Malware Analysis Report

2024-10-10 07:29

Sample ID 240615-vabhka1fkq
Target e4309d620dd2286d9d43031969b9b4a9.gif
SHA256 d21373f9a13f29a53fba37800a3806a6d5db4ad64682428f1f47e003232576f4
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d21373f9a13f29a53fba37800a3806a6d5db4ad64682428f1f47e003232576f4

Threat Level: No (potentially) malicious behavior was detected

The file e4309d620dd2286d9d43031969b9b4a9.gif was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 16:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 16:46

Reported

2024-06-15 16:49

Platform

win11-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4309d620dd2286d9d43031969b9b4a9.gif

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3897773127" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31113110" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1560405787-796225086-678739705-1000\{E51302EC-1FAD-4834-AEF6-B21D891D726B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4300 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 1960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 4888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 4888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4300 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4309d620dd2286d9d43031969b9b4a9.gif

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed8403cb8,0x7ffed8403cc8,0x7ffed8403cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5096 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4484 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18283288231215570494,7758552732941201500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

Network

Country Destination Domain Proto
BE 23.41.178.120:443 www.bing.com tcp
GB 142.250.180.5:80 gmail.com tcp
GB 142.250.180.5:80 gmail.com tcp
GB 142.250.187.229:443 mail.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
BE 23.41.178.99:443 th.bing.com tcp
BE 23.41.178.112:443 th.bing.com tcp
BE 23.41.178.112:443 th.bing.com tcp
BE 23.41.178.99:443 th.bing.com tcp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 172.67.163.54:443 www.smsonline.cloud tcp
US 172.67.163.54:443 www.smsonline.cloud tcp
BE 104.117.77.187:80 apps.identrust.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
RU 77.88.55.88:443 yandex.ru tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
GB 172.217.169.65:443 b3e67b212ead31fe3124a4b082f00541.safeframe.googlesyndication.com tcp
DE 52.85.32.41:443 c.amazon-adsystem.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 172.67.75.241:443 script.4dex.io tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 178.154.131.217:443 yastatic.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 8.8.8.8:53 217.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 182.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 178.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 241.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 172.67.75.241:443 script.4dex.io tcp
DE 18.155.153.61:443 config.aps.amazon-adsystem.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
DE 18.155.141.176:443 aax.amazon-adsystem.com tcp
DE 18.155.141.176:443 aax.amazon-adsystem.com tcp
DE 18.155.141.176:443 aax.amazon-adsystem.com tcp
DE 18.155.141.176:443 aax.amazon-adsystem.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
DE 52.85.92.53:443 tags.crwdcntrl.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
DK 37.157.2.230:443 cm.adform.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 34.98.64.218:443 publift-d.openx.net tcp
US 172.67.23.234:443 a.ad.gt tcp
IE 34.247.240.165:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 53.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 230.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
US 104.22.4.69:443 a.ad.gt tcp
GB 23.36.168.202:443 ads.pubmatic.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 81.17.55.123:443 ssbsync-global.smartadserver.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 34.98.64.218:443 us-u.openx.net udp
BE 104.68.78.171:443 eus.rubiconproject.com tcp
US 104.21.48.215:443 adxbid.info tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
GB 195.181.164.17:443 vid.vidoomy.com tcp
US 172.64.149.23:80 crt.sectigo.com tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 195.181.164.20:443 vpaid.vidoomy.com tcp
IE 99.80.49.43:443 ap.lijit.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.46:443 play.google.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 34.98.64.218:443 us-u.openx.net udp
US 104.22.5.69:443 a.ad.gt tcp
US 44.239.184.8:443 ids.ad.gt tcp
US 44.239.184.8:443 ids.ad.gt tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 69.166.1.34:443 sync.go.sonobi.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
FR 178.32.197.57:443 sync.smartadserver.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net udp
US 104.22.4.69:443 a.ad.gt tcp
US 104.22.5.69:443 a.ad.gt tcp
US 44.239.184.8:443 ids.ad.gt tcp
US 104.22.4.69:443 a.ad.gt tcp
US 44.239.184.8:443 ids.ad.gt tcp
US 44.239.184.8:443 ids.ad.gt tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
DE 159.89.25.223:443 node.setupad.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
DE 37.252.173.215:443 ib.adnxs-simple.com tcp
DE 37.252.173.215:443 ib.adnxs-simple.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 216.58.204.70:443 s0.2mdn.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads4.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads4.g.doubleclick.net udp
BE 92.123.51.152:443 sync.teads.tv tcp
NL 104.97.15.50:443 use.typekit.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 50.15.97.104.in-addr.arpa udp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 104.97.15.49:443 p.typekit.net tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
BE 23.41.178.57:443 th.bing.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
US 104.26.12.46:443 quackr.io tcp
US 104.26.12.46:443 quackr.io tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 35.201.97.85:443 quackr-31041.firebaseio.com tcp
BE 2.17.107.211:443 cdn.fuseplatform.net tcp
BE 2.17.107.211:443 cdn.fuseplatform.net tcp
DE 18.155.153.3:443 cmp.inmobi.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 104.22.75.216:443 btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com udp
DE 18.197.230.215:443 api.cmp.inmobi.com tcp
DE 18.197.230.215:443 api.cmp.inmobi.com tcp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 37.252.171.53:443 ib.adnxs-simple.com tcp
FR 164.132.25.176:443 prg-apac.smartadserver.com tcp
FR 164.132.25.176:443 prg-apac.smartadserver.com tcp
FR 164.132.25.176:443 prg-apac.smartadserver.com tcp
US 34.149.20.76:443 ssc.33across.com tcp
US 34.149.20.76:443 ssc.33across.com tcp
US 34.149.20.76:443 ssc.33across.com tcp
US 104.22.54.206:443 i.connectad.io tcp
US 34.149.20.76:443 ssc.33across.com udp
GB 142.250.187.193:443 cdn.ampproject.org udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 52.12.188.251:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 52.12.188.251:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 196eaa9f7a574c29bd419f9d8c2d9349
SHA1 19982d15d1e2688903b0a3e53a8517ab537b68ed
SHA256 df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412
SHA512 e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

