Analysis Overview
Threat Level: Likely malicious
The file http://google.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 15:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 15:04
Reported
2024-11-08 15:10
Platform
win11-20241007-en
Max time kernel
223s
Max time network
238s
Command Line
Signatures
Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 114392.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc20b3cb8,0x7ffdc20b3cc8,0x7ffdc20b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5912 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,2059917476861081302,9974162602295802998,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6492 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:80 | google.com | tcp |
| GB | 142.250.200.14:80 | google.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.185:443 | th.bing.com | tcp |
| GB | 92.123.128.193:443 | th.bing.com | tcp |
| GB | 92.123.128.175:443 | r.bing.com | tcp |
| GB | 92.123.128.175:443 | r.bing.com | tcp |
| GB | 92.123.128.193:443 | th.bing.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | tcp |
| GB | 92.123.128.164:443 | th.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 172.64.145.151:443 | shared.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | shared.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | shared.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | shared.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | shared.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | shared.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | shared.cloudflare.steamstatic.com | tcp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d91478312beae099b8ed57e547611ba2 |
| SHA1 | 4b927559aedbde267a6193e3e480fb18e75c43d7 |
| SHA256 | df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043 |
| SHA512 | 4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96 |
\??\pipe\LOCAL\crashpad_4284_YTJJJZHXTMMLIMIN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7145ec3fa29a4f2df900d1418974538 |
| SHA1 | 1368d579635ba1a53d7af0ed89bf0b001f149f9d |
| SHA256 | efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59 |
| SHA512 | 5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8235cae20209b0c15551c5a25632e1f |
| SHA1 | 35792ae6972e10503d821d58199749edee30eb52 |
| SHA256 | 652a8b3d1b3b302f34220c40ad3b325fbb47b18a1e246c5a6abb65d8961c1f64 |
| SHA512 | ffafb839026fef74bb2e99ad6bd2a1b1a163d1552f7c8ac6192e90582c58e5695d777678dd3fa2b411d2e90cb60f783f04d0af5e6e6672c6338462f176402590 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 135e957393197ad9bec57603ee21fff6 |
| SHA1 | baa5d9cf5a94b593c80c4661dd21201b6652872c |
| SHA256 | eb38235128e34b98bcca11fa60eafc93fffe7e1096bddd539d6a7774f9ebac4c |
| SHA512 | 66e3c114ac487e03a4a446f6987821eeef52aa4871558734b4f190d73676a1a5edaceefdedfc1d04e1e1cc4ab770361cdd3c205130a5ec7ee0937ed610a99fe4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9cad10e3eea419325ec820f5b0dce9de |
| SHA1 | 3814f1cf80f966927eca74c7d753a1e07981f454 |
| SHA256 | 205425f5004e30cb7cb3906c59a5f8d5f805afdb03c917e6cdc820f222b219c6 |
| SHA512 | 7ad87eb860f5abe687852c40ddf67b9e66072a467b66d68edf3df8e8a54d1911b9b9c7adbdcbcba7c8fcc8ab579d8348dc375b4909226253cb8cb0660924da0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 189dafd2bf66124f6016d6980a8338e7 |
| SHA1 | fe54e2b667482e898d567f496336ac593dab9ce8 |
| SHA256 | a0535c7c5eeb3b87ce64b05d149db0358d436318bdf53213d2b6e60295735967 |
| SHA512 | 0441cd2a24446cf529f225df9a586baa2d875be76d35986e62f83be268be9164ad9ee3369f0fc8a7d54beb32559809f2cdb9c5076c49e938ff4084cb35fc21bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa00.TMP
| MD5 | a383a9361fc89d8fd2cfacf6ef0b6383 |
| SHA1 | 1ea080fc85313f650f0cd080a32e64b24482f600 |
| SHA256 | 6ab567677a32750921335519d1134f674bc91570d4d8375cf4d7d1048d2b64ac |
| SHA512 | 40871266791edfc5f6deb21407a1ff75cff22867c4838e46644b5162f53666e70ad9d4ed895662d32847542c7d88bb71a2e8c48ae8cfb3f68ece6b8bde20bd80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6da7acba77c6d579468264f3d9b07e7e |
| SHA1 | 27806046670c854b3f5899fb104e1378818bc5e9 |
| SHA256 | f23c7f6e28f003322446ea7004262962417965760448a6f57418d885e912dfe2 |
| SHA512 | 5ca143e92ec4dfcfcab7e00899547d59dfeaed7f6815ffe4b6274fd50c629788b74face0d13e3c419077fb189d71bec9d5abd7b86859089cd61d9f72a9a9e43b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a75e81ead589037927588590071d0bc1 |
| SHA1 | 0043042ee8ed30ed04342a7721ad049eb15d6eb1 |
| SHA256 | 35846258b96330c4300af47da24c40450e8a18aaca38f41359c08a062b854274 |
| SHA512 | 3315f7fd02039b240771645aef19daf1b88fb8ff1e7b49479a959e5ed8fc3119ae3c7c4a6530edfbf8582c6ae84103c632ff7a0f068b965a56ae09933c1fd65c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | bcf9d5a1a43fda2a7c36ab813f0d8940 |
