Malware Analysis Report

2025-03-14 21:55

Sample ID 250122-1e319sxndr
Target identifier
SHA256 d934fd076543b9b2a3038ee630e7c89c784bad71a1acc64e39905407028e9181
Tags
discovery google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d934fd076543b9b2a3038ee630e7c89c784bad71a1acc64e39905407028e9181

Threat Level: Known bad

The file identifier was found to be: Known bad.

Malicious Activity Summary

discovery google phishing

Detected google phishing page

A potential corporate email address has been identified in the URL: [email protected]

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-22 21:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-22 21:34

Reported

2025-01-22 21:44

Platform

win7-20240729-en

Max time kernel

544s

Max time network

486s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\identifier.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046453fcf00941d48be034b238973f9e700000000020000000000106600000001000020000000d4f7ee0f23349ca819fc6ffdcc1d4c703b230ed590f8f98766c0080526510119000000000e80000000020000200000002fbdfa8891bcddd6e824f4c70093939b12417fb785afe00eda7dcd9b5fe7768b20000000c95d4c44bb1558f91eb4e7dee48493e009237fb82006db07f2eccd0cdfc9a67840000000ac1920494385f36c199d8e0a61a445cfdf546947a9bedd7bee2a75c3be080f7710654d59f779a15a798c6889544f82125736597e7c8401f23d99b4ab2a4fc4a9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6042268c156ddb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443743558" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5B33891-D908-11EF-A4C8-72E661693B4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046453fcf00941d48be034b238973f9e7000000000200000000001066000000010000200000007b6dc3d126a644084cf5c0756dccd6ebfca1783b40f626f2f7d66465e6de14d0000000000e8000000002000020000000637a81289699887f8db67c07d2ce62c66731f7100aec6f8ace8537c96cd0f002900000006a39a353a89b4ade2a676c7549db679a07f4314ed0172e92eece76d127a3fb50b0f576b3222017272a3d12a0884226a2cfe17897b2adff4882798843e4eeaa2a605778e00ba9135d37c3c91a9c7b7ab8e4d72f0bc16d4bffaef978cce62e4fff7c86b2bdac38a7c4c8b4d73861fe000199de48f13141b815c43c948851a4dfec83f046bf3c0cf889178ec17c43511680400000005abd99e8c15ebe7b3ed2601fb88d60aee29f17051a45b36c4f195c29e8945f9fd7c98161e6d195eb333b36fd3829208542738c8dd92997c196809acbc69c5af9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\identifier.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
IE 2.19.61.135:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
NL 2.19.194.224:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\bscframe[1].htm

MD5 fe364450e1391215f596d043488f989f
SHA1 d1848aa7b5cfd853609db178070771ad67d351e9
SHA256 c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e
SHA512 2b11cd287b8fae7a046f160bee092e22c6db19d38b17888aed6f98f5c3e936a46766fb1e947ecc0cc5964548474b7866eb60a71587a04f1af8f816df8afa221e

C:\Users\Admin\AppData\Local\Temp\TarD5D8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabD5D7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e07ee5a27f2d374d434962d5474541f5
SHA1 45b5e1c43eaade7d067b89fa7d57c5693fdf1839
SHA256 fe69e4849dd2fe5155f721101e58d2655961305bdd200926bc78452c3b0a7c01
SHA512 650f97f84711bd42fe7d9922fd019428bd6ae7a8d71fd20e27a4ae345e2ddc62f575c49e3a98da0c631594c250b145893c91e0b92509cadd4203541f30ebbf0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0b3ebef6a7f74a617f209f69c033b36
SHA1 e9bf6dd01fdfa04317f4614ade41f09e7d8360c3
SHA256 2bd018d746e5bc4aed5d2fafed8f7a54fe499569832528f793ce482665c24513
SHA512 87203e7a4050df2a165236efe186df64dd46e918411e179e8f4d4b419c403b5c08e61692ff689eefa07f6e78a48ca4f578e5e1e216d1a3b383a26265c96c6699

