Malware Analysis Report

2024-11-15 09:52

Sample ID 241110-bxtswawfqr
Target https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing
Tags
defense_evasion discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery

Legitimate hosting services abused for malware hosting/C2

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:31

Reported

2024-11-10 01:40

Platform

win11-20241007-en

Max time kernel

410s

Max time network

389s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Copy of 222 (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Copy of 222.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 750608.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Copy of 222 (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Copy of 222.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 832407.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4696 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4696 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fe0c3cb8,0x7ff8fe0c3cc8,0x7ff8fe0c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 172.217.169.78:443 docs.google.com tcp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 92.123.128.169:443 r.bing.com tcp
GB 92.123.128.161:443 th.bing.com tcp
GB 92.123.128.161:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
GB 142.250.187.206:443 drive.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 2.19.117.148:443 aefd.nelreports.net tcp
GB 2.19.117.148:443 aefd.nelreports.net udp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 2.19.117.148:443 aefd.nelreports.net udp
GB 216.58.201.106:443 signaler-pa.googleapis.com tcp
GB 216.58.201.106:443 signaler-pa.googleapis.com udp
GB 142.250.187.206:443 drive.google.com udp
NL 142.251.18.94:443 accounts.google.co.uk tcp
NL 142.251.18.94:443 accounts.google.co.uk tcp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 94.18.251.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 172.217.169.78:443 lh3.google.com tcp
GB 216.58.204.67:443 ssl.gstatic.com udp
GB 142.250.178.14:443 clients6.google.com tcp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.169.42:443 drivefrontend-pa.clients6.google.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 142.250.178.14:443 clients6.google.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 172.217.169.42:443 drivefrontend-pa.clients6.google.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 142.250.178.14:443 clients6.google.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
GB 142.250.178.14:443 ogs.google.com tcp
GB 142.250.187.234:443 waa-pa.clients6.google.com tcp
GB 142.250.187.234:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 172.217.169.42:443 drivefrontend-pa.clients6.google.com tcp
GB 172.217.169.42:443 drivefrontend-pa.clients6.google.com tcp
GB 172.217.169.42:443 drivefrontend-pa.clients6.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.169.42:443 drivefrontend-pa.clients6.google.com udp
GB 142.250.187.202:443 ogads-pa.clients6.google.com tcp
GB 172.217.169.42:443 drivefrontend-pa.clients6.google.com udp
GB 142.250.187.202:443 ogads-pa.clients6.google.com tcp
GB 142.250.187.202:443 ogads-pa.clients6.google.com udp
GB 142.250.179.234:443 addons-pa.clients6.google.com tcp
GB 142.250.187.202:443 ogads-pa.clients6.google.com tcp
GB 142.250.179.234:443 addons-pa.clients6.google.com udp
GB 142.250.187.202:443 ogads-pa.clients6.google.com tcp
GB 142.250.179.234:443 addons-pa.clients6.google.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 142.250.187.234:443 youtube.googleapis.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
GB 172.217.169.78:443 docs.google.com udp
GB 216.58.204.74:443 blobcomments-pa.clients6.google.com tcp
GB 216.58.204.74:443 blobcomments-pa.clients6.google.com tcp
GB 216.58.204.67:443 ssl.gstatic.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.74:443 blobcomments-pa.clients6.google.com udp
GB 172.217.169.78:443 docs.google.com udp
GB 216.58.201.110:443 contacts.google.com tcp
GB 216.58.204.74:443 blobcomments-pa.clients6.google.com tcp
GB 216.58.201.110:443 contacts.google.com tcp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.10:443 signaler-pa.clients6.google.com tcp
GB 142.250.200.10:443 signaler-pa.clients6.google.com tcp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
GB 142.250.200.10:443 signaler-pa.clients6.google.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 peoplestack-pa.clients6.google.com udp
GB 172.217.169.10:443 peoplestack-pa.clients6.google.com tcp
GB 172.217.169.10:443 peoplestack-pa.clients6.google.com udp
GB 172.217.169.10:443 peoplestack-pa.clients6.google.com udp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
GB 172.217.16.225:443 drive.usercontent.google.com udp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
GB 92.123.128.167:443 www.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9314124f4f0ad9f845a0d7906fd8dfd8
SHA1 0d4f67fb1a11453551514f230941bdd7ef95693c
SHA256 cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e
SHA512 87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

