Malware Analysis Report

2025-01-19 04:34

Sample ID 240808-2sdh7s1grq
Target https://uscrewchange-my.sharepoint.com/:f:/p/jason_summers/EkPS74BJ4hVNj55K-wn3ZgQB9bx03GmWn596VFJ2mXMLNQ?e=JCGV1U
Tags
microsoft discovery phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://uscrewchange-my.sharepoint.com/:f:/p/jason_summers/EkPS74BJ4hVNj55K-wn3ZgQB9bx03GmWn596VFJ2mXMLNQ?e=JCGV1U was found to be: Likely benign.

Malicious Activity Summary

microsoft discovery phishing

Detected potential entity reuse from brand microsoft.

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-08 22:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-08 22:50

Reported

2024-08-08 22:55

Platform

win10v2004-20240802-en

Max time kernel

280s

Max time network

290s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://uscrewchange-my.sharepoint.com/:f:/p/jason_summers/EkPS74BJ4hVNj55K-wn3ZgQB9bx03GmWn596VFJ2mXMLNQ?e=JCGV1U

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3296 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://uscrewchange-my.sharepoint.com/:f:/p/jason_summers/EkPS74BJ4hVNj55K-wn3ZgQB9bx03GmWn596VFJ2mXMLNQ?e=JCGV1U

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa198346f8,0x7ffa19834708,0x7ffa19834718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3400 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10502718606446853352,11995837750008797484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 uscrewchange-my.sharepoint.com udp
US 13.107.138.10:443 uscrewchange-my.sharepoint.com tcp
US 8.8.8.8:53 shell.cdn.office.net udp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 8.8.8.8:53 10.138.107.13.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
GB 23.211.97.128:443 shell.cdn.office.net tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 128.97.211.23.in-addr.arpa udp
US 8.8.8.8:53 67.73.209.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 m365cdn.nel.measure.office.net udp
GB 2.18.190.81:443 m365cdn.nel.measure.office.net tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 uscrewchange.sharepoint.com udp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 r4.res.office365.com udp
GB 92.122.92.72:443 r4.res.office365.com tcp
GB 92.122.92.72:443 r4.res.office365.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 config.fp.measure.office.com udp
US 13.107.6.163:443 config.fp.measure.office.com tcp
US 8.8.8.8:53 72.92.122.92.in-addr.arpa udp
US 104.208.16.89:443 browser.events.data.microsoft.com tcp
US 20.42.73.26:443 mobile.events.data.microsoft.com tcp
US 20.42.73.26:443 mobile.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 104.208.16.89:443 browser.events.data.microsoft.com tcp
US 20.42.73.26:443 mobile.events.data.microsoft.com tcp
US 8.8.8.8:53 163.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
US 104.208.16.89:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 ow1.res.office365.com udp
US 8.8.8.8:53 3fc94148305aab940f1c0d06b3f76f27.fp.measure.office.com udp
IE 52.98.248.114:443 3fc94148305aab940f1c0d06b3f76f27.fp.measure.office.com tcp
US 8.8.8.8:53 tr-ofc-mira.office.com udp
GB 52.110.3.39:443 tr-ofc-mira.office.com tcp
US 8.8.8.8:53 114.248.98.52.in-addr.arpa udp
US 8.8.8.8:53 upload.fp.measure.office.com udp
US 8.8.8.8:53 39.3.110.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 res.cdn.office.net udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 res-1.cdn.office.net udp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 uscrewchange-my.sharepoint.com udp
US 13.107.138.10:443 uscrewchange-my.sharepoint.com tcp
GB 23.209.73.67:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.182.143.213:443 mobile.events.data.microsoft.com tcp
US 52.182.143.209:443 browser.events.data.microsoft.com tcp
US 52.182.143.213:443 mobile.events.data.microsoft.com tcp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.daneila.com udp
US 104.21.7.182:443 accounts.daneila.com tcp
US 104.21.7.182:443 accounts.daneila.com tcp
US 8.8.8.8:53 login.daneila.com udp
US 8.8.8.8:53 182.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.daneila.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 aadcdn.daneila.com udp
US 172.67.137.40:443 aadcdn.daneila.com tcp
US 172.67.137.40:443 aadcdn.daneila.com tcp
US 172.67.137.40:443 aadcdn.daneila.com tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 ywnjb.daneila.com udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 40.137.67.172.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 privacy.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 spo.nel.measure.office.net udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 27304926d60324abe74d7a4b571c35ea
SHA1 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA256 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512 f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

