Malware Analysis Report

2024-08-06 16:14

Sample ID 240701-rwkrkszgrj
Target sample
SHA256 23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a

Threat Level: No (potentially) malicious behavior was detected

The file sample was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-01 14:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 14:32

Reported

2024-07-01 14:33

Platform

win11-20240508-en

Max time kernel

47s

Max time network

47s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1340 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffb933e3cb8,0x7ffb933e3cc8,0x7ffb933e3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,9973669269557704334,2161849031179110311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb933e3cb8,0x7ffb933e3cc8,0x7ffb933e3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,388216000438857102,10184884502707408998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA1 3f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256 d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA512 9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

\??\pipe\LOCAL\crashpad_1340_YGTDPZXIVLVZKFCJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d56e8f308a28ac4183257a7950ab5c89
SHA1 044969c58cef041a073c2d132fa66ccc1ee553fe
SHA256 0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512 fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f999139b32df34b01aff607aafdca986
SHA1 266dad8137b42d4f4ac51a6e2ba0d29cdb16db98
SHA256 650c3ca2ec941a54bef8c5d3a798a31e916e143db44e2d47bc8a40c9324bf06e
SHA512 cbe26e9acbcd3079f568376fe4d85dc1235e315b2d60c3209b3f76b224f67c28ba833eb1781872d8f5801edfdae6eaf57c5c07ccef0ba63f6c12109cc71246be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17e1dfe89fb1fd017b7b1959bfb2e9ce
SHA1 3cdf6a6e9719daa5d33fd69f67c493498bc3c7fd
SHA256 40c9279242f61ff59db4b723803b4efea64ab0efeeb6e5bd5dbadcbf96c815d0
SHA512 ca0101067fe95f3b29ed183b2d8a19f0667b85d3d956da2a59226901122b4f92c2b4945cc507911d7dad4aa0153ee9487fed92ee0bc97b0c5b7ec7d5f9676acc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7fe4c1087c983619eb0991106aa5c582
SHA1 f9edffd9835c28dcfc72703ae0fd78d0e0044f3e
SHA256 8bea6ce878228e3d92c6685ae5a7078ab7a29b645745073401aced5d2ef1fc94
SHA512 7d69676003711ee2c776e539238dc3650abe6cffbed91e88e86ef6d9824ede7e803354a222b8f9b255179ac424712ed5cbad542bc526fed6c25c1b13e11a0997

