Malware Analysis Report

2025-03-14 21:53

Sample ID 250119-vkbw3sxkcv
Target https://firstmail.ltd/
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://firstmail.ltd/ was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

A potential corporate email address has been identified in the URL: [email protected]

Browser Information Discovery

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-19 17:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-19 17:02

Reported

2025-01-19 17:07

Platform

win10v2004-20241007-en

Max time kernel

263s

Max time network

269s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://firstmail.ltd/

Signatures

Detected google phishing page

phishing google

A potential corporate email address has been identified in the URL: [email protected]

phishing

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4664 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 3352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 3352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4664 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://firstmail.ltd/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa048146f8,0x7ffa04814708,0x7ffa04814718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5980 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x304 0x4d8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17640439248677746968,16605350048642166569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 firstmail.ltd udp
DE 5.252.34.102:443 firstmail.ltd tcp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 102.34.252.5.in-addr.arpa udp
US 8.8.8.8:53 188.77.23.2.in-addr.arpa udp
US 8.8.8.8:53 captcha.firstmail.ltd udp
US 8.8.8.8:53 cdn.firstmail.ltd udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 media.tenor.com udp
GB 216.58.201.106:443 media.tenor.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 cross.captcha.sati.ac udp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 8.8.8.8:53 152.188.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 api.firstmail.ltd udp
DE 5.252.34.102:443 api.firstmail.ltd tcp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 8.8.8.8:53 api-tools.firstmail.ltd udp
US 8.8.8.8:53 filin.mail.ru udp
RU 217.69.139.148:443 filin.mail.ru tcp
RU 217.69.139.148:443 filin.mail.ru tcp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 filin.mail.ru udp
RU 94.100.180.36:443 filin.mail.ru tcp
RU 94.100.180.36:443 filin.mail.ru tcp
US 8.8.8.8:53 static2.cdn.ubi.com udp
US 8.8.8.8:53 static-cp.akamaized.net udp
GB 95.100.245.79:443 static2.cdn.ubi.com tcp
GB 95.100.245.79:443 static2.cdn.ubi.com tcp
GB 2.18.190.162:443 static-cp.akamaized.net tcp
US 8.8.8.8:53 162.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 account.ubisoft.com udp
FR 130.254.91.66:443 account.ubisoft.com tcp
FR 130.254.91.66:443 account.ubisoft.com tcp
US 8.8.8.8:53 static-account.ubisoft.com udp
GB 95.100.244.235:443 static-account.ubisoft.com tcp
GB 95.100.244.235:443 static-account.ubisoft.com tcp
GB 95.100.244.235:443 static-account.ubisoft.com tcp
US 8.8.8.8:53 66.91.254.130.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
GB 95.100.244.235:443 static-account.ubisoft.com tcp
GB 95.100.244.235:443 static-account.ubisoft.com tcp
US 8.8.8.8:53 public-ubiservices.ubi.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.google.com udp
US 75.2.77.136:443 public-ubiservices.ubi.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 ubistatic2-a.ubisoft.com udp
GB 95.100.244.235:443 ubistatic2-a.ubisoft.com tcp
US 8.8.8.8:53 235.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 136.77.2.75.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 ubistatic-a.ubisoft.com udp
US 8.8.8.8:53 connect.ubisoft.com udp