\??\pipe\LOCAL\crashpad_3296_SKXZMCHYOUNHWHGY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9e3fc58a8fb86c93d19e1500b873ef6f
SHA1 c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512 e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44e274ad6170a9578bb9a60a3228abc2
SHA1 2de5ea747cb8238d2cfa954b600268d57f972eba
SHA256 be27889fa935a3b791597de76b945756d46e6fa5bcaca6fd2883dc562dd98a37
SHA512 021aa673dbf712b3e5074b39e0403ac97640465770a9ac79bec231d6cc8fc10c5779884475a9974a6f3e64ea0f112422dbf54c3ce19b6bf15b80a458e5423d8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb4fc1d011ac63e38a19503df85da324
SHA1 9885c56fe655d1d13fc5f2ac495503db41fa2056
SHA256 0969b8b85786955ca076be38ee51affd3212587f35be0f32d8b2031a47f320ea
SHA512 cdc7cef2a7ead5579d83138999852e947ea9ae9cc660ed7f26f13bcd2a3a226bb29282a25dc4e1677711f4715cdb017b8e2cdf4dd69b44a306eda37cfad9125f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de7ab6af2071426c536fa1e960962000
SHA1 2b79f55b203abeeee1065510a1097e9b8bb6bf0a
SHA256 e34c3a7dba21da75980ce7c02bfbecea7d1919ba04a6f5881cc0e473216c71c8
SHA512 2dca50ff5af1e0336e1b6bc883d112004a819727ede0b9b0201fdfdb228a79cd608f9f6a303d524ab478a39d157b049b4a8e4b8b31e08032491bc4e284912139

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d9d5.TMP

MD5 37bdd3f05b9056fff95f90fd535eb549
SHA1 32c4df28a8b9d6d5260f005b48373879a8175f1a
SHA256 9ff0058958f7441a017171f80550889a98a4931817c12d5bd5cff3f25921708c
SHA512 504d0c22979a83adcac0792930102284d21deb33b6d4e7b428b5004bca4f63e21d538bd425d0894c1a4dd3ca001f46817ff05f4b5ec3c2d7c067d231a5e07d28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 465db5b450e32598fbcb43f3f62d779b
SHA1 b8d60899c0ecbbf360de08ab7db6ac14dade1c06
SHA256 013400c59fcfbbe96d2e160bdb818c9415dd665881e2d827f958b7020aa0dad5
SHA512 56d488e6ec54c3541dda661816e78a7fea8e671fca0faf701dfb5ce2171ed3c9262d71495462e38418f5ae6685b2c2fc38ae680dbecf1b7aa392cfd0a6dd1540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d2f11ffd7672a0f42f3e29c3cdb42a2
SHA1 885f2312f83df2416a6f01d2331bb70f9a57396a
SHA256 30d462dc6ab3d6834c0a3e8ae8739183fdde5e525793fe5c7ecb3df348d170ac
SHA512 0b56b5da1d321ca8489d71544dba60e438275cfea5f865d23ad3cef5117dd30fb2dd891bb05669941af80266c1196b05064b64fa9654345ae2a639ddfd1a35a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d43099752ef4c7c21ece9947d4e6006
SHA1 876c3863c3c35dc6d41e29d052f45155c11b6011
SHA256 763a7fc757cf8b4d9dc2978390a229deab5f02d498fc4310a30cc20f75576a8b
SHA512 233a99daeea5ebe2df70a5c3be3d37d865172937f2f41faca02d99b1d24cbda2772e1c39950e6e8753fc0222a6ef1c33f17bb0408f6a034cb7aed7bbd9326643

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f721.TMP

MD5 22ed7afa8840ee04a340dcc405f82d63
SHA1 7a575bfc7f1abb7d1c43a9f56dba7df58480b0a8
SHA256 dc44ef4aa6f5ceb6c643d03b2f271e817b9a01f1620269bd6296e1377b7eb0a1
SHA512 c41f0908cc069ae058b6ae6f990baf5c19b07ae7048c2c3c49bbf198f8882d55a5ede2f488b3f59ea36001d4dd28a8c2f39e2cb003213a5eaa38328b61852718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\index.txt

