Analysis Overview
Threat Level: Known bad
The file https://cdn.discordapp.com/attachments/1331019630176636969/1331020592236728501/nicolrrss.m4a?ex=67901906&is=678ec786&hm=3c144849fe35b3eef0fef5803f2294cc61143461f462b2c0299d52c04a2f2740& was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-20 22:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-20 22:07
Reported
2025-01-20 22:11
Platform
win10v2004-20241007-en
Max time kernel
164s
Max time network
165s
Command Line
Signatures
Detected google phishing page
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}" | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-493223053-2004649691-1575712786-1000\{72135E3A-2AB7-451A-A844-EBD76956EFDB} | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1331019630176636969/1331020592236728501/nicolrrss.m4a?ex=67901906&is=678ec786&hm=3c144849fe35b3eef0fef5803f2294cc61143461f462b2c0299d52c04a2f2740&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc825846f8,0x7ffc82584708,0x7ffc82584718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\nicolrrss.m4a"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\nicolrrss.m4a"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x500
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\dashost.exe
dashost.exe {7bf942ae-c20c-4c77-b919664d6eed8a6d}
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5496 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,675977461214250655,7634674316280161750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | musicmatch-ssl.xboxlive.com | udp |
| GB | 95.100.244.7:443 | musicmatch-ssl.xboxlive.com | tcp |
| US | 8.8.8.8:53 | 7.244.100.95.in-addr.arpa | udp |
| GB | 95.101.143.183:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.ocm | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.177:443 | r.bing.com | tcp |
| GB | 95.101.143.177:443 | r.bing.com | tcp |
| GB | 88.221.135.56:443 | th.bing.com | tcp |
| GB | 88.221.135.56:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 177.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-4g5e6nze.googlevideo.com | udp |
| DE | 173.194.187.198:443 | rr1---sn-4g5e6nze.googlevideo.com | tcp |
| DE | 173.194.187.198:443 | rr1---sn-4g5e6nze.googlevideo.com | tcp |
| DE | 173.194.187.198:443 | rr1---sn-4g5e6nze.googlevideo.com | tcp |
| DE | 173.194.187.198:443 | rr1---sn-4g5e6nze.googlevideo.com | tcp |
| DE | 173.194.187.198:443 | rr1---sn-4g5e6nze.googlevideo.com | tcp |
| DE | 173.194.187.198:443 | rr1---sn-4g5e6nze.googlevideo.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.194.173.in-addr.arpa | udp |
| GB | 216.58.213.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.200.46:443 | consent.youtube.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 216.58.213.14:443 | youtube.com | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 216.58.204.78:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 216.58.204.78:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-aigzrnz7.googlevideo.com | udp |
| GB | 74.125.175.201:443 | rr4---sn-aigzrnz7.googlevideo.com | tcp |
| GB | 74.125.175.201:443 | rr4---sn-aigzrnz7.googlevideo.com | udp |
