Malware Analysis Report

2025-01-19 02:20

Sample ID 241222-cva4eszjhw
Target https://shanghaidaily4d.com/RET/TRG/SOR/
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://shanghaidaily4d.com/RET/TRG/SOR/ was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-22 02:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-22 02:23

Reported

2024-12-22 02:25

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shanghaidaily4d.com/RET/TRG/SOR/

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3028 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3028 wrote to memory of 432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shanghaidaily4d.com/RET/TRG/SOR/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72d046f8,0x7ffe72d04708,0x7ffe72d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7320 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x244 0x3c4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2172776504424247898,9407570356472634491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8884 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 shanghaidaily4d.com udp
US 104.21.64.1:443 shanghaidaily4d.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 1.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 yahoo.com udp
US 98.137.11.164:443 yahoo.com tcp
US 8.8.8.8:53 164.11.137.98.in-addr.arpa udp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.12:443 www.yahoo.com tcp
US 8.8.8.8:53 guce.yahoo.com udp
IE 52.51.246.114:443 guce.yahoo.com tcp
US 8.8.8.8:53 consent.yahoo.com udp
IE 52.49.15.142:443 consent.yahoo.com tcp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 114.246.51.52.in-addr.arpa udp
US 8.8.8.8:53 142.15.49.52.in-addr.arpa udp
US 8.8.8.8:53 s.yimg.com udp
IE 52.49.15.142:443 consent.yahoo.com tcp
US 8.8.8.8:53 uk.yahoo.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 geo.query.yahoo.com udp
US 8.8.8.8:53 geo.yahoo.com udp
GB 87.248.114.12:443 uk.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 188.125.72.139:443 geo.yahoo.com tcp
IE 188.125.72.139:443 geo.yahoo.com tcp
US 8.8.8.8:53 consent.cmp.oath.com udp
FR 3.164.163.59:443 consent.cmp.oath.com tcp
US 8.8.8.8:53 edge-mcdn.secure.yahoo.com udp
US 8.8.8.8:53 mail.yahoo.com udp
US 8.8.8.8:53 login.yahoo.com udp
US 8.8.8.8:53 uk.finance.yahoo.com udp
US 8.8.8.8:53 uk.news.yahoo.com udp
US 8.8.8.8:53 uk.sports.yahoo.com udp
US 8.8.8.8:53 uk.style.yahoo.com udp
US 8.8.8.8:53 noa.yahoo.com udp
US 8.8.8.8:53 opus.analytics.yahoo.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
IE 188.125.72.139:443 noa.yahoo.com tcp
IE 188.125.72.139:443 noa.yahoo.com tcp
IE 188.125.72.139:443 noa.yahoo.com tcp
FR 3.165.113.7:443 opus.analytics.yahoo.com tcp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 popup.taboola.com udp
US 151.101.129.44:443 popup.taboola.com tcp
FR 3.165.113.7:443 opus.analytics.yahoo.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 59.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 44.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 139.72.125.188.in-addr.arpa udp
US 8.8.8.8:53 7.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 uk.search.yahoo.com udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 wnsrvbjmeprtfrnfx.ay.delivery udp
US 104.21.41.177:443 wnsrvbjmeprtfrnfx.ay.delivery tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 ganon.yahoo.com udp
US 8.8.8.8:53 pbs.yahoo.com udp
US 8.8.8.8:53 c2shb-oao.ssp.yahoo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
IE 18.203.163.140:443 c2shb-oao.ssp.yahoo.com tcp
IE 18.203.163.140:443 c2shb-oao.ssp.yahoo.com tcp
IE 18.203.163.140:443 c2shb-oao.ssp.yahoo.com tcp
IE 18.203.163.140:443 c2shb-oao.ssp.yahoo.com tcp
IE 18.203.163.140:443 c2shb-oao.ssp.yahoo.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 display.bidder.taboola.com udp
IE 52.16.161.1:443 ads.yieldmo.com tcp
US 8.8.8.8:53 video-api.yql.yahoo.com udp
US 8.8.8.8:53 bats.video.yahoo.com udp
US 34.120.63.153:443 prebid.media.net tcp
US 151.101.193.44:443 display.bidder.taboola.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 udc.yahoo.com udp
GB 87.248.114.12:443 bats.video.yahoo.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 18.203.163.140:443 c2shb-oao.ssp.yahoo.com tcp
FR 52.222.169.27:443 sb.scorecardresearch.com tcp
IE 52.209.201.22:443 rtb.gumgum.com tcp
FR 216.58.213.66:443 securepubads.g.doubleclick.net tcp
FR 216.58.213.66:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 177.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 140.163.203.18.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 1.161.16.52.in-addr.arpa udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 27.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 22.201.209.52.in-addr.arpa udp
US 8.8.8.8:53 pm-widget.taboola.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 beacon.taboola.com udp
US 8.8.8.8:53 api.taboola.com udp
US 8.8.8.8:53 players.brightcove.net udp
FR 216.58.213.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tsdtocl.com udp
GB 2.18.109.17:443 players.brightcove.net tcp
GB 2.18.109.17:443 players.brightcove.net tcp
GB 2.18.109.17:443 players.brightcove.net tcp
GB 2.18.109.17:443 players.brightcove.net tcp
GB 2.18.109.17:443 players.brightcove.net tcp
GB 2.18.109.17:443 players.brightcove.net tcp
US 151.101.1.44:443 tsdtocl.com tcp
US 8.8.8.8:53 pbd.yahoo.com udp
US 8.8.8.8:53 am-trc-events.taboola.com udp
US 8.8.8.8:53 americangc.com udp
US 8.8.8.8:53 themoneysolicitor.com udp
US 8.8.8.8:53 images.taboola.com udp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
US 8.8.8.8:53 cds.taboola.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 141.226.224.32:443 cds.taboola.com tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 17.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 32.224.226.141.in-addr.arpa udp
US 8.8.8.8:53 4c7f4a198ecefbb72d89c6986228ee80.safeframe.googlesyndication.com udp
FR 216.58.214.65:443 4c7f4a198ecefbb72d89c6986228ee80.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 52.210.241.175:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
NL 178.250.1.57:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 metrics.brightcove.com udp
US 8.8.8.8:53 c1.adform.net udp
US 35.244.232.184:443 metrics.brightcove.com tcp
US 35.244.232.184:443 metrics.brightcove.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
DK 37.157.6.243:443 c1.adform.net tcp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
FR 172.217.20.162:443 cm.g.doubleclick.net tcp
FR 172.217.20.162:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.97:443 cdn.ampproject.org tcp
