Analysis Overview
SHA256
d934fd076543b9b2a3038ee630e7c89c784bad71a1acc64e39905407028e9181
Threat Level: Known bad
The file identifier was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
A potential corporate email address has been identified in the URL: [email protected]
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-22 21:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-22 21:34
Reported
2025-01-22 21:44
Platform
win7-20240729-en
Max time kernel
544s
Max time network
486s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046453fcf00941d48be034b238973f9e700000000020000000000106600000001000020000000d4f7ee0f23349ca819fc6ffdcc1d4c703b230ed590f8f98766c0080526510119000000000e80000000020000200000002fbdfa8891bcddd6e824f4c70093939b12417fb785afe00eda7dcd9b5fe7768b20000000c95d4c44bb1558f91eb4e7dee48493e009237fb82006db07f2eccd0cdfc9a67840000000ac1920494385f36c199d8e0a61a445cfdf546947a9bedd7bee2a75c3be080f7710654d59f779a15a798c6889544f82125736597e7c8401f23d99b4ab2a4fc4a9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6042268c156ddb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443743558" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5B33891-D908-11EF-A4C8-72E661693B4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046453fcf00941d48be034b238973f9e7000000000200000000001066000000010000200000007b6dc3d126a644084cf5c0756dccd6ebfca1783b40f626f2f7d66465e6de14d0000000000e8000000002000020000000637a81289699887f8db67c07d2ce62c66731f7100aec6f8ace8537c96cd0f002900000006a39a353a89b4ade2a676c7549db679a07f4314ed0172e92eece76d127a3fb50b0f576b3222017272a3d12a0884226a2cfe17897b2adff4882798843e4eeaa2a605778e00ba9135d37c3c91a9c7b7ab8e4d72f0bc16d4bffaef978cce62e4fff7c86b2bdac38a7c4c8b4d73861fe000199de48f13141b815c43c948851a4dfec83f046bf3c0cf889178ec17c43511680400000005abd99e8c15ebe7b3ed2601fb88d60aee29f17051a45b36c4f195c29e8945f9fd7c98161e6d195eb333b36fd3829208542738c8dd92997c196809acbc69c5af9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2892 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2892 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2892 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2892 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\identifier.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| IE | 2.19.61.135:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| NL | 2.19.194.224:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\bscframe[1].htm
| MD5 | fe364450e1391215f596d043488f989f |
| SHA1 | d1848aa7b5cfd853609db178070771ad67d351e9 |
| SHA256 | c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e |
| SHA512 | 2b11cd287b8fae7a046f160bee092e22c6db19d38b17888aed6f98f5c3e936a46766fb1e947ecc0cc5964548474b7866eb60a71587a04f1af8f816df8afa221e |
C:\Users\Admin\AppData\Local\Temp\TarD5D8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabD5D7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e07ee5a27f2d374d434962d5474541f5 |
| SHA1 | 45b5e1c43eaade7d067b89fa7d57c5693fdf1839 |
| SHA256 | fe69e4849dd2fe5155f721101e58d2655961305bdd200926bc78452c3b0a7c01 |
| SHA512 | 650f97f84711bd42fe7d9922fd019428bd6ae7a8d71fd20e27a4ae345e2ddc62f575c49e3a98da0c631594c250b145893c91e0b92509cadd4203541f30ebbf0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0b3ebef6a7f74a617f209f69c033b36 |
| SHA1 | e9bf6dd01fdfa04317f4614ade41f09e7d8360c3 |
| SHA256 | 2bd018d746e5bc4aed5d2fafed8f7a54fe499569832528f793ce482665c24513 |
| SHA512 | 87203e7a4050df2a165236efe186df64dd46e918411e179e8f4d4b419c403b5c08e61692ff689eefa07f6e78a48ca4f578e5e1e216d1a3b383a26265c96c6699 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e45a31804ba8f7ca6799f9c87262d3ad |
| SHA1 | 1e6da5a967c587f8eee724fac65e7b044cddea6d |
| SHA256 | 6035e8b7d3743bfe763d11a1a0affe3ab4932788e4ac22d407b44c55a01b8a82 |
| SHA512 | 7a5dbcc39d93d4cf9df6832b9c39c88c11d3a8190b3f765320514839cd49538ccf3f2a88577cb9d314bfda1093a528d40fd58b49ecfeab3bb003d50783d4cf49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37f54bcb0ec1cec4ad39986e29635753 |
| SHA1 | 15f6b499df2a62b6b21e388d59288921b1017dfd |
| SHA256 | 53ba90ff156b8707d596e607be110d1ac4dface71fd2fc19e3f3d86987212370 |
| SHA512 | 457c6d388bdcd0396b65ff42847eb5c181625b85955cfda505173cc7aad6009f1ca8a8e2402ade199e8aeefa0d03e56ec73f598c2db511f5c0c684ba3c618c42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a7cc6deee9444f94945ab4d6aeaec04 |
| SHA1 | dce0933ac6215a8dcd4879889b2d7066ca44ea34 |
| SHA256 | 279a52583afd7d7d3ec243c227731191329760ccbeef5a8a2bfd8c8168c5c34e |
| SHA512 | bdc49565b331269a68a20402708354ad425893c14a8c155dd887d10db412397440bee27fa8748dc61b1b3e74bc18879c452daaf51fa384ac95fad29a8acb23ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f9e42a889e459c4909e3c256f948cac |
| SHA1 | 6f7ebe3741e8f1b9243908763fd97e7d5ebacaea |
| SHA256 | 5580d2d8adeeba89b9b151f826238f4eb15d5b5a723b8af275429be0fa8de54a |
| SHA512 | a17e30caf67f5bae063a4238d7e0e8dc6a942cb947d866d72aeb65dee8d337c156da945b85e89ee4601b2d34e541070a3e4d69489e706761e5c0c4a56d29e14b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e83f25492c3af46c579334f253abfe07 |
| SHA1 | 4d8a6ecebf9c54e5b765df2acfcc5f93449a6d09 |
| SHA256 | 969b38a5f4ac8b9c64050004f9cf42200a894f6aa19442abab5217cac5cbfae4 |
| SHA512 | 47fc89949db5b8e15bcceb21dd2d28751b147313feb79003e34a875c1daf6fd641541ea4f33007c605c3353df7980147cdb125931dfa92b2742db9ff8c188dea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23818ba023d2dbd3560cd26eea0bef9e |
| SHA1 | 75a96dc72f198ac7f0a5fbdac3a577474279be08 |
| SHA256 | 9e5ec2e69914ada1c11d6429e5c1ce2addbe53c3bf27d71e7e45e30819c78e73 |
| SHA512 | fe3476b091a4aafa9aa58988415f9d4104b8e0ebd74bd5106ac3e3d0c9e474407ae7be2a65b6e895cc23ee6d2342464b529cd4f1a4e636a8a79a9c3d76270974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8ce814336170758de77d70fb4b01d3c |
| SHA1 | df4ed59581698afcea343bc3d3cc4178388b8a69 |
| SHA256 | 24bb10abdf549a297fd445a0833e0e5fac8dacdb9d869b6606ca0cb3b73100d2 |
| SHA512 | fc59a7fa2a2569ed54db06ebc86a06a65fdb0d37318dbace52b003faa8ec13b99449771a01c310a7d1b6e465a9fd916596a282f8451b20641357d63e2e55f4fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 899bfa50f7c9a93d28f94370f5e6d9d7 |
| SHA1 | 7b5e978b627cbc57490e5bc7d001c4d82ea77b4c |
| SHA256 | 7755b32cc886b227cbe5de15686394b6abdfad8cfc71f8081a59d202c28232d4 |
| SHA512 | 1c152d78b20ab057f2fc542340dde4f9e93c53a5e2f517a7f76682e8b5e75be744b263567e1ca76dcae929ddba2196dbfab78ea6bb46b9b820ef7368b06f09ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 874f79b645eb69bfe34b6a7506fb3889 |