| US | 8.8.8.8:53 | 201.175.125.74.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| GB | 88.221.135.56:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse3.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse4.mm.bing.net | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.230:443 | static.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | tiktok.com | udp |
| GB | 184.28.198.184:80 | tiktok.com | tcp |
| GB | 184.28.198.184:80 | tiktok.com | tcp |
| US | 8.8.8.8:53 | www.tiktok.com | udp |
| GB | 2.19.252.96:80 | www.tiktok.com | tcp |
| GB | 2.19.252.96:443 | www.tiktok.com | tcp |
| US | 8.8.8.8:53 | sf16-website-login.neutral.ttwstatic.com | udp |
| GB | 2.18.190.76:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.18.190.76:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.18.190.76:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.18.190.76:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.18.190.76:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| GB | 2.18.190.76:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| US | 8.8.8.8:53 | 184.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.190.18.2.in-addr.arpa | udp |
| GB | 2.18.190.76:443 | sf16-website-login.neutral.ttwstatic.com | tcp |
| US | 8.8.8.8:53 | mon16-normal-no1a.tiktokv.eu | udp |
| GB | 2.18.190.137:443 | mon16-normal-no1a.tiktokv.eu | tcp |
| US | 8.8.8.8:53 | libraweb-ttp2.tiktokw.eu | udp |
| US | 8.8.8.8:53 | mon-i18n.tiktokv.com | udp |
| US | 8.8.8.8:53 | mcs16-normal-no1a.tiktokw.eu | udp |
| US | 8.8.8.8:53 | 137.190.18.2.in-addr.arpa | udp |
| GB | 2.18.190.138:443 | mcs16-normal-no1a.tiktokw.eu | tcp |
| GB | 2.18.190.141:443 | libraweb-ttp2.tiktokw.eu | tcp |
| GB | 139.177.227.225:443 | mon-i18n.tiktokv.com | tcp |
| GB | 2.18.190.137:443 | mon16-normal-no1a.tiktokv.eu | tcp |
| GB | 2.18.190.138:443 | mcs16-normal-no1a.tiktokw.eu | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | p16-sign-va.tiktokcdn.com | udp |
| GB | 216.58.212.219:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | v16-webapp-prime.tiktok.com | udp |
| US | 8.8.8.8:53 | p16-sign-useast2a.tiktokcdn.com | udp |
| US | 8.8.8.8:53 | p77-sign-va.tiktokcdn.com | udp |
| GB | 2.18.190.68:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.18.190.68:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.18.190.68:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.18.190.68:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.18.190.138:443 | mcs16-normal-no1a.tiktokw.eu | tcp |
| GB | 2.18.190.83:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.18.190.83:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.18.190.83:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.18.190.83:443 | p16-sign-useast2a.tiktokcdn.com | tcp |
| GB | 2.20.12.95:443 | v16-webapp-prime.tiktok.com | tcp |
| GB | 84.17.50.54:443 | p77-sign-va.tiktokcdn.com | tcp |
| GB | 84.17.50.54:443 | p77-sign-va.tiktokcdn.com | tcp |
| GB | 84.17.50.54:443 | p77-sign-va.tiktokcdn.com | tcp |
| GB | 84.17.50.54:443 | p77-sign-va.tiktokcdn.com | tcp |
| GB | 216.58.212.219:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | webcast.tiktok.com | udp |
| GB | 184.28.198.153:443 | webcast.tiktok.com | tcp |
| US | 8.8.8.8:53 | 138.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.227.177.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.198.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lf16-tiktok-common.ibytedtos.com | udp |