GB 2.23.221.36:443 ubistatic-a.ubisoft.com tcp
US 52.202.21.245:443 connect.ubisoft.com tcp
US 52.202.21.245:443 connect.ubisoft.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 static-dm.ubisoft.com udp
GB 2.22.249.139:443 static-dm.ubisoft.com tcp
GB 2.22.249.139:443 static-dm.ubisoft.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.221.23.2.in-addr.arpa udp
US 8.8.8.8:53 245.21.202.52.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 139.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 95.100.244.235:443 ubistatic2-a.ubisoft.com tcp
GB 95.100.244.235:443 ubistatic2-a.ubisoft.com tcp
GB 2.23.221.36:443 ubistatic-a.ubisoft.com tcp
US 8.8.8.8:53 smetrics.ubi.com udp
IE 66.235.152.225:443 smetrics.ubi.com tcp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
IE 66.235.152.225:443 smetrics.ubi.com tcp
GB 95.100.244.235:443 ubistatic2-a.ubisoft.com tcp
US 8.8.8.8:53 avatars.ubisoft.com udp
GB 95.100.244.235:443 avatars.ubisoft.com tcp
GB 95.100.244.235:443 avatars.ubisoft.com tcp
US 8.8.8.8:53 account2-api.ubisoft.com udp
GB 95.100.244.235:443 avatars.ubisoft.com tcp
CA 203.132.26.113:443 account2-api.ubisoft.com tcp
US 8.8.8.8:53 113.26.132.203.in-addr.arpa udp
IE 66.235.152.225:443 smetrics.ubi.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 account.ubisoft.com udp
GB 142.250.187.196:443 www.google.com udp
GB 92.123.128.145:443 www.bing.com tcp
GB 92.123.128.145:443 www.bing.com tcp
US 8.8.8.8:53 145.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 88.221.135.35:443 th.bing.com tcp
GB 92.123.128.144:443 r.bing.com tcp
GB 92.123.128.144:443 r.bing.com tcp
GB 88.221.135.35:443 th.bing.com tcp
US 8.8.8.8:53 144.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 35.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
GB 142.250.180.5:443 mail.google.com tcp
GB 142.250.180.5:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 5.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_4664_LSWJVKOTIJQXJKXU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba35d5119e724b825699c46c9a18c53d
SHA1 49139f461ea4325004299831ab72c55910e08114
SHA256 89a225cfc47bfebce0d486b307f08804637ab06ff3a66e3cb5a77bc7fb64fe2e
SHA512 a1b168781a8d27a1831ea84aa684f899d147957b22ce4b9ccd6d64dc4a9cfe56a4e3d8a6dca24c28b69666644ee0f7397b2920a149c2fe8887785cc982fc95e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ea978f75d8ba73a878e62a79b7199bf
SHA1 9991992ac4f2436cb46f39d6229218d1eb807cd3
SHA256 805240014c939ccc8e76bc5b2efd4a9edbd10234439b3eb5e61018bd151b8e61
SHA512 e971f7a14810c3e328764719bf2a09219ddd58c78653b7f30533b80dfd36b854e5544ac84161771d062e1306d1617aaf3b8cf0671b88a4d4f38711a62dc68d70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e4dae3f3696aef3c34f829d2ff2f1eb
SHA1 015aa84d2c826efbe102674bfdc34a24ce25a111
SHA256 dbc3c87157e647b5cf582d09855946579726e11b58d0bafc83077bee868d1f3f
SHA512 25491baa71ded0ba8e4ea5dd98d42e4ae2797ea86e55b58407e77806f3036f74a8250303e998a006fb2570c49155f367686597d665add2c3e73e1d1adf56f1a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2436e0b33eb672679bd247e9bc2d1550
SHA1 044bb040f974e6393a87a1c16b528fc9d8e408d3
SHA256 d3e9312426cd4e7c384c3ef6328db4baf42a6f3ebe8d2c261a1f9d668ace43b0
SHA512 e9fdf7d1e20ef03f9b379fd0fb5121a3f3c81377ad3f7b15a50ce065b1cb0b5ffe4212148880dcafce1f4fa3c46170e394a9d1175fed6ded0d9ca8d959482d75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 88e651826543c6f112dc5309183e4fde
SHA1 29e6e7213b39124306a11553fbeb5bb1905e7f96
SHA256 e867df21585452e7ba5b856e479963eca2eddd569aec381be3f8726200b9ee59
SHA512 01b6e173d0c0fcbfc55bc7d085e2490c08b81245929153fb324c80c3ee9d858ab3220d79423e1a9b354caa6f70a2aa1b70ac09d9d4aed9c3d6ae49d3069ce581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e54f.TMP

