Malware Analysis Report

2024-09-11 05:39

Sample ID 240701-kbzlnsvcnq
Target sample
SHA256 af23ff1818fe3c7fe2a9539e34ab1fa98c254e37fb90d349d6ed87795cefd62e
Tags
discovery exploit
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

af23ff1818fe3c7fe2a9539e34ab1fa98c254e37fb90d349d6ed87795cefd62e

Threat Level: Likely malicious

The file sample was found to be: Likely malicious.

Malicious Activity Summary

discovery exploit

Possible privilege escalation attempt

Downloads MZ/PE file

Executes dropped EXE

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies registry class

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
File and Directory Permissions Modification
T1222
Hide Artifacts
T1564
Hidden Files and Directories
T1564.001
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
Peripheral Device Discovery
T1120
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-01 08:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 08:26

Reported

2024-07-01 08:30

Platform

win11-20240508-en

Max time kernel

229s

Max time network

232s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Downloads MZ/PE file

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\PCToaster.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\V: C:\Windows\SYSTEM32\takeown.exe N/A
File opened (read-only) \??\A: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\B: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\E: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\G: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\J: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\K: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\N: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\U: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\X: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\Z: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\V: C:\Windows\SYSTEM32\takeown.exe N/A
File opened (read-only) \??\L: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\P: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\Q: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\R: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\Y: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\O: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\T: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\W: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\H: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\I: C:\Windows\SYSTEM32\mountvol.exe N/A
File opened (read-only) \??\S: C:\Windows\SYSTEM32\mountvol.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{D249D8B5-0CC4-4E14-9229-630536273AEE} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{7E6AE885-4729-49D1-98FC-5D40DA7A99F4} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 352272.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SYSTEM32\takeown.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SYSTEM32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Windows\System32\PickerHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1204 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91bac3cb8,0x7ff91bac3cc8,0x7ff91bac3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6632 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\PCToaster.exe

"C:\Users\Admin\Downloads\PCToaster.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Windows\SYSTEM32\attrib.exe

attrib +h C:\Users\Admin\Downloads\scr.txt

C:\Windows\SYSTEM32\diskpart.exe

diskpart /s C:\Users\Admin\Downloads\scr.txt

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\SYSTEM32\takeown.exe

takeown /f V:\Boot /r

C:\Windows\SYSTEM32\takeown.exe

takeown /f V:\Recovery /r

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91bac3cb8,0x7ff91bac3cc8,0x7ff91bac3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Windows\SYSTEM32\taskkill.exe

taskkill /im lsass.exe /f

C:\Windows\System32\PickerHost.exe

C:\Windows\System32\PickerHost.exe -Embedding

C:\Windows\SYSTEM32\mountvol.exe

mountvol A: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol B: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol D: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol E: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol F: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol G: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol H: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol I: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol J: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol K: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol L: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol M: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol N: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol O: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol P: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol Q: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol R: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol S: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol T: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol U: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol V: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol W: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol X: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol Y: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol Z: /d

C:\Windows\SYSTEM32\mountvol.exe

mountvol C: /d

Network

Country Destination Domain Proto
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.204.74:445 fonts.googleapis.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 216.58.204.74:139 fonts.googleapis.com tcp
NL 23.62.61.113:443 th.bing.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.57:443 www.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.57:443 www.bing.com tcp
NL 40.126.32.72:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 52.111.229.48:443 tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
GB 2.18.66.75:443 tcp
US 20.42.73.31:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.106:443 th.bing.com tcp
NL 23.62.61.106:443 th.bing.com tcp
NL 23.62.61.106:443 th.bing.com tcp
NL 23.62.61.106:443 th.bing.com tcp
NL 23.62.61.106:443 th.bing.com tcp
NL 23.62.61.106:443 th.bing.com tcp
NL 23.62.61.72:443 th.bing.com tcp
NL 23.62.61.113:443 th.bing.com tcp
NL 23.62.61.113:443 th.bing.com tcp
NL 23.62.61.72:443 th.bing.com tcp
NL 23.62.61.72:443 th.bing.com tcp
NL 40.126.32.72:443 login.microsoftonline.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 2.18.66.75:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8294f1821fd3419c0a42b389d19ecfc6
SHA1 cd4982751377c2904a1d3c58e801fa013ea27533
SHA256 92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512 372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