| GB | 2.20.12.95:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| GB | 2.20.12.95:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| GB | 2.20.12.95:443 | lf16-tiktok-common.ibytedtos.com | tcp |
| US | 8.8.8.8:53 | starling-ttp2.tiktokv.eu | udp |
| GB | 2.18.190.140:443 | starling-ttp2.tiktokv.eu | tcp |
| US | 8.8.8.8:53 | v16.tiktokcdn.com | udp |
| US | 8.8.8.8:53 | s20.tiktokcdn.com | udp |
| US | 8.8.8.8:53 | p16-va.tiktokcdn.com | udp |
| US | 8.8.8.8:53 | webmssdk16-normal-no1a.tiktokw.eu | udp |
| GB | 2.18.190.135:443 | webmssdk16-normal-no1a.tiktokw.eu | tcp |
| US | 8.8.8.8:53 | 140.190.18.2.in-addr.arpa | udp |
| GB | 139.177.227.225:443 | mon-i18n.tiktokv.com | tcp |
| US | 8.8.8.8:53 | p77-sign-sg.tiktokcdn.com | udp |
| US | 8.8.8.8:53 | 135.190.18.2.in-addr.arpa | udp |
| GB | 84.17.50.58:443 | p77-sign-sg.tiktokcdn.com | tcp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | mcs-ie2.tiktokw.eu | udp |
| GB | 2.18.190.137:443 | mcs-ie2.tiktokw.eu | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | mon.tiktokv.com | udp |
| GB | 88.221.134.233:443 | mon.tiktokv.com | tcp |
| GB | 2.19.252.96:443 | www.tiktok.com | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | sf16-sg.tiktokcdn.com | udp |
| GB | 88.221.134.233:443 | mon.tiktokv.com | tcp |
| GB | 2.18.190.75:443 | sf16-sg.tiktokcdn.com | tcp |
| US | 8.8.8.8:53 | 58.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.190.18.2.in-addr.arpa | udp |
| GB | 2.20.12.95:443 | lf16-tiktok-common.ibytedtos.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
\??\pipe\LOCAL\crashpad_1316_KSYNGQLIRYKEDQTF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8cd2750942a9f3220ec19e8bd56873f0 |
| SHA1 | 661bff38398a24d7a60c920292c9469ecf6b3ec1 |
| SHA256 | b0153539a494ba2fc9a7daf636e8c36076de6d593df5217013901392fbb4c2fa |
| SHA512 | b658fc3386d7a638ec87fcc8ffb6a7c2be3e8fd17264a167a9b4bbf6f1bb32670ca51c3457ded1a31d02f4e314e033161bbb6ee04dc83780176ece4117420b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\nicolrrss.m4a
| MD5 | 26d28f6b7fe239669bcee54759e77fc7 |
| SHA1 | 154ea43ed1c684366fee7a3a4d61bfdc96d0013c |
| SHA256 | 2d12461cd5954dc8d0143f36ffd08a9a3e42ba57e32b030fdcd63ade3740a28c |
| SHA512 | 5d7a4c40a1248d379745f8de14ab76095611092fe2ab3a236768161e1450a46cb1e5b785077e949682b9d8f4fc2194ce65b8dc0b0845fd02f43577ef6d984daa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 35ac9e048fb57b946aca4dde237db856 |
| SHA1 | ef2a158442b507b708e84dbed2c3ad52ace99bc0 |
| SHA256 | 3f7f369683cbc2bc89e211460999735b2d041c2187eedcdd6acda48f006cc807 |
| SHA512 | 3ef60dc849968e080a7b6dd94232c5fd4efdbddcd21bfd664e8f814dd5e49520890391ede2b75c7e6283cf7e9e37c504c98e564ff60c819948c812a5a374da8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0f61427859dd5a5c0a4604eb95fc05a |
| SHA1 | 588d3857564bb2f8555fe65dccc8979d20d4675d |
| SHA256 | fb39eefdd32426f5be2822e969b276f86fd504f7b82caec61bfe04185c19ce7e |
| SHA512 | af1962579726d0af5db3e3875238fb3e79090e798b9cd9265562a19ed6b5fbe113ab36291515661b4cf85901e5302a404f078bafd0e49e3d2b1ea998baf5660f |
memory/548-79-0x00007FFC81F70000-0x00007FFC81FA4000-memory.dmp
memory/548-78-0x00007FF79DA10000-0x00007FF79DB08000-memory.dmp