FR 142.250.179.97:443 cdn.ampproject.org tcp
FR 142.250.179.97:443 cdn.ampproject.org tcp
FR 142.250.179.97:443 cdn.ampproject.org tcp
FR 142.250.179.97:443 cdn.ampproject.org tcp
FR 172.217.20.161:443 tpc.googlesyndication.com tcp
FR 172.217.20.161:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 175.241.210.52.in-addr.arpa udp
US 8.8.8.8:53 57.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 184.232.244.35.in-addr.arpa udp
US 8.8.8.8:53 243.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
FR 142.250.178.138:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
FR 142.250.201.166:443 s0.2mdn.net tcp
US 8.8.8.8:53 edge-auth.api.brightcove.com udp
US 35.244.232.184:443 metrics.brightcove.com udp
US 151.101.194.27:443 edge-auth.api.brightcove.com tcp
FR 172.217.20.161:443 tpc.googlesyndication.com tcp
FR 172.217.20.161:443 tpc.googlesyndication.com tcp
FR 172.217.20.161:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 u.openx.net udp
FR 172.217.20.161:443 tpc.googlesyndication.com udp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 adssettings.google.com udp
FR 172.217.20.164:443 www.google.com tcp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 166.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
FR 172.217.20.164:443 www.google.com udp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 manifest.prod.boltdns.net udp
US 8.8.8.8:53 tb.pbs.yahoo.com udp
FR 216.58.213.66:443 securepubads.g.doubleclick.net udp
FR 142.250.179.66:443 googleads.g.doubleclick.net udp
GB 87.248.114.11:443 tb.pbs.yahoo.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 tg.socdm.com udp
US 15.197.193.217:443 match.adsrvr.org tcp
JP 211.120.53.192:443 tg.socdm.com tcp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 creativecdn.com udp
US 3.223.116.44:443 ssp.disqus.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
JP 211.120.53.192:443 tg.socdm.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 secure.adnxs.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 44.116.223.3.in-addr.arpa udp
US 8.8.8.8:53 192.53.120.211.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 contextual.media.net udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
US 8.8.8.8:53 bcbolt446c5271-a.akamaihd.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ce.lijit.com udp
GB 2.19.252.141:443 bcbolt446c5271-a.akamaihd.net tcp
GB 2.19.252.141:443 bcbolt446c5271-a.akamaihd.net tcp
NL 185.89.210.82:443 ib.adnxs.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
IE 52.17.32.26:443 ce.lijit.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 sync.1rx.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 2.19.252.141:443 bcbolt446c5271-a.akamaihd.net udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 141.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 196.205.247.34.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 26.32.17.52.in-addr.arpa udp
NL 89.207.16.140:443 yahoo-match.dotomi.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
GB 2.19.252.141:443 bcbolt446c5271-a.akamaihd.net udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 crb.kargo.com udp
US 44.210.213.98:443 sync.ipredictive.com tcp
US 54.156.21.112:443 sync.srv.stackadapt.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
US 64.202.112.95:443 b1sync.zemanta.com tcp
NL 89.149.192.197:443 ssbsync.smartadserver.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
DE 18.196.193.73:443 crb.kargo.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 b1sync.outbrain.com udp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 64.202.112.95:443 b1sync.outbrain.com tcp
US 8.8.8.8:53 197.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 73.193.196.18.in-addr.arpa udp
US 8.8.8.8:53 98.213.210.44.in-addr.arpa udp
US 8.8.8.8:53 112.21.156.54.in-addr.arpa udp
US 8.8.8.8:53 95.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 7.47.18.8.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 104.18.26.193:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 ap.lijit.com udp
IE 52.16.7.35:443 ap.lijit.com tcp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 193.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 35.7.16.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 67.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 8.8.8.8:53 72.119.184.18.in-addr.arpa udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
FR 172.217.20.161:443 tpc.googlesyndication.com udp
FR 216.58.213.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 uk.yahoo.com udp
US 8.8.8.8:53 www.googletagservices.com udp
FR 172.217.20.161:443 tpc.googlesyndication.com udp
FR 142.250.179.98:443 www.googletagservices.com tcp
FR 142.250.179.98:443 www.googletagservices.com udp
US 8.8.8.8:53 fw.adsafeprotected.com udp
FR 142.250.201.166:443 s0.2mdn.net udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.20.217.172.in-addr.arpa udp
IE 52.31.75.164:443 fw.adsafeprotected.com tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 static.adsafeprotected.com udp
FR 172.217.18.194:443 googleads4.g.doubleclick.net tcp
FR 18.164.52.51:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 34.206.208.113:443 dt.adsafeprotected.com tcp
US 34.206.208.113:443 dt.adsafeprotected.com tcp
US 34.206.208.113:443 dt.adsafeprotected.com tcp
US 34.206.208.113:443 dt.adsafeprotected.com tcp
US 34.206.208.113:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 194.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 164.75.31.52.in-addr.arpa udp
US 8.8.8.8:53 51.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 113.208.206.34.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 142.250.201.162:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
FR 142.250.201.162:443 ade.googlesyndication.com udp
FR 142.250.201.162:443 ade.googlesyndication.com udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_3028_QFTFMXTUCKFTXTSZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05d7088972c1b524912131d355352f99
SHA1 f20ecc9acfdd6c341e0a7d9633947ac620931e62
SHA256 378042e1d59ee1ffcfc664c021eed1ccbe7a7e85e96e6684a82925a03d8b4f19
SHA512 4857b5df8b0b84cc37c6b4d0d01af0f3cbc40621b1eb8be78161e5946e8e8844fb8388140fb700d1442ded27e3ab2ff0685d2f70e0f0b8333ef99e6100aff37f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dda7a4c540da14c05cfaf7fe98eab181
SHA1 14997e85ba17d19c73c992a753ba1e0e5619abe8
SHA256 33bd9cbda8b6709c9ace442a52c1dd5a38225bff0a8da160260bf69919ea1fa3
SHA512 2096083e9e08e63ae4e47f0ac9a1432d46eb09029e59a3bf3df55de8ee51c66f2ed9752338ebd9d56b30bbce9a86942a7dc22c0b7930a6846174511406040158