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364317967306202

MD5 acef27c4bc42f7384cc7b388fcc677a3
SHA1 4e17cae8f2d33511edef86713f5d6f3a4e23d436
SHA256 a85df90f796d2a0aa91885950d4d4b8a54e196ddacbea5de9ec05b6853f94843
SHA512 5d8eea6f06c4b5af40f8e64148965cf5430cb06bf3db7ff0989ea5aa1f88ef811180a2e990f3c69acb72c70f7908ad9498972106cdd16acd2bbb39a7b07650a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 d717b5b60d5810baa90e7ef3d3524025
SHA1 8f13da754fdc7a7a00f69f91701490fc8168c75e
SHA256 bfea1e8fefc6e75890adee396ffb2b2f5f2d99ece9ae6ccc6326ee65bc348b74
SHA512 5ed04c84571c4b403f572024f286ed04a72783bb187de69a51b9f43a25f103722f5e8d05ec48fe929c32d539f24a5b8d7dc0c102c509c4e514825910950dabf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 ebcefaced656cd6c10a668fc5f9ce734
SHA1 8821b2b959aeb8871a16a9e461fd1f7c4471d5f9
SHA256 3e8c4baa156cbdc0c5ce8337abce8fdc04fb8ec3753a21c7512eaaa823c04a99
SHA512 00523b08ce9e2ba70be214bdf91403e0fd63b3ee00c19c5738b56a73fd4dea0282c8d187b68dbfa43ca3a917f398e2689241d6e5d197f61f53d8f71edd230d1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 82fa78eeb58d67cc40664df6e9759b55
SHA1 a62a453afacbd6b2f3ac6196022d451b99ecf900
SHA256 d8c5fb2f8f9b9ecd4c40dacad3be2ccb6ab2bc8d93fc9760d8f949dbd0d6d156
SHA512 226e8b928ef94e2d16ec2d4752156f2337b010aeacada6c47cdfa5d59430ab505faa495c2a336eaf86dd8e8a94c0ff21f9eb13b15b9b8a6c516dccaccb0ae41e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 d57b5487379636d9d5d874b48c324a91
SHA1 15b9cddd7297eda6f7b315d32c529e4b14cc1618
SHA256 bd573d6af3cfd05e77cd8588705c8221ed884edf7d5e9ced212abf4ff8be450e
SHA512 f0d8ec5f2e18f70cffddd73077adf73fed29a2472c848f6a2fffd69b8aab213c25a472d693ec186ac34b463b9cc531e22e2b900d956c02c0d328a87fd9d037d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 07c7c9573cec4ae9cc350f754bccb7a9
SHA1 6465e507ab95f977605642fabeae79fcd5d05f47
SHA256 4869fbb00182abc2b5088ebe599e83da8f5c54d4bbfb49b82a15860d499f6b50
SHA512 108ea8324038a1257ab6a29f1e55cb50bfbe86ff2074b50af241491e3e58bc4171fdaa39527dcbd2c746898c53a5c1061086395e304ae2872b2d4d2ec7250d5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 8209f9847fa4f97c0f3cc09ae8973271
SHA1 16e05303119bb47de457c01c8293c5cb9a92453d
SHA256 1d6ff841c7688ac616c167222f0619350ac68ad4222949bc21eb7e972381f226
SHA512 fa2ca20df40c04986b0eee3ebf1fd9cfe70d476c55114150a46c6f369eb81faf20374efcb434b8ccce5a10af8babadfe694ea292a8006e354852b3eb2dcb246f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 47291beb2f6339a007185faa2e793298
SHA1 07f753fc55c93abdc27bd04b68b88563d8b39149
SHA256 785eadd555926a17750e66c5a9e0f695867f575fc491cac3e0fa30a2a4b05c95
SHA512 4b0c1f9c39e3277bd70ba0ee63286c58c9368e435d84719d550a0dc420e017909c094276bb2da3768ee080c9c613aa6464d58b87fa6dabed2e71cb9b89f95365

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 5fe99fc7d95473a48a4df11b1c41c0f6
SHA1 301fff40521a33138c2d84f92316d15e02040d5f
SHA256 03e093803840168e95fa5f085127c3af231ae06f91191418aa6a5278aa4d56a5
SHA512 cc85dc603a34818c8b50d9ca8d08764713408129907e355ecd1ff30c4a31980388126eae83d00ed2f1d4ee2818c449f81c42c259d9a93f84b58f5fa748a15da9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 a96f82ab7b8612997e13a5ca3437cc6f
SHA1 7a096f92bd0f63827fe680448a2e902a3746c6e1
SHA256 e0192eadc3c3c620b7638dc85a9f142eda03c70874159dafa8f62041bcb2fcce
SHA512 1f7d5d9719f2ee134d629238a662b1db92210fbb92acec2c6db4d37e396b7de404a442e58cfc71aa3b7e6d7049cb6153aa11b307b31ef712f27b93454c5483a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dbf6eaa2e4c4159e4bf9731ecf7a5fed
SHA1 5e7a69ea9ec1bfdd6a250b65b23c495136451114
SHA256 e0c90a18f02eef7813b39729d33043d1f938bb9af4d1536ac0dc5f66e336d0c2
SHA512 5334119699dc524e15bb2c104efac326b5ccb814d6f8d840550482bc232867e53ab1783666ca2dc5bcfc5945c5971f5c85b962fa7a0e08b16d9b185f9cef3778

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 9239d6fb85ac1d52ec2f51f840d635cf
SHA1 a359888b1bf23c6e2020a508d9dd32cdb3ed5b8d
SHA256 3c3c506cbb4c9f68f0185708528ad2974d064da91b7e7ca87ed34491f0d237f4
SHA512 c216fa83a0a1f655e623e658018e18a5c77fcfe7381dafeff76df6ee8feded88cedb9e3da838856674a24f05033ec979ac820e4262e20154ba36e9495b6dbaef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1650fdfbb79f9b280d940d0de6b9d2fd
SHA1 a7c6ac8464dedd8a1c1b95e4724e64aaee7e2a00
SHA256 98841f055fb75b6e92c1d3bafcb6c6a1a6fd59940346fc0062ae0e4e9394fa1e
SHA512 5bb68bd334802e09c8ce12f7119cc6754a4395c75e3e50b5cc74c67a00ac1721b4607a1e97e14797d920b5618f712642f7f44978e53839740deb15832d8fc6c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 985d3cb2194a90a9259e34c5749c2dd8
SHA1 1d1d1535e1504a3fe9fe479b2c778c3bb6611ddc
SHA256 1d1c553b7ed8182ff6a7b2f66f5091c8cced9a5f1c22677916474f2a6d4efde7
SHA512 d49d9ba8c518ea8538df92cd8ddfd9d80170b79cdcca1fabc75d3565fea8827179b401798f4da21d22ba9ddbe584b0310f45cc3a343a6740847f667c3c446958

