Analysis Overview
Threat Level: Shows suspicious behavior
The file https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
NTFS ADS
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:40
Reported
2024-11-10 01:42
Platform
win10ltsc2021-20241023-en
Max time kernel
117s
Max time network
124s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241110014051.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\00f84b25-00d1-4244-96cb-2386352d2946.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 193866.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7fffaa9546f8,0x7fffaa954708,0x7fffaa954718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff625105460,0x7ff625105470,0x7ff625105480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| GB | 92.123.128.149:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 149.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.149:443 | th.bing.com | tcp |
| GB | 92.123.128.149:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | x.urs.microsoft.com | udp |
| GB | 51.140.242.104:443 | x.urs.microsoft.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | signaler-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | signaler-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.co.uk | udp |
| NL | 142.251.18.94:443 | accounts.google.co.uk | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 172.217.169.78:443 | lh3.google.com | tcp |
| US | 8.8.8.8:53 | 94.18.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients6.google.com | udp |
| GB | 142.250.178.14:443 | clients6.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | tcp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.204.65:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | drivefrontend-pa.clients6.google.com | udp |
| GB | 142.250.178.14:443 | clients6.google.com | udp |
| GB | 216.58.201.106:443 | drivefrontend-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | drive-thirdparty.googleusercontent.com | udp |
| GB | 142.250.178.14:443 | clients6.google.com | udp |
| GB | 216.58.201.106:443 | drivefrontend-pa.clients6.google.com | udp |
| GB | 216.58.204.65:443 | drive-thirdparty.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 142.250.178.14:443 | ogs.google.com | tcp |
| GB | 142.250.180.10:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.180.10:443 | waa-pa.clients6.google.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.clients6.google.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| GB | 142.250.180.10:443 | youtube.googleapis.com | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| US | 8.8.8.8:53 | contacts.google.com | udp |
| GB | 216.58.201.110:443 | contacts.google.com | tcp |
| GB | 172.217.169.78:443 | docs.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | tcp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 92.123.128.133:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.128.123.92.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cc10dc6ba36bad31b4268762731a6c81 |
| SHA1 | 9694d2aa8b119d674c27a1cfcaaf14ade8704e63 |
| SHA256 | d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f |
| SHA512 | 0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56 |
\??\pipe\LOCAL\crashpad_4424_CLPMMZIRTBSKEIEU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 467bc167b06cdf2998f79460b98fa8f6 |