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e6e780ff55d2a56c9e3cc845df86e63
SHA1 bd9edb7b1c6b91d3b62074e5917a3a25f221059f
SHA256 dee0e8ef09a329bdd0aedf09c34362dc7485271b3d4e6b877afd59757067c739
SHA512 74f6d7e2c47bed2ccf431ea606d1df2e751fd8edbfe6c1cb3a1263bb5498bf79c7492f94d504432737d93cb0245d9827963a5137559079ed57cd80193dffd8ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74f6fbdfc8631ab621c06b4a823ea28c
SHA1 e8bd5a84038f8fc72c0eb1fc813e745bdb04d6c0
SHA256 e19f3d8be2ee0d8ad3d8918607a346c229b9464d959be861a81e25dba8257b91
SHA512 2f43d3ca6b3db3bf0b52699ebb128e1c070ebcfdf3a068117a2fe0499bab62cee0261ce21e509651eec10fe344746f4890f901d615a328dc7056196d88624c1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 7c702451150c376ff54a34249bceb819
SHA1 3ab4dc2f57c0fd141456c1cbe24f112adf3710e2
SHA256 77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583
SHA512 9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 deff94aa931ec2e925e54db217a0f546
SHA1 54b6e6eac087f32d7f56c189430d9c8f8c3eabee
SHA256 514f090fbfa0d31283c551f1eaea7be58bb0d26d70576cce4279e67c7278aaec
SHA512 c01b16035baf26a93af63ae25343c2490bb2ec8db3574e3a47942bf18520144cf1912739eeaeed69c20940bd2142da715ee1d4c0f3064c71c2c6c29072f3c7fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586aea.TMP