\??\pipe\LOCAL\crashpad_1204_SBQHKKCBLPUCRLIV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 390187670cb1e0eb022f4f7735263e82
SHA1 ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA256 3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512 602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f35a0c4025790299c1857cd73f2b8b6f
SHA1 2d2fd22986a694f83630529815d099af744a58be
SHA256 02bc5d9ec3ebf2b227a2c631a736140d78db705cd9698612957569fc5070ddae
SHA512 12721cdbaa38d3daf46f89a6138dc58dbc68cca899ba0b1136109b6c007cb0f30094aca7158476ef32a6d77f0536d74a0102b4b39b93c263615d7c675056d789

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0def71273062ca3c4e88471b6b088e60
SHA1 f6edee8f1fe9019d4122d54df68cb86171f43513
SHA256 ca0867d2d104865372c99f54ff3e24b83d39033d77b84f64caaf41cea1a84ad6
SHA512 ffb5ae3be46be17d8fc69f3851415492dff2c77219f263d20d6138df721bbcea1fcf2cd09828d7d21e84fcda1843e648761e9200c03b25fc01feef48dd2ddef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2003f3b6b0f0ae1a0bc5a4b96de43ce2
SHA1 012e4712b782e47ad490ed07d0fe8d5ec983794a
SHA256 d639d8eb00cc80f47904edbe487ef05f0b3a9e323423b52c40b656ba6373fd23
SHA512 48631aba61f33e1c0cbc5ac17c3955509e0377863c6ec08fc733b35f30363cdbac1854b98f908e6cd26137dcca8c2f08d578cf36ff2ab2d339fbcf7a73d4523b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4e9c5fd2-813f-45e8-99b6-e3b6ea8a83cd.tmp

MD5 1d798367f7afa0738613011ebd649123
SHA1 f9b17b11c6201e63f86bc82521d1d1d51407219f
SHA256 d9645bc2ea11282443c94325c5e1b4cab66c2caf44c68e4f734e4ffabcce2389
SHA512 54f4c6b31d1e8724db02b181c1f8276a634df1363b5ba2e6fa69c5f0b7b1cb0ff5a7854d5c9b693cf91f3f4b57c1ea7cc505233cc358e90ec5214138cb0cd4eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5aae8daff5c9db851e454309865f6c76
SHA1 20d7215de1778289c2606e6ca012fbeaec1c8cff
SHA256 07cb619e87c0e02d3cb402cddb3dc7b3a8dcdff4b9b2f12cd34d11ef121a9e9f
SHA512 dc0024263c7431311f2383276bc218f44762b3ffe1b06c887428566fb41ac867377eae876852be6debf1f3c872d3f2a90db860ab7860695278733999cbcd2e7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b15016a51bd29539b8dcbb0ce3c70a1b
SHA1 4eab6d31dea4a783aae6cabe29babe070bd6f6f0
SHA256 e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a
SHA512 1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 620dd00003f691e6bda9ff44e1fc313f
SHA1 aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256 eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA512 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e000.TMP

MD5 d6dfd0cabbcc65ad1232677b69a26a32
SHA1 44a7a4612db508a075083645e6b040db95d69f88
SHA256 b187df665f98aa0de5389431e7da817ce924ad52f6f4ed10e001326c75fe55e7
SHA512 ead6ea32746e9c6d7836288d873c699b3635c18ca6d1fd288c1710c2afd1d4a6cd774a90897b3d374b49e163160e8c22ac33a206529251bd3a1c25da232e9427

