Malware Analysis Report

2025-03-14 21:53

Sample ID 250119-vw3tyaxpcy
Target https://firstmail.ltd/
Tags
discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://firstmail.ltd/ was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery phishing

A potential corporate email address has been identified in the URL: [email protected]

Browser Information Discovery

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-19 17:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-19 17:21

Reported

2025-01-19 17:23

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://firstmail.ltd/

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 740 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://firstmail.ltd/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa68646f8,0x7ffaa6864708,0x7ffaa6864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7132 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x470 0x398

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,15786545454684936605,2525831163042594130,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1868 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 firstmail.ltd udp
DE 5.252.34.102:443 firstmail.ltd tcp
US 8.8.8.8:53 102.34.252.5.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 captcha.firstmail.ltd udp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 76.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 2.16.153.222:443 r.bing.com tcp
GB 2.16.153.222:443 r.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
US 8.8.8.8:53 cdn.firstmail.ltd udp
US 8.8.8.8:53 222.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 media.tenor.com udp
GB 142.250.200.10:443 media.tenor.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.virustotal.com udp
US 34.54.88.138:443 www.virustotal.com tcp
US 34.54.88.138:443 www.virustotal.com tcp
US 34.54.88.138:443 www.virustotal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.178.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 138.88.54.34.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 recaptcha.net udp
GB 172.217.169.3:443 recaptcha.net tcp
GB 172.217.169.3:443 recaptcha.net udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 34.54.88.138:443 www.virustotal.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 cross.captcha.sati.ac udp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 152.188.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 api.firstmail.ltd udp
DE 5.252.34.102:443 api.firstmail.ltd tcp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 172.67.188.152:443 cross.captcha.sati.ac tcp
US 8.8.8.8:53 api-tools.firstmail.ltd udp
US 8.8.8.8:53 filin.mail.ru udp
RU 94.100.180.36:443 filin.mail.ru tcp
RU 94.100.180.36:443 filin.mail.ru tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 34.54.88.138:443 www.virustotal.com udp
RU 94.100.180.36:443 filin.mail.ru tcp
RU 94.100.180.36:443 filin.mail.ru tcp
US 8.8.8.8:53 static2.cdn.ubi.com udp
US 8.8.8.8:53 static-cp.akamaized.net udp
GB 184.26.57.161:443 static2.cdn.ubi.com tcp
GB 184.26.57.161:443 static2.cdn.ubi.com tcp
GB 2.18.190.162:443 static-cp.akamaized.net tcp
US 8.8.8.8:53 162.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 161.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 account.ubisoft.com udp
FR 130.254.91.66:443 account.ubisoft.com tcp
FR 130.254.91.66:443 account.ubisoft.com tcp
US 8.8.8.8:53 66.91.254.130.in-addr.arpa udp
US 8.8.8.8:53 static-account.ubisoft.com udp
GB 184.26.189.36:443 static-account.ubisoft.com tcp
GB 184.26.189.36:443 static-account.ubisoft.com tcp
GB 184.26.189.36:443 static-account.ubisoft.com tcp
GB 184.26.189.36:443 static-account.ubisoft.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 public-ubiservices.ubi.com udp
US 8.8.8.8:53 code.jquery.com udp
US 99.83.188.134:443 public-ubiservices.ubi.com tcp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 ubistatic2-a.ubisoft.com udp
GB 184.26.189.36:443 ubistatic2-a.ubisoft.com tcp
US 8.8.8.8:53 ubistatic-a.ubisoft.com udp
GB 184.26.189.36:443 ubistatic-a.ubisoft.com tcp
US 8.8.8.8:53 connect.ubisoft.com udp
US 52.202.21.245:443 connect.ubisoft.com tcp
US 52.202.21.245:443 connect.ubisoft.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 36.189.26.184.in-addr.arpa udp
US 8.8.8.8:53 134.188.83.99.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 245.21.202.52.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 static-dm.ubisoft.com udp
GB 2.18.27.99:443 static-dm.ubisoft.com tcp
GB 2.18.27.99:443 static-dm.ubisoft.com tcp
GB 184.26.189.36:443 ubistatic-a.ubisoft.com tcp
GB 184.26.189.36:443 ubistatic-a.ubisoft.com tcp
GB 184.26.189.36:443 ubistatic-a.ubisoft.com tcp
US 8.8.8.8:53 59.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 99.27.18.2.in-addr.arpa udp
GB 184.26.189.36:443 ubistatic-a.ubisoft.com tcp
US 34.54.88.138:443 www.virustotal.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_740_JPARCEAHHJCXXWQY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abe87fca4dc58ab31cbb691f9c52ce9d
SHA1 9aec13cdb0fb3eeb575b1bd7deae400d3a51423a
SHA256 1ddddc27182ad500ce4fe15c5419d95c955bc16d3731d3097264cd29c97940f7
SHA512 94c4f8e759474972dd8e8f37f5880c14016d2d4395c5943044fc46c88151dbcc50c5531eb51d67369c48944e0b30bc6ea39c09bc37ffb55495836c48073fe048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e21d15719b87d05294995108e6886f11
SHA1 4b6cba6915cf0760af93b3f1af2ae2df63e08db2
SHA256 df891263708dadd8fd03e29d1d2b10dda3afabd80961ecf2c6c9b6ba2d1a5f5a
SHA512 9c89081a8a92cf4ad686eeb96fd7dec2b0224640a7f4500abb3ee20221fefec63b398d4d6594b96997b3304d7189c912aaae9693871381dc30c28ad36e7862b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9db5c812753340ddf56af551c7fd24ae
SHA1 90f7251504a563f3caea1d8e0b310651082158a6
SHA256 205102f392e71348ee53fd9e1d15963b7fcae2a4d163c7a76c68e23c2dd6192d
SHA512 00f5b14b34c61afc147c8367a14c112579045c40fd13b55c1e3dd96f49f60a348d163adc4f31f7128fb7b4e8fe7f82aa9e092aeca53045f64745c4424b20719f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 d474ec7f8d58a66420b6daa0893a4874
SHA1 4314642571493ba983748556d0e76ec6704da211
SHA256 553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512 344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25a9691d522823115594e203584b851a
SHA1 82d17b8205e76a3308be5e88f7698a2f23bf3a0c
SHA256 80815fe778629859e5286e99410641ec2cb3a2287c6f91bbd2bbbe7da34c34a1
SHA512 a6b81af03833a2e7be671201504d18dfcc4e7fb1908318400999862edbd7604c29cdf5a100b78e5c76d4a6526a37f7d21c23a065858c71ef169c426f120e2406