| SHA1 | a66fc2b411b31cb853195013d4677f4a2e5b6d11 |
| SHA256 | 3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd |
| SHA512 | 0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 968a2b39f13f5ac5298386f82f4ed715 |
| SHA1 | 47446e01897849f4f0e5f13e74f879ac29185ee4 |
| SHA256 | 68f60a51fd64a16762cc4c8ecc1412c0a6ad4c6cc9194513863fd3b184b59d77 |
| SHA512 | 3cbbd454d391f377693dacf134fd79429dcc64a2e424bb384a466fec11876bf0265a8074e96a4f6e6e1eff09f00397664684bb404ac12b2075185e900c8fc3b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 3b964859deef3a6f470b8021df49b34d |
| SHA1 | 62023dacf1e4019c9f204297c6be7e760f71a65d |
| SHA256 | 087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5 |
| SHA512 | c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | ec322078b93d989a37039df5599ab3c9 |
| SHA1 | 08905fc37e06a23c8479dde8ab909008cfb01307 |
| SHA256 | 7c09b57e3ce27234cf1ca143da0b7cfa350b60054cf28588b19d6436eab6a641 |
| SHA512 | d3a747c1e6c8bf353814d49c7c1e0b98762a7bb0fe2d882ef31215bb77b5261a1656a6590e4a9d0b00aee6912ea9e37912f77add62e19088fcb5e84a6feae111 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | dd237433c12b411b2ba3940305080b30 |
| SHA1 | a7bdfcb526bdad6fea53450c2436ba9da4a7b44e |
| SHA256 | 4a96298b3b1977aaafbc97a0c5c630db82156b1f1e9af3cfbfef34eb3acede2f |
| SHA512 | a799b8b41ec66d16a3cd64ce713fe58294c05feac767b1910dfe1a89d4db806aef69951d102bca4a3948035b74291733a241e5ff8c0d388ed6a64bfad08da566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48b4c672dfcc81f96b0de937b0b51a9b |
| SHA1 | ff5ef36b44fc721cb150482db0adbab95c50413c |
| SHA256 | 7029f51136e7dbd0cd469be79788f913bd6fd5d2f04f92a87db954496fcc7a0b |
| SHA512 | c440680b0d1f3740c9604a732c2d0bbbce3f22177c8e2c07ca1f9ae435f469aa49e2642ddc576317c273c3224eab3f069600b1c0f3dd98928915de5b8c6e93cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99ecf4f4b48fa6f7a146b326848b16b9 |
| SHA1 | 0e0179fecc43ab9fb29fa6d0ac9571a09117b5ca |
| SHA256 | b13373b60a5e10d2df11e01714ee2f80d3d41e1735e9488558df124093184aa4 |
| SHA512 | f7455b2b3ef387e8ea19d73b08a03a279cf2d5e6b930028a62a6c7a7a0cd60a1043927e3fdcac2893ccace6da3a84985aff28783ddee4dbc175e78db1ca2afc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5c2d5c900312f44e72209416d45723cb |
| SHA1 | 68fb8909308589149399c3fb74605600833fbbc1 |
| SHA256 | 56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8 |
| SHA512 | 07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aad0fa2b51a44a7a4791f3748c81df06 |
| SHA1 | 64831c9fd4c12b8f559a89a44660a300583d6ec1 |
| SHA256 | bed097ca72e870b8b4d0b967fc3fda50692d23fc35df035ceeed4809196f1f0b |
| SHA512 | 6715d5f8a00412224cccfcea230c36e6ee9ab18a8162fb4f14985cb106248a8749bf5f1751bd7e9ba0b4003c4978214d371500281adc8fcd8cb273b60a7d47f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f6e264ae8da73553b56302e28a06fe2f |
| SHA1 | c30614cfb4dbfa18635e6551fc046dbd9fbd85c7 |
| SHA256 | c5b08e256a9cfc91f9298ac4069d399a0c3263b5c66f045bc8a405613135909e |
| SHA512 | c097f9965f16e0a194b0392225543a0a54f4e18afd2c076870af938ca1ab94f2aec7c43ef4c1e9e7328710c9909650422e003189b21c5d8285f3feae215998e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815f4.TMP
| MD5 | b1442a1baeb210b13f2f3f6d173ac632 |
| SHA1 | 5162874d5b358043b46278e3cd919ccfc4c86f21 |
| SHA256 | 68ad589adf762b9f58ba85074d378181b9653d76aa670ee4fafeb1220a742387 |