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb7a80fadb4a13f615a249c522d2b53c
SHA1 0dff7ea909cb267c02883a0d206184c526eeba4e
SHA256 b0d14eb2475da4245c17ad22b4d9faeba02e7f694fa7cb0efc29af547b0949e7
SHA512 0121cf74adecc5801024755e8f2b9dcc7727bca0dbc49291036b7e79be70330c500e2ce085632cc8f3b36a80135a3431f9e70efbc9a0369c3ded54fe3d625ddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 920b2606a8ac360dc04cd0cb11166429
SHA1 f79e4456f1378d395f7ee11c5d82249b74deb404
SHA256 0651fa38db1552de6b18000caaee4086a29813496ebc8298cf377db7777af378
SHA512 260dda6aa0bbae77fd20a725e548b9c43ceb9c60d941eca3934775e5c0d8b73b53d2b21d0caf07b57afe85c8ff5206c01e50d3598338f0110e7971c76724765a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52ebde906f6ae78ba27c1e447c12fcad
SHA1 61c218f1518ac38723d33f8994354b8e5c102bd6
SHA256 e2a409fd8df3532daf93eb5cf144642d1d2bed270df7de9cd9407a64f410a522
SHA512 467ebbff23ff2aadefaba9fb5261810df193e3e2a305461d25776550d41a0706ef9273ba660c58fa2cddd81c94e0f116ae3204cb7070b722d708578d0751c950

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12a33472a2e0d655d45a49bca205a49a
SHA1 24250821163f7bc50e4f67aa2a9913de42f9dd2d
SHA256 825430e1b3f4eb28cf2f44aee9b3f86691fd119e5e37a8e9cafe5de8c4b8aee4
SHA512 c17324a9c84843aeeeef36e48a08471e66796f59bb64600f59503a60163bea1f621c08ae420b7aa9d900a072c308925418bc09db1ad6b6a051c8c65397ea4770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4594e3d18583d80158663a60223b152
SHA1 da6b21685ea5d11357ed37a9b3c5c5009f373659
SHA256 d8c129e034068a58351ef44594856c92437c09aced893d6a55ce10dbf6ebd427
SHA512 87aae57ce7fa9263e8dabe6ba5d362daa91550bb0a110bc2e5513eeb944d2188435a938f3cf34d62f462c0a3e734c19451e5cbe2575c43e77b9e429277baf704

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 70810b37b4623a054aa286bcb5745551
SHA1 036f2b1cb46d67919334b9adc1ee898ed746b698
SHA256 46e43d38189b4c8ed5b6e4886dbdec3cacd8f192b685d9351a7a65ea73a11a1f
SHA512 66ce4881e6c3e49a4534179ce8c39e51371c88ec9b149ccb2d8e9f484e19bacbe470cccf453143bec12afb20a6c2aee804b49d2a56736cda746f7b8a20187fcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cc775ae281d037689d5a997ec71c6fe9
SHA1 db18dcad8a09068db5c8f6edfdd6ddfd304d1eed
SHA256 d82c808b266a6b4e569e6f1d42491a99e238188b2cd044d1543b69273a15e60e
SHA512 239abefda54a9fe7fa380b70f7db595d73f29351c5f03471a030fe23438135c21a8c2fe27d8f2d727d193e2f8ea9471553af7dcde1b55b328e2eaca092d5d8fa

C:\Users\Admin\Downloads\Unconfirmed 352272.crdownload

MD5 04251a49a240dbf60975ac262fc6aeb7
SHA1 e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0
SHA256 85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3
SHA512 3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6489197850e1af1ea71df960cf0ac835
SHA1 4e0805d7d6d7c5e70f5c42fad35c15592458eec3
SHA256 306cd5b7b144aabb0b1bab95908143187d128c28d42eb66a8c20956e500be544
SHA512 3600a2b2f4b7379746f0da23017ad512c08081b7bb82bae2e22954013a2efa501c6a1afaa44ec8046ca3f8125e2fd74bfb6e884b80b27e270c45fd8a260381a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 205e457347f51361d90e1d86b74c54fb
SHA1 8813c79a22c2b2a2728ddeb22875186b44fe96ce
SHA256 55c93b790d7dc8977076306982f93efddb75b67bd91f321e980a8e9904e57421
SHA512 d495c30e04124e2991479481670abaddba6548973cf7106e7f3db77a6a0477defd30c77db7c08cb24310ceba330bbebf532a4b50679790c1f311319bd172746d

