Malware Analysis Report

2025-01-17 21:56

Sample ID 240603-qa99nsfd2s
Target asset14.js
SHA256 699147783c388b24f58935f2f5381b4bcee5ba018e185a1dc19af90989f08038
Tags
execution
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

699147783c388b24f58935f2f5381b4bcee5ba018e185a1dc19af90989f08038

Threat Level: Likely benign

The file asset14.js was found to be: Likely benign.

Malicious Activity Summary

execution

Command and Scripting Interpreter: JavaScript

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:04

Reported

2024-06-03 13:13

Platform

win10v2004-20240508-en

Max time kernel

525s

Max time network

526s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\asset14.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4340 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4340 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\asset14.js

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\test.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba69546f8,0x7ffba6954708,0x7ffba6954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6580 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3103445054112878224,15899804402364466633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 leonardoubaldo.com.br udp
US 162.241.203.111:443 leonardoubaldo.com.br tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 111.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 devtools.azureedge.net udp
US 13.107.253.64:443 devtools.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 ndu-systems.net udp
ZA 196.41.127.164:443 ndu-systems.net tcp
ZA 196.41.127.164:443 ndu-systems.net tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 164.127.41.196.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 query.prod.cms.rt.microsoft.com udp
CZ 104.64.171.144:443 query.prod.cms.rt.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
CZ 104.64.171.144:443 query.prod.cms.rt.microsoft.com tcp
NL 23.62.61.129:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.129:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.129:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.129:443 cdn-dynmedia-1.microsoft.com tcp
NL 23.62.61.129:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 144.171.64.104.in-addr.arpa udp
US 8.8.8.8:53 play.vidyard.com udp
US 151.101.1.181:443 play.vidyard.com tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.253.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 181.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.253.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
GB 2.21.189.25:443 assets.adobedtm.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
IE 13.69.239.77:443 browser.events.data.microsoft.com tcp
IE 13.69.239.77:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 25.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 13.107.253.64:443 acctcdn.msauth.net tcp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
ZA 196.41.127.164:443 ndu-systems.net tcp
ZA 196.41.127.164:443 ndu-systems.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 13.89.178.26:443 browser.events.data.microsoft.com tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_4340_VPSXYOIBSKSBCXLN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Temp\test.htm

MD5 be6f8847557f9a9d52e358df34c49d5f
SHA1 96104feddcf4f42d44861ff09d2feb4be2f44de9
SHA256 8183b0c9eb7640ccd25f398b7e0a014a6bfb2e07076fea0b21ab233fc60fd4ee
SHA512 d857815d90055994ed887559e6e7ee59e6c542423c033121daad990804faa74604e796db2489dc85be81357f8d7defc2aa859e0ec88772ae21cf4fe8cfa93c4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 494be3a99247342d473d58bbfba5df64
SHA1 b3325180aa9cb8c77f6db489dfc0282b74cfcd5e
SHA256 4ad3d8baadee7b10c37f66800375fd34844c5b257c37678cda1c10d3120af6e7
SHA512 a06d4b75c9bc44e23a0cc4a214822fdee30889937a2f9ac60e73a1546c208eacd2bcb92d019ce154240b6bf1632b14307b8472fce9aac55f975cde0c14f64958

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e6e009ef758991ecfa8bd16a243231b
SHA1 faf4d3bd13a5e3c4342f8d92ce9cda2b354e6d1c
SHA256 4cccfc6d529ef6ff9d25ebf5f07adb0cec5e3357d63686f53869701253fdc4ac
SHA512 2972846fe6f33f7c7233e0ff5e65fd2725288566b369fc209b69e7dd75c9d7aedb7bab27af81b72c8dd45e7f3660f1605e8c2ec4cd1c2792c33d5dca6466d49c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf103444de12d6bccfa6d5153aef8645
SHA1 b89e49fe11cad08529b2e81e9dc0f71e5bf7d795
SHA256 260fd4b01c29fdfb40283d6a166b6b561f57269358c4b4dcf408c3209bd0da1e
SHA512 4030e90bfaa4c78c28ddd6ff17624b7917ae41147977d7f9e48096bb19fb8c5bb6e63eb0ff8e00322be47b276f55d7876c7ee0fbfd7ca17989eacaf7683af023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a7d28613d31514cf4473b39bb8c87ca3
SHA1 27a05831a2d6f7f86562f80d1c973d0c8898b72f
SHA256 ebc092b59a98b14a62bc27c6e84c9211ff678eb82290a342003f47f79b98ae57
SHA512 8283889925f73ba08b2d3bf2c3b1e8a7bc4cba8c8e119369acf38863ac56415683d2c95c5b08138d287ebab0e1110f7983049fc0838eb956fa3d4592738d4a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a105f26a7434949207f2e2f45eb78a12
SHA1 d063d112928cad04bb148042583d096c564f2850
SHA256 1883c0f203b116307661cd522b05d8e109aeb11c0250adde4299b11b59fd0868
SHA512 dc8cf487b4177c5a3d77d5e1196655530866ff94960816f760df80405ab1931cac63a7ba85813ca9dd70a95ef403ee4a83c9b7afe0b7f5f26effe6a74d012158