MD5 4beb4e3dfd203b52302f8de8d5c9dd4c
SHA1 5a5f9ab11ec4103c339dafd4d4b416c9ab6c47d0
SHA256 f4f9b1f49a3636361a91d677ad9f2c86dba135b67b02118f7485f421e3100016
SHA512 882c1cd41dab4edd84f238dbe08e39dc26612b80c789a3be314e47c14007fb93ab0763f22ae70932c7472e33ac67f7d4ef96c6a0bffefc0d959916b11ed3bf4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a58d64a2700368b118418cf585e7f999
SHA1 a9199ce8dff2f1cdbc888adf6b8c62ab5a25fdec
SHA256 7dbbe80c5b5191469913bcfa2009f115ad367f39d0f8c3170add541a907b0c40
SHA512 23a0f766972d29f02fbfdb9d78cfa401747caab4aa8c2514bba21f60014fe0902cf5c5221c94adcf8a4006858fda1533f66ef11d8dea1a6baccc58d8508b2fdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55ccf226f498b18208ece77cf3e2f41f
SHA1 2c955d95bd388aae78172eb5aec87c1e1637ba39
SHA256 571885d7c149fa08a7bc941427248b678602cdbc9e50a13f3eb98ec17bf30487
SHA512 3701724982908cea55949df268740a1c73cb35b1d8315b879e6a9288d6d6a04ec9f0b9e1a7e919da23118d1af813fd887caf1bc42b70a258dc6d6127e72ea8be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5899da.TMP