MD5 02d2a7f16f30482725d7e17dada6a3a1
SHA1 fd10b7e57b410f5587ead287c2a205670eeb549b
SHA256 9d11030165e374a67337e4663f81bb52e8b0574995741b4cdbe59e5e14083dcb
SHA512 f50a6d13ad1dbf77736135d013bfd5648a6664ee802983488e92b8aa20bde9163a1eb8fa763fc4dacbcdb0a01eefc1d491f3912215e090cdfb27c07c65ed1302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6901dc65638a5cf9ba46a8248efb078c
SHA1 7a3b80c00a706c506f2b8fcd34daa264a5bacf2e
SHA256 5d19d602bcf1e30d5f53849a9dc0c8f827e183e8e053fc81b02d6228eb869ee5
SHA512 9ef08a6a9889fe39691585d7a8a22e1905ca3b5284cd523704538b1c401e3dd424ebf843f08e81560f655dd6af2f1346d64e3fc9aa885f12702dba06a7f04fec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f055137b-7b95-4134-9106-cee85c7765bd.tmp

MD5 05bb0c56a19e0bce6a2d69fb6e9a6203
SHA1 28cde58c0023d34160f2a4c18d694a45aabf8bc0
SHA256 ddb15592524a26f46e0c31427d43d01183e70b78b484710f7f37c464982c9e13
SHA512 9fc231dc4cf9bfccca0eed65c3bc0d14736098baff3965bd30f0de45fb36a123343c37057ac2c199674e1248de5c56451b5db361d16d56ccd8b4185f0cfbe984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82592ed8703da3e35b141bc19113b776
SHA1 83d27289bbc312d47cf4ff66bfa283fd0739deec
SHA256 924e701dd52837bddbdaa1bfbc13f8ef32fc4fdef6dd3df5e4338c1787846160
SHA512 cb801debc196a8688e7e47fbf9d0c3a9f17a9acb5d445f1e39e4ca0270b4bd79df4c232b9c85af2beff0aa276c3230f4e50aab263ea9970cf12766740d4eec76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c504770ac8348adb702e327295431bd
SHA1 5ecf3d192257c7759e79615358b566cceca24830
SHA256 9a60312e5b32d74ab85c9a2573204214339bca549ae2c500faac24f275d4b83a
SHA512 fa8f2d43375b513dcce1a7c7f9033d5d02407436b7e6e3a210b84d57392db3c303422a89405cd7396d67a5ef781ad05a6679b4bddecfe57c364e34386cd568a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a11f92cfefdb0578b8899652abdfd12
SHA1 34388f607a750e35b0ae0f7758cec195d1a4cee6
SHA256 885f577be516849e93b4990611c8329144f8c927e920886818eefecace812b77
SHA512 d7ccfe133d41d9cec92695db5c292a8c9c4ccb68a93b2a1e2cebe495055f552077cbc21f4ac52feee49b11a51469e197967d1646617adbb9a751dcf683128595

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b50f03c6a0cc516e9e583f4c9cac8b8f
SHA1 2174d78e67e51d068b304c8dba9e3e9e77a01797
SHA256 0ea59e6acdaea95d1423799461a3bc72260b78350456922586fcfdf988af5d52
SHA512 c81f56e7741dc7d52eac743069ba843ff5a7ceb4a10ae18c80cc3c7e4d35db188b8dc215cfa1676f18df7ec1288fb9e75db5318a6915f09271b2764265d283a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a37fa80c3ea34680a8007b5fbde2646
SHA1 d181a36167c9283a6a0fa7e07977a55c2d44d2c1
SHA256 268fcc8204f2edabf1cad738c7edc3d4d4806f6efe93e2f3705047be9fb19323
SHA512 1472baa3c4b4bf8ff93ccee20ed8efa82154081b9c4a19bf69254d73e7e2aa2dd1842e3d131db6c80287aca33a363a0911173d85c48625aabcc1453876cf86da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 d474ec7f8d58a66420b6daa0893a4874
SHA1 4314642571493ba983748556d0e76ec6704da211
SHA256 553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512 344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 617c8224d0914facb097d910affa25fc
SHA1 abb08e3a829ab9962be7219c40b1daa19b5e3a2d
SHA256 6455874c9741223e252ea06f8ffeb70805fe8098e11eeef3615bf93e1bedffc8
SHA512 d10661250bb1662b5a87541a0c0d1b2f663e78c474933ebc530fb9184aeda3aca7ebbf0436f52bfdbdff3a8e697658e1b3444aa83a476c99e74f58e12265d5e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 372b9ba0bc5a7bfba0d3f15930b1c579
SHA1 8c7b5005c428c595fcc07f82746ce94a5896fb16
SHA256 f91916509c55b7b039b280d66ef9bc5ee7eb9a3310ee3b46d406a5a32ef6ff70
SHA512 dbd61441bb4ab8b0b70a8841953ff3b605830c9dc0d47861bd8000b3723e5a96428929f0a122d0488f3926b6b0c8f90ac3730abb7196385a9fc1a943541917d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 52875790ce6c22a3213437d03a2d04a6
SHA1 03ef2c60be653008cee967a397d1494bf4f5cb3d
SHA256 e28b90c99e4c5ece27365a876a3738b7a2814837e8cb4c6841fc7c34b10ee289
SHA512 8c5a049cb58eafea548324a88b0a95f34dd88a406db545aed6d04f8fdaff32827764108f1cefade0b1633d4aa5061e3cea621e3137d3bb7813deff6cbdddc14b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4bce29b2dbf47d14ad35a68427937df6
SHA1 eb52e25c8f8d74b20eac326338019eb78fa36b4c
SHA256 749eea1c892bfde5f365ca9e61fadc5ed14318883c4b62fb954cda2a59df104d
SHA512 806429b582a4ba6f7bc8c322fe61f33c94550bba7e6b01fcd46f67f626468b12e65b615283b9938b2197a3d2f48bc2b250c0b72aa36d3a4b8a8f6b9fa038699b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca5583cff5171a9b0796023a7db014be
SHA1 4a75be0b9ff46b9c6b5e2c66b8b545a9c2644c84
SHA256 d85fe3e82b48528defeb05483e1c871128d6b35f1cc54bf0ffd5fadcd15d9c20
SHA512 eda617787d95181449d624c96cf3d44abc4e867f3b7b658ec54c112ac12e41182b0bfef6419beab41741d5c44cfe97cee24569c09b1562e3991d08f5a895b542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f63dc9c6e294267fe8a26c7eb2da6ca
SHA1 472373badd353eec26f4ec28a4742dfd58b0ed42
SHA256 45ccd58eea7aa424ec134d8774d5c7cba1219c404be63590d4e2bce398225418
SHA512 a918aa89c20d93fcfff4da3d4ca12f51ab2393e609bf93a536a346de31e55a597bad3d9f6f4c21411f06c43b17ede9e48e9b012f9f7b9a2155e097406a46618e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b18107dce4ae0b8230b4076e14337df3
SHA1 535f27ff67ffb0073758219c2feba35d79ff3e46
SHA256 850de843a6af01b862a1c8966f743c907ed9c1177032570aa6c4a63a0926be4e
SHA512 43750ee9dddd73c16f460270f8ebd781fc2ce20e6f5533980146851ef96f5984c97aad2a530c05d0c481c74a434bbb1bf894c21d9620642b6c7a88435223b82a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2dda09e17bb6e190fdef8763d32a1543
SHA1 4d83387c6839d8558b56fc15d0943575d6794281
SHA256 731e89944925dd149b02ded038c94bbc2d3cd18e7c960a0c9e498cc544c4fb2b
SHA512 5fc297c8248dec6a01b577c3528b4949c8a693706f7c8bde6102a258162835a64c681891bf47a40ae322b759f2ea5c6e856616e16ba6cb49fda16de689ee6977