| SHA512 | 011fdb2d3b2c4c73f133b41dbb57e3fc66a7671e7296f1063a94eeca5ea5a6a6cedf650f076aa70220372cdb1ad2964f1a7f473841b121bbc8a079b0b1c5072b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e60be38-a626-4e21-8ad8-beb6fbd201f9.tmp
| MD5 | 8ec978c7017780f604812653ec7e113c |
| SHA1 | a2a41faaba0df085695474d71a4d67aa24d265b3 |
| SHA256 | 92b5ca95392a0526ffe6fd4bb1c5b9345b3626de7cefcf36f458c0e828287ebf |
| SHA512 | 2359c19c1edc5d24730ffdb461b3ffe04766c52eebe9d231bf13eec305891a37d2d148cc9e8f6b03d8abe8e5f62a5db9cc86b12ae8180d3d65fa36a8294f13e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5ceb02daf65e20b732088abd95bd25f |
| SHA1 | 1a8116762c271e1fb6359706d4687be75561ee6b |
| SHA256 | e59b0380ed5703e4e56848ecdfaedb9ca7d0b065dd074e349bb9b8c43756b93a |
| SHA512 | 83103de5d875170796050a5b809a3c4cc33670a21d6db2f9370cf5251d7a947a83f0a5c57f7f61daaa2b8a795f3b48d24e1bc3729284df291bb203a794e23780 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | f61f0d4d0f968d5bba39a84c76277e1a |
| SHA1 | aa3693ea140eca418b4b2a30f6a68f6f43b4beb2 |
| SHA256 | 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc |
| SHA512 | 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f50635de8e856cf0dfafa3bdcc2bc3d |
| SHA1 | e4b7f66b9666ecd71b4321114e27866d1e49dcb1 |
| SHA256 | 3087b8b267218e18e44094083e041cab131684246397ef7d9005d7ba7dc6bc1d |
| SHA512 | 01c45cf8661971bbc1a6b70406f5b89f01834a8d6a4bf2fe496c9487716fbbad3c43a0683fa6635241e5c086a6513839a916e6b4d11e3648a4f1a756a4cccac6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | e900cb339792c61a3ed02f7c93d0ddfd |
| SHA1 | 76530c9e34114986f99b543d69c1d2576bd1f377 |
| SHA256 | a10d553e3a7a60fd5894031d8f57667a418a6ad6a43feb0af6166276775431f2 |
| SHA512 | 6a8e3feebcd53172a0f5855c18e63055f1eaed7e261a8197ea0f9fb27fda4582ede7e572a78d84f3b2b4da13970c3d56cd4f4a0fa6b59b5df92b226f1b6a1f64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0862312ce9cfd84504397ddab038270f |
| SHA1 | ae261fdd7c6bd120c004b1ae05855867ed06150a |
| SHA256 | 38fdfb136ea00064f6d07083818184cbced9aaffc2e50bcffe32c70041120535 |
| SHA512 | 2e29135b7a2f338fa40679101763cf7185e61e0e8a3dc77a460accdbc9a1a22978921537fea27396ef09a19101c34b59d710960358718043832052170baf7c1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 80b2d6dc17f365342a447aa431c78e19 |
| SHA1 | 459a6fdbb7c98252933bc0dd27956417f4f91c67 |
| SHA256 | b9129985bfb98b4175b841e7e471577b7578954f365bc8758996ded553b20415 |
| SHA512 | d0e4495cf204f39b49527cc9f15f0983cd05ef3186f61da278fc1ebfe1d8123c0cd2c1b8ee64f2589ab8af440b030f12255c280b6b9a185b1514d6a97a32cd67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 84337f56a94d0038fefe02e498123e06 |
| SHA1 | 49ff82b16c1c58198a5c67105e505ecd7ae59f23 |
| SHA256 | 23bc0e615d61a1bd7ec00cdc05a7567e7c527238579636c80754ae565b41251b |
| SHA512 | 900e685070d99a70b6dd59f42ae81682395db748cd5cd7a94dd03c2479796b8b53c9acfa3fd4d1ee23c63e6676c87dadfbc6a02bcf67b57924b9ca724736cf04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38becc7bdd03ec3e6b2d2b26760bad84 |
| SHA1 | 47e7ada00a0c672bf6e1970048de3a83f103c93f |
| SHA256 | 75b9d3d7074758455ab1bd2dd22d0a73846ca0aa0314706ec6de86a581df7ce7 |
| SHA512 | 7bb2d140584930efb77d108792aab751559c065ccabde2cfb53ed956b9dd7f7a52ccd6b4c8ac337ebb6be38e390f50e9e80d3626bcfa01f645f1f4f6cb0fc8ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8804b3f2b4fd4bf9e3bc433c85deefce |
