Analysis Overview
Threat Level: Likely benign
The file https://iscdoc.wimi.pro/shared/#/file/dc1e15d5dbca4d36a9cf906d9b2f4c6b4e336937331edb94e3f4e0f9bc261de1 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
HTTP links in PDF interactive object
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 13:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 13:24
Reported
2024-08-07 13:27
Platform
win10v2004-20240802-en
Max time kernel
198s
Max time network
208s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iscdoc.wimi.pro/shared/#/file/dc1e15d5dbca4d36a9cf906d9b2f4c6b4e336937331edb94e3f4e0f9bc261de1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab93046f8,0x7ffab9304708,0x7ffab9304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5016 /prefetch:6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1424 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2128,668041906228722818,13601464156707375618,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7016 /prefetch:6
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | iscdoc.wimi.pro | udp |
| FR | 45.94.124.194:443 | iscdoc.wimi.pro | tcp |
| US | 8.8.8.8:53 | autorite.certigna.fr | udp |
| FR | 91.199.221.3:80 | autorite.certigna.fr | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.124.94.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | autorite.dhimyotis.com | udp |
| FR | 109.197.245.4:80 | autorite.dhimyotis.com | tcp |
| US | 8.8.8.8:53 | cdn.wimi.pro | udp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| FR | 45.94.124.194:443 | cdn.wimi.pro | tcp |
| US | 8.8.8.8:53 | api.wimi.pro | udp |
| FR | 45.94.124.194:443 | api.wimi.pro | tcp |
| FR | 45.94.124.194:443 | api.wimi.pro | tcp |
| US | 8.8.8.8:53 | api.files.wimi.pro | udp |
| FR | 45.94.124.195:443 | api.files.wimi.pro | tcp |
| FR | 45.94.124.195:443 | api.files.wimi.pro | tcp |
| US | 8.8.8.8:53 | 195.124.94.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f3dc6ad0.2ec37e06c0784e9c7afd712f.workers.dev | udp |
| US | 104.21.89.252:443 | f3dc6ad0.2ec37e06c0784e9c7afd712f.workers.dev | tcp |
| US | 104.21.89.252:443 | f3dc6ad0.2ec37e06c0784e9c7afd712f.workers.dev | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 252.89.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.95.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msn-n.com | udp |
| US | 172.67.156.32:443 | msn-n.com | tcp |
| US | 8.8.8.8:53 | 32.156.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encryptagreementlive.info | udp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| IE | 95.100.98.89:80 | r11.i.lencr.org | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | udp |
| US | 8.8.8.8:53 | 130.80.50.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.98.100.95.in-addr.arpa | udp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | outlook.office365.com | udp |
| GB | 52.97.146.194:443 | outlook.office365.com | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| FR | 23.1.254.121:443 | r4.res.office365.com | tcp |
| US | 74.50.80.130:443 | encryptagreementlive.info | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.146.97.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.254.1.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_3372_WWIFIILUMUWQCCLH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 570700768fc4fc11acd25745c082a368 |
| SHA1 | 43597d106c165721e01d0b41ccb3820db7f0ac97 |
| SHA256 | 876bfe09bfa4f5bfb960bea7d2478de3d1227a58f45db0b8ff094d7bfcba379b |
| SHA512 | 63a46866d6a43932c6f638ea52cd5bf930a4b0bd6948a3bf7947622eab99f0c85993ec8acb6d5439c3f0a883a7e739d6cccf25d680ddf412d2b5cda1c249eec7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe5772ee.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c169615d6272ff2f4ef2d70b14610d2d |
| SHA1 | 014d641a66380619960231f7db69dc4d75d8a81f |
| SHA256 | 299f37d591b2041eef62833e8d5a9d06756af82581e3c8a604a59e5d1b288605 |
| SHA512 | 219b6524c233fcce0b8ca3a1ab53194285dccd9d56df6eefe1076edd0e3bf656d632459804108bf17fb7725428253d3fbbaaf24598e99528c7bfc35548b4b188 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 769ca376ca02c5546e58a1ef8147fff2 |
| SHA1 | 1b5d09f1dedad89e1ce3503af532981757a6f274 |
| SHA256 | ed5e61da3cbe6bf5faffcece40b98f391915cb84e547f4d3f949e4007d86cd40 |
| SHA512 | cf556abce0f3a868c829cbca3ab6fddf408600db02e191fa315411b965951c9693557de64389ad26f211ac5f765ff8ade3bb44982f9f8ae88edf1b6b29331302 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 98c1b9c3edf8d1a5ed0989182c0a37fc |
| SHA1 | df9f8db596da90ce999a3bbbf32af9520f6ca8d7 |