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 aa5d44ae57cf989da45181060f00849f
SHA1 af80fbc8f12acabde9c832913358948590d31e1b
SHA256 d631916ad458b5a9430be275bea699219c7160efffa9aa9b78a2480aeabe1e9b
SHA512 1185915af6727b93bb4c917b50d65236e5ce1ccaf2ab745c24423b0f275265c0f9974d8ab5320aed771ccf49332b61e00ddfeedb1e8ea96bbf6815f6752bd1e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46562d89456d7e458bcafc402833c8a5
SHA1 e7f62ffc44d5ab1281a41485e56fe8e552496db9
SHA256 48de834b28fb4d2b1f2e21f2206f935b78c372cbee3cefcbae28a9cf5818b1c9
SHA512 6366a265de11453e98bb7f1a3316a3e7f4399997a18b51a7238afdb58ac72aab91a603b7a481f2c757dc4a7f4601bfee3c08fa59c844d1b388513a798d674bc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 3632fe2c23aba881bbe2bc776a123c57
SHA1 1a87d95d0e3d02144522c96256f6b52c80bead3e
SHA256 2a91f42d975190c7fe12d85ddf3b04b56d20cfdd1e0dc5da2a785acedb2be3be
SHA512 f41a054fc1760b41c8320e4079766cdc0fe052144f6b86bb70d376d94379973f5104a6ef68e717e9c7f103fc875a6c1ee8256e064842170df4d70d6aa60aa24c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 d8afcabec18a5250ca06ffd6c63b32cc
SHA1 1d859d81b56ffde6c01828fcf6b6bb3bb0a3153d
SHA256 9781dce6270ca4b59898fd136f8ea76b7fb44dfa0b6c43aadc65bfdec9634cb0
SHA512 b1f0db68b709753294f69c443440188418f5b625cd294dfd89cc1ded457a2e3baf94033eb5e27efc7fda0a0797a106ce3add89de29f899666a5277fe6196bc55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 0d97bbb6a870c52d584e62494d81314a
SHA1 195aad0018825092739729537b690d73849416c1
SHA256 665a5b96e627e61ee03e1ef511a70a546b1183725b601551fcd1d96aeeec1830
SHA512 78f9ef33f13e722a3f93f881cc1e2225f4d27f558259fb660f086dc4ab538ba491403cd2bd86634dfb094ceb8e937ede278a9a624d70dccc29f368a750b2bf65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 909ff8ddd981ded3fa810faba3bf8ea2
SHA1 214dcfc1e1ca017155a0fd84c70c3c1a0d88207c
SHA256 136f068282ee6018bd7c130b58ee08dfa1c2c18f92f2ef6965ed060763b23d5e
SHA512 817cc02a6cf03f89c41e4b91d04c53221ce56d6b4c4152c7fcceef1ad29edeb7faeebeeee6c483b56926f0a18afc055445f18d6bf398478bb358b4ff3fdcd4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364317967118202

MD5 a6204b056b4e763bfac86420b0c5ac17
SHA1 91dbd8ff6602d1e93248fb8b8e2e7ddebc9dc261
SHA256 ab200ecd9a3c773b9c6eaa580e7eba52db08dcbc0cd2042a1bf8484fb09aca79
SHA512 8aba567a84423ae62066fdc2585fc826c4d56709ad3ec229e338939f587fb530dc8399f3180548208a2da8c27aae09d62dff4e35b606666a2834af98788e6532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 4103bf8211e34dccd17772a129405593
SHA1 3ee134685eeacdfcc3c303b1f2f2f1bc256e32d3
SHA256 3f4ee1e2ba8f1361ffab43d990a8a02d5448c9ef0dd889dd088672efff37f0ed
SHA512 5a532f44f076f80af8cbbd0c98b2f1b2dfbf5110d1588791d2fb093c78907bee45b73f0b96fbe8215fd5e0d8d5c3a94375b96fdd6ea5bb92418bb15f2e716e67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 3734e11aa364059492e9b7d188caf72d
SHA1 ac8d8c83a49813f52a7078793b4287c9d556ef23
SHA256 69ecb8cb153da1e77f361da10997810a5893815271592e60cb488c2dca62812e
SHA512 82d5050ed8c3d281e35146af7cd811d6923371a046303f7c0946677cbcdb2ac613cf2fa6eadf31be240f73612626c8421f720c97a9f8303df2c5d49874106b4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