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5ed8f7e82fa0de186f0a987ba4fe2e4
SHA1 191b1e676a68dfd4e761fdae36bd82c7e825040a
SHA256 c4e962f895245f6e7f0e5b6c81b9347eb391e2dfe4a881f04ce78e99b915995d
SHA512 a377c3c987fd2057e18e1b0e46242462a74d469180fd236c7f6e71527e7f80ba88f5d9cc4cf956bed0a72f2ff23e0029976a859812871683e8d46c1fd8120102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580347.TMP

MD5 e84bc27fd284c833e3fbaa8dc2072e18
SHA1 48f6f06f1222cca258f2e80c09ff587318f838e2
SHA256 3e245cf3193a7e9cf94ad2211f3ea95014b04490be07a32350292d89c0bb7496
SHA512 9b5495eab2a990df17ae99a516c0dbdcc9f56022e57a89a6d5d50e4cd912b2001b06c041e49e8f4f3671f78b1352e0147a4f39fbf964290eb9c8d874fdfb2235

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 cfce87d65ecae2ced4890b10e2c1b1a1
SHA1 77023b5e1d45c2dc62505e143fb2ae45b01f8623
SHA256 2ac19b6de9b271afa58a7f1342b41340e96da1e86f776cc97232ffd8a88dd560
SHA512 b09aaeb3b2b4507a912f10007c02df5ffab804fe75b0c1dbe182b42629d3929b2b99e368f2f7bb092cf27a8f1b71bc6860c2b907b2867fd18987726f1d59789b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5833ad.TMP