MD5 fbbda909fa6c365c58a31d475bea2650
SHA1 0a9a1afdc23b9c8d3958593374a573ecdd1c7022
SHA256 4df8c8467634b1029c78cd336676a1a710e85197057275bcd36d0f4ac1d596aa
SHA512 0376ed6b5e6d0ea0184bf2885dccb876f9a811d5a3035d4a6fd24cc060763125c1694215906be14aa2d97881c4ab7bd6c745ff13bfac1c3d8bbdb195bdf9c326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\index.txt~RFe581345.TMP

MD5 fe3ab8bff93e07821a5409bebbe5f20b
SHA1 be97c14e0bb8a1ff80a4514736bc109c076fc061
SHA256 41e2998ab5cda84e36793dd37e9e9e92916ce1cd3654e75318a84148c8116653
SHA512 1576bd04a36afeb3977af01829f8981fd0c8351c2e381e48e7c230de533891657430b302599f4503a27cb56d95fe3fddd1dc88abf520ddc7d7596dac808cc6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 6f5531b8b337cc803ad4727e79ab2743
SHA1 a0abbd08bbe5d43e95e129a4bcddc699c25de8ad
SHA256 10e1189d8a2808f03e441e9d5314cc3f3248fe37c041c2af55f835d019a1f1c8
SHA512 f8f7d462f94c69539cc203dc2dc8cfd7b5fe88c531a796a6657c4cd64e79066903ac0951a69b3340a34108456efa6d792ee8980f23ffc4faca4cc6b37d31ea7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\todelete_7a48c130a6a40c0e_1_2

MD5 b4787b1af3f34c57d585398a44aefa83
SHA1 6d6e93c4f4e12c1023d9140460110252ad2e02e0
SHA256 7e62e2cb429246966f0e5854813eccd0f5c40c499567ed7351ba734254ed1dcb
SHA512 2bdcf120e81adda3258b0ae0830edbb9f8999df682afff22514c4e16aae7acad23e3447aa2e5d1bdeb59c2468c7154aa131e69ca07545e941be6e6c187c53efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\todelete_7a48c130a6a40c0e_0_2

MD5 17bf5682e1dee796a0fdd494d8779f8a
SHA1 825a43d9c90f8c968917d499bd2473de6261d56b
SHA256 3fc0af167b4206640977651b880fbd1c341a1164254983bf01a5e8a0669ffc08
SHA512 8582859d83c7927cfb6e0b6bb48dbb95cede72fe5213fd2d6470f6ea00ae65afd7dab2d7ba1f4d68c9b59241c359fde44fda2dd9460ead50b640e12219ad38f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9698e89e386b4bb5c413fc7962b52725
SHA1 7683ae90c7cc0f70c515485cd4a944f75d0367cd
SHA256 ac56ab06111ab11480cd2968eb3a55f6a8b5a47f3211238e19d179ba4ff3a215
SHA512 5153a3ceef07a3ac292974e812a35415fe969e99860422a684e35e88bd316846f006b8f84ff71a13663104de741d23240bbd140f2df8354004838abe9801c490

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c9faa914431a924d8a6f5b1ab668b25
SHA1 475e9c01b072d9702939973706bd1b87e15a6463
SHA256 5e509f96eba657267fc278537b97ead8f59f04f818bcd56e2bc97439287330f0
SHA512 658eb5150d8c949a2949ed5f88fd4ad6040cd763a51739a010b75e846ef463a96237158756c6d25481d2701485089a48335b8c9e5bbf95134ffa5af3787228db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\index-dir\the-real-index~RFe586879.TMP

MD5 dea3ba5c2f85f3c803105758da2e30a4
SHA1 123f092fdba6e667d9f800536f34031c38460d43
SHA256 790d42b47193f1a2c2db6500efc74b30166e6b9a7f3debe2488525b69126a4cb
SHA512 6512ea3bbf0e313ec7d66d7fe0098e14a90f197007bf6e947427434227e296e1ae39b932738b47cbd85f2ec70d8c8e4fecf66c8fcf0e19e9f3976c79087044b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\index-dir\the-real-index

