Malware Analysis Report

2024-07-28 06:55

Sample ID 240614-mncc1sxalg
Target https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz
Tags
phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz was found to be: Likely malicious.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: [email protected]

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 10:36

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 10:36

Reported

2024-06-14 10:42

Platform

win10v2004-20240611-en

Max time kernel

339s

Max time network

339s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1208 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nihrio.sharepoint.com/:w:/s/NIHRIOEmergencyDocumentRepository/EbxZ4FkO_xxLiJi_A8qU7soBDiAcYnUXCY94Mg-WoVvpCg?email=konstantinos.kipentzoglou%40britannia-pharm.com&e=JTSpUz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb9ee46f8,0x7ffdb9ee4708,0x7ffdb9ee4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12163729858564523677,12647634882490204131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 nihrio.sharepoint.com udp
US 13.107.138.10:443 nihrio.sharepoint.com tcp
US 8.8.8.8:53 res-1.cdn.office.net udp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 10.138.107.13.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 m365cdn.nel.measure.office.net udp
BE 2.17.107.248:443 m365cdn.nel.measure.office.net tcp
US 8.8.8.8:53 97.96.21.2.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 248.107.17.2.in-addr.arpa udp
BE 88.221.83.235:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 235.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 nihrio.sharepoint.com udp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 nihrio.sharepoint.com udp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 13.107.136.10:443 nihrio.sharepoint.com tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 wise.public.cdn.office.net udp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 ukc-word-edit.officeapps.live.com udp
SE 184.31.15.227:443 wise.public.cdn.office.net tcp
SE 184.31.15.227:443 wise.public.cdn.office.net tcp
US 52.108.8.12:443 ukc-word-edit.officeapps.live.com tcp
US 8.8.8.8:53 common.online.office.com udp
US 52.108.8.12:443 common.online.office.com tcp
US 8.8.8.8:53 227.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 10.136.107.13.in-addr.arpa udp
US 8.8.8.8:53 12.8.108.52.in-addr.arpa udp
US 8.8.8.8:53 euc-word-telemetry.officeapps.live.com udp
IE 52.108.240.24:443 euc-word-telemetry.officeapps.live.com tcp
US 8.8.8.8:53 24.240.108.52.in-addr.arpa udp
US 8.8.8.8:53 ukc-word-view.officeapps.live.com udp
US 8.8.8.8:53 eu-office.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
NL 52.178.17.233:443 eu-office.events.data.microsoft.com tcp
US 52.182.143.208:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 233.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 52.182.143.208:443 browser.events.data.microsoft.com tcp
US 52.182.143.208:443 browser.events.data.microsoft.com tcp
NL 52.178.17.233:443 eu-office.events.data.microsoft.com tcp
US 52.108.8.12:443 ukc-word-view.officeapps.live.com tcp
US 52.108.8.12:443 ukc-word-view.officeapps.live.com tcp
US 8.8.8.8:53 owl.officeapps.live.com udp
US 8.8.8.8:53 ecs.office.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 52.113.194.132:443 ecs.office.com tcp
NL 40.126.32.76:443 login.microsoftonline.com tcp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 8.8.8.8:53 amcdn.msftauth.net udp
US 8.8.8.8:53 storage.live.com udp
US 13.107.253.64:443 amcdn.msftauth.net tcp
NL 20.135.25.0:443 storage.live.com tcp
US 8.8.8.8:53 132.194.113.52.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 0.25.135.20.in-addr.arpa udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 admin.microsoft.com udp
US 8.8.8.8:53 messaging.engagement.office.com udp
US 13.107.6.156:443 admin.microsoft.com tcp
NL 52.111.243.8:443 messaging.engagement.office.com tcp
US 8.8.8.8:53 res.cdn.office.net udp
SE 184.31.15.242:443 res.cdn.office.net tcp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 8.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 242.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 wise-m.public.cdn.office.net udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_1208_HTVFVHGQOFMELEIC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 911027bb6c06d904ae4a567eb6c73b3e
SHA1 5f72517f8cb500c55afac3ec3277da6a1deb9ca8
SHA256 0f7611bc38a761bb7374d95d334876fecacb18343b894e2b7dc2ad0eaf0e37ef
SHA512 ffe5002abc0b7e123673a59f34a6879b3f8fe4b03434886e272a331edda9f240755b28f23bec53a5a53c029404e053971dc26e853dbc4d1db8447e5a221881fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4e172d3a82ea62e0a5ecf2873cd9e178
SHA1 788fbd93163d90e10e5c1a916223f12821fb2b4a
SHA256 2c80ef144249e07c0b39f89c6770baadfd819608f4a2725e47a0127bc44e73d2
SHA512 b0a91e710fe489308d861b4f26c4912b8c4feef19d79a46564b307c26d95aeb2f82cfd482a84880cd7bc64e722b36ffceeacb443e1e5b510fe6f3f28e32587d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df960df7c8a9770df0b53af8942b97a9
SHA1 5a0f4415e23ae8b1f831329e4f353cb985749238
SHA256 6aee4a3152dd97e8d5121320dd3ca6b6edf5fd151728d2feb107f8a281cda4f8
SHA512 a96b0dc8e96f38e33cd7085a87fcb40ade46f638f8a33dbbb888826dfaaba6c05ea406fc897cb8bf755cf1eb99057882864a1a43f2a20a26ea1731adb2fdbb1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0a7bc0f2e3493418d51627d4814a562
SHA1 e0777d62f285ff9384163df5f4d9de0f025bfae7
SHA256 d82b437a05f00b00f9214259a43701542efbd85cb8cbb7ca54f1e4077f74edba
SHA512 d8c4ab7be65447206a8b4f387b8064c3403ae48965fbfff87eac848b70edbc8f52a78c2724c34e0e95a6b44b957fb8a690e90745c95b5caebeee00326cf8eda8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a21a3b443722f9bc7566405b4eed00d2
SHA1 86aba16483bc317e87ba8d277aa11815652cdd2a
SHA256 910d473f97b3324a9edcb8d91377775776179a6edc2329c60b919658ef174c4f
SHA512 cc55b689bc7603e2ecfbf372bc284df8fe348b0853eb18104e512ccd97ad60a2cce2f2b57a1ddbe73e8f6d094993f12d59fbfc4a64e9e814a452c64e56efea1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5798d5.TMP