MD5 ae44e5ef896ddad5e0984ebb4b5a1771
SHA1 235ea425e9c09d1a7130eab387990bb2049e3e0f
SHA256 31a666be0f7b8e2a0b37281f8fae3478af08569c25135ed04e60acbec1499d28
SHA512 0f60cc2a5a1f3852a12252e3479240b0ea8657cb4a313f8cad954ec26dbda9f3c29f3da3bf89668c2fa6962b05165a311d18e06002c1068e74b7aaccb201523a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc04fddf8eff9400bbd904b3408b0f91
SHA1 033fdef8dc0632f43346330e634aa95f4b98c4a6
SHA256 c951bee1e581f8bac0d82dd2b674ad5df329470b3067070d7ab6548a7ebda5fb
SHA512 bdeed2969d2e35015a1e0bed1f7a514af69ff5ccb2f2491d513cb1923118eec30c92c10ffc4f995d573af63ee5025aeed78610c6bbd5765d95d4f1ccef08ce62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b58e56f449d446f2e26666fe0600e205
SHA1 efab6e2f92a2efd07392d21755a6b3154714c7c0
SHA256 4d0794c41b32a915ef030fb6140473d65d025d2e6164559b48e37d0686a1989f
SHA512 da52642e838eed7be75d51201c7cdb79285afcf677bdc14595df9c28435709637f213a3f3ed078d86a089e43283f0bc542b2eb41e568c31ad03b8e70a0d9aad3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ebaea3597031a12229b55a283afd879
SHA1 1991f6247e99e6cfdc6c80b6fef3c92deb34b3d2
SHA256 39df3587a3dc0a91f80a9af4b9d6f436651b74903bea45848bd3f0c774111fef
SHA512 84c37a56db35b2d7aabbcdccbc8dee67a6c217d9c0b1429bf388b380f5feacc7e99ea10621c46e1c4b29f99d948e68be29a00e4a78cc1ca191ecf08d99aefa9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d400bdc4ea29cf53ce86944a9bf38adc
SHA1 b7560977c3f8af8d76dd4d1b7710aa4448daf27b
SHA256 0933eb571bb7abd2b298667632cd65baf83ed7827dd84e5eb3258edb6b99c715
SHA512 09f836e4f3c7d4ebcbbbcf9c1a5e8ab3fa4d53040e727ca6109e4d8aa1d2855c282daae965d86c227e5f643142d2c241449b1d625a6a1b5b484b0b92d6dc99d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d66761722c0b4f9e347f72d612014cd0
SHA1 faefd1f9f71b0dfe79d35c7bf0b9e86d622ed688
SHA256 5cb1feaaa08e4ceef39152c3c163ad93124b55b3e87aae96a141c67ebad25a46
SHA512 926216ec96b53e132e1565fbd5cf103ba7f4d84a436743b3aceb507cf1dbc6b73163ff194eb3f86007f969cf9ad2fd5a8317b71aacd902a96d9b9cf1719787ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 6136f7ac050eef7147be194ac288a78b
SHA1 a8b8c5f040face49dd64f6e2c5d54982f5aef49a
SHA256 6b75aef2262f015efb473550e5654dadc826122230f476fc80c69d7fd0d764ac
SHA512 cd6008db224506e200df9a31a2ee421ddc57a6a331c95432d561b340df68319fa95240a71d93d1c74e1300faaa0d078742593ad7e2f3a35e226b9dd833fe9cc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66f5181513c453f2dc2051ff66616118
SHA1 fd848be32ff6ebc46aad705afcad9a68c9929156
SHA256 a1a934aa7f93682e1cacade5666ef4fa5a2f24709a5424bebd2df73f3caa3908