\??\pipe\LOCAL\crashpad_4696_GRMGRAHQDLDGUPEG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1544690d41d950f9c1358068301cfb5
SHA1 ae3ff81363fcbe33c419e49cabef61fb6837bffa
SHA256 53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724
SHA512 1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a68286546fbed98443061f6dba64530f
SHA1 b28ecffa315f9d2ebebe70cd66d6f7ba46839b0b
SHA256 f1dcf8017a3c32913b02abff29305c68ffa46e2f897f617820354bb407d4103e
SHA512 c4aa2c7e412fd9e31bab4e5ec067de119f2581a1497f24bcd7326e421c9ce947ce95cd98413823d590db437b9757470be65055ae8d2d5fe8864deac09bff0430

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1dc42a3d-4497-49cf-8712-7d1e3240e398.tmp

MD5 5ce575f7372780eb86b026ae10414421
SHA1 bf372fba606d544a5ff340a68faf882bd9a65cc9
SHA256 e481a7eb6ef22cad704f1ce1286ff6dbac1a6b6e38685f1912d9eafd5942501a
SHA512 0d1d6583b8f6bd1789b98c55126d38d4c1a28f59db8f4b48baa325c22272a5b485c86375551e2c21fa6862a8977db4e2a14c810f877343928772410f3b47133e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1264e389d0786904ffefc5e9a7036053
SHA1 fa14c951e8ad4eef3bb04f5fb4fca15263874b4e
SHA256 badbc5ae248ae77e95bf737a58ff2a405c01725abde4a8a703a53b8fcce93ceb
SHA512 9f789bbad9a778e52a04f2f0fd0bd08af67d63c0e576e420ee04e194f4e7f611a3a25f5bcd429deebb0e2ef6afdc4cf4d64f4b87791c6c1b5803f0d2ea4b1fe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9986ed3bb8a5b91a4f3734c5d243838d
SHA1 3752d53d1e38a217a8c69859d3e09d763cb63f98
SHA256 f14b6f70951e753c7e7df1cd89ed048c87208e77e85dcb91c2f66828b8388207
SHA512 b1d1815eb8b76c0d7329b5e5ee99ba8ab11f814454d01ed00ffb838b1a6ce6231ad8b9e6de929e650354b66f9f7a4655ee3614f6f8929d46dc731b2701c64f4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f330a8472bb2551a4d4ab2a6c98dd618
SHA1 a838f8af7aa127a1a80f8e8fb2368f2474dfff64
SHA256 e111bd34a6dcec1e27b93728258857376065301f77b0ed10d463d904427fefc2
SHA512 0d67cc136142f16778d7c3686c2f7c778541f9cb899619c44c375c23de207b0aa2d836bae195aa4c91622d37c724a84037cf01c17130006036a1a454f20348a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d5bf.TMP

MD5 e35d70ba8b2549ded86b2605d0ed3cf4
SHA1 3f9cf3d6a0fc14b5860f445bedc9bb56cbfda472
SHA256 c1a8876550dd7cf3110d297245ec14337f5fde404873dd952f68df0f0e2c9950
SHA512 45226afc37d2e222d71d829947e79ed14ca86c66a463868fff2d00821167e7aa3eab9448857a79c0806056adb6959b5393ba8cac24926441076d0254bb14e9e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd911957898c1909f5bbe3caee8a3198
SHA1 cce5f514482556c2741cca9f10d2e0463ff45fb2
SHA256 fa7ba81c73ca6c13058de735cd2dd60afd86a500c3518467c3f00cc960186806
SHA512 819310bf590e722faacadf790399e34fdfa5cacb225856c33b399fd627dd19942cb0f35fca0b52db823bfe0d9ee39922ea8e312bea66d53e0e21c2489a6e8c51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13b574dc47a0c275772be5e7a7968e77
SHA1 6adaee8dd6a4e7ec55dc4cbb32f5c160a05fb462
SHA256 5fe8c46c94b3ee9636e839241fdc436daaf2abad0566a70e140f7171b74ac63d
SHA512 726a40a94be37198bb973e734d39a2c2f60e5a8cb8604ad20ab9470051173a67c2e944c6a7be1fdb6bfa684dd281259613569108f39f52377fe589763ea6ae1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 18bd10474bebcb712b97b7e3e21ca2d5
SHA1 16194fec32cb607a0cc67e2c31fa3272d0b465a9
SHA256 c23fcb0a9b6b926d53506ea080e7bc8cd9673846bf696082589df82bd4c3f729
SHA512 e8c852f30f51aa527f5506ebbff5b5091c9c38caf436ecba495b76e1dc40c9e5140c53746512accabd03c190e754ca0826579f127f718aa24641ce4cd6b689ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bfc26fb6e0d96c068a60394b2d03d879
SHA1 b972386c4aaec5c3c697429fe7fe6057754e5b07
SHA256 91f5f207f5af17f2ac8558742dd28d504068d0e2f9ca6598db9925814f182616
SHA512 a3d66cf7972bc4d5d9961970f79c8d880e469ea819195749d9203aa17d36c2877b4b1d263af8b536c90f3a5cf913fbe82a37d0161232e3c2b1896e3fc6d761be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 481286af9021b825a7848a81332b9df3
SHA1 321e6ceb67fad0837f297c18ba59f4a5d5f7df4b
SHA256 b3628c0c251366f27e12486638a12e04cab961e505df66500c10690d4e681de8
SHA512 edc34ecee040de022d8b9ae7b32b26b60e10bc711b2d3f402cd662d5a46a90d57a1ae77a8606b8b086413a728acd88578c804a07922650b0c3aaa2e31deda794

