Analysis Overview
SHA256
37b2f911915b4612170cd6d0e60a6c82ec6cb375c4e309f5f788531d724a1470
Threat Level: Known bad
The file JaffaCakes118_1c72367957ae0f222df760a6dc3dd540 was found to be: Known bad.
Malicious Activity Summary
Ramnit family
Ramnit
Executes dropped EXE
UPX packed file
Drops file in System32 directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of UnmapMainImage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 17:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 17:40
Reported
2025-07-04 17:43
Platform
win10v2004-20250610-en
Max time kernel
103s
Max time network
146s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\rundll32mgr.exe | C:\Windows\SysWOW64\rundll32.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31190282" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3486175764" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3489925652" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31190282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "458415806" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FB57BE5A-58FD-11F0-B231-5AEF883BB291} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-815616237-4012932787-4224613991-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#1
C:\Windows\SysWOW64\rundll32mgr.exe
C:\Windows\SysWOW64\rundll32mgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:116 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
memory/3052-1-0x0000000010000000-0x0000000010044000-memory.dmp
C:\Windows\SysWOW64\rundll32mgr.exe
| MD5 | a61ea5f2325332c52bff5bce3d161336 |
| SHA1 | 3a883b8241f5f2efaa76367240db800d78a0209c |
| SHA256 | e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b |
| SHA512 | fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5 |
memory/5384-4-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5384-10-0x0000000000820000-0x0000000000821000-memory.dmp
memory/5384-13-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-16-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-15-0x0000000000840000-0x0000000000841000-memory.dmp
memory/5384-14-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-12-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-11-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-9-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-8-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-7-0x0000000000400000-0x000000000041A000-memory.dmp
memory/5384-6-0x0000000000400000-0x000000000041A000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0
| MD5 | 5a41de996b6770373fe9dddae43ef472 |
| SHA1 | 4b93ccb262fb0cee8b56fe050a404d2fd8ad6b1a |
| SHA256 | c4454c3760d61bde8d4d97944a906555a8c380b642c8f35b39faebca84dbdce0 |
| SHA512 | 196efd3752fbdb73a43b7f095f008680edf4a022a65dac37ad38fd7be29ece2a742b4ff21bd40e1424f7ca9394a5171d61bcbf76d59138d91571729cf693731c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0
| MD5 | db3f2e41632254f91f7e5e41942d8ff0 |
| SHA1 | 7da106440ca2f41c46abf0c425b49bbce80a1cfb |
| SHA256 | 601e2bdca83d313ce5087a94b902e3a8237c1255e1221deeb40b3ae5c3a9d9d3 |
| SHA512 | 0cb09d9c84a09722a83150f24caf27cd72f873f77e765b45ac00b177c895f095d9126aafbba60aa3c54b2d3acbee104aa5d0ad1942aca4038586a2242528fbfe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y7YZJB1D\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-04 17:40
Reported
2025-07-04 17:43
Platform
win11-20250610-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\rundll32mgr.exe | C:\Windows\SysWOW64\rundll32.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\offscreendocument_main.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ml\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zh_CN\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ko\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\tr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zh_HK\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_340603208\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\dasherSettingSchema.