| SHA1 | 8b96a8e412659d09046557a9b36fd3f3a6d6be3e |
| SHA256 | 01d59b82f24b20c27f1cb059a8951597d663afd000a8f825f510e796fce8c390 |
| SHA512 | 151b07156454f927247c4480f12c3968ac0fec2e1b761cbfdc75b5897bf696cc166ab679e4b85f48cda2af28c63b3946fe74f114173702f07d15ebe04facf3e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24ffe4b0da8fa82435041dba20ace22d |
| SHA1 | fe7b09603bd818a36fcffdd8ffb7801c82542030 |
| SHA256 | 98bbb761bac6d9d065d69ed53b7fe544a986a782781261a8ef1dbd8dde1a7661 |
| SHA512 | 8809d120c1aec461e148ebe2e4e609aa452a768b9d26a42d7b048e6cd48fa7bd74f3a9765291e2d8757ed3b21ba8e3d1b09a9c2e7006780000456080b03a106e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64671b90ab3665240eaf0d21b46899ef |
| SHA1 | 2f69009a1c6eb427b68f13390ad9793333e6aac3 |
| SHA256 | 550b8183510fe8b8bd2d344912ac69fcb766573e59b987e5b03f845479c501b1 |
| SHA512 | a5e6a31a842d4c034fbcb97fa0b7d709f87734cbd3999944793992a937e02ca60dfefced5cb55a297ff10099d1d2d0764c9e40f672820c1ce387112984d0d676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3367b3996d1a4f33ec5c9ebe4766a9dd |
| SHA1 | c082b6d92b7aa47806769af762befcfc7a5a445a |
| SHA256 | 522e0b7b99041fd4b6784936e48cef7e099aa18bd2ffdd7e736f5617cbf32282 |
| SHA512 | 50458b5fa30ab0d77f8c8798c00ab09b67dfe03ff511bcf8d6287dc4c45eac157de2ea5b4233076c308f106fd1ad9c8204c8e8731c61691da1e18132ec74d6c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e523f282220473f1263d5e31e9aec193 |
| SHA1 | 2a0b92c6953171dcda687011dfc791fb65594a68 |
| SHA256 | b890df1e7b15319d2908138575a1e2a15e010b0a503cd27c3167cfa7b3da71ca |
| SHA512 | bf3c5ede473428b8e25b2c208e7981cd96569cd7e3155fc9edf6d76549ca23369c1c316f6e99fdb31f9a66dab538541bda745c5bb082bd7ab9846d804461e370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8aa6e97306745a7f2372c55c603e33b7 |
| SHA1 | 8e8f9ecf82681e8aef80964ac163ceeb64c02b81 |
| SHA256 | e74979a5129d0d5b33decd457b8b7ed6a7854fac6e92bde5c971ee5fa24e184c |
| SHA512 | e9d327f8584d99ddd643541ce973910737fe51f9fdafea6cb632d3801399b34c7bdf51bf3f14a2e240e8f08179d21066f6e1993b54125d03f2264f811e9c7068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b722805d824372e0f110d8e357f83233 |
| SHA1 | aa7be9596e525bdd33194f11ec40cc46b1c43335 |
| SHA256 | b5058a3f845d9537db56535f1e974ee0b4ff27396e555b61048bcbca137ee1c4 |
| SHA512 | 5ba73ec6a883eb3deb1d2e88c424effc2624e3aaa1179c6d4af5f5104a84738aeeb4348b03529d64d5d54916b4962a6317158de24ce10c2bb4074ad78b0517af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de0e5b84a00909b6c57e5dec3e25538e |
| SHA1 | 22417dff746875be4b317f68090055361a52d778 |
| SHA256 | ba4f669bf323dec12ba1c9be9781d8fc5ce455f214ef77b2a17f533b488a416e |
| SHA512 | 08f7f804ffbd523cac8556cf6045aedc41064dd3660674e2aec0616a50f086e8937de498c0e4d82f76269461e8056bf0ff4d202e39bf71dc3ff4415e71ff6fa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09f07c8d9e5578ca110c76bd956e6b88 |
| SHA1 | c74345e9a8c69366330ca1d334c3bd82f0d295f2 |
| SHA256 | 501606e95328f7e3c22ac2d4a9dbb24d29b482845fd05ec3311ba8ecd8c8f553 |
| SHA512 | fc37ffd7a326d84b983e56f7d99a189a211554212ec123645bb21d3c4a8e3e94b4ec20230df80672da610afc17ce4377115aaf0db186b720ce983629d8135aba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ded1ba18e64d2dc4595ca5254cf81ff2 |
| SHA1 | eb5121ddcc5a24b847c72f5d4755bf89004e7637 |
| SHA256 | 0587b43dac042e481bc41f56897daf12e737a05a3f2d7414644e4b3278fb1fac |
| SHA512 | 0b60330c483a6dc935ed95a1e8d846c15a6fd7904cee4a456691247140655396da8900a478b44bf267fa858032204ad07d60cc115510523d7cac9ab9163f9fb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95e114bc34a974871804cfd35755b51b |
| SHA1 | aa33d200bd623fa9e32db45d1a5eaa69a932fd14 |
| SHA256 | 71c3fbc8ab2c53d6ef331524f0fde658cb01caeaa236c70ec5a5d15a5dde374d |
| SHA512 | 53028046697931ad1ee25adc8285aabefbecf9cfe533f5c7f3c390b4793cbdc980d5c7b72f911d4b272798d2cac2f917e6c4e46359d12a736287f55104ed27d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8d2e3f3f27fb49f997bdb715159c794 |
| SHA1 | 49f83c92dca0170728d5376b3c4ae395699fae63 |
| SHA256 | f06c0976d3c2f0c0958536c582ecf94e2145c940ce6cc8dfd1fed2ab407c4ef5 |
| SHA512 | 8da45c75e300064a8e0bf8bd4a76923033413a07cad52d3941bcc9f92bfdbb4d82c5c7c8615b93f342b129f7d14e625eeaad8c0a5a280a3665d3ef632418cf13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21ac9b96c9265e10f5d7320f7463a963 |
| SHA1 | f8044958ebe320d3fd8dc8583d44a31e159c2dce |
| SHA256 | 0f24450dcaab8d43663d7176792abc8ae9677810a7df7ba878ae2ded79593059 |
| SHA512 | 79d810de04988d90c11ed3bf36493ee470f7310493cf7bd47db1365944bc1644632dfb1d636dc3cb0ea947710bf8ba7fe90632c1c91a63f491b7a690694e60f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9aaa40a82bd5c9b879718876141eaa1 |
| SHA1 | 98a41b617559dc970dc7a5a5ebdaee3cbfbe407d |
| SHA256 | 0dfd7b1db384dbd835d7e46217397611b32cf9cdc9719f1dbcd023e4ecc7f6a4 |
| SHA512 | c91358e57b17dc370839679eca5e3b252adf6682124d9b9c0b99cb5ce3981f81d3eb11aa5d8ee40f0c5a032a470af617dd91ea352da27c3e8e1fc8192ab5401d |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-22 21:34
Reported
2025-01-22 21:56
Platform
win10v2004-20241007-en
Max time kernel
1313s
Max time network
1319s
Command Line
Signatures
Detected google phishing page
A potential corporate email address has been identified in the URL: [email protected]
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\Total = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\NumberOfSubdomains = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.microsoftonline.com\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.microsoftonline.com\ = "124" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.microsoftonline.com\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.microsoftonline.com | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin\NumberOfSubdomains = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\aad.brokerplugin\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\Total = "124" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com\Total = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\aad.brokerplugin | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin\NumberOfSubdomains = "1" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.microsoftonline.com | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com\NumberOfSubdomai = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\NumberOfSubdomains = "1" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\aad.brokerplugin\NumberOfSubdomains = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\identifier.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa173b46f8,0x7ffa173b4708,0x7ffa173b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe
"C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe" -ServerName:App.AppXgvz9wxd0frjs1prgz5kvtcz083996jyv.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6632 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3132 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2f4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 7.98.51.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| NL | 104.110.240.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu-mobile.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| NL | 104.110.240.113:443 | r.bing.com | tcp |
| NL | 104.110.240.113:443 | r.bing.com | tcp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 131.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| SE | 104.84.152.66:443 | aefd.nelreports.net | tcp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.152.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.169.69:443 | mail.google.com | tcp |
| GB | 172.217.169.69:443 | mail.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 69.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.co.uk | udp |
| BE | 66.102.1.94:443 | accounts.google.co.uk | tcp |
| US | 8.8.8.8:53 | 94.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 216.58.204.78:443 | lh3.google.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.10:443 | ogads-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.202:443 | waa-pa.clients6.google.com | udp |
| GB | 216.58.213.10:443 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | appsgrowthpromo-pa.clients6.google.com | udp |
| GB | 216.58.212.234:443 | appsgrowthpromo-pa.clients6.google.com | tcp |
| GB | 216.58.212.234:443 | appsgrowthpromo-pa.clients6.google.com | tcp |
| GB | 216.58.212.234:443 | appsgrowthpromo-pa.clients6.google.com | tcp |
| GB | 216.58.212.234:443 | appsgrowthpromo-pa.clients6.google.com | udp |
| GB | 216.58.212.234:443 | appsgrowthpromo-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | peoplestack-pa.clients6.google.com | udp |
| GB | 172.217.16.234:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 142.250.178.10:443 | peoplestack-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | contacts.google.com | udp |
| GB | 216.58.212.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.16.234:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.178.10:443 | peoplestack-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | mail-ads.google.com | udp |
| GB | 142.250.187.197:443 | mail-ads.google.com | tcp |
| GB | 142.250.187.197:443 | mail-ads.google.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.187.250.142.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | lh3.google.com | udp |
| US | 8.8.8.8:53 | clients6.google.com | udp |
| GB | 142.250.180.14:443 | clients6.google.com | tcp |
| GB | 142.250.180.14:443 | clients6.google.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| NL | 104.110.240.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | edpuzzle.com | udp |
| DE | 13.32.27.4:443 | edpuzzle.com | tcp |
| DE | 13.32.27.4:443 | edpuzzle.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| DE | 65.9.66.114:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 4.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.edpuzzle.com | udp |
| US | 8.8.8.8:53 | libs.edpuzzle.com | udp |
| DE | 18.245.86.9:443 | assets.edpuzzle.com | tcp |
| DE | 18.245.86.9:443 | assets.edpuzzle.com | tcp |
| DE | 18.245.86.9:443 | assets.edpuzzle.com | tcp |
| DE | 52.222.236.113:443 | libs.edpuzzle.com | tcp |
| DE | 52.222.236.113:443 | libs.edpuzzle.com | tcp |
| DE | 52.222.236.113:443 | libs.edpuzzle.com | tcp |
| SE | 104.84.152.66:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | f14ab24c7503.us-east-1.sdk.awswaf.com | udp |
| DE | 13.32.121.66:443 | f14ab24c7503.us-east-1.sdk.awswaf.com | tcp |
| US | 8.8.8.8:53 | 66.121.32.13.in-addr.arpa | udp |
| DE | 18.245.86.9:443 | assets.edpuzzle.com | tcp |
| DE | 18.245.86.9:443 | assets.edpuzzle.com | tcp |
| DE | 18.245.86.9:443 | assets.edpuzzle.com | tcp |
| DE | 18.245.86.9:443 | assets.edpuzzle.com | tcp |
| US | 8.8.8.8:53 | service.mtcaptcha.com | udp |
| US | 8.8.8.8:53 | f14ab24c7503.3b8c98f4.us-east-1.token.awswaf.com | udp |
| US | 8.8.8.8:53 | service2.mtcaptcha.com | udp |
| DE | 18.244.18.107:443 | service.mtcaptcha.com | tcp |
| DE | 13.35.58.103:443 | f14ab24c7503.3b8c98f4.us-east-1.token.awswaf.com | tcp |
| IE | 52.214.217.96:443 | service2.mtcaptcha.com | tcp |
| US | 8.8.8.8:53 | edpuzzle.imgix.net | udp |
| US | 151.101.2.208:443 | edpuzzle.imgix.net | tcp |
| US | 8.8.8.8:53 | 103.58.35.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.217.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.18.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| DE | 13.35.58.103:443 | f14ab24c7503.3b8c98f4.us-east-1.token.awswaf.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thumbnails.edpuzzle.com | udp |
| DE | 3.160.150.111:443 | thumbnails.edpuzzle.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 111.150.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | video-streaming.edpuzzle.com | udp |
| DE | 143.204.215.94:443 | video-streaming.edpuzzle.com | tcp |
| DE | 3.160.150.111:443 | thumbnails.edpuzzle.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 94.215.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| DE | 13.32.27.4:443 | edpuzzle.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | signaler-pa.clients6.google.com | udp |
| DE | 143.204.215.94:443 | video-streaming.edpuzzle.com | tcp |
| DE | 143.204.215.94:443 | video-streaming.edpuzzle.com | tcp |
| US | 8.8.8.8:53 | fast.appcues.com | udp |
| US | 151.101.130.137:443 | fast.appcues.com | tcp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| DE | 143.204.215.94:443 | video-streaming.edpuzzle.com | tcp |
| US | 151.101.130.137:443 | fast.appcues.com | tcp |
| US | 8.8.8.8:53 | api.appcues.net | udp |
| US | 44.230.159.74:443 | api.appcues.net | tcp |
| US | 8.8.8.8:53 | 74.159.230.44.in-addr.arpa | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| BE | 66.102.1.94:443 | accounts.google.co.uk | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | edpuzzle.com | udp |