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8df07af9a27f2facc23051b8dbbe85fc
SHA1 10746d54645dc1099bf8366094e5284610ac7118
SHA256 5ef94ae7f91567bc436c7c37f25d979d68ce6f35c22949dafe1c3d5dbcfd9258
SHA512 ce8213efda7f1e6475ef84db6905068e8120f15a9b1cb406837dcfe938056a98eeda6851d95cf098500ed038111ce1a9eca1fd2ca476c6085a5275102bb64931

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 37fee45d724be27b5bbd9284ea3d6b00
SHA1 12ecdba8d6bf1ef9f081e08976f2f15b8e18defd
SHA256 2e6cf7e9bcbdb913c553111d49b3aa9133fe26a93531d758bb4c7adce475f07c
SHA512 694d1bfcb69d3e467d5332289121456ec3df402ec148703442d8c07b442042a2831b647c23a1dcb598c5675852555b5d6fb8a6fff1ec07eb31bee3ddcb17a13b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b6c9134b46805a8a2c4c6f6339d1e8d8
SHA1 73c073b39110bc76cc055993d63720b2dc646b62
SHA256 c45df77c431302821b11de79ff41b45ef85fa3defe8d873ea3e3135e8113fe74
SHA512 ed5780bdab24f384c37aee04b45b5a4f0720dacdaa0f92695766d9bccdfe33dcd2abcfe76f1cffa8fa771bb14b1e5e168dfa2fea3c33e3c1df2568f8504ff64f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bad2228410ab7a17e72fd0c0204c552c
SHA1 7d5e02bf7a2658c0905f933e0def94b61abb0a7a
SHA256 60be7b8e6ba6830fe4fb495f3357e68e9b0678f6c7b592d16e12296a0e553ce8
SHA512 b3a2d66fbb414f0ffbb27df80ae92d1c3eef180f1321cb8862ffb097b3d61d3eca1d7ac0254a7c7c37758951629448f13b9a3a258ace63d57b0a38a75300c52d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a86c2944959541ff5be723e51c45ca42
SHA1 583a8a69d9f560a7f089c185b886b3548e999560
SHA256 e88bcf2a885b21859597ba3ba16e680fe313a1465478d04b4e5ad43e23dac273
SHA512 c0bc53dd36c9b7e006983ccbd0e94c3887919af9f752872f578d0aba30d6233bc480133803b8baba9904a13b0614de1e4a99fe8dc5e3052fe105d63a10b0c53e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64a08206b14755dc8bd25724c2e174bc
SHA1 bd840acdb5df4b009eccd75b252fce163cab171c
SHA256 e1df398c328bec43cb8d2c74820dbd197e20c151294f2fc17a6cc2c3999af16c
SHA512 52d129dc49310058d841d30952a65ead30d07a7882e91637880da12e57b94afff184e85bec968d8d1a57166ff9cc2ecfa3a9055def5e54532604e8d2ad5884d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a1a86e0e8ead68a72e2b6cde2976eeaa
SHA1 2f6a6a73fdf03a4fd2437f987a350b8916837b89
SHA256 8ef05dc875f281e25433ed447c403275be1b0c1411a3696aee110817c56be53a
SHA512 c80a71c329f7cc860c3a6aed8c59ffa09a09436d1521e69b5f48ce507e8c8feff0b6f23f85f5ceeca95ab4bf2d466cb838fa54ba62b23305f46fedd4b0f4fe0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96e6620f47b92432e70d2a521839d2fc
SHA1 fe680231a71f2aae2f21da0fc98a8bd6c524f65b
SHA256 5018170005dfb8657a992a30871865a05cc573388edde68d67419f5569fedf79
SHA512 4a94248aebfbe7994decddb496c091fb2d84b866b8aea3e087f54d6fcabf94bd55f2e7a0bc988901aa2757fe8f3814ef11eb2b8d88cdec255812c3bb4f81d2e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1bf571a85bc218c48a94ae069390ea4d
SHA1 8c28c2beb0a246a879f83b7db8dc8c918c83a17c
SHA256 87f470d619c9d0514e10d23e3ebd21c025f7711aedd260f2c04cf89d11fe0cec