\??\pipe\LOCAL\crashpad_4300_TLPXMNARVANUQNAZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f717f56b5d8e2e057c440a5a81043662
SHA1 0ad6c9bbd28dab5c9664bad04db95fd50db36b3f
SHA256 4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945
SHA512 61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29bd8664da5f5ea7a24ec831618f0258
SHA1 04043d61493ce978f9ce14c7d13a8c6f5145efbb
SHA256 c187a39643b8bc067f1b45806fc10d2983b45b37eb1a37c540e230242ac5f525
SHA512 724b49c54995198458df11d5d4a940b687f781c838c9294876bece2f1458ea157367feb060957479ac5292b4f143d415b339d7fe8957c0b03e1fe7bf0b0028b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36ff4a7c60b33a83f8c149af606e71c1
SHA1 4209853f56a465376facc6dc11e4d8057d37f688
SHA256 2d1273e46c3b8e4ee2af41516e0ca5cbe938dfc4e76e33fa8bbecd41376a39c3
SHA512 83bba2c475cd802b26a5e8e12b37789ee9d63277e00d26e04ceae0e637ff0293f588d8872a750ede7391ae2bb8b15c0e595b76639eef05de2667d244423961f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d786cb222a1fa4a0f9ee072490aa5c93
SHA1 7489f865cfd5a55c7b6d331967860cc5c91d1c57
SHA256 ba636e5d5827ff85020926b13cb15a3f6bf6e6f404693801fc3d7dff4ac1051f
SHA512 f402e12b37435e0fc4e71070d55c82276fcfb32fda47cf8ebadb38285f608215023b0b9d0c8e0ead72cacf7c3aa2a5a0b5e4bd71fa52fe73bde166cac2bc4538

