Analysis Overview
Threat Level: Shows suspicious behavior
The file https://ytzp7vuu92w1j.blob.core.windows.net/ua0mskevqzgo84btqr0e/5HVFVzz1XInohuCeVgsT.html was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: swiper@11
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Gathers network information
Suspicious use of SetWindowsHookEx
Gathers system information
Suspicious use of AdjustPrivilegeToken
Modifies registry class
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 08:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 08:15
Reported
2024-11-14 08:21
Platform
win11-20241023-en
Max time kernel
160s
Max time network
264s
Command Line
Signatures
A potential corporate email address has been identified in the URL: swiper@11
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\V1.5.6.+.V1.5.8\V1.5.6 + V1.5.8\SecHex-Spoofy V1.5.6\SecHex-GUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\V1.5.6.+.V1.5.8\V1.5.6 + V1.5.8\SecHex-Spoofy V1.5.6\SecHex-GUI.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\V1.5.6.+.V1.5.8.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\HwidChecker-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ytzp7vuu92w1j.blob.core.windows.net/ua0mskevqzgo84btqr0e/5HVFVzz1XInohuCeVgsT.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab87c3cb8,0x7ffab87c3cc8,0x7ffab87c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\V1.5.6.+.V1.5.8\V1.5.6 + V1.5.8\SecHex-Spoofy V1.5.6\SecHex-GUI.exe
"C:\Users\Admin\Downloads\V1.5.6.+.V1.5.8\V1.5.6 + V1.5.8\SecHex-Spoofy V1.5.6\SecHex-GUI.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,5530048062105915173,106991046424275982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\HwidChecker-main\HwidChecker-main\checker.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic bios get serialnumber /value
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber /value
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\findstr.exe
findstr /C:"System Type" /C:"Total Physical Memory" /C:"Available Physical Memory" /C:"Virtual Memory: Max Size" /C:"Virtual Memory: Available" /C:"Virtual Memory: In Use"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get name, version, manufacturer
C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get product, manufacturer, serialnumber
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystemProduct get IdentifyingNumber,UUID
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\system32\findstr.exe
findstr /C:"Physical Address" /C:"Media State"
C:\Windows\SYSTEM32\netsh.exe
"netsh" interface set interface "Ethernet" disable
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ytzp7vuu92w1j.blob.core.windows.net | udp |
| GB | 20.60.164.1:443 | ytzp7vuu92w1j.blob.core.windows.net | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 88.221.135.3:443 | th.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.3:443 | th.bing.com | tcp |
| GB | 88.221.135.17:443 | th.bing.com | tcp |
| GB | 88.221.135.17:443 | th.bing.com | tcp |
| GB | 88.221.135.3:443 | th.bing.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 172.66.40.148:443 | www.skycheats.com | tcp |
| US | 172.66.40.148:443 | www.skycheats.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 216.198.53.3:443 | ekr.zdassets.com | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 216.198.54.3:443 | ekr.zdassets.com | tcp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.54.198.216.in-addr.arpa | udp |
| US | 172.66.40.148:443 | www.skycheats.com | tcp |