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e45a31804ba8f7ca6799f9c87262d3ad
SHA1 1e6da5a967c587f8eee724fac65e7b044cddea6d
SHA256 6035e8b7d3743bfe763d11a1a0affe3ab4932788e4ac22d407b44c55a01b8a82
SHA512 7a5dbcc39d93d4cf9df6832b9c39c88c11d3a8190b3f765320514839cd49538ccf3f2a88577cb9d314bfda1093a528d40fd58b49ecfeab3bb003d50783d4cf49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37f54bcb0ec1cec4ad39986e29635753
SHA1 15f6b499df2a62b6b21e388d59288921b1017dfd
SHA256 53ba90ff156b8707d596e607be110d1ac4dface71fd2fc19e3f3d86987212370
SHA512 457c6d388bdcd0396b65ff42847eb5c181625b85955cfda505173cc7aad6009f1ca8a8e2402ade199e8aeefa0d03e56ec73f598c2db511f5c0c684ba3c618c42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a7cc6deee9444f94945ab4d6aeaec04
SHA1 dce0933ac6215a8dcd4879889b2d7066ca44ea34
SHA256 279a52583afd7d7d3ec243c227731191329760ccbeef5a8a2bfd8c8168c5c34e
SHA512 bdc49565b331269a68a20402708354ad425893c14a8c155dd887d10db412397440bee27fa8748dc61b1b3e74bc18879c452daaf51fa384ac95fad29a8acb23ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f9e42a889e459c4909e3c256f948cac
SHA1 6f7ebe3741e8f1b9243908763fd97e7d5ebacaea
SHA256 5580d2d8adeeba89b9b151f826238f4eb15d5b5a723b8af275429be0fa8de54a
SHA512 a17e30caf67f5bae063a4238d7e0e8dc6a942cb947d866d72aeb65dee8d337c156da945b85e89ee4601b2d34e541070a3e4d69489e706761e5c0c4a56d29e14b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e83f25492c3af46c579334f253abfe07
SHA1 4d8a6ecebf9c54e5b765df2acfcc5f93449a6d09
SHA256 969b38a5f4ac8b9c64050004f9cf42200a894f6aa19442abab5217cac5cbfae4
SHA512 47fc89949db5b8e15bcceb21dd2d28751b147313feb79003e34a875c1daf6fd641541ea4f33007c605c3353df7980147cdb125931dfa92b2742db9ff8c188dea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23818ba023d2dbd3560cd26eea0bef9e
SHA1 75a96dc72f198ac7f0a5fbdac3a577474279be08
SHA256 9e5ec2e69914ada1c11d6429e5c1ce2addbe53c3bf27d71e7e45e30819c78e73
SHA512 fe3476b091a4aafa9aa58988415f9d4104b8e0ebd74bd5106ac3e3d0c9e474407ae7be2a65b6e895cc23ee6d2342464b529cd4f1a4e636a8a79a9c3d76270974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8ce814336170758de77d70fb4b01d3c
SHA1 df4ed59581698afcea343bc3d3cc4178388b8a69
SHA256 24bb10abdf549a297fd445a0833e0e5fac8dacdb9d869b6606ca0cb3b73100d2
SHA512 fc59a7fa2a2569ed54db06ebc86a06a65fdb0d37318dbace52b003faa8ec13b99449771a01c310a7d1b6e465a9fd916596a282f8451b20641357d63e2e55f4fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 899bfa50f7c9a93d28f94370f5e6d9d7
SHA1 7b5e978b627cbc57490e5bc7d001c4d82ea77b4c
SHA256 7755b32cc886b227cbe5de15686394b6abdfad8cfc71f8081a59d202c28232d4
SHA512 1c152d78b20ab057f2fc542340dde4f9e93c53a5e2f517a7f76682e8b5e75be744b263567e1ca76dcae929ddba2196dbfab78ea6bb46b9b820ef7368b06f09ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 874f79b645eb69bfe34b6a7506fb3889
SHA1 8b96a8e412659d09046557a9b36fd3f3a6d6be3e
SHA256 01d59b82f24b20c27f1cb059a8951597d663afd000a8f825f510e796fce8c390
SHA512 151b07156454f927247c4480f12c3968ac0fec2e1b761cbfdc75b5897bf696cc166ab679e4b85f48cda2af28c63b3946fe74f114173702f07d15ebe04facf3e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24ffe4b0da8fa82435041dba20ace22d
SHA1 fe7b09603bd818a36fcffdd8ffb7801c82542030
SHA256 98bbb761bac6d9d065d69ed53b7fe544a986a782781261a8ef1dbd8dde1a7661
SHA512 8809d120c1aec461e148ebe2e4e609aa452a768b9d26a42d7b048e6cd48fa7bd74f3a9765291e2d8757ed3b21ba8e3d1b09a9c2e7006780000456080b03a106e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64671b90ab3665240eaf0d21b46899ef
SHA1 2f69009a1c6eb427b68f13390ad9793333e6aac3
SHA256 550b8183510fe8b8bd2d344912ac69fcb766573e59b987e5b03f845479c501b1
SHA512 a5e6a31a842d4c034fbcb97fa0b7d709f87734cbd3999944793992a937e02ca60dfefced5cb55a297ff10099d1d2d0764c9e40f672820c1ce387112984d0d676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3367b3996d1a4f33ec5c9ebe4766a9dd
SHA1 c082b6d92b7aa47806769af762befcfc7a5a445a
SHA256 522e0b7b99041fd4b6784936e48cef7e099aa18bd2ffdd7e736f5617cbf32282
SHA512 50458b5fa30ab0d77f8c8798c00ab09b67dfe03ff511bcf8d6287dc4c45eac157de2ea5b4233076c308f106fd1ad9c8204c8e8731c61691da1e18132ec74d6c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e523f282220473f1263d5e31e9aec193
SHA1 2a0b92c6953171dcda687011dfc791fb65594a68
SHA256 b890df1e7b15319d2908138575a1e2a15e010b0a503cd27c3167cfa7b3da71ca
SHA512 bf3c5ede473428b8e25b2c208e7981cd96569cd7e3155fc9edf6d76549ca23369c1c316f6e99fdb31f9a66dab538541bda745c5bb082bd7ab9846d804461e370