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0bc96f7e0c2518118550300c09f8d966
SHA1 cfc749320994a4f787068c3c64bdaf1792784a79
SHA256 846ebd53af9c3db182e188bec2289ee86f43e460edfb56ed812da4f15b8331f5
SHA512 8ff369a5d4fd25068126e37521a7a9fdaeedcc98ac79f45c50fcba6665f6b09d23e59f3385dfc576f0d7c8b01becc4d5d4782778f7aaae20895f9994356b353a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 93a33ada576538012e294556b0035a61
SHA1 1adff34097663d332a7cf9a0a8a5f20ccea64af8
SHA256 e9cb515d869f8892771db13c1e3568e61681d4db1d4a3accfc5edbc8574c51dd
SHA512 daf403fac2648f58fc53e10426a682b830ace26fcbcbf617b0cea068eb5f5d7b46b7989720668a4eec640352dcf13127ce8e3614acbebdb8e307009bbd2c8bcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58002a.TMP

MD5 833a37ee9d02349129aef77638641fb6
SHA1 ee7d3804b0292abc9acc7570638a79bc9f0ce65f
SHA256 13ff33d1e8f287714f9ee54921fba745ed86ae21c6f418075fbb8987061e10fe
SHA512 82499b7d8cb653c17c7d71f49d17a0ac83248e83aa9c5094cd9acd22a2e39c605134423b0bb4d481f3d795f1f6987166b6e9e429445edb3365305362495b393e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aec6a46fdd2f49793eea6bd23b398247
SHA1 7911ad6c240c0dbf8e64c44d66a915cb906e9c68
SHA256 79159f80fd816f272d1aa40ac1eaf09e3cf2dd91252532cdb133d926b07a4893
SHA512 53cbc60d608289de049f4ab8a327fc474c2bd7573e54e6d8d691664281f170905013676130144fa29355374d3e3b364ec55a48ac78b06406aef5611dffb708e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fdc87ab96abc169f7034afce7b1be936
SHA1 1768564dfdfb61cc25e7dd72f1686b4b261ea2e0
SHA256 82d914b1b6e3fdeff4b6c48534530428c73149da574dbf0965fe159fd4dc81c6
SHA512 50bac4e28c2cc906764846aeefefd164ffa143ad9be5e80a5601311f154ad7b55e197cedab3ce400bfa879afb0226705eba38a729b7cee69e996fcd0f82dcb68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6300ed9d7c46e93dcb2b1580f89a7cf6
SHA1 3b0779ec264431283702751829f8f1429f0f4598
SHA256 a0fc7f64145d6724d1573663a3efbe452b0de656492c34cfa26b21b7b44b5782
SHA512 92cfc4d00e74500e50a0683b47442ba4c6c0d4e401ef7bffb5a8408ad46a2c5096aed23cbad409311116a3c95f10323bf4c292917cab00762f9350fcfbc02e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 397f3fc6a018d6e8069dc2224179f798
SHA1 716f768089f06dff391400b2f86bed4af4ccb18a
SHA256 97ce558ee30184b54d42678dcc1808ef4c47cfbeeba370520fc03917c4b9e3b9
SHA512 645c93736180f412acade82c990450f5b102b03d7d1a8cf77a9a29b8b6234eb5e2c8cfd5553f411db836bea09347f55da991cfcf2c1a1364a1d7b99adba00ba8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a445467169aaa41fc55c2506b13b682
SHA1 24ed38ab34b8af38920a409f29edd7c64d008de0
SHA256 3e495ead92f6f960c553efdaead0e9878431c241b24f01ee996531d167f369fd
SHA512 32357bb13d10f10805905f21aca799361a237b1c4c422ed6a555d70aa81e0ea49f248df1f0c66eb9605190a7ca5dccaee3f81410157fd1b6664c74065a686135