| US | 216.198.54.1:443 | skycheats.zendesk.com | tcp |
| US | 216.198.54.1:443 | skycheats.zendesk.com | tcp |
| GB | 88.221.135.3:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 23.73.138.209:443 | aefd.nelreports.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7bed1eca5620a49f52232fd55246d09a |
| SHA1 | e429d9d401099a1917a6fb31ab2cf65fcee22030 |
| SHA256 | 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e |
| SHA512 | afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8 |
\??\pipe\LOCAL\crashpad_1676_GUZZLHUQUEIIWZAZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5431d6602455a6db6e087223dd47f600 |
| SHA1 | 27255756dfecd4e0afe4f1185e7708a3d07dea6e |
| SHA256 | 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763 |
| SHA512 | 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6fc5cb777924a1e3bd35ed66142fdc65 |
| SHA1 | f7bf5cbb65e263db39ec975dbdaf8c919b8e9622 |
| SHA256 | b4eea6663a3b32978fa5731b24f813c4aa32f06cba696ed67f0b58057931fefe |
| SHA512 | 7daa69cdc2c79db92f83e68e09506b271eccdf4edb2c5a2ecb42c8651bad979ed7f623cf51955f8f7ce4b49067058a48579a493871eef8335261313e3681d0a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7345cd853c86aea255018f1be75349f6 |
| SHA1 | 59c945975e0564f9d7c09499da08a48a9b389d17 |
| SHA256 | 37af331b55b1dfc0bb97a8958f82dc950df9c7e7514857389d5f86353265bd60 |
| SHA512 | 7583480c608d2becaa83dab03ba0a4b274687eab8abe5eb8068c26eb4988a0046910f5fc0b3527bd695f3e496176b26d5269e751de2ebe28f09eea7695be19b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 557a394c6ad0ff6b274362c6f9f0173d |
| SHA1 | b377bb45fb5ed918171b1a4f72644c96689f0ef1 |
| SHA256 | 391eed94aed3800444dc7e2ffb52951d18d2a435d33b830fca0e610bc966ccba |
| SHA512 | 57c2e84bd46e957190a2963ad46710e9ae1cf61f2845219e975d97bf27a10344a9f352836a103b2d4ad82b106d5b5d1d8885136d9c8d4e3d7610d2c03d901f28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\index.txt
| MD5 | ade7d152d0a118814c86d80b6b5fc241 |
| SHA1 | cc9ef18f8439e55ca2c2eeb22b731cd101bf29c1 |
| SHA256 | 2e8372e597aad5b03ae718e53c15a86fa1a7930269239cfeb879fc0108a0f231 |
| SHA512 | bfe546e2ab18b5b3feb85ca38819f708669e37d3782e539ec798d1d7977016543ffb777eaef00596e42e6b74db87da2ad4c2c4e8a660df45044ada29337b8b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90527725191981584d5f9c79f4ebd942 |
| SHA1 | 2d36b4dabf8870e79f54cb33b1a098278d9cd738 |
| SHA256 | a52017029e9713030031e5b8c4074d58e0960b6d48dc450807c163a59f67ba75 |
| SHA512 | 2950b3eedfc28ef05ffbc1a49f876c8d8b7622a6fea59161caf2a7681a4f57edace5becf56380387054eedafd46d2ae6569d852b64edd69890638c228fbc07c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583d62.TMP
| MD5 | 9599fad460f67db3cdb5514c232c200f |
| SHA1 | edef208a7739abfb9cdeb57951249fd702f2f85d |
| SHA256 | 101805aba1c1646c8967cafc76a2b7a697058087e5624ef9933fdd81312fc4cf |
| SHA512 | 9f33282a3fb639536aacb175283754e2ca40700701f65a84f4785db0b77b177fac83c581148bb3ed4a22d3d748ac46449dd37948912db036cac913079644ae02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 51bd5a40a4ac590c311efc0189529912 |
| SHA1 | 23220146b5cb47a13ece15d4cd0d20fc1fbd43f5 |
| SHA256 | acfcffa33e65bac7ced69213902bd2fbaa2d20d2bf64758860283bd64e2db538 |
| SHA512 | c92674d796b2bce360ab3af53ed71dd709f32cea17023eeedb567b340639e1eb556b330fd83c40499e24d9ba60fbcc2fff0f827dad34c50fba8cc0377f754799 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\e2922a30-f42d-4741-b981-c86eb688ff4f\index-dir\the-real-index
| MD5 | dcdc107079048d2ccb27be5f3408e1ff |
| SHA1 | 7bad304505f0209212e08db9cb60336139f56dbc |