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8aa6e97306745a7f2372c55c603e33b7
SHA1 8e8f9ecf82681e8aef80964ac163ceeb64c02b81
SHA256 e74979a5129d0d5b33decd457b8b7ed6a7854fac6e92bde5c971ee5fa24e184c
SHA512 e9d327f8584d99ddd643541ce973910737fe51f9fdafea6cb632d3801399b34c7bdf51bf3f14a2e240e8f08179d21066f6e1993b54125d03f2264f811e9c7068

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b722805d824372e0f110d8e357f83233
SHA1 aa7be9596e525bdd33194f11ec40cc46b1c43335
SHA256 b5058a3f845d9537db56535f1e974ee0b4ff27396e555b61048bcbca137ee1c4
SHA512 5ba73ec6a883eb3deb1d2e88c424effc2624e3aaa1179c6d4af5f5104a84738aeeb4348b03529d64d5d54916b4962a6317158de24ce10c2bb4074ad78b0517af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de0e5b84a00909b6c57e5dec3e25538e
SHA1 22417dff746875be4b317f68090055361a52d778
SHA256 ba4f669bf323dec12ba1c9be9781d8fc5ce455f214ef77b2a17f533b488a416e
SHA512 08f7f804ffbd523cac8556cf6045aedc41064dd3660674e2aec0616a50f086e8937de498c0e4d82f76269461e8056bf0ff4d202e39bf71dc3ff4415e71ff6fa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09f07c8d9e5578ca110c76bd956e6b88
SHA1 c74345e9a8c69366330ca1d334c3bd82f0d295f2
SHA256 501606e95328f7e3c22ac2d4a9dbb24d29b482845fd05ec3311ba8ecd8c8f553
SHA512 fc37ffd7a326d84b983e56f7d99a189a211554212ec123645bb21d3c4a8e3e94b4ec20230df80672da610afc17ce4377115aaf0db186b720ce983629d8135aba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ded1ba18e64d2dc4595ca5254cf81ff2
SHA1 eb5121ddcc5a24b847c72f5d4755bf89004e7637
SHA256 0587b43dac042e481bc41f56897daf12e737a05a3f2d7414644e4b3278fb1fac
SHA512 0b60330c483a6dc935ed95a1e8d846c15a6fd7904cee4a456691247140655396da8900a478b44bf267fa858032204ad07d60cc115510523d7cac9ab9163f9fb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95e114bc34a974871804cfd35755b51b
SHA1 aa33d200bd623fa9e32db45d1a5eaa69a932fd14
SHA256 71c3fbc8ab2c53d6ef331524f0fde658cb01caeaa236c70ec5a5d15a5dde374d
SHA512 53028046697931ad1ee25adc8285aabefbecf9cfe533f5c7f3c390b4793cbdc980d5c7b72f911d4b272798d2cac2f917e6c4e46359d12a736287f55104ed27d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8d2e3f3f27fb49f997bdb715159c794
SHA1 49f83c92dca0170728d5376b3c4ae395699fae63
SHA256 f06c0976d3c2f0c0958536c582ecf94e2145c940ce6cc8dfd1fed2ab407c4ef5
SHA512 8da45c75e300064a8e0bf8bd4a76923033413a07cad52d3941bcc9f92bfdbb4d82c5c7c8615b93f342b129f7d14e625eeaad8c0a5a280a3665d3ef632418cf13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21ac9b96c9265e10f5d7320f7463a963
SHA1 f8044958ebe320d3fd8dc8583d44a31e159c2dce
SHA256 0f24450dcaab8d43663d7176792abc8ae9677810a7df7ba878ae2ded79593059
SHA512 79d810de04988d90c11ed3bf36493ee470f7310493cf7bd47db1365944bc1644632dfb1d636dc3cb0ea947710bf8ba7fe90632c1c91a63f491b7a690694e60f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9aaa40a82bd5c9b879718876141eaa1
SHA1 98a41b617559dc970dc7a5a5ebdaee3cbfbe407d
SHA256 0dfd7b1db384dbd835d7e46217397611b32cf9cdc9719f1dbcd023e4ecc7f6a4
SHA512 c91358e57b17dc370839679eca5e3b252adf6682124d9b9c0b99cb5ce3981f81d3eb11aa5d8ee40f0c5a032a470af617dd91ea352da27c3e8e1fc8192ab5401d