| US | 8.8.8.8:53 | www.youtubeeducation.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.edpuzzle.com | udp |
| US | 8.8.8.8:53 | libs.edpuzzle.com | udp |
| GB | 216.58.212.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | video-streaming.edpuzzle.com | udp |
| DE | 143.204.215.128:443 | video-streaming.edpuzzle.com | tcp |
| US | 8.8.8.8:53 | 128.215.204.143.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| DE | 143.204.215.128:443 | video-streaming.edpuzzle.com | tcp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| SE | 104.84.152.66:443 | aefd.nelreports.net | udp |
| GB | 142.250.187.209:443 | csp.withgoogle.com | tcp |
| GB | 142.250.187.209:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 209.187.250.142.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| NL | 104.110.191.150:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 150.191.110.104.in-addr.arpa | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.169.69:443 | mail.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| FR | 95.101.110.189:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 189.110.101.95.in-addr.arpa | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.178.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.169.69:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
\??\pipe\LOCAL\crashpad_4688_RBOKZWMZBZUDZIEU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5155e6c22d46c8025961eed533baa64c |
| SHA1 | 632b7215f29d9f4c14b8414d7fde397fb97e0048 |
| SHA256 | 503b9f64292efbb5ff708242d2b6e46aa9395285e47d5561d9a5b115bfdf6c49 |
| SHA512 | a769ede989b0886975ce4c1c99acd4a73ac1eb6a7eff104dbc30a0bef2a9890076f3707d061ecfd187b07685bf95c6d6126d7c8ea468011496a897ab741b48ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef88cda5273ab7aaf2788a6a7027a08c |
| SHA1 | 4402f4fcecfa43ce242b18f211894c7f9e5ed377 |
| SHA256 | baf1b2d2e23ccde7f972b3ececa76c3b6980802cc51dffa8a2cf7f9c82122833 |
| SHA512 | 04e2ef2cdae3223140bfca009173c07630ba8c8d0d25cc68a09464e9741fa82a30cacbcdad1a3010ae8f929a5f3d1744ba57fc8ff33323f2bbc7e2b787c763d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a0d34a946f8e8e2feb8b5efc31cf0ee |
| SHA1 | 984dc764e6a65189c1ccde7866580e22d0f7963c |
| SHA256 | ce03dc76976a3bbf10c547501fa1aa9ba0bb52ddb4e3ebb586e74d6363d91b9e |
| SHA512 | 880d11ee894da70f047206c2b486c98277bdc78503f72d963003a975e863ad7692809320c64c97f76954a5f77402d13d110d1797d93ab3b5a4e3dc56001303e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2e8102fe56bbaa68d35815127ae0e385 |
| SHA1 | cfa566ec7bdf51a0fcfbfbaf6b102ffd209a2a47 |
| SHA256 | c478132f280543a21150bdf0c25af697449b9aaab3fdf221dea37437961d4655 |
| SHA512 | bc81f125dfd507f99130d3de7c0cc4c86554b7c97bf4106d7cde4434dc6b96b8287ccc2032fdc8b73311965d07b98ac1007dd11018ddd240300012b84b6db8ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580848.TMP
| MD5 | aa53904066e74524fa0db38cc1118e4a |
| SHA1 | 15dca9d269fd30585f399f1d556ae088369af76a |
| SHA256 | d6960f3f66ebbd535e661fc8e9149670328d0c5d337356bfa168d45703117560 |
| SHA512 | b33eeab538bed54a56d6db937e5aecb6d79e427684f5faff55e1c7044c6f1672c95fe2bb441efc8a96038367ce5e49f4e14ddf6ef427cab0c0ca55c14145a1ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70735d986df633273f4ff4ff786cc109 |
| SHA1 | 4f8a29e695ff50d4b462f3ecb461bc363c1df943 |
| SHA256 | 6cdd75e5a6461e13f0eefde0af0bb9d46f5e5592649b3e1b4f08351b3e98a8b5 |
| SHA512 | ae40e0bb8130ed54880787f92a44490a72ce30d2f49af32b76262859bdd1ad8ca40497ccaf1f7e5ef24d370ccb5922711ef958041394a590ecf7aab89cbf7cd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a29783846661b69bfc19056f1099d6d |
| SHA1 | 535ff5ced7ff5655c7de37f766f76a79e1710c40 |
| SHA256 | 8964d90c15df43708bbbed3c43c1d860f7de7f190dfbbc95b5b21ae82acd7466 |
| SHA512 | 50fd2db37931f33b93733aa0d07b5c04f556ce6848539258989e9fab45ca9f387acedda013a0474a060e38549b393c72e8d7be565cc97a27f76cec70d2455f61 |
memory/1020-160-0x0000024FC8B20000-0x0000024FC8B40000-memory.dmp
memory/1020-177-0x0000024FC8B80000-0x0000024FC8BA0000-memory.dmp
memory/1020-224-0x0000024FC8A40000-0x0000024FC8A60000-memory.dmp
memory/1020-537-0x0000024FDBC00000-0x0000024FDBD00000-memory.dmp
memory/1020-325-0x0000024FD98A0000-0x0000024FD99A0000-memory.dmp
memory/1020-273-0x0000024FD98A0000-0x0000024FD99A0000-memory.dmp
memory/1020-205-0x0000024FD93C0000-0x0000024FD94C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2b134297dadb8426a8b208ff93634770 |
| SHA1 | 5874f2ba2d58d5d4552f8b4b853865370b188e88 |
| SHA256 | 985464813c35ea63a2002c70c5b9dd8c21f7dfc226aa00821031c87a9d181e24 |
| SHA512 | d90ab08fff76927cf6a3f6974aa8b173c270a4863f78bd4f5cdb41a34d877fa782ea36d6725993c310b7daa14e13b90a2e2d3ae9b7d249b54b43110f8843e17c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QSHLM8PC\login.microsoftonline[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 96fba143bbff6ff1568e134ced06f338 |
| SHA1 | 6c053ce61dbc0b514212fcde007dfd85fda07df5 |
| SHA256 | ce49c69baa9e86dca23ab00a7bfb985872e6ed11fd41c68aa7fd634513ff0427 |
| SHA512 | 74d7754d67812e39275f52f9d04182247792e8148ae39dc41c81fb265060647f1c9df061a38727f5cc1f75893069edbc31c348fe3fa44032cecfafe564e3607b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60fd48243e32049ffd0ca66500185827 |
| SHA1 | e0fee3cff791fa06687b6ce6566e9d5761c66d9f |
| SHA256 | 6fd89ad3f016b161ba1149128de6d4b57005fb2b7807839efff7aa42e6f77c89 |
| SHA512 | 1d9598d0190cc550be20642ae4af3dd9d9f9498bf5d054a14cb8fbb6a87b6492678a4966dc6bf22813fa120fe7503f8e52b62d788b78a5ef36558a6dc98c2da8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ea145221db663cdb313a9958d7339a2d |
| SHA1 | 20c4f818113ab2c1e31a5b88765179bedbb5e5b6 |
| SHA256 | debefa41f9fa872fd2e8543e3faf4f5a7f1f20375dd050ad87cb2c029aad6567 |
| SHA512 | e721e4249480cad9a68b6cae9759810835d643b1f358cca1a2f6ebec5d311745c0810824f3810d1f4460cece2aff48cd104e8cbf8934aae42e2ce4e720202187 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 60233331b0e4a44143bf6c940673ed87 |
| SHA1 | b2962437a3dc8a142077239036949588f3190627 |
| SHA256 | 25a7a30a27500aadc6fa454b07e46a863c3e00b6cdda193a1a11ce7d2f0de0eb |
| SHA512 | 021da9c10e4314940f5590648af0857e66e1ae0763a81509245184c5614aed26d11fc701fd4c8895f7957c2aabfe5d9133828937e6791dc3c0f5c4007556899b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | f61f0d4d0f968d5bba39a84c76277e1a |
| SHA1 | aa3693ea140eca418b4b2a30f6a68f6f43b4beb2 |