memory/548-84-0x00007FFC7EFE0000-0x00007FFC7EFF1000-memory.dmp
memory/548-83-0x00007FFC81EE0000-0x00007FFC81EF7000-memory.dmp
memory/548-82-0x00007FFC81F00000-0x00007FFC81F18000-memory.dmp
memory/548-80-0x00007FFC6F9D0000-0x00007FFC6FC86000-memory.dmp
memory/1108-117-0x00007FFC73E40000-0x00007FFC73E51000-memory.dmp
memory/1108-116-0x00007FFC7DF90000-0x00007FFC7DFAD000-memory.dmp
memory/1108-110-0x00007FFC6F9D0000-0x00007FFC6FC86000-memory.dmp
memory/1108-119-0x00007FFC70560000-0x00007FFC705A1000-memory.dmp
memory/1108-118-0x00007FFC6F440000-0x00007FFC6F64B000-memory.dmp
memory/1108-115-0x00007FFC7DFB0000-0x00007FFC7DFC1000-memory.dmp
memory/1108-114-0x00007FFC7E730000-0x00007FFC7E747000-memory.dmp
memory/1108-113-0x00007FFC7EFE0000-0x00007FFC7EFF1000-memory.dmp
memory/1108-112-0x00007FFC81EE0000-0x00007FFC81EF7000-memory.dmp
memory/1108-111-0x00007FFC81F00000-0x00007FFC81F18000-memory.dmp
memory/1108-109-0x00007FFC81F70000-0x00007FFC81FA4000-memory.dmp
memory/1108-108-0x00007FF79DA10000-0x00007FF79DB08000-memory.dmp
memory/1108-125-0x00007FFC704E0000-0x00007FFC704F1000-memory.dmp
memory/1108-124-0x00007FFC70500000-0x00007FFC70511000-memory.dmp
memory/1108-123-0x00007FFC70520000-0x00007FFC70531000-memory.dmp
memory/1108-122-0x00007FFC70540000-0x00007FFC70558000-memory.dmp
memory/1108-121-0x00007FFC71740000-0x00007FFC71761000-memory.dmp
memory/1108-120-0x00007FFC6E390000-0x00007FFC6F440000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b290152eeaf17184d19665a21ead0726 |
| SHA1 | 654ad165e5e07ad86011b2113d82d7ff954c5818 |
| SHA256 | 0247a6d418718aeb1a299e78fc91ac51687d28c7a39d7cbb750676ab39c4d584 |
| SHA512 | 6faad454501fd0a50b08906fda5ec065f9942bb126732f09aad42af96c2492983552aa0e798df1e52bf9f3c18f7cbb426b38bea9dfc67aff49e6f2123a491407 |
memory/1108-145-0x00007FF79DA10000-0x00007FF79DB08000-memory.dmp
memory/1108-146-0x00007FFC81F70000-0x00007FFC81FA4000-memory.dmp
memory/1108-147-0x00007FFC6F9D0000-0x00007FFC6FC86000-memory.dmp
memory/1108-148-0x00007FFC6E390000-0x00007FFC6F440000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 5433eab10c6b5c6d55b7cbd302426a39 |
| SHA1 | c5b1604b3350dab290d081eecd5389a895c58de5 |
| SHA256 | 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131 |
| SHA512 | 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 614d94722bc474c9163e0b637f63fc1a |
| SHA1 | 41f1857862811c53c5cdd0fb71bf9927b18f083c |
| SHA256 | 9645053d369aa9ae431288ce76add394cba29efd45e0d454d88b5f70fdc2bd9a |
| SHA512 | 900c5c06fe72c196a83499febede2adf1aa1f2a42d6fcb0a870c7edda505a125363f475810385f7c7222f6c416386972d0aefb1fd4e0c36f5559080c40672dc0 |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 0cc0f32113c8aad37e8a6d2131d90135 |
| SHA1 | 84cb295a439d7a1264c57f130796a7c5f0536fd2 |
| SHA256 | 0258bd6b0f8313ba2335711843b3e3e134cfd3d1a1b25a5ae8b4c7d163b5b07c |
| SHA512 | 51a125b12da4e429309707060d7a245e913d9fb7d17a1cb56782e8e4136a309018736c9783837a66d907f532677e9735e909e66fcbe0988f95a778b3bdbd40bd |
memory/1788-196-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/1788-197-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/1788-195-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/1788-198-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/1788-199-0x0000000007E00000-0x0000000007E10000-memory.dmp