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-22 21:34

Reported

2025-01-22 21:56

Platform

win10v2004-20241007-en

Max time kernel

1313s

Max time network

1319s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\identifier.html

Signatures

Detected google phishing page

phishing google

A potential corporate email address has been identified in the URL: [email protected]

phishing

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\Total = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.microsoftonline.com\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.microsoftonline.com\ = "124" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.microsoftonline.com\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.microsoftonline.com C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\aad.brokerplugin\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\Total = "124" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com\Total = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\aad.brokerplugin C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\aad.brokerplugin\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.microsoftonline.com C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoftonline.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoftonline.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\aad.brokerplugin\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4688 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4688 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\identifier.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa173b46f8,0x7ffa173b4708,0x7ffa173b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe

"C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe" -ServerName:App.AppXgvz9wxd0frjs1prgz5kvtcz083996jyv.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6632 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3132 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2f4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17112965633931102895,8941085717294563309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 7.98.51.23.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
NL 104.110.240.113:443 www.bing.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 113.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 eu-mobile.events.data.microsoft.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 104.110.240.131:443 th.bing.com tcp
NL 104.110.240.113:443 r.bing.com tcp
NL 104.110.240.113:443 r.bing.com tcp
NL 104.110.240.131:443 th.bing.com tcp
US 8.8.8.8:53 131.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 rewards.bing.com udp
SE 104.84.152.66:443 aefd.nelreports.net tcp
US 204.79.197.237:443 rewards.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 66.152.84.104.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.169.69:443 mail.google.com tcp
GB 172.217.169.69:443 mail.google.com tcp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 69.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.co.uk udp
BE 66.102.1.94:443 accounts.google.co.uk tcp
US 8.8.8.8:53 94.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.178.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 lh3.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.204.78:443 lh3.google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.10:443 ogads-pa.clients6.google.com tcp
GB 142.250.187.202:443 waa-pa.clients6.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.202:443 waa-pa.clients6.google.com udp
GB 216.58.213.10:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.187.238:443 apis.google.com udp
US 8.8.8.8:53 addons-pa.clients6.google.com udp
US 8.8.8.8:53 appsgrowthpromo-pa.clients6.google.com udp
GB 216.58.212.234:443 appsgrowthpromo-pa.clients6.google.com tcp
GB 216.58.212.234:443 appsgrowthpromo-pa.clients6.google.com tcp
GB 216.58.212.234:443 appsgrowthpromo-pa.clients6.google.com tcp
GB 216.58.212.234:443 appsgrowthpromo-pa.clients6.google.com udp
GB 216.58.212.234:443 appsgrowthpromo-pa.clients6.google.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestack-pa.clients6.google.com udp
GB 172.217.16.234:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 142.250.178.10:443 peoplestack-pa.clients6.google.com tcp
US 8.8.8.8:53 contacts.google.com udp
GB 216.58.212.234:443 signaler-pa.clients6.google.com udp