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dbd4298a4a136415ac44693645af91e5
SHA1 a2d87ef10b554eba00a17699fe1f7bdcc6db024b
SHA256 c3a1ccc830891367c4c2efbb5d23b31621b1356766620e67e1beaa4ee7b7008e
SHA512 5672124f5ff2b368a55c2da5cb684e01b69d599afa0c48b5a7cd4ec4b4a2544dc92707636ce346ad9a7c310617e503394ad7f97a1c8551f67b5186eded026d23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 07027aade52cc5666d61624bcccad2e4
SHA1 ebe14e634519a36ab6f6b37c10f5f25f5ba500c5
SHA256 3b937b6a1cf5f5ca9369e74ffd292f05d1d7baae3ec1e442a24c7fb70541412c
SHA512 2a883872a1bd73ef63eaea513477268e514ccaa820048f2e7711f9ebc9f7189312122f09878365b9d48b72e4b885ff7100c06c560a0c4be2ac664140a3c2d219

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1661ef8019d8c6118d8e8026eff326ba
SHA1 80eeffef69c487edb106f3751fe37f521f38e0f3
SHA256 0e3bfc00492163c69ab35ecc20d0a192df880d1fd1668ebf285173a57e20870a
SHA512 335068f5e0187eb6b3c0eecea4dd224077c3cefe58171e025f568d7721823b5bc68bbfd1a2cf491cd58e085cb75e6c50049262d6835c8703fb6bfedaa6ef837a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a5b63cd07dfd0a60cd6b21188ef6df8
SHA1 d289a4d6741c1c56f781eb0a9dbd23d92547a5bb
SHA256 24d60c32104e26c3203ba9868c2da8bf1c936643bb38c0c260bedcf403361f27
SHA512 16a8cd8ded43c3c2f64469e2bfac52d9fe431a637cc2aeae63144c9baf333df5ef6025279dea1692a4561d5a3e0605ea2b45e83864334a24e44b396b20bb63de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 dc618e061d68cfabe140b8be708ecd63
SHA1 7f80fde042b5cf118546da35cbdf17ddc3d6cc46
SHA256 c514b3244a116be900dc4aee0007634771898b955af033687c2d6f2273ecbe3b
SHA512 2e41eeb182bbeec6eadacd33732e6da6a015aabe00142adfe3ff6a5be6b0cce6e68da78db6c6bb9b112c65bf935a8ebe645f341a3bd5f05716add5dde63c2275

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 daace47c9d67836b55c3c2116f031fb8
SHA1 5b8df914452cf3a1878636ada3c28fb5f50eb186
SHA256 3bb2f4ac5692de4d5352f19007ea15fedcec54b09d0b0710f67b7a96adf5e93a
SHA512 47e6d916afb90381b4bacf42b7cf3caca093eec1897d8d03418a066aff8695f8d6a75170c7c5e45a23915a5697cb896758cbe0d441d993eb905e181215f7f058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 3c5aac3450b3eaa0f417971ecaee7b69
SHA1 b3af55759f53c11420de104f5398f75e4610cf9d
SHA256 5a62b6653dff9c9f5b183c5010455b6c4c30750c0ad75af829d5b767d0a02562
SHA512 7eeeae645b45250d6b32454c052abd0cbff37fbc78b92006ec74a5d82d4c908f9bb9e873e9c1b2aaeb499c5639ffdc88a5ea550c5ab1064afdd09147d365fb71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 57b0be737bcc15c1db1fe1930d6c4616
SHA1 d917e5c80c307ea8e77f0ff33fc0550ee939f471
SHA256 3f333be09c028ccb2b4d6a6a994f6f55000c220aa164000b8257084693cdc5f9
SHA512 5100834421de2327292e0f84a6494796e67d4894507299c48b1585d8fbdef2ea0e30e1cd866d9992aab3ba0fb5dc6eeb20f3543841b194ea3ef23d2f69afaa4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 af26b7554a1637dc9dd96302ce8e8a51
SHA1 4e52cb60c798ee3ad5fc557628e659e76a03dfa0
SHA256 b9bad140c02c94e9e08153f7a27079a6f2572fd744baf9663aa34d9878a98043
SHA512 a44f3cdb941f029fce0773b343b0486983087022f321b4464fd0b9840e60d0cc7d0e8d8a9acb6f5e06677d3c3fbeb1f8b854c5deae24e4a409495abcbdd54838