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\my\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zh_TW\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\iw\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_211788825\data.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_211788825\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\sv\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\lv\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ta\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\sk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\it\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\da\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\lo\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\fa\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\lt\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\hr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ur\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\es\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\bn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\kk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ro\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\si\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\mn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\deny_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\deny_full_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\hu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\no\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\pt_BR\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\el\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\fil\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_340603208\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\service_worker_bin_prod.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\page_embed_script.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\hi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\gl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\fr_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\sw\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\de\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\id\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ja\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\az\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\km\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\is\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\af\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_340603208\edge_autofill_global_block_list.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\vi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3820220942" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31190297" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961244440755613" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-903960561-1545645218-4290906778-1000\{83809A7F-4FF4-40A5-8823-519D20E7E247} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32mgr.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#1
C:\Windows\SysWOW64\rundll32mgr.exe
C:\Windows\SysWOW64\rundll32mgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "http://go.microsoft.com/fwlink/p/?LinkId=255141"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7fffa60df208,0x7fffa60df214,0x7fffa60df220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2824 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2776,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2188,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4800,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3672,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5436,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6116,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1128
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:14
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6528,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6724,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=1284 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5552,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.22.144.74:443 | assets.msn.com | tcp |
| GB | 2.22.144.74:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| GB | 2.19.252.151:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.19.252.151:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.22.144.74:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| GB | 2.22.144.74:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 52.182.143.209:443 | browser.events.data.msn.com | tcp |
| US | 52.182.143.209:443 | browser.events.data.msn.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 13.225.239.58:443 | sb.scorecardresearch.com | tcp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| GB | 2.19.252.151:443 | img-s-msn-com.akamaized.net | udp |
| GB | 2.22.144.74:443 | assets.msn.com | udp |
| GB | 2.22.144.74:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | srtb-ax.msn.com | udp |
| US | 8.8.8.8:53 | srtb-ax.msn.com | udp |
| GB | 2.22.144.74:443 | assets.msn.com | tcp |
| GB | 2.22.144.74:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | confiant.msn.com | udp |
| US | 8.8.8.8:53 | confiant.msn.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 52.182.143.209:443 | browser.events.data.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | confiant.msn.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 184.26.56.26:443 | confiant.msn.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | shftr.adnxs.net | udp |
| US | 8.8.8.8:53 | shftr.adnxs.net | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| NL | 185.89.208.19:443 | shftr.adnxs.net | tcp |
| US | 8.8.8.8:53 | msft-ssp.adnxs.com | udp |
| US | 8.8.8.8:53 | msft-ssp.adnxs.com | udp |
| NL | 185.89.208.19:443 | shftr.adnxs.net | tcp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| NL | 185.89.210.248:443 | msft-ssp.adnxs.com | tcp |
| US | 8.8.8.8:53 | msft-ssp-emea.adnxs.com | udp |
| US | 8.8.8.8:53 | msft-ssp-emea.adnxs.com | udp |
| NL | 185.89.210.141:443 | msft-ssp-emea.adnxs.com | tcp |
| US | 8.8.8.8:53 | res.public.onecdn.static.microsoft | udp |
| US | 8.8.8.8:53 | res.public.onecdn.static.microsoft | udp |
| GB | 2.20.12.89:443 | res.public.onecdn.static.microsoft | tcp |
| US | 8.8.8.8:53 | am-api.archive-digger.com | udp |
| US | 8.8.8.8:53 | am-api.archive-digger.com | udp |
| NL | 185.89.210.141:443 | msft-ssp-emea.adnxs.com | tcp |
| US | 151.101.1.44:443 | am-api.archive-digger.com | tcp |
| US | 151.101.1.44:443 | am-api.archive-digger.com | tcp |
| NL | 185.89.208.19:443 | shftr.adnxs.net | tcp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 34.36.200.111:443 | ag.dns-finder.com | tcp |
| US | 172.67.11.120:443 | ad-delivery.net | tcp |
| US | 172.67.11.120:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 151.101.193.108:443 | cdn.adnxs.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 2.22.144.74:443 | assets.msn.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.22.144.74:443 | assets.msn.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| NL | 185.89.210.248:443 | msft-ssp-emea.adnxs.com | tcp |
| GB | 184.26.56.26:443 | confiant.msn.com | tcp |
| NL | 185.89.210.141:443 | msft-ssp-emea.adnxs.com | tcp |
| US | 8.8.8.8:53 | cdn.mediago.io | udp |
| US | 8.8.8.8:53 | cdn.mediago.io | udp |
| US | 8.8.8.8:53 | images.mediago.io | udp |
| US | 8.8.8.8:53 | images.mediago.io | udp |
| US | 8.8.8.8:53 | protected-by.clarium.io | udp |
| US | 8.8.8.8:53 | protected-by.clarium.io | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 34.111.60.239:443 | images.mediago.io | tcp |
| IE | 54.217.65.83:443 | protected-by.clarium.io | tcp |
| IE | 54.217.65.83:443 | protected-by.clarium.io | tcp |
| US | 13.225.239.64:443 | cdn.mediago.io | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | adsdk.bing.net | udp |