| SHA1 | cab4997b64d4d7cbef6a0b4422eb59b8acfebc8c |
| SHA256 | bbfb0781c78d4ed1a54ef478442a97b4c9352e5471c2e47f30171e50ced1bc99 |
| SHA512 | 991f35a3c00cf4237f415ec2a73d31a69593d6747a26787fdf72f0fc5cdbdf43668bef7d97d47d866096e79efb3e8e49ea76fe5c3e4296f3d835e842d81f56d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f8a4cab015a2c84e046efcf78867bce |
| SHA1 | 0966533a9a0ce8d52578ea1eb2858471abcf177f |
| SHA256 | bcd0d02d019867cfc143155b271e83596eb2f3f94780c7fbdc31dd084732e981 |
| SHA512 | c03e2091c6dd50fa7c39f697e8ad781be766cb1c561db56f637aa0b9568d8328ce0953bd11147df68b2c9a59a1ce2b0057417d5dd14497a6f5c6b108d753ff6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b8e21a5a95872f414f196a0a09cc3f7c |
| SHA1 | 9f3a77eb46fbded45afaf2fad6f733fb37800280 |
| SHA256 | 07fba565655a2010233489d3c6d5aae8f3d5bfe176f6e64f349de8435163868a |
| SHA512 | 584c24ba2bb1ef157416817e0df97f1d0bea6fdd9f759448e1b33dd40b2f4259e85f87c94dd0d9879ff8e191c6bf355b7432378c295dbff8da79d07e4ab8c1ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 807dda2eb77b3df60f0d790fb1e4365e |
| SHA1 | e313de651b857963c9ab70154b0074edb0335ef4 |
| SHA256 | 75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc |
| SHA512 | 36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fd0d819403f70915a394c540f217bafa |
| SHA1 | ba2600edf52bb4077220b978e029883b8e0ef726 |
| SHA256 | e765c70e9d7575ef7159983dcb2309e13895b6c7409560e54d14831e9996d211 |
| SHA512 | 6c12dee8b1e3f50dc22dfde5612ac617e7bfc5d2f5557516f78af28f3aaa0337cab55d8f4a86e9cb040a4e8f61e23a4ff5374f72f35b492b7ea41a35097e278b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f0ed62a574bb23eec252fc5521b3a9d |
| SHA1 | 4d2e26bc8e8f314706122dbe17df453dd31696f7 |
| SHA256 | dc04314ba8d5c491401ddcad704be2435527b5e87578c3732ece10d8174723cd |
| SHA512 | da8bada3487bd1fe59b01cce8556063ce6e9913ccd8e8f39baed4ddbae60b1bbbaa9aae2c6ec79182ef6fc4fbcb4e3b54bd2b07ec41530a81cbd3756799b0cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 55a93dd8c17e1019c87980a74c65cb1b |
| SHA1 | 4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d |
| SHA256 | 4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009 |
| SHA512 | f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | cd74fa4f0944963c0908611fed565d9b |
| SHA1 | c18033d8679d742e2aab1d6c88c28bd8f8a9e10d |
| SHA256 | e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804 |
| SHA512 | b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f5ead20989c09a2566de44aef2c9e53e |
| SHA1 | b28f79a444b3cd596f90daf098025e84d59c8b2d |
| SHA256 | e66c0dcf8d9a474368b2afd29d2870bbc5e577ba09d7172ff8efa27ce73fa516 |
| SHA512 | c0e67d0b70149e9fd8ec99dd1f8da668454857ac944a6926036bcc805a95d5026281f397a93cf7207ec1bc82b90fcebf1da7c399643fcda7a4a32e7cd058d803 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6e8a7039f444caf3a5d3786c8485f3ee |
| SHA1 | 476b81635b8e425ec77acbe1c55b46b73b86a2c8 |
| SHA256 | 6d2cc377773fb3be0977143aa3a6f50b903fe33688e61eba25520d64381c3a74 |
| SHA512 | 32d08ad8ea1418c3c1ce4904d036b9d7847e8c0e5fb41fc92ea661c7068e3380df189f27fef5c7d41474ff2502e7fab5f49eca25bfcd8d6683d21a8328b22b83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15e6efcad8e5d5b75d4540db3466e930 |
| SHA1 | be4b94dad3ffb29745e5849e1e1172acb285b6d2 |
| SHA256 | 4c00eae2d5eed63a3645348bea94c51181f9b7d5adf1c2fb01d7f05a6881ce44 |
| SHA512 | 84ef22c83cf76888404e5ab83759ccaa14cde398f9b733189f02f7585a8f78920e8d79dae62003ab8af7b976d6638c84916012f0c52b6352dd4fe38e2ae468cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41bd643cdae156fcb5ba6d961fe3d039 |
| SHA1 | 56fc325e353da0f6dd4e6b249c4aaf2cd737f7c0 |
| SHA256 | 1f88cd7addd4c716f07a194917efb31a9e34fa36f3f51ca9b5442c8d2fa18447 |
| SHA512 | c2bc3f162d716f89713e78267970586f2bb6b2447ec6a09f8474b646f31d4c802949c3510333fb8593454a4f78bda28e2313a89ec3f6861be3af1138025e02d7 |
C:\Users\Admin\Downloads\Unconfirmed 114392.crdownload
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 133bf71a37e71bd464848edbfec9c2de |
| SHA1 | 7a2dd7cdc0a75a4b63ad928ecf6284d2af9f9308 |
| SHA256 | e7ab773912a5bb48e76d4ec49866f053870dcdd1d286ce7e5e0fb0960eec843f |
| SHA512 | 2303baf6c744a0c1205e1e40dbb27a5b3c5ebb9e0ec4c7a1b32a15af6b7f099d89755257467a5043096ab88f2a789ad2a64d5ea6ab6593dae06d8bf45a7f9c5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1b9d5bc307fd80f864c7f41155ce82fa |
| SHA1 | 21cd25f49d89fb653047a6f5f51599b7197a31ad |
| SHA256 | 18c3b3501a484011f7d741a284b59c28bb283d008bc5c82545274d91964e515f |
| SHA512 | 5c556de3e9fd221ceb2a1559729177b7237c13011fe6cd9f6424800a5e480b8e7f3240aed463d7af91dae76f53cc9be92fb9937da0d0235074eee44ad0fa9295 |