| SHA256 | 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc |
| SHA512 | 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 03631e3b53d0cb91d5179ab2ffb8a2b1 |
| SHA1 | be766eec1f78221feff9f05efeef9434e0f44137 |
| SHA256 | cf72e591d0916e28a82201bd0a248c6808d86a16c0638fd1b2dd6bb02e70ada7 |
| SHA512 | 177736b1a783fb055e3ab05379f608dd3cc4bfe4eb2865a6b2b3b745ae4d2715c7d0e47bf7737c03015c09f034702af1e66cd33b77b21e0fe7d565c599942402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4ba7d5714847a1615cab840f027b53a3 |
| SHA1 | 35d9c13db170367475877378b2fcff2649ee9b25 |
| SHA256 | 51be52c389ebbdd6f3e35fdef757ad8a8bc9d6df69d9cdbd2c2c8721378ab2c9 |
| SHA512 | f857bc80a45ef8744e8c988e2b1747dee71f31d1ddab0a387726b2094e13b6e833e755c2fc03b4c60a6bb3f812919780a60e46a0955119e42192002cb4d8df8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mail.google.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 216f206756827ab7045cfea69949a9df |
| SHA1 | 48df38d51404a7df5db5b61007d83f29ffb7d54a |
| SHA256 | 8268027d79c1e008380115befbd14ef06408d0e6ac299ad02a9d25efdaccb91a |
| SHA512 | b79e443ab02febd359d9891538334e5d9c10794c1ce7f223ad312ff1dcc2d1b9b0098a4b18a43582e79343d363ca04d279dfd2f2c9a436d6d5f8da93e7ee028d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 3c95f2617f9ac7e57a5b570b200c0959 |
| SHA1 | 0e25635f03766270c10cebe4b10cdfeb3b85974b |
| SHA256 | bbf5c64acdff51ef41e69a8a1a33f43d657e08ef1c90767b54126a7f407b0ac7 |
| SHA512 | c02e6ddded94f9502ed92b0d30f57d734cca37406a1f7fff1527d62a92d6672229d6a87d3298e3c47311099dbad9856331ba5700b86427c6e00e927972fb1061 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 7ed68b71f0bf5f0c141821875e5a3a42 |
| SHA1 | 13e189e20f829644010271f1a48451c64ce39b0b |
| SHA256 | 1aee68c2ca3f9b6a48a85de53cb3c9e04491872f9d6bb31860917c66b2461ec9 |
| SHA512 | 085eef9cdf50025a4c7ad4b3ac981f77bcd174b50e3ea76346f50edbca224175ce167acd83f592dfdcc8291b9f6a128dac9ffe57422fb4ff90e346301df4a207 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | ff771c723fa3267af7a3ac1913bd0973 |
| SHA1 | 96c3af4fe04cd2cff3982853ecce4ba8a6ea9f36 |
| SHA256 | 1ec618d0a979a235c184e386c7b24efd92f4184809fdb56c441c22e689deba32 |
| SHA512 | 7b07a0a2317444194ee21d900bce350ee919a593d70ba10a4128866e5b9dddf89ebe7267e9223e8b932bdb3b933db11e0f659298f603a528c38f328683d67998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9de32184-4b4c-4f66-b658-21c62bc656f6\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 1fb07612583be9d3422cd7fae3a69030 |
| SHA1 | ab2080e86b42fe1c352dfc52765d81416c92baf5 |
| SHA256 | 351bc4914e0a513c1c4f4ff3a1396663508dda3964550adfc27f6f2534362335 |
| SHA512 | 24fa850ab64549ed5b9b27227ba0dc5f3590368af7dc18362c99475544fcbe0851f809af09d6751661b6fe94985ce380614ae421e1215c99851696f646dfdb4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0903db5c7b05205868b3424bc2083f17 |
| SHA1 | 6a86fd9dce6010d764b880dd46c09b09cdfe0d45 |
| SHA256 | ee4b579490f1848ea7ee1130521eed2d7f193c6c8da96fbb3bd2de017d15d5e1 |
| SHA512 | 64a3c350983e6280be752f42d3d8a5c9bd2ecf89390035e131a90081e55d2812b471c810a7b40c43521ea8e09407006702b45937a357a7a73b2be25ddc0953ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 44c75323f7d6555e87a11b1ad3b0b907 |
| SHA1 | 8fb743c8c2b95e0f583ede0bf55f10b8d0d9f182 |
| SHA256 | 51d544a27b320ac1d3ddf12b69bc7bdba839e64a512a875bc23d4fe53bbecffe |
| SHA512 | 0684347732111a49fb32862f1abca04ff0b6369202ae8a46d4da3ed5bd3f79632b8df3af2c3b44837ce6a0ab95243655342b81b3f2e2924b7a148740076346ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks
| MD5 | c8f06eaaa9a077b3aea5b5149d860d5a |
| SHA1 | 4b919296a05614bb06f0e344c315063e979406f1 |
| SHA256 | 774994234e6deffd74d3e8291ceff6abe6b57a60f7d7cafb6936ee7fe65fe61b |
| SHA512 | 2d3901065be4e79b3e1d61c2f203486cedf63d2b387630028d262572833d5bb24806769d72a5077013dc050aa008d52768e77c9d9cd51509b4436abe6b3ce9f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks~RFe594caf.TMP
| MD5 | 6657bad241f4394213d1063b456cdebf |
| SHA1 | 48dc5ab06e62fcce89d6d928a244fc3bd8603ec8 |
| SHA256 | 81570efdba4384b9215e0b42b57625f56c79e2bcdaa8596159d69c2e4fc5212c |
| SHA512 | 986f0b6cf7ada1d850549a26fb66b158818f3678a452eafb7482ed6f03e0878e0a49c4054e3c06c0fbcbf90551d03a040e5f822e9fdb47fd00b39a29be4869f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 69df804d05f8b29a88278b7d582dd279 |
| SHA1 | d9560905612cf656d5dd0e741172fb4cd9c60688 |
| SHA256 | b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608 |
| SHA512 | 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a646c0520e415f31812beb2122cafa3f |
| SHA1 | 46be6e209ea7dc7a398ffb080fc1e973e27cf365 |
| SHA256 | 3288609cd6ba51b2471058f8b7244363b84f8e2819130452653323b955941743 |
| SHA512 | 561881240f43aae8170ce425819183e87b98ac76dd14227545e0a7e8471c4e564ecf5ca693c55bfc5430f73157015592fdabc4d96ccf8d56afbe59c7249d7b2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595df5.TMP
| MD5 | 92ec3950e11e6bf785f39d4b13d6d154 |
| SHA1 | c525702b000ed44c2ad6c425d1d4977bef6b3f52 |
| SHA256 | 047431c591c70d0dc2f2b95c1ae5e63af2ae9da9eca1c38eda142957c2eda7d7 |
| SHA512 | c39c267a4c820d5dee82d1fa7adcfb998080b6067361381b366ebfceb1719c5ed341b99dc84d4362083cdfd7df27c7e2d9c1a51d6d33a8ee57e4891e9acd70d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\6cf4c87c-1109-4730-8f22-81e27d7bbcc7\index-dir\the-real-index~RFe59616f.TMP
| MD5 | 891fb70d70adf3c90694c0a54082e2f6 |
| SHA1 | fb503c80da235926271eee14983e11d5b8bb4dd4 |
| SHA256 | 38f22516a816e477171bdf5df90c5f1b4db6fdca8bc57e777f85400e3e52a5f1 |
| SHA512 | 96c5d7b7c5da7dc3fe5b2eee3bb62b540cb728d69ce6a185fc1dbb03904c0dc14be04bbd551794da25615328e6ed878a43cb889509798e2d4af9b1efaa7dec17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\6cf4c87c-1109-4730-8f22-81e27d7bbcc7\index-dir\the-real-index
| MD5 | c6fb28b9f917768674dd4d47ff0598be |
| SHA1 | b7f126b6b70507ae9b90c361187ecb1c461a68b6 |
| SHA256 | e5d27d61dedc5ee436c66551b1b3008f20cf93685a432a65606e05df487ce00d |
| SHA512 | 90993988fdf526d8c0f6cef0c36ba083d0be8493a366e690fcc4925f5d4ced3202c6d4a566c1aac14802dccf0f088a1bda8e5c6230fbaac766998a58d3a2aacc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9820aa61-6a30-48e0-90c0-18a3acece70a\index-dir\the-real-index
| MD5 | 9c31044e64fe9d2f81fa39231dd40350 |
| SHA1 | c0a94f41ba6135585e0b5f4c9dfc37cc51247f53 |
| SHA256 | 8954527d64338ad81432feb8de0025d5831cbe62f5856068094c29c39019caaa |