C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier

MD5 0f23c3da88b834822b28bcbd25292c30
SHA1 650eb2c2d4d2013ffcc44b1dc4bbbc174cff8dab
SHA256 fea1d474837c6537c0e9299d22d601e86b7a14f00ece1857df43f06d1f5b2d31
SHA512 59674b07782ab81547c4ed0d7a353966a5b8578f95d215125a3d97f99bcc932cf05893a27390d11e522b41aa5984cbed51c51471e40a3bee7a17824c4e5212e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28a7e6dfe2c19e869035365ec2fb696d
SHA1 f83c88e2bb1c7b92dae8fe72c51231e6dd7aa941
SHA256 3f003af02f3ec120fac23932b112334948cdab85aebd8cbfba71cb647fe0a988
SHA512 614d398f8fef5be1c4864c4ea77dced3018a7c3921aa5170db4f13aa30b60c9738ebbdcc43b9ec81540a3ad45386875f382f0c51343a8c8f6107484a67dbe3c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 df3680961a4c324c5eae5e8e0cd2693c
SHA1 841cabe7a1adffa567091b09d2bb553e0c059819
SHA256 4db9f6a8ad960d0de63846eb3bae45c39aaf7099a6e4842738d41da224a3009f
SHA512 110401547ce805f28e9feb3ded383d9ddbc64f03ea682acee564e76d86f34cff11c5bee0e58c8d37038d0f05b9920fc8ece08552ff06b092f1fc3a0f58458553

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44fefc417744ff8c76b82ddf7657c3b5
SHA1 2d74e44f6acef237ee346743647557db3292585f
SHA256 4d4c72155458c2f0f676b53722acc43620aa9e2e24342dc09d58e1ea97fba976
SHA512 75009ac79d0ff82b5026c7ae7a3cc994eed0fded04e5c1053fa723afdfd8c6cead35613cead107639a96f2d3d48b03c905900d59572ac5cf2db64b8d9e5046f1

memory/1220-901-0x0000000000400000-0x000000000046E000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 2250ebe8f06ef9632e0023f5d7711054
SHA1 83f1a1184222771f34c3bcfa5f6dcd06956bc448
SHA256 15385f370c39884f6355c6434f6eed110924848fb4635d25bd69797df3635cee
SHA512 e5a8757a846a816b39d4825bdd18ba3ddeb1e1d3ef54ea521763d81f3e21ac4d548e19766f1c1a517e4b9586edb1b243a7c96341b36c5c49b96de3e1442eaf53

C:\Users\Admin\Downloads\scr.txt

MD5 ad1869d6f0b2b809394605d3e73eeb74
SHA1 4bdedd14bfea9f891b98c4cc82c5f82a58df67f6
SHA256 7e9cde40095f2a877375cb30fecd4f64cf328e3ab11baed5242f73cbb94bd394
SHA512 8fe0f269daf94feaa246a644dbeeda52916855f1d2bfd2c6c876c7c9c80b0ceb7e42caf0b64a70bda9a64d4529b885aaa38998a515d6abbe88ad367e72324136