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c88e679c1c1f325822c1d1ad868a5cc8
SHA1 c0bcb0505a63c6687a1ac249bdd886a5a416d9d8
SHA256 5a037dd20f2b8a71d42186f10ce7f438243f0b75f6c6b04b0a6c0ea9c681af9f
SHA512 040a957e1fcced8c9a5b9446b38403c86ef0399f19a0ada07b5d68621f025cab6a3570b0cba5385690ceb9206959cd0b88dffc2f8a5cb9a236ffa4749ae17351

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

MD5 ce1093c800c0933d7c9674eda75790d8
SHA1 371c2dcde092f51b18852e2617bc6c0c176f5873
SHA256 57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89
SHA512 fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd068fb175e724f2_0

MD5 3c8bbc2dc5836b84ba268878dfc3480d
SHA1 15a6c9559933017aa85787e5fd5a26ea88afd0d9
SHA256 629d9a85926147418d58a1e0cbb5380308e7f747cb9e21db89bbfd928de32913
SHA512 02508881d996ed60f1af812b382572579cb173e76297582a209d4b3cfdcbcf8e18053651340e693c2a8c512104c5728ef5df55f6dec21219374de2cca2ca79b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

MD5 be676a6820a16101eed8dfe9bc39211d
SHA1 84a68584fffc1863f604984161abefe9ddd727c0
SHA256 49e7c48f632a33abfebbf881e504a833abc8b5cf87d7be4dfa9b5b3cc86749ae
SHA512 3ef3fa135bd1ea25660d9b3e3cd0995d1f542d608302e99bacc22640cc7045700391f001f5ba43c4bf89597b8058d533282e92f934b6bfb746c9f2940b96af32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a27739f971fb4a175c215a509f6a75d9
SHA1 a3bbc14f43767e43a24b92cff73431aefd712b05
SHA256 d0a2293df4523ec05a3535a3a21a6c6a107dd856532552f55f71977a8e2fe4d7
SHA512 fc040b068a36218b6688bd16c6b4f9687254d7a28fdd0270c83dac2951434132e537d66af4d444d96f92f191206f5391bb2d68e7d527be9f0928013e63eb6c3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c0c3332f5e76c594090cfae7545e427
SHA1 3b8a15203cc3b7b6a528b2fdea5d1db1471bb949
SHA256 0cfd65a2cae52dcbc3a47f8993e4aec9c63b8f58c7b4d3fce110a8889282f11a
SHA512 503eea73952ca163ea16d50d104e7cacdad2e9ea974100cc4d30143d7699f7a1de1a9aa4c5b56d1a2f55300ff3105e80e6a1ebe8da1a1e63e0040bb360a44c0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 72a3c22a78ebeb57e204b8df9db71607
SHA1 1f58e7b595529a0296fdf58e7d1246904bce7f48
SHA256 4cd69177f021122e95c73247849781dca3b0cefb49435e3b3079841129fcacb8
SHA512 3d3ce63fad09078bfdeb8801e2dcc4d30f803aa64e23caea4356b2a61d092edde28e9b49554e43b1c7f785bec02a0591848b24a4f547de0dac215026226fb823

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2a85d80384cfd418cebc5134e4640c9
SHA1 d9f13ef2f295b986fac2aed426d44878fbca08f4
SHA256 6b4aef6511feaabe3751d958d5d69605fcfc99f351eff8cd26cf6cf2bc56e78f
SHA512 947bd6821272c5a42ef6d3aa2a3cef3cf42061e01b446b8669fd8a33c8758f3c3a0089091880d6c69456d9095c12e92ba32dc5ead5dfc658fb271217e9e442a9