| SHA256 | b7806fb34c34cdef5ef9da4be1a0e0cd55bde9dda4be0b27e0a0133596e0d61d |
| SHA512 | eee3d7ccdd8f169374db377404b52c2168ca999bb6d7226775d4617e988eee3c795be4aad4a1e2ff244bdea2952e809da9b698586a81e401bf006bf296ba32eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\e2922a30-f42d-4741-b981-c86eb688ff4f\index-dir\the-real-index~RFe583eaa.TMP
| MD5 | f215bffa5ab52db7d26f8b6bdbdf7252 |
| SHA1 | 6611330dfa43d769d9ed42d73cc12518f0b126e6 |
| SHA256 | 2a2f2d260022ea74733d470b742b6f34da47674eede0f2affac81f7f63d76066 |
| SHA512 | bca051aa598a633d17e998ecb20a632df43df3ff19d9ea5dbfde022eccde36fe96d07fc12c850ce6dc850920da6aeb1b61233c7cab1bca4407493500abf7659e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\index.txt
| MD5 | d28768edd661ad2eb75d35b9d23f0d6a |
| SHA1 | a1458ef1d6e8045c76ff69163b6817f529973d31 |
| SHA256 | 5a55eb1c54d03e61d9b636da6a0d0a21ae1f5554b7cb79577b3f412d303ba2ed |
| SHA512 | fecc69ad30f3083ce9934b3c328f1d77536e5ca0760909119143a7a8f4e1ff3db0eb9ce08406a73de0aac2c89ee47668e407afa50ac18c0341cea8f9c5a22c45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5842ff.TMP
| MD5 | 89558c6ce35861d692a966694db869f9 |
| SHA1 | 9c96256f918882a761e739796b7b6cee7af128b6 |
| SHA256 | 459b6427486cc38bb5578b6c3defe873b644e4b2d77a6ed91e72a2c5cdf6557c |
| SHA512 | d7ce30558a067d543960f688a4c6d18ba7a196d8b204100d10a66d8cb04a60b5978f394e19e5099c0c6ad6e830742f9f82e4a22498b4a91819c0bef03af3e5ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5934b074814df4ecd15da86e8abbb77b |
| SHA1 | 38b614b1fde0e4f7fced60da28e4955783ea349b |
| SHA256 | c9512143ee0dd6fea252730df50724267fe68648b111ec01d7f8bc4d95e4aaa2 |
| SHA512 | 4471c38b5d8d2c14e5ff318742b9b15d999db76d005e43af417a48ad17ee883c11d6232925e5147d1b46de2124f894b9e7f32353c356fc3616e253579fc41979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f695e5a860dde15e73aaef81e00c6e32 |
| SHA1 | 20f2e422cc369b5915a72992ea91cb07955c28cd |
| SHA256 | 1b42b1f82354d95680e89bd991edeab6059866c37a44e5497cc185b4ab9d8b47 |
| SHA512 | fbe6710b4a7af2683621b05ff74958d510d9b5cf3fde2d391768e80e9dc17409286152f5e271238b8d478907ec56afdbce476cfaad18487b9a1d08d46e034c01 |
C:\Users\Admin\Downloads\Unconfirmed 695467.crdownload
| MD5 | 376d8646fccd79826d049751bc72ec81 |
| SHA1 | 63b00bc8e21d97d3be49495a0511b7d38645b6b2 |
| SHA256 | 54b51bf19ffce063577597534e1658d25e5756072366cceafec91af5d7382f4a |
| SHA512 | b6bfee3294055bf0344430bba9d7ea82c55cb4aa6b84b437ad267a48f48f0f3465f47857a8c8748b42a3385eb783840cbd968395ac860b31a2005986b147cf77 |
C:\Users\Admin\Downloads\V1.5.6.+.V1.5.8.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9fb02d91c154c40858cd28e1a16c81d2 |
| SHA1 | e3711630c8f57b7457203b6813b55b9afbba10d0 |
| SHA256 | beb48256c4924323489d26723fee13b2cd5cc589da60e526a0517a11855cfb28 |
| SHA512 | 77c65de9a9feb3a38bdf697f342f5010212cb8a99b0add5a147d45f6242bdd3ad949123cc9bbe3de10942cc1ef29a87ca6d98d9b0a06d34120a91a958495864d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4d3905134c312cff81dc5ab034533aba |
| SHA1 | 9d2b4274bdfc2a3cb993b65ba70b9a87cd5d35f8 |
| SHA256 | 4a7283747d24a7a8ea94dbc335b7e2d0a04d73289a57371baf98787f8effe82f |
| SHA512 | 0f90339e946c2cf9ae92ed6c496c1c6937bbb4c57f3cfb684f1443cb97ee451b76bc3896c2b37f2d74fda1cfdb72d9452b49d0cbae2d3c942e6743bac5d10023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1120dc035465afce3df5d92672613fbe |
| SHA1 | 58d8070fd1aa5c5d89251c3ee27898b9ffa3e640 |
| SHA256 | d1c892a888a7300989a56062e4948d983f71d8636b5c94f83e1ded7c3c7a3b4f |