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0ef91e521f61ff62e3c6f6d569d50dad
SHA1 870a650181db944c755a40d04f326c79815d62d3
SHA256 c6e7c6f9fe73919ba36517f0125b1ff029d64374c6be7ee020a42b579ac8f1fd
SHA512 fbe627c124be1094673967f543621c40e042712751b40066832b359550c851913b86be4f0ca0c263fbdca4ecf404be451c58ee564369d0f56b906478d2743e90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8f205a3a6dae7acf69e8273255e1333
SHA1 6192eddf72b50ea65fcfa8d40ab7e1c284c438ca
SHA256 c5ac7f8eb789bb8dd85e783018ce25889ba32d525034bfaf7fdcab5b1bdfef4c
SHA512 80869ec9a74de340b1a253d8b3a7e6738bdc1f52e35603564ee83832ecdaf786aed1723c227d32ef991068445cff67c77ea021e1c76c869b23f4af93da17734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cd876.TMP

MD5 7a7ee00219a5e2d0fb5b31754e395f93
SHA1 355ec20d485af728542cc7f0466e73e39b502594
SHA256 bfca026310fde9a19af37a525e96732e056901a9beea8e750c949ffc3a4540c4
SHA512 fd7d0c9eba280382e3cec3b091c560789c6102c9b77cd4ca7bcf0c72b9606dee30c35098d86368731e114304615a891565ef2bf1d049dffe22df10c7ec2f77af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbeeb21def93cd93cbbbf10a98c22bb2
SHA1 12047d3517f65ddc7c3816650245580d9bffe6c6
SHA256 71e09d88cbfa957a2a1a2b5eb6fd09dc64b80554e30f96cd04ae808e1510f25b
SHA512 ac612439e29b34cc599010866e7382da490e6cb3a57cd9562f9b7c8ce9f8feb46c9c1db5bfed7d5be050f5246b7c2d649cc1a77d12f86838536e6e5e7fee936f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c6a636ce840f310d64598cf77c63ad6c
SHA1 39f7adb10b657af193d76cd8a4152c833c981cee
SHA256 1f49d66952d5137c0af7f60150a9bba65442b745d6866d2167c163f603afe206
SHA512 b0d4b56b7002f7b4e27142ebb2a48482ae85b2c6b72f23729732e3508c7f77c21c435cdaf55e0d176a983119f7eb819bacde028465c4a4c9c905615d138811d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a555b4aaa35a69c7dfbca0535fc6e60
SHA1 017259562fbdf1a2d7797b77fedb76571c559e25
SHA256 11871189c73f6e16b063aaf85b3a400b9cf0ce5af2b28840c30e90f5d557f1c0
SHA512 1519b8ab52101166240dfa22548cd6b6a15af7fd4b6b8edd5aa6a50b015795150ec61be59fd00bf3096e8ffb9f05df35550ab4b7b282bf5ea0aaba4f8a968974

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 01e26377f78106f111d301ad53c44169
SHA1 3d9c3e0fe0f6d79e7079309cbb3708422f91929b
SHA256 ca7495f28f5e8d1836fde2addcd31b7fb897dcd2a2459fffb535cded01a77d83
SHA512 c74b845a4d00b306041447b9a48c0348e5c7e54a296a4e98003ff1c9e42f09e27bb8428aa2e8dda080508e82e5ea6d81355baa07ac310d4443cfe7a5d48176e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8593da5062d47b1615bd59602abc6ec9
SHA1 d40d2838b83a47a13c9b3b58ae6566a1fe90edcf
SHA256 81425ba9b7f202b4f5831bad9ed9cd18a7d708d75d2e37273b72ace3e677aabd
SHA512 cfa5e249f7006519522d5dd4a9ea3dab98e9f37f86cb35bf64bd32684abfe3668741e628b7f56d2391f526e50b98621647d84eb4ed4604febfdd0bae15b1b625

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4538f0bd-91c8-45ec-8653-8cdf0fda366e.tmp

MD5 fc1c9f3bf5f8c9c90bb85070330a4b3e
SHA1 d81254b75b81c087e7fb21ecd1c8d4ed50bb9dfe
SHA256 7a7f78ffe88938c2c2d4c642059430c95b588a0ea9f3ba8f6b520904c887c022
SHA512 4dfeb04d1c036f58b53cac0fe6cf9a397b645abd14ec386a863164a1007e75908d9d81cd3e9cebfdb8ab7afd4eb1608abcaaf5aa2eb9056c460bfae39cd8dd65