| US | 8.8.8.8:53 | adsdk.bing.net | udp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| US | 13.107.246.64:443 | adsdk.bing.net | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 52.182.143.209:443 | browser.events.data.msn.com | tcp |
| US | 52.182.143.209:443 | browser.events.data.msn.com | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| GB | 2.20.12.85:443 | deff.nelreports.net | tcp |
| GB | 84.201.209.102:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
memory/236-1-0x0000000010000000-0x0000000010044000-memory.dmp
C:\Windows\SysWOW64\rundll32mgr.exe
| MD5 | a61ea5f2325332c52bff5bce3d161336 |
| SHA1 | 3a883b8241f5f2efaa76367240db800d78a0209c |
| SHA256 | e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b |
| SHA512 | fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5 |
memory/6024-4-0x0000000000400000-0x0000000000420000-memory.dmp
memory/6024-6-0x0000000000400000-0x000000000041A000-memory.dmp
memory/6024-8-0x0000000000400000-0x000000000041A000-memory.dmp
memory/6024-10-0x0000000000400000-0x000000000041A000-memory.dmp
memory/6024-13-0x0000000002550000-0x0000000002551000-memory.dmp
memory/6024-16-0x0000000000400000-0x000000000041A000-memory.dmp
memory/6024-17-0x0000000000060000-0x0000000000061000-memory.dmp
memory/6024-15-0x0000000000400000-0x000000000041A000-memory.dmp
memory/6024-14-0x0000000000400000-0x000000000041A000-memory.dmp
memory/6024-19-0x0000000077974000-0x0000000077975000-memory.dmp
memory/6024-7-0x0000000000400000-0x000000000041A000-memory.dmp
memory/6024-12-0x0000000000400000-0x000000000041A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 31fcfd9d8652415663abdaf32d3cf139 |
| SHA1 | c624fc1ea063298fbb23282b1260e08e4215445b |
| SHA256 | 1685e68b16a013c3f2cc722ea521d555cfb264c1e4fbcc911418c85c264d8baf |
| SHA512 | b98ec6febf6eb4ed2009371e63327a44c72ef5ef81b2ab92ed1406d6346603b030e15b564b74a1ab6fbdf6b0af5d7e3c61f3665528677e349e5da589f6445aeb |
\??\pipe\crashpad_4472_TEJHIMBUQBOIBVCM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 017bc3fcd328486192fd0c7082796709 |
| SHA1 | 8cfba6809f90567fdffd047fdfb707682a7d0595 |
| SHA256 | c4278254cc16ba1099967b98859236cc3b690f4824e682cfab43169fcb06a336 |
| SHA512 | 73fc2778be9284d2b28c9489a216b3d2e454920a36478f72640bccddb03a916c1653964d008872edccd42b6c5fe11f2c2b843ce90f437e5ccbf7490645740363 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00004e
| MD5 | 6f90b9ba6e745fec95b8a14a7601f532 |
| SHA1 | a0419fda5778793d0425b164082f5db80c33c5c7 |
| SHA256 | 56d475b6b40a1e92cebba05bc70bc5e514ad96e8fa4151f020cbd87f8fc5a888 |
| SHA512 | 4d1b61c6df966fe76ad8e6d57e599188f96d5992bb8d0ecb75c113474250eb42d336a747393ab81c1f361deb954f814e2a535edd8e3bb91eb4c2a7b33f979ab2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 2e9de69c3d25e831193a8a5bb89510ad |
| SHA1 | 42bc68ab4a4908fb5c1cb97859bbb1677d4be4db |
| SHA256 | f32f839468caaee56165ef6f9e3402a362000b26c921a83f21597c7dde3e47af |
| SHA512 | 6b2c4a1b9bbbcbb6df487d1a405c805a55b3faf39e371fd60e230ae9af8a721cdc75a099d84cd6b478b0c881e750e0b595bbf485b3ba7210b397d1d39a60fca9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f6e1e1d5ffcb010b1d5930a64dcd35b |
| SHA1 | 309ec8a9e70951a33050672d4fde0f1a969d08f5 |
| SHA256 | 05d5903e35957f7acb3b4eaee2e82c19b5953db5da9c80b31ba58d8ddcd74f90 |
| SHA512 | 87be952378014d7a71ed354ee9a7746819638a58ff6dddd06885386a4cb8a9c331e9f86cfe229018fdd2404994e1943f198c86c11f17385d9e586ac171e0e5c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
| MD5 | b384b2c8acf11d0ca778ea05a710bc01 |
| SHA1 | 4d3e01b65ed401b19e9d05e2218eeb01a0a65972 |
| SHA256 | 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b |
| SHA512 | 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24384621f949fcc204ce0d701ed15e23 |
| SHA1 | e482103533ef19c65756d68e6652e57ffa49d164 |
| SHA256 | 31da6b846a494adcfd23782a634551e56599169dafd28528a362f1711221d271 |