memory/1788-201-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/1788-200-0x00000000074C0000-0x00000000074D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 4c787d5e14539f26d1890bcd8aa2f13e |
| SHA1 | c68f2fc73b6f98d5b3a5acd717013aa04b406b57 |
| SHA256 | 66eb69abf3d788277c4162bd49f1b4d981c5c2338033bf28fae49bed95ef560e |
| SHA512 | 84feec58ba42731c4588a7b178c9673cccf5067ce5e1a7c2d3067a314c440ff3cb08ea46f226f793e37f64d0ac4153b63678293b4d8b1c1079fca1308dc1962f |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
| MD5 | 900bedf512f1dda2ed0d80618db4d4f7 |
| SHA1 | 43badfc65322b7b9fd18408ad326d260f4c2bef6 |
| SHA256 | 951e543bc8466cd1e4171825229a250cb3a08a92c34643993277bde94bdb7a84 |
| SHA512 | 97256b1962a6fad68f0530ae6abe992ff5b4f5abe4fcae473e261c4e74e14f3908758329881185366b9d317c0110231ead8eddc4f03a199f28a4c0c00f8debf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 094ab275342c45551894b7940ae9ad0d |
| SHA1 | 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e |
| SHA256 | ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3 |
| SHA512 | 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d |
memory/1788-239-0x0000000007E00000-0x0000000007E10000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 27b507f83b5a90949f80ff07e36ae053 |
| SHA1 | 41bfa7e6c2194eeabd7570d497023084319f6318 |
| SHA256 | b92e97e688b0a187bcff4783f6f50cc228c4b70fa3f6da4cdd13e29f23e7f7c6 |
| SHA512 | a1a4abafc38a001d45a63e8e774f4ee4bb48e0bfeb28ff305305c140bda1a00d39bc8c5c14f30bb43478acf4bfa008248d4c674e9bf744db9b7ca9b3b15ccdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 45461eb2c0e439d399bbf967e9bd95d3 |
| SHA1 | ae7b56a11e43a65fe5ab777d93a9ba81f88462c2 |
| SHA256 | ca7130eefeeb866a06956ba62b6de49d765adab68f807ef2a49b31bfad372d56 |
| SHA512 | ab73f705c6e85b13a2d76e6d6f55b89da390c79e28162c20e2e70719f7acad257adbbacf25a2028d62afeba3a5f0e1aec27fb97a2da63c38c3cc74d5bd77d8fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 43b850d7010052cdb339fea2b88ec0d0 |
| SHA1 | 56933adf44ee7aa5f627b6dcc1c44ccd2a215192 |
| SHA256 | 10336b9c9f0e1855fb64915242852122a7fd5796e376901ab5e607624db69bcd |
| SHA512 | 4942fc2d683a26948e9d2262ea283b05b4dfb972592c78e45173ce320c5a334b85fc23ea8f7442ac757c99d8049d878718ef14313efcb6eb138a89a5590b482b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b30873c-bfd1-4677-a944-141bfe0e9a81\index-dir\the-real-index
| MD5 | c474635f59b6aea55636400b1e2f5885 |
| SHA1 | 8c59d25dcc551c726f6a5175a509f8f6e9e2cac8 |
| SHA256 | 88250ed55c08694114676e185a0cfa896dbfac0ace661d5029248808f279d440 |
| SHA512 | edf7fe7eaa3a670681118d4ec3e765ca1b42e0a2a15ea72a79b3a49790051591ae0a34892a250945f4451c04ccbff698a54804ba048408fe8f1b30236d3e672b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b30873c-bfd1-4677-a944-141bfe0e9a81\index-dir\the-real-index~RFe5949ff.TMP
| MD5 | 7aca357987c1bce321f8430931c5ce79 |
| SHA1 | 1ba770402d1b4fff2afbd4dc14c8acf11abd24d3 |
| SHA256 | 677224a129eb4495a9cd355c71de99f7c1cfbfb2ac4072d573412b9649d61cba |
| SHA512 | 2add0c9d2d216e3d5304547fab04c384dac6cc6b72cc2796ca00dcbbf2a63c462a5c323c35b3d164fef75c0a0a3b5a0466b7ff96a252e5003263f394f4256120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 98b4307c64ea4b7ecca6efa4bd698bab |
| SHA1 | f4c8417f7ba9f5af4d2b7e93e52fad0fe06ef240 |
| SHA256 | 46e90a54055001b500ba9e45dc7c142c0a659a30beb15d3f51d740501a38eed1 |