MD5 96782919478cc872b811405de0c44abc
SHA1 dfc447107a5249d537df9f019f9cfca1b74712ba
SHA256 50866db40de9a9a3871c6ad2a45687d6f308a4b4d9b162ebb381baba62e19e1f
SHA512 d27637ba87d05f296d093aa684212f37647a3c4ee08af26300b731d1b5ac74fc8ef79c6d277315b53ba4c78c00ef2069338714da67c0080867089b8fee6ce891

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 85625ac22dd7a2f811731c2bf9ab79ed
SHA1 c1f2b40132b5d2cdb7438ea18014c640cb44ddfc
SHA256 a0474d56f74bd86dc74e282115a9a4be85699243a861f56168204f33fb9a69d1
SHA512 5f3cfcc6c337e8f840ff69e6898197a1d833ba889c6de10bfae33446dd7fd1b58d0f0f14512a24ac2bae04bdeeba351f176e6c4affce63456620c62ae351eed4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3db09c402801b76ab951bc981abd1070
SHA1 d1da7aae9bde0992db752dff001305d183034425
SHA256 6f18409d4b3391c245830a8bc549132a751702f749561815ea025838a4d2dec8
SHA512 7fe11acc0d212764c67f6b543ed94bfb61cea91e739767501348cb508fb0b6d9a26c9b68b0f3d9f64fb2f1a4499b4ab895f2e1b5519ca89eb292cfb618ecda5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 057b4044a8eaa3504f481ef069d20adb
SHA1 2327e6db6d830933ec8b49d739a301704ae00868
SHA256 ab5b59a4ad23ef3cb8443e581b69b35809aca54c9db92198fef9994e35824d84
SHA512 ca4941ef21296778852067579788f22d4ad6bd01904ad41c44530e86affa8d4f4dc25ef385319f0c7a7140ff0d26a162322b48c4d4fde889800ba11c0fc5d794

