79783a60186f7c4ab5e7a9f149593c5e576a9c2c1f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b3b587a38f3271c282db074dd0e28a17 |
| SHA1 | b9b2727dad0410e02ee042e82fb4a07243ee2d97 |
| SHA256 | e455f2cd64047905571075fff5749b2c63c07556d8b391079a4e759af89ffa51 |
| SHA512 | 1cc6e5b399733837935dae186dd4be4f5d9975902684a5bacd9beba28af64d2b4d6d96b278bc4571ef7a1d6714ba63626b0f690acfaa91e0d72aaa4b05f6d56d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0df4d823151e1f14aeb42f69c497cfc4 |
| SHA1 | df1aa1efca244b44119e3fa5f9e37adde66acec1 |
| SHA256 | 52ab010fb0574233e816b38247a6263e220aab5f2f44aa3c74b539d52685cc62 |
| SHA512 | b75d9c1926f810933fd126fc819c3e366dee40b5e5fcd82d842aed5834951510fba0cd5c40606a1a1bf672e28694bd92502bc03ecf1b4d0a7829ddca59b73491 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aaa5fdd86c398cb132f651d61854f2d5 |
| SHA1 | db7304f87508b37da43525c7ef876abea0391d82 |
| SHA256 | 8b9df3f25c469a5efb89199499efc5c2bfdea7d4815b2791665b53c63e81458b |
| SHA512 | e1f3ef98969c60a28a13ae382331dc5813e35c557c95964332a1d3a04173b3565b2d4dee9e7872381b0bbde52e6c891f17313b380c39a62c0f4df256ac4f94a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b0c9f5d2a262dc5c04c85f8945f35a29 |
| SHA1 | a97f0da2fdd775c19163a088e2b8689d2ff258cf |
| SHA256 | 1eebb8a50ed78da3805dd645ca5f06ceac02e0f4df12bfca7e9520bf11597419 |
| SHA512 | 12cddb30a16ce4ae2bbb68e4e7b3a043908dbc3c5474c2ed0343f2d1684fe65cddcc49963e80a36fd35dfb170f545d6ea8efef0381a72ef885d915be727f01f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c53b07e9aaf2935ac228a238168cec23 |
| SHA1 | 174ce972f6b3837cf62d2367011eb50b55ddae72 |
| SHA256 | 207ee29db714adbf8ac4b7a5e2c47acf583bd40815e51d369325d1c6a03ce0b2 |
| SHA512 | 98f52831ee418c8f6690d374970e64201b473c4624eb8a81c570cdc32e0e584f25ec1d68963fbf67a7a8cc481fa4aeac51e05d7c0bdaf52852935ee93e5832b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e74b3d3b89f46b9acf74b11491c0776 |
| SHA1 | d9b12532ac600f23ac6c8fdc1e4717e1d60756e5 |
| SHA256 | dfa879fe56a63f8d8aab52d6fcf9f764f1d90b43fc8e608ea343a9e09ad264f8 |
| SHA512 | ced707b21fcab8f9a5274e84bdc07b77110f8a8ea5ff68b677133e99c8eda6aeb33ebd369c5512658ae7ac621134ba31cddda86617c4e05bf5dbad7fcf4bd297 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b547bf61ab0f1d31796a58b39d1ec1c2 |
| SHA1 | 6bad47b0bab003168117777db1f5554ad13c556f |
| SHA256 | bb8e64fd709e506c61808ddf4615ef4b011770b444755305125dbd5314269238 |
| SHA512 | 40f714d8600b020727e2511ff1e24f74fda7fb781f592c101abd0219045298ec0bdc16cb9ec6df18d1e32baad29db93c8e6e5605675ea68e336f44ebd7d69fa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b54bfa4bb4b95d79c9c8c400373290f |
| SHA1 | 263d5b3edc9fe71914bfa436855fd170c0e333f1 |
| SHA256 | 720bba3be8181ff1cbb6ab0029f49207eb64590c59ee9615befa2b4527faf40d |
| SHA512 | 828e738ed8a1be9d157aa9bfc40a609eb9e20fe69d5ff2efa5cb465a3161a4a3e56f2886e605ad827f5eb78f35753a5fb261e7b70b9befbe66e5ad4dde936b3b |