| SHA512 | 4a6922f6874af88732f48fbc30a6c58e19b10784027fe2a5ac93c519369449a27e18fe3ade7f4916cdc9b4595831d26520eaa612a4115490e0b049f8d950aeca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f8b44f557284ef9e353c365966314378 |
| SHA1 | 73b323f476245c5566d0ca8d5d4a37de8ab13d19 |
| SHA256 | 1aab4dd97c5b9741b42faeba43a179a4d6869fd589b82541a159cd78e36a2bb7 |
| SHA512 | ff628905bef29f64a0c022d03cf17ea08adc9153104e393d348d47f853c9e8486e770263d300e7ce6712eecf2e07bd27a245f48af3c9e4caf1bd7616a3c3d75d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c81ff5dd-709a-40c3-8e59-b83a7f75282d\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a6612b5ab858587baac282fc83234cb5 |
| SHA1 | 23215473f6571f76b3d97d84fa7ed05f04352ad0 |
| SHA256 | 6e8c967edb4065c0d2c4f2a417b654aac7e694adae11acf5dbcacab7bb0b7ff4 |
| SHA512 | dfb86b6487635a73b868c02aec3dc64b240fddcd14057e069604c87bca937d431a63e40300d165bc6611d283e5396356bd4ef3aade1b2c44ea6845e19e0dcf5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7291c8c863a2e5e04d228567acd0a8f6 |
| SHA1 | 320b40140b54ed0a80b12b1c4f348ab7c86fce85 |
| SHA256 | 3a5914b07051b2cee7b91e6ead414d30b3d6b2a919f4fb61a52c7fc10160908c |
| SHA512 | 1206e5af78bfa492f963111f0a2c390ab227591012da30722ae8ceadda85567e02913e340486592abc306085e028709254c683ad1d638516b83003a31c99c7c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 744172b2c526ad323cd32ee244214ee3 |
| SHA1 | 27434c614392c8666cded0f78eddb2b7a15c04b7 |
| SHA256 | b64ee40aac51761ba449cc3a4cab7671461514b0cbd9e05263e3a7704fffa756 |
| SHA512 | 2eb1b5710b642eed3b908e398af98603de9bdda5449d89dc862e0428d6ee6f94db3895bf70aa562b00b21253a1eb9094d47a9261012fe2002fd3d586d1af2e97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | d74b9d94121977b55b511eb72f20b014 |
| SHA1 | 764c6faec43aa5abd0da58468bf14a22d44dba63 |
| SHA256 | aa3247aed53ac3005eb62ea8e51ab5d0e4bba6fb14f0eaade2be834b46bc2677 |
| SHA512 | 1faf9e03370e7fa9787364f3fdef36a96222217a969ed815c9e37ac8d3f1d6cf7cd6816177ae3d8c9e380f99ff2b4256f43d5482860ae06bee17f21b8245d492 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 100fb21bf598e5793301b4b5cc16f021 |
| SHA1 | 3ba9ef6c6ccd39e161221d147385b8c2cae77576 |
| SHA256 | 61eeff7734806af96fcd347582824985facbf4685ff746c9793d04bf6c98367a |
| SHA512 | f9a522449e214a6050d88344f8c1637db015adfc9ab812375405873b25ae836ea6e4f4b1dfd1cae8a980c46828bfc89ba9d425875acf09c1d076987a2055aa3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597e00.TMP
| MD5 | 46134815ea91b628c97fc1dbf1e53735 |
| SHA1 | 955182ae2f5e6ab0f45e925d7823fd56255ca47a |
| SHA256 | c3e578999a158341d84925962ade9b045901f27b20bdf22fda1902e5b5438d7e |
| SHA512 | c60e5cb6292bb0f8392e7234d1510544ce9eb5027c41d9e01949ae6ba5429ea7ae581264175305aed361c0d10a4d9de3befaff59b892cc89136e9754145d8066 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b33d498e4b901c248d67548d0588747 |
| SHA1 | 72108d4af4ab344dbe39210f91a03a6e0c717f78 |
| SHA256 | 1c8ecd961d83a1bb9092702ebf7e79406fcbeb91eebafae928be1eb1af4e2ca7 |
| SHA512 | f7d16ee93b0f18c0aef2d03aa2a141ba2b730c54c77ac7f691c65628cd072ac49667bc75bc0b5cea19276f876b999022e4c5ac88c881f7ea1e6b34da8228fb78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 69df804d05f8b29a88278b7d582dd279 |
| SHA1 | d9560905612cf656d5dd0e741172fb4cd9c60688 |