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 daf62af2f4cb7fd1259c928bb5ab317e
SHA1 4130e980d57ac48b20ff11c452c20a2e9bfd887c
SHA256 6c92ba6a74bcd33128f84d2095d0f2b5500603504e22518e928e6f19a54ef3c9
SHA512 b873b917d5084a9521b4b4283f8d92ff9fe4455a2906a3d5d8b9c6a161ab11f148c461af5f458972abb759150bc48d59c863bd6cceb7ecfefe9901ad153e6ab0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6489e8cdd25d1cb356737e7098ca7fd0
SHA1 93421c877f4ac7ce55b009f7ae959dcb20a7cf56
SHA256 07a389737dfe2363a263c1004f365f6f27e93f62ecec1124d88a2a27fc0f133f
SHA512 b2fb6c7d5d166caa4cbbe74d7d392418a40ddaf12259b1621682741a9f221828cbddb52fa1e56b62352fdd59a2e26ba52ff84f9906927dbc6451eb6aa9aa5326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a59d6fbd395d7922c459e7d1fa0355f
SHA1 bf2d067a5ab296f3b6a433ac0e4cac1bd5b1825c
SHA256 abe7fbadff1056e44cf3c256284d7d9ea605a79ca7dfb156fc9fa1ea2ce3f503
SHA512 a75278870bc7e74374609afffe40d8b7251adff123920abbd2230f71fec1e8f7d179cb8326fab1f67ee2c420f0ead1fe95943b1a9b62901a01c053c58ed3378e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 21b56723455b882e971036e0d0568dd7
SHA1 4672a425fa51d7e0079d295967eb42f09712e088
SHA256 c7cf714071f769a7c0cc82aa8945e354c1ad18a0339e4b3033cf20ecdeca76c3
SHA512 4a4781b1e0536fa2a0ec6fa0de685155e46f4ca566ff50e6b4890fbad06f0e9f9a7ac3c325ce3b96758f010c3722208eb863ef940fdc66f4da75f7581f51f701

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b910641aee3f1e6c94d9e7cfecfa520d
SHA1 a508cf1a31f26df725fd3c0edc83442f0550bcd3
SHA256 195709009ce1f4f1dc96caed5a4f54679f13069985e0933dc1257440b6061633
SHA512 eb7b1e342f1a0772363fec5e9b3ca4dc1964a0095ec476c5d4ba1b216653d3516b302a7350206e813cf27a3f55e9bfe3270fb3577f8289fd07df804c24ad8538

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 87427f2a3c40133c0a3c6774bf7aa6e0
SHA1 efe9f824201e9dc70d462fd3bf0c59202c83b34e
SHA256 2d7974999ec843ae8ab61b66e215b97d9dc1434f65b9a432852d145e8fad9e4a
SHA512 c51c3f828dd1ac3108780995e6f7e9fc4a59f1e0303faf1cee3c10a9abde3289a2b11606625c7d0c54c3a37aab24d0faf07f7ac82947242bc7eef681afca15aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1be592cedbf11082a6b0738643d9262e
SHA1 294c6763e4ee5652e2514df57bb2722a550dabeb
SHA256 d7e98a42aada817fa925183196e61950fbf459481b94255392ee8ff78476d40d
SHA512 63184fbcb61beef47c681f35a897fbca524c702e8c52b1eb9caa52680f0194199ddd5c883a15deb480ab8592db798de7424e3dd3c4653ad717d64c9c3dd1c708