MD5 d2ec409ad7a2b9e04d5682b57b7326d4
SHA1 3bce764521b8736e156459e5c88cf3273a35806c
SHA256 8be7a9b203e1ca35bb78adb30740e2578b129a18740c5250e8773871cf48a1a7
SHA512 81b95721b588112675b6b43ca1f52d38853c7074cd80a78cd3aa2c18b053491874117987cc2d41cf634aba0d51865d9f7d3e3fb6e470c6070d689f8f917f8e04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 129adaccb9e886ca510bc1abd0515beb
SHA1 09362927f083dcd7a470add1342d6cdbade55e4b
SHA256 196d1e71d8af8725444f54f37901a991749583bb626ba50d32cc42e56c9dcb9d
SHA512 e721f2f2b3457f4e7462054e8c6810fdccc39c48193ddda2d909850124bc82980a2d82de2a67ba560dda1d6f612f71a4fbc66a0415bbe507542734ea3b206d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 35fe37e08d59a3191e5937bbf348e528
SHA1 64555d7ba585935ad7031b1dcd85e32d665c5e19
SHA256 e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615
SHA512 ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 53331221e18c0cc910d850413e9fc02d
SHA1 177dee698ad1d08b8201610043efbadf2ebce72a
SHA256 3e948412607e5b0d4e1753df7178525388a21e9e4ae05584882c2db6e5145896
SHA512 fdb790bc39fc722942db60047bcaea9ec0b63a69035051d083e9643c1755594c7a733cbf60b436e05d3d9d6deeb8565243d54ea7c22ac1a8b925a365ee044d78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a43e885f994cfb9096fb1caf92d510a6
SHA1 2f1a9b60e469affd3e1a77df9bdf7e89b2165b77
SHA256 bb524e6162a47512a0d9b030bc0a6c39d7a9391a4413070f05f7f43a02023476
SHA512 bffab605d4607fa81377db17f76998d2052b52ba03771c9fbff2eedf5355f2a028e6b2251ad16128ae37d93a257472990c54cbbe72a444d0b32592b27612ab3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 66a228799165ed3a3f92461a49d79b86
SHA1 83063282f617d312892e19c97d4c5bd3689042a6
SHA256 2e710f99947b026eb083aa68b71f918fab70c79f71d84752b30af71e5b030793
SHA512 9038e6cf753493f0d495a99d667eb9a1307e098060739db4f2a716fe77b1b6195103229f3b1cedd5ed4f56236aa33fc12910051234f7b4d9aeaa7d8ebd165c97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 00bd4556d9672009a7cce0eb5605fd1d
SHA1 e6aa062aa34cd745dbaa2b0fb851511a5ea734dc
SHA256 11e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621
SHA512 34f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 820c0dbaa7a1b420d09e3f7454792683
SHA1 a2d3d7ec13c940673639ea8861d2eb8d532fa6ee
SHA256 420d6b7e036dd3550438a29820d59e7565a9bfb88a78868f5bea65213dc559ca
SHA512 d64711aecc4d2f444843502e272172579ef77cfeeb90a91f5819c470b0ca8560fbc8ce22be0f4362a220915c9e8733d5d31762aa0a8c934a2ed2df62fc785e6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 5f66ad83906391bf4c33378d66c0e2ed
SHA1 1f309bacad6bbb0afcd06d892c4507cf1d3f89fa
SHA256 f1d012b259e7e5748eacbf25c2f31da136ff125fea00764c8ff5b465dd310144
SHA512 8c5818ba7a738044595bea749c4f6bc17871c9042bca876e6a182a661ae91ac62c15ab71e40a93b5e35378ecf3138b2124e3acd37a4f563f79156370ee413497

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ff334acc8e6ae3e22f1ef38875826ad
SHA1 88a4795c629f4b0d7d080724ff5c300182c5c296
SHA256 61661f4f4bd8de379251452e56ac7b2837e309ad9992b581fb25b9d69477acb9
SHA512 0eacb6bed1221875e04aebacfeb9c77e6a0e1184d63260f05208d9b97daea9010205583b8ea5992385af215f7244442f1fb3e734856ea80127f609ca22af0a92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 9c3c2a5162776e2fdebddc53197d6501
SHA1 56bf2ead5e5bb49032e88d55ac8c4cd2d865b35b
SHA256 2aa494e96b3e229b37c8cdd519fc587f29c04303e3f26af3f3199d7925fd2062
SHA512 6dd7d19326094c2a9056716cbdf1655e03d04c77040dde0aa6a40244f2a5f867ba58641d2d9094259ea91dedccf0f820e9c1778a120ecc9b1ad1f831c415c9ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 93e6db9e77a363fdce74bd2740f7dee1
SHA1 cb34d0f364ed0cf3076350a0b8f950e5d08d718a
SHA256 8613cf2b4b45b96a8bf9f9476b6771df3da40e3eb2d994398efaef82db67a85a
SHA512 68101f66c51ab362d5c4592c65650173419946e762c9140284441fb98fe6967a21cd8839a9b821b97c15147bb39d008948a83c14f48149ed61b67e3c65028ad2