MD5 09249c2a224f54f31bc162f4e2229501
SHA1 a8b61ff4bcfa2e0e38192ce64fb66abe4002db01
SHA256 07f3389ff8e7cd81e12ec39e8b061dfb3eee851e715efc0cc9b120c780e7e020
SHA512 10b3425b75714cb8293674e6c77050ad4d6613636ead464327483726a0ac214be3cbc8e0d4d7843c2eb852df0d31cedb7b67941e6da295113f2c391458793323

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\4f05c41b-da87-4fd7-8916-6830b314c81f\index-dir\the-real-index~RFe586906.TMP

MD5 5f6c1b744d87242e2b15071ec6ff8c65
SHA1 fcd7a5e83169c3b9cbea69be3ad57bf7430386de
SHA256 6e439c3afe9b85edd77f4e87613fc53d903e2210e540342c4c7aad4cd277c6c3
SHA512 6541f06605479961948a9028be524cba321081c9d04bbb2b12813e150aaac6eabfe5da2e4cc1167ce39241f5369711ed540416376cc57e7bdf10baee7cd9b724

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\4f05c41b-da87-4fd7-8916-6830b314c81f\index-dir\the-real-index

MD5 f20c7119df6b1c015b43765688dfefa1
SHA1 43e3e883e386a2227bcab752cd2724630249a1f8
SHA256 82aaa17321ebc63e954560ee0a41048c94efc21d58e7ee86f19440fef88a556a
SHA512 e36bdb4f0d699583191ab19304a03f78debd21728bd24fb49f6cfaa557e9968c9a218dac23b5dac0e3e433ae1f290c87c53b085aa8fed676c6b853220f799612

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\index.txt

MD5 0e6a01d8e6e48ec913853ece178e9493
SHA1 e422857bd1a50dd0afca022d47572eb8f4fade79
SHA256 c89a31909ca8c311e62b20229e7cc664c9d66f1ada353086cf52e4cfab9fa08f
SHA512 1566cf8987787415ac45795d54beff37b5ee47d6bc576506a50913f47d97c7b6caf51244a9b0d7095838203db743a124a3902b7d7b2633fdb9d67d97ffe83162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 df58c7e5a42d18c412da0aed1ea60a27
SHA1 f050d2831186ec9cec8f120ee4e7181cb6d20f87
SHA256 4db5086870bac13113bb9e33309f9e97f12308679e52617aeeae99adba6e627f
SHA512 96344779466cc9f600e5663d78b5cdc6145494243bcd362d581f1c7620c8cf37ecee0fdd7a405d2212a5e8658390855261b3720bbce15c5b707d4f5a0b425c8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\a4e5036f58e9d133_1

MD5 4b0e169586e401d76cd545bad02d25e5
SHA1 a9dd3a4296ee3d4c2eb7e3384aa40971c1ac80de
SHA256 249863c346e4714b996d19c6c390a6015455c7da22ce0eeb0b6175985405b926
SHA512 dac9132c7c4795521b20e4db4c5a1e958855601a6e9e6790148e630d89e23d1f5d5996ad071554fdfdbed72f343f1ed8c0d393825a5b0cb5d96fa85e5986d19f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\a4e5036f58e9d133_0

MD5 948a788dd58e9f78ab7aadc8875bd61c
SHA1 306e012bc69f447b7f58ffb8e478cf9f61e10675
SHA256 f9a84f68bb936aae7da1436a8dd4f7462ae9f617a74ea52453a1f3284192fcad
SHA512 9a2822978bd537225bf85548fa3b79316473ffc0a16676cf0ae7988a6bbeb1dd6c9baa92eac68867603df7f0eb0cd587f51949fe62babbb8ecb74bb3f7c2d93e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\c6bc1f11afcd4c68_1