| SHA512 | a8c9377f5fc2e1136250c04b3cb98934c923670d0f266662ee69e5bf58c75f4c9ee931ae4849e1b3f3cb622ebcd88bf205c2eb720cc8bd2ae50db816fbf73d38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9820aa61-6a30-48e0-90c0-18a3acece70a\index-dir\the-real-index~RFe59643e.TMP
| MD5 | d001f54c7ace7c4a180c80ca472aa67e |
| SHA1 | 655e8f9f3ea3b024bb2258bb7e71ac1fbf538892 |
| SHA256 | 6020c7474af99266d7e5cbd8dc3ba6b4d81dc6fe64dafa1b2cf93b0f3a39be17 |
| SHA512 | 08b28a204f6d3fffe2802561bd5a4c2bbad48740e1f695796abb86b8935318a07f1638d927f787dc5908a24220de22d190df2228f836b9bcccc749af45cf4455 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\f47a1552-4b3c-4400-9e89-610434e05924\index-dir\the-real-index
| MD5 | 91450f0299cdb681b809af51002a9bf5 |
| SHA1 | c564555134c00232d49ddb5b04888f4e483f0006 |
| SHA256 | b9b5db2414e78a41cf9769cc087aeb8a50aeb7be7b1996b5e15f85a36081932f |
| SHA512 | f96512601fc7e80b5c70d963fb0852a15abfa27a4348d0b466b4ae760a35493b916fe4a34126eacdd07fab29c55a217ba6e2ace2989848c2a1b00f48b356571b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\f47a1552-4b3c-4400-9e89-610434e05924\index-dir\the-real-index~RFe59644e.TMP
| MD5 | 8b49625cf0dda806914eabcfe8c1df88 |
| SHA1 | dbb63a8de0e4d249da9c5df3806e4cf0e1e3d4dd |
| SHA256 | 04dae35b20f223a7c75cfb7ce88947d9e643af23162f86da2351229653d8cbaf |
| SHA512 | d58b9fb4fc55b428664957e198b7a7730d02fa38915203fe5ec5c9c0ba5945b6e8d8126010a9bf30de4de8103c423b3e3408d08fe44f446ed90ccfcbfca70666 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6214c6122f6e52df43a4efa456a1a816 |
| SHA1 | e1526a390642fdf1275b7b32d795e78a8111bca5 |
| SHA256 | 44b1be875b84d4767b796a46f7a10f60b3720e7640af160ecd74069de16a920b |
| SHA512 | 83bcf25c8bb650a19ceeaa0859ba7e84defa791e4685e71b5ec6fc6da7229b979759d86f59d7c43ca840e32a657b44a015d09d495e70bb2ceff822a295b3e8c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 431d965df8b545e095c348e631c63b10 |
| SHA1 | bd7dd2c8095fffa55603b4d79ee6ce1cc0054041 |
| SHA256 | 650db91d711bf5f460de74b270b29e6f0abc6ea8bffcbf1210b697de5c5730a3 |
| SHA512 | 4e4c173f962903c787382067fdba9d26389e9963e6ee619f6ece3840d2dcdb81b71a7a147fc975dc62de249e1ac68764af34123c04838916caf002ad1c8a972e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dc4fc58d-71d9-4e21-832e-3279539cbf1b.tmp
| MD5 | 927dae10a0e28e534be99a258ff8e745 |
| SHA1 | ed4480414d9393b123877165bd319aff9308a0aa |
| SHA256 | 5f66720f46e480c7dd7c611c19c19408e1cb0421658c3be62ff680e908005240 |
| SHA512 | 59a5ea52cac9910693aeb3729087fe3b78a60ba6e1f73dfd611ee3d532c7a11a364bcf2f3bd9b3723b7a4c28550cb98b2ea1bb8c4da8280d833f483f5db27058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b8af577ba0e7af82d56bc47324f0285 |
| SHA1 | a7744cef0508531d99a8b5168c335a61eaeb9ed2 |
| SHA256 | aeb2706c4833092c420c4d22ad00ce6e741d786bd12624adb12ebe193e56d2c6 |
| SHA512 | cfdf0651fbbe8dcf37f71d4726998d6f39e317b886f31e7185e74107e0078ba744b329484961d36ccf4f5174c9694464971349c1f9cf86d99a02f66209b808ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fbc6724fedf93ea844d970a43990e2ac |
| SHA1 | 97e7312335f6c2937598c1f6684915daa340b07e |
| SHA256 | 6f830356ad3ec4fe337c912f4faba3a2584f224df2caf26ee709949d539f37b1 |
| SHA512 | b8a5b98a257d7a1993a1438a93dad82478eb9410c65b68453087b486ffb67852952408231fad6a581c95cce37aa3442a280283423c371baf030564243687c66b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2dac0785f9fb251984b2d74bd346bf14 |
| SHA1 | 5cae018c1e051076cf270790c03db3011ad928a7 |
| SHA256 | efc069b58fd705f99dd22cf979613eef4e8e85e709bbc9bbbc8dd31a570f9115 |
| SHA512 | 500b319abb6c9392a4006a841e7b629f608bb39d42eae1880f331b04ca140f1f9176a69b642109a5f94c9e2eada8e7b49a9ee8b4397e21e7e93d992e701d7b6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4ec6d2bf787cac861e6121a97d8c34c |
| SHA1 | 08700a404bc9f5e22a33ae3c1837aa95e6abc60f |
| SHA256 | 9285cf2831d2131531fa5a428c5cc7b0ad8c36c247a65285a19a6663231d6ef3 |
| SHA512 | 66df00425c3ff3f37f04edeb6b54fba997e83c7f6b7f6c9816cd997891e650ea1b9ef57d2a0b3714242652a3f4de615bb586bb85f5e24a5955af33491198f3cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9de32184-4b4c-4f66-b658-21c62bc656f6\index-dir\the-real-index~RFe59ed06.TMP
| MD5 | bae4793f4d78005014ed0196b194f1f5 |
| SHA1 | 7b1b9cae25af2f51547bd554f9235dfde446f822 |
| SHA256 | 7070d657d8fddf150fce5aef9d4c194bdc57c58710c04aae08fb2a0e2b29b8ee |
| SHA512 | ddb40135f7df781e4efa28ea85ce97e4ddb3861183d318b4b1c498726536f223aa122dfe93f8d427efec1973cf7d216392cef81b0789dd9275c790bd84867aac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9de32184-4b4c-4f66-b658-21c62bc656f6\index-dir\the-real-index
| MD5 | 96ab2de853502610f0c04102040d7390 |
| SHA1 | e8e1e8e425ef0805817fce171768476e40fc1fce |
| SHA256 | 85cc441846abe2285955db3f45e1c15bee767d9c3feff4abcb9b92a7b5ec6161 |
| SHA512 | 1f9db521870d7beb3e5d1c119e2779892f1b2b8145a1af12c7dafde72a2de7994f748abb459ba4eac1e9b761123e53210ba4a75c6bf051ebb9b28281d102380e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 7bcc4f4204b33d1586b2d0352b628b09 |
| SHA1 | e64569a0c6267040e473c90360500804907c9f15 |
| SHA256 | 2eab89b462d31e5eaedd9ded182883827c798415b78367e8a8af8f7ee9f61bf7 |
| SHA512 | 8cbc047891c049ef10ffbbec1f92e0766b217ac716739958ccf0f896b62944ad108e816cc9cf30e4207d6c2fec1629c4a99fa94070eaa874fbed2265624405d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64d85779aab8294176761fb1da6c378d |
| SHA1 | c2c4d744f17b6d93378da9d54f4c66c19088fdf9 |
| SHA256 | 827f0060ad43ad881060d872cd014121c292c9135ef152a3d71ab786b5412767 |
| SHA512 | 958d726f3eeb1c723bdcc98d812db45f48e1ff6d7d7b88e68541d4227676cf2a0d491b2617d5fe26e8f431a11ec85f99e65f6f84f242116586034f38bbc5a89c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060
| MD5 | 1547569c7545f53f54854d01060992ba |
| SHA1 | e3129a3f568a7ec19b5ad92caaf785c46ab13ad2 |
| SHA256 | 7a1f9be9bd04e7d1fe9e889042173e45e001a00a92444fcf15aa0c866a2595f5 |
| SHA512 | 4a354b0342c9161308426dcb56c841bf830c89a4cc373985ec0f4e289e935d02877ccd1e53ce30525fd60eaa001161ddbfd07b32ac718aa1065b30f9e88ffbdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | d8299d38b10d15f4776624d669f982e3 |
| SHA1 | 42c649975569fb9be34e51643ba3e13311a8e6ca |
| SHA256 | 2196dd6933f01c013236f2e68aa9a226a6ad2d7ae9697332adaf722790da42c9 |
| SHA512 | 8011ffe01ba675d641f12babdf7a84b6296825398ef9518aaeb1e6972e7d53c1c3b48cc1af0cc3176beefe3187e1a5ce3a921c390a122819aaae49fdc533ca5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
| MD5 | 58a32a6e4c4dbc8dfff275a61d0abf55 |
| SHA1 | b14aa9b4a26478e8528190dcea576c23b0604f15 |
| SHA256 | d9f1b367f9e4435847817cab15d96638b179a9919f46c9fa6b63645cfeffee52 |