memory/2652-924-0x000001DB85920000-0x000001DB85921000-memory.dmp

memory/2652-929-0x000001DB85920000-0x000001DB85921000-memory.dmp

memory/2652-933-0x000001DB85920000-0x000001DB85921000-memory.dmp

memory/2652-941-0x000001DB85920000-0x000001DB85921000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 cd56e155edf53e5728c46b6c9eb9c413
SHA1 14b1b0f090803c9ee39797aed4af13dc7849566d
SHA256 70a6cf268c013fb4d907bedc12af3e5f802f179f0cc8353c7b8227dde840d31a
SHA512 a4ada455d44a89fd2baa505aa9266b70913967b839522ef5da8d7afd31af6662c3ad96ac3e3531d82a72be7d019c9d88f1ce391c5b5fa0e4422a634c51491165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 42b2b83e1d73975d8db933ec2087d07e
SHA1 763c2c01f8cb3179509b0999fdaafa3e09289d80
SHA256 96d9f0963bac767484f007f182117f9bc20bdd6f7c3ebfe3cc617e074986d524
SHA512 d92c6bef84aba219483805f6ae6c36885786b54d6a84f33537472d8d08aaaef4bc22e6929ef6ccb8c1b529e3f6cc2bc85090d7e087a54054beb23e605b2390c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 6ed4ccfeaf91bb73b9d5dba47b6d9552
SHA1 61efd128a355d4357fec7cd7fb3c1f81a1979c5e
SHA256 81db84f7752877f890629e3c71248e00a2068bb37a858d6cf2cba7a2a2643a69
SHA512 60793c01c99a3c7a956ac47a456379fbe25feecbaed2f97884e510f7aedf61a885fda35290007749d6f1fe84bdc468f37f7091e52dcd43328c8ebcafd8c72ec8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 b714b76e8f598268cb1d186894e58cb1
SHA1 dbb0c2b39e49417f952de01b4705e000ea2f6695
SHA256 c5dd84112e611768d2f4e49c7a9eb44901ab0b7b0495a64161f4ae87d2b71cb8
SHA512 6de1702fbd32f1a10736e0891dffa46dccdf9d707c6088ddf020f66ed26272a64ba53db5e9624ab2a5809d333b979726cfe6092402ad6599254c52b55cd9d113

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 76651c76006ae3f84e1d8db542a392cb
SHA1 eeee732e6884db7f8112e100e3d96219bc7ce968
SHA256 9da83ed6fc0cb7845114297083149b11a58731d35a6df6ad4af761a42d87dc7d
SHA512 bfa3db13bc2e2d7217896f1187577b70c73ec939fdaf8a1b6cc70acdd3bb7725d1d30aec142c7ed332c5f249e673d1cec15bbdad7235adc928085a652d4965ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3e5977c4900e27639ea7c4f3adf4c02
SHA1 5fa5438699654fbd05b544203564227dde18b80e
SHA256 679963b5b0877e10e4642fcd6046af2072b5fa152fa01ad26662f471f90e5f77
SHA512 a7a9ebe7d83acb467562e964afd539974c0a15fbfc8806bf1548826b705518a5018ed33394a7ec8837baefa2e6f1bf455294cdfec5daf05d8276e49c9f0089a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 f1c15eba384fe6de0faa768a640b0686
SHA1 7fa525af27e6bc30d708b29711aa3005bf50089e
SHA256 ce28908c75330148ab58bd13c8851a1eade408b17647bec56d97ac0e7ed21de4
SHA512 af453883084d265f8d2b2b4f4167c0b0ceeb51cba9920f7f6a3f289b9f8066a496b7064c7ead24fb0cf25f65cd3c72d85201d10cfab87280b866e58298a7ee55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 8830530d0fdab90be1c0ee0b08c3b077
SHA1 c8cfa7c47cb95142400469a1449ea87d118f7eda
SHA256 e69bc358d2252df396ec8f0abdaa4ab620fff8fcd8e0d07c254e6a5cc50526e7
SHA512 ea69d087ab7188bcf68441f4a9af4e894b650c671b6c34a16d7b6934701e0ab30c87b3962df336c84bc7c33bb7de951e5f437d0c9bc7d3a836a3ac5887c70ce3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 cbc17bb48b28c8d0752a359e46e926d6
SHA1 c9b5abde39d0eb13d64225faf38e43c6dcf7f542
SHA256 5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b
SHA512 f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 8c2bdfd1a179ae6cea4bc1126f7fd52b
SHA1 b12c1473d722e812fc0bc1879f4b58e0c6ea9858
SHA256 49299fae0a721868a614af63919aeacb88d71f8d4c6e86585b5954ae3b19ed81
SHA512 62b3cc6695bc10139e1f3bed5aaa0232cd1efae6accb922e944d96aa138b6c5bbf45b8c12081337bcedebde12bd5774fc7e3a4a35a932e7b0878a4807f6e3d98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 137bae3d43587fe2f7b1f8f3a2b678b7
SHA1 4387f8f603014552338b1d6a513836ec99ee5e79
SHA256 69611e630488e5fe3d388fea0a7cbc79f89dcc3bf4bbd351a1fed2e81a2f8bbb
SHA512 5b9dca3940e02f7be5be83fb954849d87f6054aca01b2fbd96f90450033f5c9a53ddbd08d07185d3918132804afa3da8054e366f44dee7e55cb5f686e791fac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 67420c5bcd1937459939fd046d99ce65
SHA1 b6cdaf1c8ad0a72e7d4b1ca364b6bd6a43dfaaeb
SHA256 7200548b56a99b1814f1603ddb61dac474f56d4fecf7dbdf26af43fba40f3492
SHA512 be5e4ace8aa982e021b9706c358940ba504efc195eac7395fcc08df6f38fb0d439d7e1752acd6b0a581c27bccda5ef4510c1a4ea13addd584e4d1cfc84392ea7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 ebfd6377b85dafcf02de6f87b3364b04
SHA1 ec2c9203711603ed861c959b3f16a5cbcbfc0188
SHA256 6225926ae048cc8f1cfce3683acc96b2c37c0f667f10f7845bc3474fb5f83630
SHA512 847b5cf8e332b455053e1d9c2a631fdfb5503d1ed99eecdcb803011b9efbeafae748bcb827f920c71410d0edd6bcf7fee9d7f8d784a6fc08c8edc6ad4762be62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364296022312684