| SHA512 | ede782e742854f9cc8e595a8d5c9fb9cbbd6ee1f9163247f9dfe6a9e54d9a67bda0d22c81f616825f1088c9b1e8ae2998c8ef84236d63602d2d4c0666e098fb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 13af00393a62342421c975f1b225f534 |
| SHA1 | 7bd10abdd14323afe94d0c678fbe4a994f7b8748 |
| SHA256 | a0c4d9d5064b5e08518080091b95d0dd2e830d4d26e3b43b02b789e11588d083 |
| SHA512 | b029fe734134a51f21f561ea39c40d7407f317c66ac4a7be4401ef28f5a1ede2403ffa7a07c9df7f698f5ece62f34693770e81382b8b579297ae2bc12060be73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5231feadfecabdaccf94c7fcc8a0f758 |
| SHA1 | 57ba65f87341362835af0ada43c5711e42abc82c |
| SHA256 | edef1bc7214977dfea872f3ecb2076d7b402421b892edd20b82088e38f574bf4 |
| SHA512 | b72272687be13d27ccdb56819c418091d85f4b5dca6f618d2eab6fe18e8894abef50bcc7e17cd2f7286d57ec7dc01d849f769d0e5caf21e518a85e783d4abcc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 301ebc676c5e100c278b66206fec5197 |
| SHA1 | 4ae84d95ecd231460d5fc4e2f5155be8251fe1a5 |
| SHA256 | 9c91333e7a1b2ea82fc2509d39ed8698e2f402cf445426f532d5bfef0b62cedc |
| SHA512 | 541812c5d57d2966f7402df48fdb2e328bbfa43cd26737ea21d8dc84833bf0b6465e6984e045405e2196a21385b814208038dd1a99eab8161e9d375f898af133 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f81b.TMP
| MD5 | 319472c3def1821d87d2d77ebdcd818b |
| SHA1 | 6c99b8d7914faaa5ba73fc1cdee3713976d80f46 |
| SHA256 | 842ad02b3601586dc913aad0a3c8e1a8a0987d0b55d47956d5e3c194d096fdf3 |
| SHA512 | 75eb88cf9617463647b82cb1b79044f4556031f2b3e2c42b88ad6bf3b4c4d6625887dcab9cf2178bd1993b12c2e4795772afbaec76b38cf4bebc72a9d186bd62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582333.TMP
| MD5 | 3d6a0d699d2f04f813ed6f500caf2d33 |
| SHA1 | 5ddacf490acca9831fb6eab2467dbad337a92c66 |
| SHA256 | ead61149017eae98b37254ee86eb7699b128a8bd63288300694a089ee07d4cb0 |
| SHA512 | 8a896d1c18b0a983a1593e9edd758d3b3198fa378fae3048dbed20e7ed6ee672d5371b56d11752ce75d73bfa7e080c14d18ab624c609b70c8ed0b7d06f3ee590 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfbda807e8c4ba75dac984ec59bd2c4e |
| SHA1 | 6a7ac758c98542a373b91dab645d5843b72c0715 |
| SHA256 | 0700a12356f56665eb117a8baab58746373897dd3d1cd842daf5c28c1ec9215e |
| SHA512 | 131edd22833f3ed2fa1e96f988b3405f7cf681fc4654bf46e096285a48c51af8ddc902e0b54965ef3368b8ecc8a84dc08985a27ab04a353d3b6a65d79eccd59a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a6b502f4-84f0-436b-b950-b62e4bc1623e\index-dir\the-real-index~RFe584755.TMP
| MD5 | dab7cb4aeaab9e07093f96e9571972a5 |
| SHA1 | 55d2181f7102972477fa1fad1cbef4116b167adf |
| SHA256 | 56fc7517d6137d3e3b716f5de01794ab2ce15ee90d218d94a28d533154b77586 |
| SHA512 | dfa41585e4ef9c2ff440b8a163769c79851b3f9861b4d08a0edb652a4e33cb2979522c6c5291dd6fbf16a791cc6d0145290b05124a326addf91babbd0f3a768b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a6b502f4-84f0-436b-b950-b62e4bc1623e\index-dir\the-real-index
| MD5 | 0763cac2ce1445535a955823d3dfd745 |
| SHA1 | 234dc0bf92edd9a755f4ae9585f6f232e126597a |
| SHA256 | a75e46dc5c474cb70943cbc7aec2fea56d1b59ea5b30921ac8a0bbc5cd3d8bf0 |
| SHA512 | b06c3c1084b059f6e89c2d14b82d5f26e0f536adb41cb31e462ff3f3e0584ec7da4b8fb099b10c8b51a2f59dce99a859823780620594feebb7d5cdb7e43c3516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt
| MD5 | 07ef38727f304a882c0e9b3d28dd8a0c |
| SHA1 | aadd56071a40f182e0a36efd8ef8e89baa8fe5b3 |
| SHA256 | 4ca2755484392d400843166a96a53d89263be04e4043b94daf9f73199b19bed5 |
| SHA512 | 9b64307c76eb7c1a060a5f213dd6df0ea5cea0c225bfd77ca80450692397899dcb5c991d2b06ed83d76d6a70d4d944bc3069cb4fe036694a0bebb1de3dea5885 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt~RFe584784.TMP
| MD5 | ff9a4345e396d9fe0bed805175e88c1d |
| SHA1 | 14e9fca42e3ac245bfd09e2160bab72df76cc70d |
| SHA256 | 1161d9fd4b5a56dacc016ccb62d8cd3d1af5819e4d26187cf51f15513052a983 |
| SHA512 | b61827e16eef4e6ccc610cdedeabf63dac2a77c9b098d6722f4799b1ea86e783ae5d42692c42a0f16ac69198a84d47ef106a003389e40f7e7b541c9af3c24245 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | d1e3b61e1182a961abbb0b042985882e |