| SHA256 | b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608 |
| SHA512 | 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a3e53ad480af0f3818163d913c6cf5c9 |
| SHA1 | 0e1b04369eea14e8b06e6106a6b50400d6adba5e |
| SHA256 | 536d9c9932da42e2b99d54d39d9552c6038e7c27150304fdb19275e709df25e6 |
| SHA512 | 3e656ece234f7d9e2a515e576204f642a00bbf306b9b065ea20cb5d6a5ad5c4394351647942a69074d85a2dc9da7ae47b897821749a8f994da4991f968cf31cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599d11.TMP
| MD5 | 2daa738409b2dd8ec5bb816eb4fda043 |
| SHA1 | 78f46863e09939a1681bc337dec47f784819b87a |
| SHA256 | 4f87a7f2ed4075eff80b1158d0cb015c1b9d9190b881623b045c8c2d40031990 |
| SHA512 | cf7b10ec6251cd34cce7cb755d0ea600ae968dce48e77f76bc1987122d45671b3652c6b4971f5a04a5ff84a0538d58096c935eea3b02b785f5199bc401223458 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 65da8d6932ad74d3b51694b5a28dd0bb |
| SHA1 | aa6e37cdacda153f499c299299a4dacf50c93765 |
| SHA256 | 309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482 |
| SHA512 | bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 6063256272d8ecfa4fe4421d6c6cac80 |
| SHA1 | 978c24facdde195388a702cf3d25b765d0111432 |
| SHA256 | cd15681f4833ea8133eb8da4c2d45356b5f1eb426cfd3a715afccc83cbc0ed3c |
| SHA512 | 1d192b4ff84d58f03dc534f31935c569fbc39af0f6ff9e110219922c2bc2075a0b6498e81d06f83a35123f0f9ca0b63f826d62943a07be631c3ec03c8b428b66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | c0a053d5cb8160124a684a9a1cacd12b |
| SHA1 | 8e473639f9b01ec520d54a77f43225e814f56d16 |
| SHA256 | 1242cb9c4c1e9a840baa2a6d67a4fe7f6fe349b5563d56a0088822c0fb0c7e27 |
| SHA512 | 1cc56db0e7adc985644b34e54b774603eb10f66aabc0853657977701a8a6387aa10d2a4f48ebee707a20127883d22e02ce22524f5e6327bb899ce3bb779d698d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5e7b6ba9-ed54-435f-b478-60b37d35d214\index-dir\the-real-index
| MD5 | d0debeed8d77373a0acb2d4b992ceab4 |
| SHA1 | a5059a7d87bd6a953d209efb7c8092bfd5faf5d9 |
| SHA256 | 32f968efce6961aba97c607664ea92b96fc01866127320f654b07efa8a646360 |
| SHA512 | 46e2f69c6f9de07af10d96054b4c58e94222fd9e2dcada7a21a310bfa4d33285c9bc254b19786134a93dd0c73404f4f30366fea14c78fa09bfacad3318e41c8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5e7b6ba9-ed54-435f-b478-60b37d35d214\index-dir\the-real-index~RFe59a3e7.TMP
| MD5 | 09d0ad0fa25a70ebf7e711a7c44c0767 |
| SHA1 | 28036ce7e89a017f41b1095d674f6fa5037bac68 |
| SHA256 | 6e0c67d9acc3658cb3d457b5e3ba547958b7a1c600aff365cb55ea4f8d314e2e |
| SHA512 | 5d5f30dc695c40f2934b86d66bc88c140d05512f44cb30f0d939686154af156e639a686ffbd4e8a4b893c28f19bb126d76fe38a6873ec73a09b2ea571c1da07b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e196e313bd2bd82354ca24f2daf284f0 |
| SHA1 | 4dc5eb366248af34e002c575079adfcaf9f2c43b |
| SHA256 | 067e451b3dec10a21b45dc39652855fb1b788d47742b861dda65574d9ff2b689 |
| SHA512 | dc5dd19196d7ec945ace91ed75dbb3a9f96a235c2b7a3f351fe9af918ff364405c103a05aeb99df23b550a38929b0cf62b402962c54acd69f277a7910f1dadde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd625860ec1ec172d1e257afb212bc88 |
| SHA1 | 980d60a16d628c95dc63d79c5159b6c5151ea967 |
| SHA256 | 77f2260bab00083f48f3dec79681c6bd70c287f05b1586a24d94565988cda673 |