MD5 c8ab0449cbf4cdfd88da94784393bc6c
SHA1 788808b3e8cbcfa2c206e449132d8f93a2195648
SHA256 575e9b20084aa82e762b155901ee2d42f00e085404fb1d8acdde192e7fcac8f4
SHA512 58b12ca9c3c2593458b731dad12496b660d2f94d5ae22477b0e462608e07d024b31ff82e91f51e570d76888421b1e9f9cd4fb23899b7d098bbeb07cddea6ae45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b26cd5b5ceb82dd7a021d16da185d3f2
SHA1 d5be280c28e267f8ec78b14e916dc2c178ecdc57
SHA256 c4de914e12d0086a545c36998653525f12e328b0741578efc70262ceac6b3659
SHA512 401096adc249532d4f5eb90feb96f90c6bf1bd62f0d93ce1551a67c9ddc3e93c0f3faad101f26d3cd0f435162301de48806561a80653788ee5c769726e1c750d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf50f2237a07e5852c0f003325fa6f17
SHA1 635adc4c94abb4ed9e27675506e8a95c9cfdf860
SHA256 d4f1e09971d8963bf24fed7775ac4e746e9f12a55cd8f917a69560d9f2de917b
SHA512 6ee4686c5b8fb71a616772036a354d46f49fa2d43a0679894298a8bc4799d24d27e21f34a98046c8e27fe7966d11855aa4069414df3828f00f01e793c6c09c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\index-dir\the-real-index~RFe5ae3e9.TMP

MD5 96220c13a43be2b2c8a92f6a6b64c147
SHA1 2a34f50312ee4073fc3ae74a9743bb482f040d09
SHA256 b3c4670182c5cfe0b5912a9de1bea5915e739fadb7740d375ccb2ac97460f7bc
SHA512 c1ae7c941bd8161be0d63edc06d506f35d1b79c86631f9acfd2dddb58ae8252988535b2665708dc4169abe159815674cd67a8fa2b443f3363caf21af9eb3f037

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\60890611-d44a-4acc-bb8c-a3288b9c4504\index-dir\the-real-index

MD5 4d86fae47beea339cbf17f5d5289ffa8
SHA1 b299ba2b4ecd5c49c521bf4b55129f975acf8d3e
SHA256 5971347e6e9786bfe191956e3c2d2e6ec16c5dc354164818db457433bfe7aff5
SHA512 7688707aa674e33e80c230772b730c218f43ffbf579136ce9a58d0b9f2acf4949d17ae60b29dd82da37bb5ad85743a06ad1e368048b6c7fdf6f219f2296a0024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ef77e6a22da9c724d122b139a82a8a12cb4c71ce\index.txt

MD5 345e6aada3626f9adf1e18553f02d68c
SHA1 0d9b6fdccf4f2836a81a05353eeb36977064dc6d
SHA256 7c155a811080782e4fe3308ae7621d048e6c698727ef9748dbde1e39ec514f4f
SHA512 deb76252df47324a9ceede10f4be28582f1b6982c2ceea72e8e9161aa53dd8bc34d368979a76c491eb04e9f8332560fc7bb29716df4ef3a99be6ee72cc7aac50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 729c7814765059be792c3186132bd0e6
SHA1 009fe9f4bfb9beb4ab9f58720bc494a29f1c45c6
SHA256 ff627a41bd0f25bd8b2f197323faf29148cf1809f4a9025d9e878f899c1bac2b
SHA512 749053fe16a38701ae0f616de66fa4d2c18b805f4a46a8f3a3b70c6d19e98fbb434b09e6201e6b469f11c8d034b2826584778b02023a850f6c5b71d2602fcdb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8ea14195147e47ae558d45fd38f43c4
SHA1 ac13f6458102aae77b690bd4edd577fc1a47414b
SHA256 f2444fd9f0dbee028f15107bbfcbb8eb31c6d015b8b146d2c82a60b86c9f145e
SHA512 46c3589c06ac798f5923b6aac274cea5185296526e43df8ca5329e010d67248cfc659e95b169da01567a18b828cea188a661db74b835b26d86a5d66bba0a3f86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b8e885f6c3aa9b7b0ae6e820c14db5ff
SHA1 7e327cba93b1108c091190567770b24ab515576c
SHA256 274a93171151ce5a455b82f684e50f8c703afdf8f4fc1d588390efd2e84f4123
SHA512 2ab1448bfacdbfddeb1ad12c72c3ddb5e9ad0b8dad0e8d44e2ddcb726ea68104fb04e54de1766814044e61d08964aa73b7f88fbf0a43502741ea11c1b0972056