SHA512 f1518e269c76afabfe6b17274c0a8e70065e0e7423f4310849bbb21185bad27ad71b72f29cf1d39073aa88d25b4ae202896bc8b9292e50b2c71f0faa3452eeb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 10f31ff79aa919f4968a12ddd23dc032
SHA1 857d9332af093cc869b08c755d73e679140d43b1
SHA256 da7ab07dd912bf9b8d874a0ee257b02739c65f144aa7c15a95e7631c379421eb
SHA512 d34cc119ce6ff2a7cfb2bcf189fb4ddc9719dcbafde2626ee89641b906ee4578acb09a604c9ff96405a1089f7b9200307e448afe50efd0d6376125e647eb3bce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9793605391912b98b30446af6651c30
SHA1 ca08deca5b053ecb02d2ddf8df3b6c883233a053
SHA256 25439e34c1022895a78c6c13ca26552ccb14bb3396c77aec23b73496cb9afca4
SHA512 92f952857523c97a84772ee24a888a57b6088ad9f6f7099906333a5d5ff6b80a31db63b00dcb092247837b1e45ca5117ebf6e04ec66e7a64a40473f3a197549b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 704f00b145e46483b505924f6ba040f0
SHA1 90c0606262f206ccc8177b9b2d18abbead9a4302
SHA256 82bc09cf4e90a6cd54dbc8bfc52aed1063cc8f6b9b1e0035ef7594ac14c1fb2f
SHA512 d4134cc849e36cd5bc696e9ece1a615d7fc86c1e221b270afafe993d0822ec5bf0f495c2356283e0a758dad488c9c50e2fe52273f0b5aa963a3781d8271c9f43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 83818862ba9d76a1ceaca6551cea8152
SHA1 de4df1976196969e138177b119ffd9b0d073efc1
SHA256 36e2edc9b827faca569fff0aeef4b0960bdaa7803f309f132e0b902f74d6b140
SHA512 44719d46982caa89db5a309cdb52684f0928281f25a47afa19d2a56f2824fca114d11a150d9ed7356d8481ed4e35fbd07f172906db9232c01302fd59b25d870b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54861f0c5c1d60facf92de3284d8cebc
SHA1 dfc3fe61355278d01670d1a7e1dfdba5775e31c2
SHA256 40bdf125b172d0c0eed52b743a7489e444a519cab6c24975736c4062f914f80d
SHA512 089c60483bee74486a601e864fc940ea783beae39f3d8e1b822e9163fbe3636d4570e3e83285942f39a12e779ab1a16a0e7e3c4319c9132dea75e3d0131bae42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f0b37b60a3f946533e2ce7fbaddfec10
SHA1 e45ecd71efecdc243b7f76e098a9351325cbe6b5
SHA256 2c9f35d8edcc43a070d016d6509403119c9a58e2992a4ed1a9e74ef107471258
SHA512 4e2b9289ee77ea770e062f57afa27e5136a60f6cd93596b5bc770ad25ca3cb39d93ca07ac2b1540c1780ceb099101a7baf5d4ca15ef9e0ee7b4bee7e5a824f29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 3bc2b6052ff1b9feff010ae9d919c002
SHA1 dd7da7b896641e71dca655640357522f8112c078
SHA256 483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5
SHA512 0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a96303b78e7c80d6bc668b2494c6f12
SHA1 33be9ffa900d156d2ca76331ecb0087d17b37ad5
SHA256 ff930a0346e8ed003a337486bd44650c8af2ea05f910051cd1357381e8b94936
SHA512 e2cb8c2193c61e64dbab29016f5d8be1090cef8fddfe2989e53e3f0664af1411281bf83fa387123396d9bccc18b8c34b3d5e17d3690eb85d5b25c545c61fc148