MD5 3658fc8e4786dbe5623780dc6718da19
SHA1 4c722127baa2f51b31523123507460f272ecdd1d
SHA256 326deb63109c27addfb07ad1b5e1ad405c5c66863c7c6d58b43f8e505bc6bda8
SHA512 842c09f16c997aef56b2c272dc0d2df7b66e20a8f530d3f43ef9639a7966f7ba745d41081152e99e9e3f2f9f5e39891560775208e49fda0b35717d0b1735f6a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 a7f63cdef07d35e4365c0343e116ee25
SHA1 a193e33cdefe13187ccfafd9e176459d413b6625
SHA256 60b01ee8e793bbf8232e55945ebb2602ec60943ca65804d5f9ecb295417ed756
SHA512 50e5144501d4e688ca9d7a55aed7413908c9588bbd61d661d1e418359efb50ef00fd02409aa96d16b420d882ddd79d6538a751877b5026c992464371372bfb04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 34baed7e0c470df3f8361acc972a4506
SHA1 5ac71e6d68109f6985e99b2aba4350672ea7d81b
SHA256 75a99c0db62139f89a974620d53a4c4920685e741c5f1adb258784faaaf7e919
SHA512 b0d31b8acb79b57d8c9569a7623b4c7000de2a986550166ebe0a0dd54691ae4097f39066f104c606e9531b2aaecb73547df520f21690aad59f783ba1de444257

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 aba2b1a63950056c5fb7eb4714d0cd47
SHA1 7501cd9f69eb2020499272e41eb5d16c8950a2f9
SHA256 d4a4840c170faf4e7332b719fdd33a4619758524e1332870c77e134592ca0f36
SHA512 8b3f4f47dc4446d67f00ed3e0017cd740ebef9e7976e39b2b6b2b1644187c3ee5bf8ab497fb32067eeea1980c309f9279fe8fb555171595e317c2f2e8b67ef90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 4f427ff60e68be2f6b1a177c56ce68a6
SHA1 739fcd78ab727134dae1fef461da6ded19729705
SHA256 683a03de1a88ad0f5573d6414f9b996578a336109c079a29e3eb0dcaaea8b10f
SHA512 b4f25f740e3f3f64b2b9dbae705451c7a436ad06d0f7dd8cf8da590efc88d97c396c4e65d213b8945759fe0e8890e607cff035d886b717213f8d234ed8824e27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 e4eaf855876d30143690b7e179b06e76
SHA1 7cba0c5cce292ed87190d867ed91cf8e75268672
SHA256 efca37131f0db42cde6fc47ae9873986f7d564ef397c575bad0e930e3519245a
SHA512 a023e4a27501525068464dbd32b13e733bfff9809ceb5603c6844ac6e5e960ebc4bdae437dfcbad3d3e300b760435c9d9c5469350406255ef91450027b02ab79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 3b45c348c37cbdc6a53b68d0cdb534c3
SHA1 dca0976fd634d0586b215f43eaae595fe9777392
SHA256 2174710704cd7d570d3ff9542552361792dbe7d79622195f88317e995bb3ccb7
SHA512 346acec71c450a1588abda163d2772035cf5b018bb69bc25e82035dc5f1d3bf9921e83fa1f4cc14aa543496724b01cd8c393f7bfc7897544c31cb1b011465455