| SHA512 | cc3de4123cea7d05edb69808810d806d7ab67a28191c9125b0143cdc49f8c1516ca6a0999361e361a1d97171855179d512e275d36ebf211da023a6f5bad95abc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b30873c-bfd1-4677-a944-141bfe0e9a81\index-dir\the-real-index
| MD5 | 26c9cf56c0ee78cf006e56cb27c6b6bb |
| SHA1 | ab48342489c248b260990aebdb681c28e13d6b84 |
| SHA256 | 0aa91407d07c2e8aa55dd74b994be860b41020a6bf8d41509fd402547ae8fc53 |
| SHA512 | 46ff24d7bbd832f331a8274a27b3f20921b733fd5e13ec3fc2d8914d88f7ed34ff9548e53bfc8fd0e12f2e3fb404c8d05f51f9ec42bcbb0ef16d0cdae5c6882d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ce9e6e2f6e6e14119913d23956cf828c |
| SHA1 | ab3fd3168758ff5e53b1ef95949ee8c2274b6c4e |
| SHA256 | b5762adab4b531f7dbca0c291657fcf2539cc2263867565bac22fad9353e6358 |
| SHA512 | 842d9e511a2c9bbdf6c70ac75de24a1509619c3919f9d479692fd6ba3990160358594cd0c11d7e07112e32c8ee44526407ee840d02c812c8d295e553f050e3e8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 39ca3498fc678ed0de2e3612ec591fcf |
| SHA1 | 6a3c74f54a40235d1ad979148becb100eacb2703 |
| SHA256 | 24735a8c5916ee238b7e53d14afdda82204dc60ce2a304c49834ef32ae623d4e |
| SHA512 | fccef1deb11d6d8bc8b46e88bb233b5f2fac6f001d612a129bbcc358dd5a40eea17f21eafcfe190644195104ad7a9b2100c25a5504f6d3a5064a38083fea7ea4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt
| MD5 | a7b8999054a30ffdf1c3797ac6f2ac7a |
| SHA1 | d5ff92ae9dd4539486ea0619c8f45a3ebe8ff1cc |
| SHA256 | ed2a2eb80c3708ec077857e726de6910130978e8ab09a8aad0dd030db2d65032 |
| SHA512 | b776dec4d742b103de2e6bc976ba535647f31b90d885b575e8d424f7ea59a6890930d220d01ae91ba43d7942e0355c360a144b173d4bb3aae57629bdcbbb8e9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe59c7ab.TMP
| MD5 | 7bca4a0c5fab783abb70487ce1d19787 |
| SHA1 | 61feeb01f5b6c39cc9fe3b305f388148992672a5 |
| SHA256 | 798bca45a207695903308eb2fef68b3f2cc3c4e1925460f7e41bd58192d5398b |
| SHA512 | a09f83876ee6923cca9de2cf0130a1aa527981c075ff7244edd9ca664c5b9c822738c2b88423e6d61b477728f78a22293efdd1e3867191070fb0b60a4e7ecd3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075
| MD5 | cfd886e1ca849a7f8e2600763f236d78 |
| SHA1 | c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5 |
| SHA256 | c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b |
| SHA512 | 254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14a4a18f5aa096278e94d5e35499c741 |
| SHA1 | f47fa485498e0b0c2846a91fe5abb087a2356b5a |
| SHA256 | 9b04d26d56af0d0e70426b17640bac34cf5dfd244fa06abd701cdf25251cf96e |
| SHA512 | 18f05b28a5318cea9b5648ec7516a5c3fd530d78d643dc5e82b66afa7dd7ee7bc8997f0bd22088c6d5ed6fb02403b576bf87698514bb37afb8990656889a01ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69fa0f91d41a5ca70acd60383bfa2d91 |
| SHA1 | eb203792109bd506204daaa9acc6b5c5068af43e |
| SHA256 | 4f6fa30249becb37445bb8ca1cadd5371661d68f3e5cddac490c042b50303b07 |
| SHA512 | 609b7a28e8f610ce1e0ab255b2a563edc4753c567a15a66f3193b7eadbb0d269574256dd7cb671408be6b8227c7fd23c90fb31b280076536f9a21ba68bcaceb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b
| MD5 | 0fe5cc7005c56590b1d79b34a24c56f4 |
| SHA1 | 99ead8acb9872f078d5b9b832db6a864b37c1d2d |
| SHA256 | b0a269f5c25261a7739512513f0efa913c67170bedcfd1185e012626831144e9 |
| SHA512 | 1759a92f9cfb2bc2c77afbbbad60bfb35d3f8167d383e9b28308922139d2866d68353cbe94d7c6440e3b575da8f71ac8c723d6537cb4e3d02051ad2f2d071247 |