| SHA512 | f1ce53c245897b42a378bcfe365dc2f43d10d1ffed9aaf242cd4f61ca2eb0eceeb7289dd97feb1480802b483f2c476d3f23bd9ab0b187b2a93fbf86fe96bf0cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ef466a122350f2e5471a471eac09f251 |
| SHA1 | 312210ff9a9c5c83a5d60b8ff9efa2790d654464 |
| SHA256 | 3d5b1a614d9a5326093987261d72d3ec068c7bd3973ed6a7c6ef522dabad79dc |
| SHA512 | 07a7b2fbb044817e19d40f9049c7bb4ff43a2017615b06550f13a8a203f3c7bfbb7fd2edee13c78468f2f0f14f4dfc975915b6c1c9e1fd71becc926525e310e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 2227a244ca78dc817e80e78e42e231d7 |
| SHA1 | 56caeba318e983c74838795fb3c4d9ac0fb4b336 |
| SHA256 | e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24 |
| SHA512 | 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 0ef81c037915f392e47c9edb5a07f6d9 |
| SHA1 | afa30374a5cadedb3ac20040afbe9aecfe7b47c5 |
| SHA256 | 499bd63725e6c3be459bd85700dc64eda35b33d078818272aef53f60f81a689e |
| SHA512 | e161773426b0bd8d04261c14c5bd698d1fa87d0c4503c7e12bae8e6ae2e1d1a34c629ef956a8b09cbdf7cf74917980bb579ad8f3a425b7a4486a190853c2976d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | cd74fa4f0944963c0908611fed565d9b |
| SHA1 | c18033d8679d742e2aab1d6c88c28bd8f8a9e10d |
| SHA256 | e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804 |
| SHA512 | b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 42480c4232964981cbe943bde7f81e75 |
| SHA1 | 0aebc23ca4d23ad73aea15ba3c4bfcda72e852a9 |
| SHA256 | af7d4db3a35691a8643614addd38ae68b7ff20bcc5a7ed3312fe1cde0c621f02 |
| SHA512 | 6427e4058c62728e78e12cd679a7cd4267a51f95a5f23dee69825015ff37532f54f688270e1d62a36d2b5bfef4d4444229957783ff739972447b7042e28cc9cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b89dc04d40fa58948e879a6e55a8543 |
| SHA1 | 972b013b39e24a416dc463c83cb3e8989331131d |
| SHA256 | 9953e116141ba15efc132edc84721cdff7746ac58e3335be83a3736981e53da3 |
| SHA512 | 91ce9ba8cf13023eef7c5371f6b1387db0a8e9b80797368ab39683c10e4052a1e40d4d6e820ee7c1888c09ae75ad9e39e7f6f679305fecf90a1862a032fd4e77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4e0d717cc1b3a0af1c72a296f7922d0 |
| SHA1 | 7fcf4bbe129328b41cf84b8558362d68c4b6e0c7 |
| SHA256 | cab29aaae17facd9f549efeed2f92c0aa111539510e86978bcb71bc2f5af809f |
| SHA512 | 703d205cfaedc0cb06e3fb2bdab726a3a55ca3be2df6bcd70ec560cac3c858eb97e5b1de794dbd801b28bb1a43548bca103c24dce312027ca6fe46eef1616746 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61297e89d5f98f02cf69d5032f8a0e1a |
| SHA1 | 300355687e530822a88c2cf9b1f983154168fbb9 |
| SHA256 | 440e50c917479ab3a211f16ca605e51c4024b9aa7d17a04f03d13e9811485684 |
| SHA512 | fb62a640fc1e393731c70499336fe3d6f6e55765408eac3b1deb098261e78fb2ccbac5d430319e760b8f0b218cc164d31c62afeeba5d1a80d3a0d558ca2664c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 238eb30a0acc0e9d62c5871a3553e705 |
| SHA1 | 565aa5a848c5939238cb3ac5d3502ce59049988b |
| SHA256 | 13e71c965ac6e1e319bb5767f072213142f7c00334ae722fedf839f1ef43488c |
| SHA512 | 6c6388ba6a3f5afe58396799bd44069ffe4398dea1bb502ac0d5cebbef27293439dadf0c07e6d05ca4a22634a0b29fd21be03ca08f1f277e61bf2488fb75673d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 50fee96b020979b5d3b1ef885b1f8d83 |
| SHA1 | c063d6883c0f8ca599c66847cea88109aba8cb6d |
| SHA256 | 6f16b4d447c08c895e2ead7983cbe0e615945a76c4ce4a3e54470eae33576464 |
| SHA512 | 1899d6eb265cd53ab6c60d90131a127ca9bdbd3dc741d3eec4c680adcbbb44583d03de4fd6bbabff4e8b08d6c9e10ab6290af1ce2270c87a0496db8980dbef49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b6d85c8ab175e253d09437569bdec68 |