SHA512 e886bb67c434ec418a21be18e9e5dc019f1ab5feaaf795adf74c283dbac3d32a0ce729bb0851bdc714997b0b141314db92a8ac6a81377dcd24aceffa4e4b0712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90dd9e85af0fc3ea1b8cc3426303f476
SHA1 114843f6cfa7eeb7f6fc3901e294e8bc22b44595
SHA256 965b0515a25d9d0b45905cb911f589a7145c272778bc6f659bceda8a2fdbf97d
SHA512 eaf489462a5066b9a10f4abede7aedcb412f243cd3b5c6ae6fb98bfef1f9a52d929ff818c587a369a2925e327d8ce4fef27c48495b33241560c5d946a2a083f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 e900cb339792c61a3ed02f7c93d0ddfd
SHA1 76530c9e34114986f99b543d69c1d2576bd1f377
SHA256 a10d553e3a7a60fd5894031d8f57667a418a6ad6a43feb0af6166276775431f2
SHA512 6a8e3feebcd53172a0f5855c18e63055f1eaed7e261a8197ea0f9fb27fda4582ede7e572a78d84f3b2b4da13970c3d56cd4f4a0fa6b59b5df92b226f1b6a1f64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 8d3c9ad0d2da7700f9f4025d78a020af
SHA1 850f31105791ca8120baf53e0c6e2407c2e46f92
SHA256 64bcc7f9c6d4b9ce6c38ecf0400da133c58afa82fc8c24ed1f87f27d7f215e26
SHA512 7ea30fb996929aa21a045b468bb098be755ba348b9339a82ca4b80644a002cc79015b4e664969458d03d936c692e0407520387e10a3d9d5bbd7cdd92986d895e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05afb616aaa1c9fd1e9e351d187311c6
SHA1 a3d6a58c719cebe7972720a7be23d803fb13b61a
SHA256 efe04326001cc93170d3648f53aa1eb4f21409ab83fdf864ac2541c9ba22d00f
SHA512 ffc54de223bcb32fd0cb8f42991e533a0051e055587e2c599b4412594ba8be047180c28c04ec06fa2689a9be0ac282100b8baa168cc735480af1c9ba9da53f82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7fe50e31d9b2cd232856ff3358bcbb6a
SHA1 d6ce7a9f36b771de5df339cb4ba4543a29305d1f
SHA256 fd6dab99f74e0d8fead27e3647444ff8dfeafb278d816e563afb2a32fd76337e
SHA512 b988f54dbcde06ca2921dc0e53ccbf3dbd5f923d76ed7f47280d74fb1f9d35540929138509653ed7f095eb6b66991e46a0c4e166ac185d6f27cf952057f8529e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dfd3a9a70b369ff7124baa5382df44fa
SHA1 4f0844eef0f2ca7889a23d5bbddc1064ff7a3f6e
SHA256 cc283113ef334b1abad6ed0da53da9914186b78b795ff68a435bba0e96666e74
SHA512 35adbef72f74086d60dd1e700807c4d8a56a24e2d67fb1676f840497c50a4e99aa37ebf3dcf2dad17d5fcffd71f29f0eee4500b242088a1c2e1b87fecc72e193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fa660659930a61a1294aeef76af719ab
SHA1 55b342a257c5e80ab7801a75d2883a9a58867305
SHA256 a126f8a69ee717cefb0ef0d52c6acf28cf957c75a9395f54f02543aa6bd87770
SHA512 f784e53f183cc9d22d07d79009219e5bb76ee7966eca1bd9e1eee429b94323fc7630d9c89bb0d04482944ced8de80bea9630e81f5ff51969602e5b712ccd2bda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0a73cd11e13ba6b07d710d8ea519445
SHA1 c3c515fb835f0cef7fd8d47b2ac79f936201a2e7
SHA256 cd55fc9f740793445ad8a80aab1f56740dead4c40cf728dd3e7a28651be85d9b
SHA512 1e444a7830cefea609a9c4ae541f0729ac93047b2c47f9851897c7df74216d909f4b67e223c12fac92022c9d370c635901ed3f5340788f2c0c20759931cc5028