| SHA1 | 37c068c42b83ffe0f667164f12cf01d6597902e2 |
| SHA256 | fabcda2b12a48f815229f7e48aca207e3002376c4e8cd893d7b1f2cff59d3fbd |
| SHA512 | 7fda6126c9065d3d10df6244d4673738822af8f3c2908806634fb61ba2c08b71e991258ab83a343f89a4c96d6b6a9cc9e53dc18d9dcc1cfc5171c3ba5bb72764 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a294.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f013421e69cba9c63c874852cd39252 |
| SHA1 | 0137776990df2d5c41d5992545104d3a58ee0fa5 |
| SHA256 | 9d81e540e5fe225ad41808af94045959ee51ba2882f6b3fc7d81fb74a9e058fd |
| SHA512 | 6f2d26dd2a3424a12f7e9cf5b32bb902ba5068053b29a31bc98758d911d8451bef7fb7b7db9cdeadb9a7ab313b3d79264505b5ae3b47be5b6b0bf1a5e5a321ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed0de2dc6e87447d2dff1c5acc7c5bf5 |
| SHA1 | 48f83d719b59bc88d2bd82df9994425482961a90 |
| SHA256 | 99369a523ed1157ce3f5adabd2dd82aa27fa9a3b73df385b06d30f1d0489bead |
| SHA512 | 8b58276562dd3910757c6fcd4c57b77791787056d8d7e40926f28e48e75945f222596e335d527b55f95fa567464e6c7e655d8c386c932e4ee4289d9a73069ace |
C:\Users\Admin\Downloads\Unconfirmed 193866.crdownload
| MD5 | 3bfa2f12cdea344b3b21ba4de3c0409e |
| SHA1 | ca343b0dd7987250daffafb91360684aa4a37054 |
| SHA256 | cdbd585ff1f74aa6b3f8ab819872bdc781cef3c3cf4ded3f3c7c4c2769f4661c |
| SHA512 | 588b8292896ede0888f18893597e80849dd25476464020960b8cc396f9e82dc1df781f66c1694c1c67ac1f180beff98ee6dceef55e93742653e8a72e9333a699 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f132936a3b4e312d8a798fb28f52ea86 |
| SHA1 | 35a775de534fb44b962ffd76f881c9cceed44d2a |
| SHA256 | 506cef3932955342d75aec75d440849a728dd2f720208751c29f5cdc034d323c |
| SHA512 | adc519542f5b9d9e0343a24006f0c11f5952baab92ea7442a9a293682e73eb3a9a267c882a0e1ab8d945a895828a8b2fc8f5b1dad4bd1db56838f03fbc030efe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f7a0f471c6a2baa6c60f87032378d9e4 |
| SHA1 | 59e0612227e8901dea366367af5a6675340ec0bd |
| SHA256 | e6fc7a8f664ddf2ae982fb10c63c15ddcc0bcab5b7452f32c06c0bedee6000f2 |
| SHA512 | fe659b9a005d113fdf97c4fa1292d7dff0b56d05ff54e56e756003ded1c43da5006a037c405377e9395d03dfad2c7cbc443c7dcdca76c29ff97f20a7765b581e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 36aadd98ec949c5014cf565c2a860cd9 |
| SHA1 | 75eab2c6ce5247149c30cf8e25cfd847126d4593 |
| SHA256 | 4d8f0b7056ebbc0b4d8cd3d8e2e98bca61fade70153637689e7ab96b680a49e7 |
| SHA512 | e05f05160146d925936d79fa677b6c2a51793a75646c6c3e4de282d472245c1ba9965f51db62c4b078c3e5582d1a7ab8299a442cf5fbe99085541472f86c73ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5bf7b9bb7393acce4b0b2246fb3638d3 |
| SHA1 | 26394e4e7e07cc8a7c519735e30716b2055e1dba |
| SHA256 | 20307fce41c276b76b6983c7481e26fe34a7074613b37220268e6507be483de2 |
| SHA512 | 6af8567c2efead6a3d1cd277781a0cc3816d49419c1f250a890b43475ca60958f99a33ff3eb381222be5cafe2f754ee90499bf29b874a6d4005df591ba55c34d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 035d0ba8c98634917b649d14ffa5de43 |
| SHA1 | 7b50ad2f0516ba345151cfbc2e77f2ef25ff8c8e |
| SHA256 | ad33398c89b9615c97bf02238ded223b3a3c2ba27e79bda50157867c21568010 |
| SHA512 | e1a5815f27723e188ab34b1b192760a526158516b422f986649ce1fe84b716ee51348a6f9fb468d6118236a403222e4b68c2ebf9111bb252654e3cc171a9b1cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PnaclTranslationCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PnaclTranslationCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 32b9dc9cc81d0682e78627c873fdd651 |