MD5 9a8e0fb6cf4941534771c38bb54a76be
SHA1 92d45ac2cc921f6733e68b454dc171426ec43c1c
SHA256 9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be
SHA512 12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

MD5 cb4b2031ba3cc5468fc41cb216b17011
SHA1 cbd68af4d52175e4bd268e58f0cfccb7267d73b0
SHA256 f7236f34d46820f8d828854d72de3579b4ac75a47f7be3a885af9e39c1cbc073
SHA512 b1584146e821b677fd3885d542fa66e099abd9969a4a6c79bc919d77987bc52e72a5202a2c8083081e2e00f8664664ca49352c9edb299c4bf748e1c33a8a90c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

MD5 22bf0e81636b1b45051b138f48b3d148
SHA1 56755d203579ab356e5620ce7e85519ad69d614a
SHA256 e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
SHA512 a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db

MD5 d926f072b41774f50da6b28384e0fed1
SHA1 237dfa5fa72af61f8c38a1e46618a4de59bd6f10
SHA256 4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249
SHA512 a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

MD5 5d352a03280eba57cb274d27ba6c6b7e
SHA1 8887766642a81a1248dd5f93239ce63e93839900
SHA256 3b358849502f5cfd881dd035ff274a5753f90047a131884838c677e22f2305ab
SHA512 b8037a046c4be7be120bbfddedc780a4175fc8e6c863e9095e39a4e16d2e8ced27c40f38c569a79df990057175e3db6aa35eac645598af3647caa5744052bb1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

MD5 8be985ece811ba0a3f10087f5f4e6fd4
SHA1 c87c84d4fe182ffb8362f3cabd33349af94e9b55
SHA256 da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a
SHA512 901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ce5301fee17f8f82980808e6d69f702
SHA1 1448489abd4f7653338fb46ac5056772435989b9
SHA256 9cb2aa46863dcd30562d0dd9ac23308e33c2660576cf8de6f5f39f5bf4f695c4
SHA512 3131417be17110e0d6a76a9b231bd770179135cde841d0d9b7ba8e168abc23748073248bb935beb7084894c76aa1f0a13382323ae36ada449e7c50f255186c70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 822e9ceb7d89b40bd197832201cf8e4a
SHA1 4100aeace4bf4b9676277c5621685002fd2b7edb
SHA256 19b90d825b9e653071cd24e3c031200d99f0f103a9c3501d88e49fab5362480d
SHA512 69b9440a3e1edd6e9fee5bf6472a7d961b8087b57d5d03a369fe4abeba0979f66c3d33b93f49733376503bd3d4f779128a5711e8c863b085ab3c47915e3c10e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f124a29be651231a38ca44ffaaac14cb
SHA1 7c7bde38b0449c4393be939fd7844c9baec5dca1
SHA256 b644e747dc8b023e4829bb45b0b2d4fda23becb06261f570f5eb16116ab8536e
SHA512 a86aecb58fd4104cd656eadc18d30de9c11ba41fcbca641aa5688719e12471a36018c6785e904fc500ac068455f03ff5d9059be8c415e4d3c58e3a5c361a77b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8bed74f9c17eb2ac77407568e217f5b6
SHA1 e0c1ddf73e616f510b0c9a976763f5e0f77b010e
SHA256 cc472a8d4231cd1af5a6e903138a3dfc70e80462f61438a49ea17207ebc04ccd
SHA512 d8f9cf1da8a09ba2bf1d5e3439499c6a73db2f4de3980f4e25113c564df4d216db1c7545116f965f9efe7df740f67fdc6e7320735ffde6e8932f6057f69b66d5