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 0c2c9d5cd113e27948f492c44117b053
SHA1 b0d2e4893b6dd944ff7ea50c7fe6ed91eb1c6dfa
SHA256 77af039f912ac2ff2ed3f0cd9604dde3a2d05c6e62730730b9f4afeb11adfb11
SHA512 212b5edcb61c9f8e6b7589ef1630ff74b8c4bf620678be588d9484bb6297854115f126a265227ed81808858fb9b6d23b6f47446e74ee357ed5b774a65c4919fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000007.ldb

MD5 cc05710a27223418482bc9dd3da194e8
SHA1 93b5c5a4249ef6386f2e2ad45911861a3e5cdec9
SHA256 ca652d3b64dc6158157faf14a7eee983d19d3395bcf7313443145fec2e174020
SHA512 ac2a9e0c07c943ed3be60467ad5d1e2051848c612206251f13efa1033626fa2fd65305b241679be6aa323a09e414823cc299b5472ace482c04b7c486c8e99c21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

MD5 bffc3a6bfca40ca14cc26cde24c65ee4
SHA1 e2362c50db9f0272b69b289c08b7138b980ab28b
SHA256 db5d13f5372b72acf3b3f5de3917ef1cfce7347896133b02ea7621de64e7fb58
SHA512 fa80a26da1dde4115ba0395f8a6428a3820e421483910af6840b85c9fd58898588f7dd54fc21e2666a1278c2a20b60a9cc488abb0bad245a149e2a86b375103d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000006.log