| SHA512 | 83127eac33582dbc6c4dbe271a65461fc5ef4e4a88fe93cfeb20bfcc2797454428002b2b629d9800f25b0dc0553c738f976e1e74ffcd0166bc413b9004d9f0a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063
| MD5 | ce4d311bb254fa0e9432d8920678a1f0 |
| SHA1 | 7961c2b854b40c1babd12bb13f0420ed19382e16 |
| SHA256 | 905a377918849c0e54664bdc0bdf8e844dd41b1cf96fe4076f01b447021ad262 |
| SHA512 | ac3d1343e09d5cdfe0e34751f01bfcdbc065daaa8ae69ee0ee85eb4e09e4474d1a671097dfba89a2e9bd7a013a0eff16cd429fa0e4bca82283e5a82bc1256227 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79a5b6031ea8e51e985365a7b6576543 |
| SHA1 | 3690bb1b37e773c62ce206fda09174d551846961 |
| SHA256 | d6a45408ec471b0a7f06d130de74687288590f57a750f52c4a98acdca584eeac |
| SHA512 | a6a2c29a6721e83ebc1240b7f6ceb744b9dc273b34e5945b518685df58e3acdbefbfbafb6ecc28a90c725beb9bc70c3ce58d367c217aa7ce462bd2b948472e50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5ab6de7b6d2cb092c2b15f19604dc89e |
| SHA1 | c23b8a7d7bb5fc1a206dd6ab36fed2c1d2768d40 |
| SHA256 | a41926a329b7269c8ad11cac1695a60580efa93e926ebdfeb7f2d460c9252883 |
| SHA512 | 3f5d03309240e028414f950627ccbc01f4ac737ebdcccef0d00a201a9a25211a186a56c7362af7f37a4510808707ffce43e620b5d588a74e8aaebc82e8feac5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e
| MD5 | f7e55423d87525395c453c1a10ffa1b4 |
| SHA1 | fdbcbe9f770a0fe4ed35bed27df8647ba4786f5b |
| SHA256 | f6e0583e92729a80aa0da90d14a9d0c9bf80626fa661ae2e6861e9f96fce5dba |
| SHA512 | 7a51fdd4508d747f7b16b2b1e0fa7799b2bb4af3a19811d6cfa2e73f5232e4fdceaa55f94655f5946a4c7af7c09f82687339f7fd4586a4a5812884374a32976a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3722dffc2acb8ac1b0377d9fe155d7c5 |
| SHA1 | c5bdc0c144dc32f23962fc8ef771e146b5e3da01 |
| SHA256 | b8d3b2bac87c697b9f1b581c25b50e674edc23fd5012ab0b63e2987d90044113 |
| SHA512 | d5e0d878a2fe79275d6c0eb4a0fe4345fe482afc360a014b75ae234a24750be233b55db6dafa5d161eb9e24a1e02d85152c11ab98605445458a61fd752d91670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d179c7902ec74b9a7ed171c113b9a30 |
| SHA1 | 3cf4161f78465fba47b874672bac7517cd422b20 |
| SHA256 | 7439ba1f9cec7c99454602d949d482d74bee9d6ee71d5593aaa8f52ee135f753 |
| SHA512 | 39f8c725dbd83d9d40732effa6d79f8f7ed7879145e507c0d32733d417f4a837330fd21275ffcae8a7dc47a38ad36eab2f4a3de7cac1e087fbb43b5a800e8d08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7e77c7183c73a81721c858e0c2af0a9 |
| SHA1 | a2533f4e02158216a2a0fa96919e175226b54a9a |
| SHA256 | da7afd09e55d84c496f37f2f20146cff0b26c3fccecfb491df9a3758f5a98530 |
| SHA512 | b53d56b188e674e4a889239f0ed27f53f2a60451b78ca14675ffe97ed2f3b659748ec254902b0793455fd87723e37036a1b5f1291a1ca3770c5ca14eb82e4e68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d23b4c2363bc3849155101ef94a51112 |
| SHA1 | 6019b958e819ae32079cfbe9018636ed5cd29924 |
| SHA256 | d3a535641110a85930b394d9d9d727d745a734618a65518dcd4623af0f8ba11a |
| SHA512 | 4e71e1b88df1169cdca8546f1a2976fef77357285f1269caf1e42e3df1a144d4a0e4146ab7a51c03b78f6ba2d0e9783af4fcb56c95605d03407681b61a090125 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt
| MD5 | 4e075fef575216a5be604ff489007bc4 |
| SHA1 | 07be26bf727b123395be443a9245bd10da60ab12 |
| SHA256 | f2065536beaee87b9034834258cecb9b53a30f0c61efa4749583ff59c5e79b64 |
| SHA512 | 7cf1df56abc2e10d8785f387a0df7cce9688c6c829c467d8a07e2edcf64d2ce38ad3bddae50cdfa4c81bdf009501ff4dda0dec9096c057ab5a452a0b2391c292 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt~RFe5aaac8.TMP
| MD5 | 001dd168335f17a76177a504462a7153 |
| SHA1 | 481db3d35ed4c6cf9a228d3aba67f0e3794d1121 |
| SHA256 | 1162792d2fc3cd222a23b03238409f36361fbaa8321c1300694bff92b5caec65 |
| SHA512 | ca0596386f0c8b67c2f5434ed216497116f7381d073e344c2c1c9b1e4dcf2f3a056a0b2a1d5344ce5852fb8523cdb6667d334774acbe2d69eafe539a09054a09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e35e6f5385f799081fbddee520ce1788 |
| SHA1 | 4a41c04cdf0869ef4802db84ca9aa8f8ad6215ab |
| SHA256 | bd45c6ac61394e7251b87b30d30cf5ffebb01853b11cc3c99cbd3f4ac3207035 |
| SHA512 | 9fff78d10c9ff476918b6de90faaa85bde02f2cc0bfc05159d8eb959e94fbe69849b38de5379708ebc231fac63be0b6ea727364b028b2fbbcd378b37de1d1541 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 29e5c4ac7faa171f12af2b523c318952 |
| SHA1 | 9c19c6203780564bf446622983911b9fc93868d8 |
| SHA256 | b67ea16766060efd30d7f0da14be0c894a17b8055c96bb4566cd77721dd307d3 |
| SHA512 | 87b9e5fb1cfcc200e534ce0da8a10ce05d4d908452d7b33dfae270206c2ea3cbc6a88978061b8229dc6358420d9bec72ad48cd0a72b9742ae1334b23fb04c85f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | 21854722fa21072e1c23abfc848cd5d1 |
| SHA1 | 141c6d4270daa428727e4ce2a9eb99552ad7963f |
| SHA256 | c7bb6be128ec4a3a2d8ffd5b71b34af24966c928a8e652aa7117c5a3be23e4a2 |
| SHA512 | 7b35ce59474692a05db93f8be1a93d707a7f197080f0e35821591e156bb7804c45b6bc078f1e115374782f86bc15b38fa5c99e86c7b10f4b2b5f39eecd4c5a40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | a7f5d532c062f59624fc1337f0b85725 |
| SHA1 | 46b5678fc19f52b058c2fd92b85846a1cad46605 |
| SHA256 | a14cca6a9aacc74306b3e6139506a86e4849b6fdbfe5400724a77f1682e543d3 |
| SHA512 | dcd91bbe8db4d656fc1d989e3c648abb09ced63f965babd5afe43b650fd3d72ce9ecc4254dcce43873dae181730c5c2906cf06009902655e2d52468f2b33b1f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | ed839d6d933bff990da28bda7998fdb1 |
| SHA1 | b6af66e66582155ac2f5972b95c7f4c77d4c3ad3 |
| SHA256 | cb69b7d8d20d03caebe719fd03abd371565ad996a45fee357c3f7a8f92d4f35d |
| SHA512 | 335a2a255722a4af81a40a59fb818f4898efa2ea98f7103c862685c2b092b44de01247145d28feec18ddce6dd1bc897072f43d8b0a8a140a5bc7bd8429ed71c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | 8ce25609d6b553073592ecd479730f55 |
| SHA1 | 49dd3ad6377b4a58cb4ebfd22d71060cf4a992bf |
| SHA256 | d9de178c5d60b75e60613150f05bb87f07e7ff11d4d3f806c31ad89ce28b2239 |
| SHA512 | 8c7bdb37fcfa934e0e99c40c17dc20493e9f8a560fc0c9866b2969dfbb46a6d17a894afd0ab2966080123ee3825eff32d0a812c6eead738b5f57d2453963fa4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051
| MD5 | c5317201f6deb392c5fb722f13a8111e |
| SHA1 | 713c97fd5b19825a18b271e868c55f106db88b85 |
| SHA256 | 1c9134d2fa318735d5cb52f148758056cdb3f8ec0fa60f8a3a2a6ef7ebc217f3 |
| SHA512 | a07026c7ea8e6d79080933fcfa207cec92f1165d0b13521b21dcc62d055283a5fcb1523298b632e5402b68cd5dd9e6e83a0e8d63c32fb990a0f2579ea66a3222 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 971a2a8841d69790118c123a52568b22 |