| SHA256 | 14cc436bcb55bc35d3fcb4bd8d667604a87e683fa0fbdedee1740eba42f6592d |
| SHA512 | 904daf084619345f994ab4f35d6845fe7b39f079ff6ba2f8c24169a3e3c8052289b1c2ee5f93664800c738673f7bd5c1c78b5924ecd9fc2cfa32c1b698542b49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585d1f.TMP
| MD5 | f7d9d490caa880135fb54880758dafdb |
| SHA1 | 08710b96f993f57e2262308f8c4af7d2411a200c |
| SHA256 | 4af53ce3ac45bd52dcf9f1ca29dfa087093cd34da05f114e80da148e7b275447 |
| SHA512 | 8126edfb0c6f1d8971d16e1a0770ab0e9ff8d80e16cda73d16fb6702f3cb75527731c68e01aa10cac5cc933727b12d76a7f2d7534acc910fd2a11dcf2fa29a6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bad9f81649420446c891aff3892647e7 |
| SHA1 | 9fce7ee6ecd29f29c12887195a76660d8dbaec2d |
| SHA256 | b92329ffcf12f1f42adcbb04b34e764fd91b2d4d8bad9fe4c24026ee454a1d9f |
| SHA512 | 72c11d34a396a503f0945e719f24c20cc5302f944e2af46d44dec84b89f4561a9386d5ced19f85e4849256ef1fdb69a2af9fe7ccb7d9bb1dcf00acdacdece8fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba7bed5d978661d5368d2c4fa8151de3 |
| SHA1 | 107cd2a6991c71f4969ed2f0ffa34dc7537897a0 |
| SHA256 | e709eff9d842e1e6d5d156f0be2b2e0c6cae6bc2e0f3d494c193806dbb75c0a6 |
| SHA512 | e6eed76bdb80ce25d4533da2065191ed31274d5427f1504a5586331897b20cc5c6df896b2abf8f47e555736150d43408bc58873787f57838f8b2ac77a0757d52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f2e2d671b467d32927dc7303550e8681 |
| SHA1 | 46cd27b1e5eb708382b653a25316a87eb4d0e924 |
| SHA256 | d83e4535cd93a094a1715648f9242b3ed8219a32ceb9b38185b6849d37ab7907 |
| SHA512 | 6869fbdfb7e55580b1f63940a190436c6ab4620e7ac902e52ad4e34b98b1dfedc4d39e3d8a679ca8d0cbacf6483647f16ad996ef0d38064dd93c577da4f45752 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58849c.TMP
| MD5 | 17547293e6eac9bb739703dc74522ebb |
| SHA1 | 68ad75815e33e4a03f8e2e24c8cede498048a5ba |
| SHA256 | 818a25e00f61605be3d5dfd34abf5347ebd6faf854763b54835dade21c5fc3ee |
| SHA512 | 2a3ead44ec2ef80ab4281a09ede6f77edcaa9641aaf79d11a1a930dcd0390b1ae57ebaf9fd489a035fcf1480e2cedac36638907f08a92738e28e568d6b28a99c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e14216c12e93db8836609c07c5245c3a |
| SHA1 | 81fdee85a95e43e3653ea0c6a928d9d5d5f07592 |
| SHA256 | 005d097551159a669d030ca676f30c1deb9746f05f63d53186daa99e09707aec |
| SHA512 | 73e8b2d9b1a4c9f79bd7d64e0c9102592a44fc23c9173ac34b9d0c90c55abf7c7337e1c5923d97732e29eb92fa28e8cf3cb484eff076bb0045fc7aa258744bd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69c6346744bf7e2f071d2983fec5a5ae |
| SHA1 | 2e1d5d35a372d5c2a5eef83337da792b4176ab87 |
| SHA256 | aa621778c777f114a137d15c7d80c69ae03f9774c6c7b2c8dfbac8ad38cb62c7 |
| SHA512 | b38c3dddc929018cbdae08dcc17d8ab4061149859f484047f981e3f0ec4d357d9199ff89bfed90e791d55687c32f323eb72a830cb4243e585f5a389e72f98a44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 338d44e95c9a26107eff1909d1e1e212 |
| SHA1 | 0e035f8f54397a02d3e0e3ddaae8a525e211bfc8 |
| SHA256 | 8a924811ca1a9756920e8f9c0c3c21a3e89dd8db6c57927e64fcaba70ec68201 |
| SHA512 | 3879be566a9bdb99c48b4fd64693740053f8d1e29a9c32ce9361f35beea5e4b3684bdee61e57fccd1063a5598acf752c3fd386276d763d5dd0bb499691a27835 |
C:\Users\Admin\Downloads\5e2f44d7-a9d9-4d95-83fc-0a9c076b4e46.tmp
| MD5 | 861c3823faa83638784d554057c3c1f8 |
| SHA1 | 512db52879970ad66193908a641dc2586f5aa655 |
| SHA256 | 33e1290dd32400b1dbf3a790bcac480e376c87892a59d793e119d4d54e666ad1 |
| SHA512 | f80634fc23e6ee85e4b336710e56e2195ea49cabf9ad513e440321d3168d921dae02aec0527b28c8b5d5ab2b5bdbce0f9830c3e81495c5d3f2d546a549ff3a84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1a14387cfa7152021e2ae295ead70fd6 |
| SHA1 | f3d9787f64ecb05c792275ea99b629a981984c92 |
| SHA256 | 2dcafb1a8d3e8052483f3e084c8e4945ed5f3850cd6e146f2e59145de5423f38 |
| SHA512 | 312e660a118abd7ec687fca5f7fa3e6bfb4f49a80c0fd15109e834215bc94ed22d8b9b5502db4ca957b2ef1043d04ef9094950870aa6db037b8f9b77fdb37c56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aeb3c020a08b81b810525be34825ec5c |
| SHA1 | 3f5aa501a46da2263fdd67a82d033beb57134253 |
| SHA256 | 2ddf499c7a0a9520fdc19c76f833d5bdcbdb0c8914f282398baedfbf978e9f72 |
| SHA512 | 7e6711e60040f55d86f2f3fa00c12ac6aeb47cf7e2157b62d84cfba687bdb0ca3d8af93893d4f83429040e5b21e045f78f573e5766c6f9ef6b8d45e9ef60c51b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 43e0e03a048fbfb60232c2add2c528b2 |
| SHA1 | a8f3bb2197f22e0d7d1f1661f4268d939ba28835 |
| SHA256 | 26b042ff5b07c13e9cdae2977e8509cc3fe17e3320d2eda4e91bbf4ff98e9a3f |
| SHA512 | 441be8e3eea1bdd8bdb4d3b5c2f9798f340e04de182fd33a4ef5463b0faa228be69dacb4dd04fae9cdc80245692492279cdb650d8837230d7ccf8509863d3601 |