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4116397b6dcb3d81ed39c76ea263769e
SHA1 596e383974f1eda21a776c07b5ae870e60e36b49
SHA256 99336871b16af0f47a2b1644094a51cefd553864e275c1a77c5468678076b838
SHA512 fc2d4071266af89cd47a8cdc482817bdf02cc5fcd2f94e4c6fb308b1c0a587e48ea9c19691f1ac3c06255e43bd3b5f97e6af214362fcbe0940ce3a226fea71a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e506ff22d4bdf0f1dabf179e6b6a3a3
SHA1 05fa9c6d450ae7ad14ea5c5049d0675e342e2991
SHA256 5e15bb8cd18a9d4e80dfd916e2721a8112e6b10a6fa947848eac4f913af4f950
SHA512 1add7b549aaa845a6cd86ee6230d1e89319deb869673c4900e930229ef0a0674f7c507cddbce938f01af2d8a4ed68074d3082602bfff65abb25c34abc5de539d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6221d3d00029dae7fb66d7fae1c9483a
SHA1 add1d1ae1c4c6b39b7b42cab0a43edd33eae5e55
SHA256 9935db496ada9418d4fd0b106195db2d1e593071e75ee6acc57182b6d3358616
SHA512 e4e42c7f148f6f8da4cf71ff075bd6cd7164779b4a703420d596de308670c73e91e43ec08f1560f68c93fc1424a90fa85f810b90fd120a01b47886c329f8dafa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b128588a4bb425206aabe3662e0b7d8
SHA1 8b5c2b15de9e4942b8e77708758a3c793ec5b29c
SHA256 52fae0710e7a18fd829fe1ec9c9ad7d7ebd4f92496949c3d3b40f6786084cefb
SHA512 5f5aa9c23758907b9bee120806a85a3e5f818934b8edcb2b2ef460ef7140ad671509b7456e0a9768773b08e1e7ac20f5a303dc80389e8116520fc284558996c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fe0a2b36fb03deff6615d6f7b682b184
SHA1 b5699c8af6c9ccf8704f3aaef86007f84423b511
SHA256 e58b8ab77ffb9c62e4e2e35b70fe0248ba3c98c624f5f1bf74e94bc228f7803b
SHA512 eac8553653ffdf8cb62a9badbbf6a4e0fa5f7ec4ddd155877cedbc8c60dd7f05b8a2ad73f8f8244d7e7a0eae069a912d2ceaa48f8dee538e5b9a375cd655f454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1fe06218d0e5fad126d70a85231753d4
SHA1 9ebc652e79f5522b10528f12be35d175da2673df
SHA256 4eb09eb40ed0050b6999edf1e45daeb218289638f03098d43d33325ad4cfce6b
SHA512 fd8a87d2a7edddf599fd08cfc74e2adc24383c2479414184b637376a6d3a696aa4157bbb461360a56b2bc72ba790ec5c91eeeab2f5c9e82de12169baa48d75ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67c50ca10c004a8e9508fe5e97f48373
SHA1 b46daf63c4537a2f119af6b8c0de1c663b1edd24
SHA256 f27623754c25b7fd78a9f3d02cf329fd1740f7efcb78205594c8d00709837da6
SHA512 07c8ef7da52c1952626c38ec8b3929b4588b24b0ced206b4a6220decf99d7ef9cdb5755927938edba7cf8007818341f7572f843a3978c2516f97db3927980638

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a49ccb31ee22d429875d33827a493a1
SHA1 05223ee35892eba8be229b9b3a9b0d34b82a6da4
SHA256 35bbe51cb9f00fb3a2a223346532b8237d45752e51aea29431608c469ac0396b
SHA512 e2e3fa3f31b06cb6b30c408772d3d1bca94074b526fed49290ebd4c793fe8022e1b4e389ea14347b4812a562281496624a4e3f92bb784b945653f3f85bd0eed6