MD5 6a6ffb05414c14bd41fd906f3d65445c
SHA1 420a912d3568627271c7741ac11e729d9005de67
SHA256 014e4958c524d6f1459987a3ecd7c634c81b82f4e029f9b4eebe2e97e3686443
SHA512 0b5b824e54be65eb319c48364684a99237a3501b4cfa0b2ee03ceec5c762b5e2f35e718a3837a68f011b704622c61e848f99002a0084863b5cfde1ef18c6e2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 3f7a1d6b8d323f0bb08ef6d0758d5c22
SHA1 7b1ed71e5f20c0296b20e05d59cb14b8ec26990d
SHA256 42cb8d07ca056d0b117923fc6e672f5cc460e56fcf382315918273f36ffe381c
SHA512 930da5c10f0ebdcaa0980edf028a6c271654ea8dbb7fedfef976ce9003f045a3182ffcbb80fab26e8568eb5c14bc5a38b51bbd82fe966f0934d6c92332a6bd34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 b83992fbe3f6b013e4f17c9f894d3482
SHA1 3899bff3cd26a8beecd403fc65dd5d2609ba5058
SHA256 f9ede6370e0e2f441e1f21636a4062430b8a3e0ad62210cfb720ece1bdcdbfc3
SHA512 a0b2ac6ca634456819bf26e27812c7f8fd84812e1c732e1256072b95f95e293be18513d240588165f610e00d2d9d5b89bc0c00144738589b0431eea4c08f0d40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 ba5619dc5721a07bfba0fdc28989a61b
SHA1 ce7a3071997477acb3b9d7148d9c72595c058aed
SHA256 105cfae56a900a284adeaf18bd4f80a23e16abf11bd972ad8ee8b200f96b186f
SHA512 28eea35e942c5436608191973a35a819a15e312493a71c2da6cd685d8bb3adce916f34047aae751c360a80be8c8a2d02545ba96b477dcb16d3931550b3ee9ca6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 2b852752ca9c789a24c528f6cc314b3e
SHA1 d26757c1a76b05de2f725c0e678dde87bf74cd58
SHA256 d86b168c89beef85bd7f13c6a29b0e9e011019d708622242f3d4591f7e67ff76
SHA512 28d38041308cc5778dc40a9e36b396885ef9eaa87c2b3025c463d6bd81852e4d81dda7f0e3703e733d9339926579d506b54b49cf961ff40a70bc88b614e37023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 4bb32ffb0f7f8d6a42ef2cebed18448e
SHA1 2fcca02917697114a9eaec028b4cc9e31000129d
SHA256 815992be608203fb46c197deb3a845e3ccf287a87e31e5972a2048d9b0f12356
SHA512 d8c98d24478c1626c8fa810c187e743ab3fcba6d4b3a982ee638ffe0b08f53fe8f401679906ff449f4866bb89640cbaa8ec2eb3f608cad66caf711c15b131f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 6a3fb48e044b0f405b1d6072d0744ac4
SHA1 ea4830fb91f8f7601c26c3cb99ae8abecc8641fe
SHA256 f86506c325d90c4b3524180d7dd041f1cb0643a7f12905cc2c7c6f9082924308
SHA512 e6e1fb635e1a51722f147da718b6c4800b8ed36877f9dd53321e33b808cb6378de873c67202a5194b63b498c78a44528d1eb9890acc78849f07e9ed32b3ed0a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 746a2f4b3d0d101cbd5eaf16954d1238
SHA1 8cae5aacc204af2ab3e68ac35982a5aabb9f6676
SHA256 76fed4c718a32f0081552d5b5712e8873d90d8a6cd07ee321e819a6aec978e06
SHA512 93a782c1717a1a41c1bf9579219f5f7ccc850e535a2625b4ee626a07f29710ad7505f3a7615406221ab08658d1c0ea5a7b7cfcb4fa65db158080949f74069417

memory/2652-1077-0x000001DB85920000-0x000001DB85921000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 090667b8fdb1986046498e8b532f8c8e
SHA1 ec2303eb2ed83320c271c8a46b50ff367a3f8263
SHA256 48d80e257185eadf594199b51401f1d4deb73bc5269ee2b19a3ebf0b065ee1bd
SHA512 1b71d3faf83ae27799a0dd0e7bf21f9f10df783608a47e7df8c863598b841a8bdebd40950d28a0485657b199e7d3d8144151e4c9f0726c332f662f61f32a66be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a89ee857f8b459abe73a338125314a28
SHA1 a50e6f95b150159e86d1ef9dcbf9e9f97e10a12a
SHA256 e18e31606e885ce1d8175d7753cd04ee83e882da25f24e831724e05c54de9e31
SHA512 44aa9579cdf4683b640c63a485e6406943a669d0562c11ae3621279a880459e8231cded7223471fb766ae14dd6f02d76c1b2a5561d4a7a5770593f79b4fc0d69

memory/2652-1177-0x000001DB85920000-0x000001DB85921000-memory.dmp

memory/2652-1199-0x000001DB85920000-0x000001DB85921000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 a208b2ee5104ca9a78f57c4c2dd3df27
SHA1 bcd3fbbc8a4d2fd31a7de26aeb6937965860ca79
SHA256 19f3df11c71fdeb86148c740098a61f0f56fb98d3de667d733899d78770a358d
SHA512 fd24599cc1dde2bec25a51b9bbce26195cff4e29edd21ab946b818574d6e636aba32776351ff476c5f417ebe1ba6924149bf475ae9877c7a8fdb3e7299c7541b

memory/2652-1274-0x000001DB85920000-0x000001DB85921000-memory.dmp