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4379a250275e14f29b0c90433051fbac
SHA1 b0d5a35377cdf68b68f1507ed9e81b5a0772e767
SHA256 ddcbbea429959fa4635675d8129fad1957aea52154cd4898a178888920d2d8c3
SHA512 f60005228340660660cd6b8ae7622933b7a31fcfe8bac7e1ffbcf3273c24aff90ad681e88eb30f564e6692ac4a6b27a96d98fe1a91162cf272f83607e59ffcf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 06340343ab933afb6540c4df1c6f9fe4
SHA1 e3a010621a28bf82eb7488c90d9db112e68ee78f
SHA256 78420af9f406960e933f1a47a018cea17b857c161cf9168cc8fb0aeda937473c
SHA512 478504925ba96897d3a07d518e85569650679cb3add2a87a1586618d9b9233ab707060c3719cc7af385fe53de50fb336b100577f9f50a9569d52cfdbc001b44d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 773350ce9e09b250dc29095bd11349d7
SHA1 df40db971da76c751e46327764958d0db6902f26
SHA256 9235f005e80eeca5da23a56d2e76536722f48061efecabf7b6087f6bc451c57a
SHA512 1fa717c4949ce1a07cc803b7c594e845330f684f04ddc3cf7091542f016fe563272a07709a66032fe3d6462c7de0cbc54a05f27e5ba8d26fdd73a455ba99052d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 713a9e7ed7ad3b5174a0dc0ce46986bd
SHA1 480e781ee6e23e609e5c76bf34a5cff96d259d68
SHA256 064df19e9b59dd0b220fba490c9f3c4761e29de7b337142eb3fce4df6ec072d4
SHA512 6acd62e60014cfc4877247daa8b363906b6350a528c661629988daa678165e49689cb8c7a25da49884a0da3c538d671ae0fe520e40181356170ab1cc7f1c667a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 92394905d656f2cc3ff8640faf57c078
SHA1 6d14da58f3a14ff8084680c3eaddbd90aaa32641
SHA256 c030750febb2dfc5f679577d81f729a470158c2ed8ce11384c4e40cc114122a5
SHA512 7f6722c92ad4aa2676089d936f7fbf4cef65b20195dfc245b6ed8f9bbc920a31e70be9ffb19c58b197b6e77503d4f3a7a694d40dfb3a0d89ad67766b24132a28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ee3c17fa5c1f8b6f4191f2f2a6f79c77
SHA1 fbfb3a134f468136259a72d0851a0ac62f4e8ffb
SHA256 ac215092d9d495131d8a8fb9ed0c81e64450dac9dda9d68c9f56de4ffe02a3b4
SHA512 1713ffa1ce5120de68769be723e3513573642567192e0bcb63487c03a9c74669a1667cd834f0d331e768549dbb5615f3efd68d86c3653143fb85c48c6322943c