| SHA1 | ae3851aecc7cc18920f08167162ed5a3ea649066 |
| SHA256 | 092e34a515ebd50207361f66363fd29bc2ead7c120899479a38a3014bcd82a52 |
| SHA512 | 44644ca75c07a944a2ccad923f328cbf2530897eeda999cd2d8d7889e5e7c7f8b634477ebf6a746ded69ad4801f9b0228011766a950eff7c0a21adfc3c75f8b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtubeeducation.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086
| MD5 | b858fc237363972d66d97991e542641d |
| SHA1 | 7606f98bac7a726b533d94fb396b7664253f4fd1 |
| SHA256 | dc0cfd5ca8d87254594214ff0c328417077699fada149060676898dad3c44899 |
| SHA512 | 084cecbc28510da61857a2ae0592395c3114633f68c128a5e12eaaf1f55b700776d177f97bbb56210bf86bbc0c9785e62f60efab533e368c8f7c2ec5af2cb587 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2395a95854880c7f22f94c3576a636ba |
| SHA1 | dfe8e96035698e59d6ee18d5a4a7b1bd26b1abde |
| SHA256 | af52b3bdee8991904f64245af72c5c432619942733902129563e16ab523504f6 |
| SHA512 | a538350ea7a3019c3ce3b283db9108dcacfc33822d8c7625278bdc5fbad384123be661d7c53131156f4227832d9b7d8809010eeb3d4fbb58a234ef01cb1e5b0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e780079a7b3a78245d5916a1369e328e |
| SHA1 | f4ddd38fb751341e4349d23b13c68b858640db4c |
| SHA256 | ffad8402aff7dd3b6ed2529f83a53b4e2be9b15b1ebbc4d58e81ebd90fe206fc |
| SHA512 | 1737abb759161f4f1571a4abe08d474a147b7f1143b5ca8015c746f5b1aafd4123df4eb0e1e5c2ec32698543890d87ec112cab09ff7c447814171f98957e5842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0477453b947c678c884dc0dbba606bae |
| SHA1 | cb1f8a53cd18e3cad6fb47688a8bde88b923f54a |
| SHA256 | ceeb31ab35c3c0b57e2384eb6ca86583ee9786fe3ce1b739cc93beec3b644d3d |
| SHA512 | d42d92239f296c2286958a4b8592231b4c28c1ca7f89415887a766934fda19bf7025993d605afb65d8cdac120047a8e9a6e0a11e1fec54c8455e7688e8c77058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 96d05f4596aa803de26c62c26366fedf |
| SHA1 | f970be0a1f19ebfb2c660657c4fdef456338bfba |
| SHA256 | 2e7f33e1c1e2e10e03b901d5f50e2341767a3d142ef2c632875e2a87e2effcfd |
| SHA512 | d62da4026ccd679a99e0f2446ac1ad1897ca52d8fc76938164f6b15b156ac4affe7d4fec7851febb049505d282f931024e795bf86568b84c3ba8e90598cf0f4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf1d86e00f9cc8befc2a1fefa9c6883e |
| SHA1 | 3c5abdb5cafc0eb759447d6e888c8780a6bb24d7 |
| SHA256 | 15198903a869f2a24b00d12d7c45dfc988ec71e4813bb8173a4540f27d3bb2a9 |
| SHA512 | a6bc02d6cbbe9ddb8f1c141834f1131a3f4a75633e0da20660143c356055befeec77514c4ddec7574650b7d0b6f06da4d1936b7a22cfb49ff7bb8baa2558526a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 582738e2d5df090212019c8d78f4e4d7 |
| SHA1 | 5d26773b8bbea8d9a4141d81763c69de5bcaecf3 |
| SHA256 | 9c20c5d65850a9f6385d695843e4b5ce76e99098f4a5180bfde4c66070443ccb |
| SHA512 | 12faf9e4cc2c35d8739cad08feeb6dba52c999b1693f14dafae69ddbf4772a4dfdd66c37958392360dbd44726d352da0456359388c8016db7c039aa36bf2f5a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a22b2143493aedff33e0d0a670bd5e3 |
| SHA1 | e11482ea9164c18c494f32f085fb252d399f815b |
| SHA256 | ce0f912d7baa786a3666fe243ba282068b24ca4f2b0ad9a50dc191dd9c0be410 |
| SHA512 | 54e0280aa186ad9ae31cfdebc800e6037e12c614042c530103e8ed5da191b4a674b4ef9c7064d38524d44a067e632a48faa5ab31126b79c45454b8e99bd7ade8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cec7566fc7c7cbd67d259a1d4c5a6641 |
| SHA1 | 833b0c1bfd148623535ad6e6781a37e361c41419 |
| SHA256 | 37b1526e65769de613b9be7d22af43867bd886ed1f82205527bec94a748f947b |
| SHA512 | 38b6ca6d1b860558fa234cc2d262fe9cf3f95f70690adf9d05540dea1df09c6518cf7c2b00a811e3e5c03aca89b45108695fc36c57491d71aeb262f3f85af5d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8be5ded82a9b9aba1cf519b33c435fb6 |
| SHA1 | d88d83c6e8d4c7f59be47a9382f93ba0ab460f48 |
| SHA256 | 9d03c22879864750fd9ff3727a296021e3bcb7e27b09daffb04931e697047723 |
| SHA512 | fb3c09f0c9fe2c989fa73e7c046a558f5770444f288bc40faefd8e084f4faf84d579e73d2f04cbb1d9c87a50d1fb9c8f0289ed809c5f6c96dc62b9167bc4841c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b737206d62668a497bed68d5268074e |
| SHA1 | 7629c3b4e7608c45f1f57a06ca7e42891a33dee9 |
| SHA256 | 5de93bf3c2e44071527ac21d9af3b4e6cb475a67cb8fe8c6de10c16619623720 |
| SHA512 | 3a4bcc1c018df209f573e442c0eabf5bf034bb7d55c588451f41c8c414254cf5c6793b4135833693b2e4e1254a88b75017d1aa1a6f1a941a729fcadb90a32c31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b575d152516b426bf98873d41ee92aa4 |
| SHA1 | 3a551d468c4bc79bdc5bc11d69a55ee6a5386ea4 |
| SHA256 | 7e532907f69199b3681899797c5890b1943d189d8a0e277e251b89c1ea1b3382 |
| SHA512 | 1861f6dada472592390a07e576d74724a0a5aae765b86869366b8b7139f3d7cfc88d0e434cad7bc5aefa66efeefcd2f4256f487ed295804249470c50bb907356 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8692e893fe5e2c4ff0172611fdf4f384 |
| SHA1 | f681532e28249a13e8fd3e25fa2d3cfb8195a5fe |
| SHA256 | 1e3d84276e20a7986501dd8443246e12249d753fca02de6e636186c9e005af9a |
| SHA512 | 66596e38c5961a45e12f73a35e3e603783f929064f1bcc55af30505e68ff2449a4667636698fd9e8670af00d5785c6bf72a24330a70a061f7f8931eaa2daadd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4337c7897c9e992680bcb946571a862f |
| SHA1 | 0473d1619aa1f8686a9f0c7b4479367df36ae36d |
| SHA256 | 07494d1aec601935732d4303927961372002ad7d2352bb2180f4569790c2b722 |
| SHA512 | 599dff5c567cd75b08cab108d63bb22082bf7a1587718a9871534550bddb944a9d0f06285b67386b6a41cb33354480a11e8869e5ec3bd04d83bef60c25b35a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5747a3f1f9d3515f7ce3f4310e86a7f4 |
| SHA1 | f8a238594591b10d1dd462e1cbea615a0f88cbab |
| SHA256 | 227f70ff81d177711750566540f5b91b6869242be0bdd7ed8f8604af62199da2 |
| SHA512 | f933af47c2fb56773bbb20f23b73946a3a41fe14d5b41db9fcea61d9bc18385cc37ec95b8ab94376840e995a0ce922e8dd2e0aa3f6d81687585f1c26446901fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 401826bd6624264ef0ff670440b0c783 |
| SHA1 | eaaa32329b8f247abba44aa0e63e8d85a5ba9da8 |
| SHA256 | 9c8f479cddb2479d41a003dfe427e363c9bedb09971bf8b376e5735a94a24546 |
| SHA512 | 156a04cd2a62825fbf3eb2b3b6bd98810d587a48b10cb0306951bc8961b970703d601170519d7dce310023fe0981eb2897725db58fa7cf97bb58c2b27d644370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d145c18d2f02a232d94a5bf3d6746ab |
| SHA1 | 0795551e100906f2d70a5b37be908daf82c24ef7 |
| SHA256 | 9a6ddc7fd861e9a81d78fcd772eaad3881cf27270174dc6a488350e2bf1bfd8c |
| SHA512 | 82965698338416b7a010e31fb29600cc239613cbac1b979485a370e40ff83b46b5f6e3052caac3113c8705859a1752ae00b0724d2cff2dd691e9084c9a76bb52 |