| SHA1 | e27621397794e24f2c14dddd71426053efe2c7e2 |
| SHA256 | e9953b9390b13ecf1c9d1c226124e2fefe429b746583e0ff4030e4024001a466 |
| SHA512 | eee839c127b422f70611b60cfdf66ce631390716f09b382a5878fde1f4cdb5852b416de487c81a181d14eb3dfce14e02a6fd2bafda3d23b961add073399b9767 |
C:\Users\Admin\Downloads\HwidChecker-main.zip:Zone.Identifier
| MD5 | 4cd6b15b4afd22ec326bf5dc403e5384 |
| SHA1 | 2071f2082b246c7f05e164302a9044fff3d2051c |
| SHA256 | e76dcf73db5f77a789452f5e363364692ec90a8765fdfeba008a3d2318697ec9 |
| SHA512 | 8b0447d1b25d6d069e4c9ad034848853dfbb3bfb98ead1396b17b74ce11b51e489c9931eff9b771edff18702f6993ad8d51c200d6bf384b7e0a75f68781fe5de |
C:\Users\Admin\Downloads\HwidChecker-main.zip
| MD5 | 79dfa1d96d34e7d1fbdf28de33c0f0b3 |
| SHA1 | 90a06e09ec8e1b2853725ad793367a2a651df0e4 |
| SHA256 | 2732bdd69ea69c01686d603d17760966ebb58a5ecc31fa84fcb581e68acc1fa8 |
| SHA512 | 130ba64fdeca9a720ace7aee01e77e9fb9ffeaaf07f3399ed660bfde57b1a3141b1d981385a9ee09001c957205d58710b52600c0f3964f15e87cdeddedca0e48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5caf0691275afee7557be203eeb94ad5 |
| SHA1 | 0627d21ad5974619e64eae32970bbe35e2d2cb05 |
| SHA256 | 43ec5c1d0f8e8643d101ee11aac03dcbd65746c0c8b1cbf5b878812bee9f94ab |
| SHA512 | 53a70620970ea89ae7e06ed505eae49c939bdbc01b45bf842e1746f35b016c50bb119fa3108670e213f7b6414b0fe1343cd8f92ec1108d2ab86ea9f4ecb9428b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6bfc0e1a357b5e082714ffaec90bcde9 |
| SHA1 | 8c0daa3d1ddf2428137794b6bdaf7768420b4ee4 |
| SHA256 | 4a2775a7cecd2c11a4d61f921a3092356ad50ab1fd009632470dfa88b633c6ee |
| SHA512 | 3de208a3f40d0161b4c8bff743b98f679b6e0b7e0c32788cb506b567a0e24733518cad5701dfbd96432231ac6db3ad6993416e129d5abbc61a77feb7f2e06973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 4b8d8a1ca31a25d11b73ab23fd233416 |
| SHA1 | ffe23d55897f5d6411017f35670d188d3885fbc2 |
| SHA256 | 86805828fa738321c75a20b524ef3f5202fe7ecb33e36e5dd30cf84c69b09283 |
| SHA512 | 5d3df768c4c478f9a6b312a1f07dbbc1dc1506da3507914befdba1dae5f2ef4b06d8ce1e9867455881427cf4d6e8f5883f022c33ac2987eab717508e0bd8f852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a46b26d33ecee8cc6c33a3ad283654e |
| SHA1 | c0c43758d993c43700c91a302fb8936515c4d7f0 |
| SHA256 | 4825af95b10b361a50855d553e95ee05fd7d4918383d9eaff8fcbc5dd972f3dc |
| SHA512 | fcfc13cc5ef2e9a7185f0dc1fce88f46c07e9cf6417466f292a75cf4e8e135e161b54ba77bd487c8bdbf9e083f2cc7cb005e89a3de36079158f726ccc75b19f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d4727f8b2750077f5fb70fd8d89d97c |
| SHA1 | d4cf74dd57ab9338778973d736f266f84a3c8d60 |
| SHA256 | 845a3527abd9bf412b54e9cb1923121a7941e5d6ab801eab77d48a3eb3d40fa6 |
| SHA512 | 310a682064d3b7d70bc12f2c08f236a5ff58ce7c659ed4846b9b29ed671507b753563d71d45670232ac1a57600eb79e4519e7a1883028d21605cb43f8ca28fd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 428dab2380d2187e2fe937ce647d339b |
| SHA1 | 4a519951ca1958526e647c018671c7e8ab5ec2ca |
| SHA256 | c8bd10831e127cebe3ca958418d091f7ead81c6c96b9b08159cbf646534f21e3 |
| SHA512 | eb9693d843c5de5c99b48162f76a1617a29a9f79abed4c6fa8b42a8fff5b2a161490622e84e82b283ed5a368e24b034a846e719ebb29e934e6562bd54c71dc66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af6b04edbf55d2f07bcf1af7d5de6350 |
| SHA1 | 3ef8dc9ce7e1a655dab54cf00e99a2b13af55093 |
| SHA256 | 73bb4bf03c3987204c2062d0dd76057cab23b9739bcd30c42b848c7455627d22 |
| SHA512 | 70ffe64f4ff6d1e6e79c413d66183b01bdc3d7d833b1bcc4fe10aa1476f9ad2f659a0c6fd248be8b8b22c481dabe544b6c3959ce5c742a3b9711e85c21396eca |