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e5074a6635f497362a73351795d5c131
SHA1 787b7fbc5fdc2d3d9067bf75ce99a9c88c2b7bd9
SHA256 6a6a6e7280ef9159c8917171c8dd36aebea2bbdd452378f7f90600329647b7de
SHA512 f76ab84933f3997d14cbd8fa68b8cba7c02e7aa22b52af96987396512bf51bd6daa51bcf636db53fe82edd32e093e39250fe2c0c70768dc40993909c891fce1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 3bfa2f12cdea344b3b21ba4de3c0409e
SHA1 ca343b0dd7987250daffafb91360684aa4a37054
SHA256 cdbd585ff1f74aa6b3f8ab819872bdc781cef3c3cf4ded3f3c7c4c2769f4661c
SHA512 588b8292896ede0888f18893597e80849dd25476464020960b8cc396f9e82dc1df781f66c1694c1c67ac1f180beff98ee6dceef55e93742653e8a72e9333a699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f995f52f84680170b65b10ade342d878
SHA1 c45811a59eb34adbd479310d177607c6944b2c81
SHA256 4063fe33343081af3fdd384ba0457683a948ccc067cf94811931f30cee78579f
SHA512 ea61c58360cf6eeba9269c6d505e3324c45f2026fee94e4b37f0191359a26918439ec757900cbe72986561007aa558933c5b79449db5d24bb3eb994104392057

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 32b9dc9cc81d0682e78627c873fdd651
SHA1 46c486386d3e153c3e9b11d54cb52cf0064b71cf
SHA256 712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c
SHA512 f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 661760f65468e15dd28c1fd21fb55e6d
SHA1 207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA256 0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA512 6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50c060a5fddf0f9bd32dc70f8f98a9aa
SHA1 8b656f2018362d66f18bb5e446f3a0a1b554f6ff
SHA256 68b6bcc5a6d2dc6d002c08d941164a43b802ee581210055d4e4aa2490ce12f24
SHA512 64fdb5fef25fd7adfa72e434e5fcae389f2256d33a4197349680ad76ee7ce79195ce9e224af21f05851c13688a6e3a726e56566adb1d04b6cd9fa944a9bf5a5b

C:\Users\Admin\Downloads\Copy of 222 (1).exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 efe070124b1d195f1d7402aa69fc2b57
SHA1 66afcb7a49b0d83e47d66ed3543231a694a1e3e9
SHA256 ea0c6ae2181125ec698f5e7cd10c82a8ef8cccaf45837f64398a4baeed372f7c
SHA512 e78c117c086feab88437f8130c00907f18bfcf6e4a38ce9cafeae18b97872ed315869f0abbdea590b752d02db685625a288d3d4b8ee0979819047428ff12aa72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1cb023f600add1a8bfd1c85ab16ef8ed
SHA1 f0326da93b6b5dc62fe220e76f4ab2d7ab3b3903
SHA256 a49de4b3c92ab889abc61e0975d6d09f8f454442ce9a3805a1016dcd1731d799
SHA512 3fc6abcc4779efef2c363da5a45ebed4d7fbcb4b2b6005338a9482b47c4fa5646f8b9cc755c9811ae17ca946918b9163572eb125a9f10589073e1390d51fafe4