| SHA1 | 46c486386d3e153c3e9b11d54cb52cf0064b71cf |
| SHA256 | 712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c |
| SHA512 | f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 661760f65468e15dd28c1fd21fb55e6d |
| SHA1 | 207638003735c9b113b1f47bb043cdcdbf4b0b5f |
| SHA256 | 0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e |
| SHA512 | 6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3267e3ef630b8be3bebf47cc36f1acc |
| SHA1 | 8623855584bcc34e1eac0affbce70599ea3280aa |
| SHA256 | a7367d6f8dd7642b1aeb136e3e5f7d5f4f79e6afd0ccfd6974f0095722d314d5 |
| SHA512 | 2426bf0cf0594dbc7bb08a51b702cefb991cb8b59b2d5799a1196a2add3430cbcbe5c89f846e2686e250c14c6e629c9e4fbfb1ad2a7252c728a70e2dbc39109f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6d94b1ae1e38f237af895b366b6ce238 |
| SHA1 | 9af01369d6d420ee1c36a0a8509fa02efedc7231 |
| SHA256 | 3222c98d245bb623507a1c2ae5bf3007795fb41dbfef0b50abfd5d97b0e9243a |
| SHA512 | 2522bb5a8bda177c4e9bc8a67732f2468272a973c3db1e7941b68be5039436d1d0f6b51e709781375e884e90c84f8381ad74435cfe0617c16a92dad66aef3acb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c8704e82848f8173e1b021adc4d3fbc |
| SHA1 | f097c0ceda76ac2c5ba6ec9835495789b1665c53 |
| SHA256 | 9111dd884e499821ca57680bc01d2e685950f2199a577c4965dae36280fc3eb8 |
| SHA512 | 9a29c5cbbf32c288e9800b968cb8bce0b31b476345f1424b8215475534e9284afadc4bfac1c36f4f5d50435b1b4c92e3aac7ceeb05a7e6be00d4bf43b84071fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac2e1466f57893cbb1f86a10c4f20827 |
| SHA1 | b5d8798cfe736f9652babfe5a00cbb725471a555 |
| SHA256 | 94ff167ce81895e2af12d9167513595a5fb901cee0cfe5d032e939d99f7cb44b |
| SHA512 | c0d3139faaea4d86995886113153058e41e9403a2cbbc03a012040f8cbe95f799c783f9db83d602c0b61db594a027f8e9b9016446fa027c8ae28a5102db00931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75c80c094af9999e4bceccebc6777384 |
| SHA1 | a406c86e49010387172cde7b2852c5a816f688b7 |
| SHA256 | ad3284b0aa29f000fa6cb58e20d8fabc499b99eb735c30d6c265605baec3a11f |
| SHA512 | cda65b69f2800bb12ed59d61bae8a85c390c4c96a75e9f3554ac532b9e5065abd5acde7b8ecce32b2c5cb20fc8416a25b928d826ee53ba483af2669273f3bf05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 969cc27ec4af1baf353c9e6f9a3e8744 |
| SHA1 | 8233eb2f7733df12758ab835769c748f74909e35 |
| SHA256 | 9640a13a22da0cc80e507b146cb5d2f2cd6b3d1f9379b0fb62b6e156d92da857 |
| SHA512 | 3e066b442d1223291eb44462dd77d1d06b0375cd195de2ba5a74be1ec5067613c52b1ce824f22d9177c9934cf2b2f880e58132c3c0771f2cf0879b6c9699b514 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 39eaa48c70df106dbdbcd823199fe190 |
| SHA1 | b0492fe0da1aa17478c11f02dc385bcafd6fe8ea |
| SHA256 | 5a64e313b50c1b13359f05b56efc80a8db331f5e9c3394d1b99ea1a6ccac140a |
| SHA512 | daca0d67a4551eb7f5a5c7b1226a632529e2a306f287144c4cdf05a07df533caf08e71792856a8c6eddb2d3062f0b9c23a9c382f9ab45b97632fb528dda2b5b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | d7129093492facf077467d972d9f6406 |
| SHA1 | 7537dbc2ec24f6f20ffc247f1e9cf86182436747 |
| SHA256 | 20d6b322091daa80545eb57fa2da2a08ea58e1e3329e7af2d4a7309f0cec0c69 |
| SHA512 | a5999f9463843a32c0d4c9fda1d929bcfea46d2078cd28d2899855bc6fe03d67ac57e6bd0c5cd4bbd75ffdf4740460f893bef164924ae81e8f20c251efe7db07 |