| SHA1 | d087957e5157bc6188e8f45a73c2b6cf3a3d4969 |
| SHA256 | 716f277c30d2175ce3512140c0feeea57451e47e46fef34611bb9e4c555e2dd1 |
| SHA512 | 97a8e90198a695a8b9e6f46db4a8fe6ed780a3230ae111d2d3a775fc0255cf60f2b1dc0c5da45ac99925b317f3c504992c5d31032ee31b68dd8f7d5c79817170 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abc0c634444f0ea1b18f5b7e7eebaa85 |
| SHA1 | 31c11bbfb22015ad7c14c5c28c2b50604e19d941 |
| SHA256 | 901673cd89848600c53e7f34c43dd7a62a85f8be35713be7f18a645d92b37d82 |
| SHA512 | 4b8f25e3394f54275abee3c9d8a5452ac7efb65cda8c656cc3ee1a1d71d197cb34545c922358620b366c030ed4571c1a22d46a2c70a2b584040b3f0d9e427409 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 1aac5b5f1b8e3f7f0f762c5789caceda |
| SHA1 | 55c34ba98602d833ac9d422e12dcf840993fccfb |
| SHA256 | c6e0c3edabf69b85fbc2f1a8635ff32bf71a4f25769992a1a33c815833d9ea9a |
| SHA512 | 5471b5fa46962bff3bb701406376a9fa2de3f1735503c52592c6b8e0bdba9a41cc34731de8bdc7044b8da63613e47c622dde846b05c60ad660119ceb2776a6ff |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\manifest.json
| MD5 | e0909520982fc48e47a6451443b11741 |
| SHA1 | 0e46425274933c153ebf5a03f25e693267a8cea2 |
| SHA256 | 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654 |
| SHA512 | 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\manifest.json
| MD5 | 8177721150435a9b333475e2b8a6e691 |
| SHA1 | 8aa8981617e8f3d8967a0a4a2d20315317eba293 |
| SHA256 | 8a4800ed5f63b9371a024c501ee2b031af94539e32e6753214e6d99c625c018c |
| SHA512 | 540c4c52030c6a4e1efcfab5eb59760c696bb3e3f1b8f93c97a6368639a911ba3d395190fc0798d99f3c63e25b6dcf2ded482bbda34d36ddd874dd20c2cfdf74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\edge_autofill_global_block_list.json
| MD5 | adb5f6058f82680a26d6ed02b44e5a21 |
| SHA1 | 6197ee74e40c742e184357dcb6dfcc7e32818cae |
| SHA256 | 7655c9afb5f2ea39b18e302498b34009ca02b72451f82a6d4e7fb4d8d954f050 |
| SHA512 | 742dd8f6eaf1bd5f24b37e90d7a3dce7bd0a8edf399c2dec25cd92d2bd6e1d663ebab3c68234812f0144061d4f22f0c2c43de890f60e24d93133bbfe23a6d1c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\manifest.json
| MD5 | 390af74c5ae643320cad0cef4fa8fee1 |
| SHA1 | 22ce727f9bcff9a914eb1d58ba8384de6fbda7e1 |
| SHA256 | 1148c28e540b9b96237b35170a547a13165d6c7c039b8fff9e4b2cd774b92f5a |
| SHA512 | deaeeeffdddea1a9047e97d82e3bb701fb865adcd77ef9e985bb0ec5e4057155e7b83cad4f9f3dd256edf89f19d1075349cea5005dffff8420da4d0646be413a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\v1FieldTypes.json
| MD5 | c1a0d30e5eebef19db1b7e68fc79d2be |
| SHA1 | de4ccb9e7ea5850363d0e7124c01da766425039c |
| SHA256 | f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1 |
| SHA512 | f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\autofill_bypass_cache_forms.json
| MD5 | 9357a694006d8bec3d0f8c9607b76ff8 |
| SHA1 | 6335ce691999ec10de742cd07d074eb648631259 |
| SHA256 | b6c37df977f149c5a444c72ea4469ce666c7975d34c6e2e0d9d8ec416f57dd44 |
| SHA512 | 87c2d0192f3a78b13a691cda14da507f260d13331b792eb973869bd6dbd0f207faa48f68882be691641b46c06ed12ee8b9728a3b596df67a1f9a4831b4369a44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3ef7396cce0c79aac0f0c6811f42ec9 |
| SHA1 | 10a0e8e148f0e19d81e578ec4b4612417d86ed5d |
| SHA256 | 32ce1e5ab16c4dd64247732c14c3f341a1336b7690a61609339258eb6d7d80a1 |
| SHA512 | 2fed0c9d2550ab4e3503ba99b18c2b393a5ac0b5ea43eeb753fd28f2d91e800a8391be4be53209a116c489fc4880895938b0953a34d2e2e5cf3fc8f177e064cc |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_211788825\manifest.json
| MD5 | b4d869dd7052d78d29b3e439565f1600 |
| SHA1 | caa2cfa31729f4348a02514eba0235e72b88ce5a |
| SHA256 | 0f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c |
| SHA512 | 1fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.11\data.txt
| MD5 | 1bee2c36cebf096d8a559d5c4eeacff7 |
| SHA1 | c695eda67f31d729dfc336b8a471ad6346a39031 |
| SHA256 | 5e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999 |
| SHA512 | ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5 |