GB 172.217.16.234:443 peoplestackwebexperiments-pa.clients6.google.com udp
GB 142.250.178.10:443 peoplestack-pa.clients6.google.com udp
US 8.8.8.8:53 mail-ads.google.com udp
GB 142.250.187.197:443 mail-ads.google.com tcp
GB 142.250.187.197:443 mail-ads.google.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 197.187.250.142.in-addr.arpa udp
GB 216.58.204.78:443 lh3.google.com udp
US 8.8.8.8:53 clients6.google.com udp
GB 142.250.180.14:443 clients6.google.com tcp
GB 142.250.180.14:443 clients6.google.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
GB 142.250.178.3:443 ssl.gstatic.com udp
NL 104.110.240.131:443 www.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 edpuzzle.com udp
DE 13.32.27.4:443 edpuzzle.com tcp
DE 13.32.27.4:443 edpuzzle.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
DE 65.9.66.114:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 4.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 114.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 119.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 assets.edpuzzle.com udp
US 8.8.8.8:53 libs.edpuzzle.com udp
DE 18.245.86.9:443 assets.edpuzzle.com tcp
DE 18.245.86.9:443 assets.edpuzzle.com tcp
DE 18.245.86.9:443 assets.edpuzzle.com tcp
DE 52.222.236.113:443 libs.edpuzzle.com tcp
DE 52.222.236.113:443 libs.edpuzzle.com tcp
DE 52.222.236.113:443 libs.edpuzzle.com tcp
SE 104.84.152.66:443 aefd.nelreports.net udp
US 8.8.8.8:53 f14ab24c7503.us-east-1.sdk.awswaf.com udp
DE 13.32.121.66:443 f14ab24c7503.us-east-1.sdk.awswaf.com tcp
US 8.8.8.8:53 66.121.32.13.in-addr.arpa udp
DE 18.245.86.9:443 assets.edpuzzle.com tcp
DE 18.245.86.9:443 assets.edpuzzle.com tcp
DE 18.245.86.9:443 assets.edpuzzle.com tcp
DE 18.245.86.9:443 assets.edpuzzle.com tcp
US 8.8.8.8:53 service.mtcaptcha.com udp
US 8.8.8.8:53 f14ab24c7503.3b8c98f4.us-east-1.token.awswaf.com udp
US 8.8.8.8:53 service2.mtcaptcha.com udp
DE 18.244.18.107:443 service.mtcaptcha.com tcp
DE 13.35.58.103:443 f14ab24c7503.3b8c98f4.us-east-1.token.awswaf.com tcp
IE 52.214.217.96:443 service2.mtcaptcha.com tcp
US 8.8.8.8:53 edpuzzle.imgix.net udp
US 151.101.2.208:443 edpuzzle.imgix.net tcp
US 8.8.8.8:53 103.58.35.13.in-addr.arpa udp
US 8.8.8.8:53 96.217.214.52.in-addr.arpa udp
US 8.8.8.8:53 107.18.244.18.in-addr.arpa udp
US 8.8.8.8:53 208.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
DE 13.35.58.103:443 f14ab24c7503.3b8c98f4.us-east-1.token.awswaf.com tcp
BE 142.251.173.84:443 accounts.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 8.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 thumbnails.edpuzzle.com udp
DE 3.160.150.111:443 thumbnails.edpuzzle.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 111.150.160.3.in-addr.arpa udp
US 8.8.8.8:53 video-streaming.edpuzzle.com udp
DE 143.204.215.94:443 video-streaming.edpuzzle.com tcp
DE 3.160.150.111:443 thumbnails.edpuzzle.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 94.215.204.143.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
DE 13.32.27.4:443 edpuzzle.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
GB 216.58.212.234:443 signaler-pa.clients6.google.com udp
DE 143.204.215.94:443 video-streaming.edpuzzle.com tcp
DE 143.204.215.94:443 video-streaming.edpuzzle.com tcp
US 8.8.8.8:53 fast.appcues.com udp
US 151.101.130.137:443 fast.appcues.com tcp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
DE 143.204.215.94:443 video-streaming.edpuzzle.com tcp
US 151.101.130.137:443 fast.appcues.com tcp
US 8.8.8.8:53 api.appcues.net udp
US 44.230.159.74:443 api.appcues.net tcp
US 8.8.8.8:53 74.159.230.44.in-addr.arpa udp
BE 142.251.173.84:443 accounts.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
BE 66.102.1.94:443 accounts.google.co.uk udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.178.22:443 i.ytimg.com udp
US 8.8.8.8:53 edpuzzle.com udp
US 8.8.8.8:53 www.youtubeeducation.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 assets.edpuzzle.com udp
US 8.8.8.8:53 libs.edpuzzle.com udp
GB 216.58.212.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 video-streaming.edpuzzle.com udp
DE 143.204.215.128:443 video-streaming.edpuzzle.com tcp
US 8.8.8.8:53 128.215.204.143.in-addr.arpa udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
DE 143.204.215.128:443 video-streaming.edpuzzle.com tcp
GB 142.250.178.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
SE 104.84.152.66:443 aefd.nelreports.net udp
GB 142.250.187.209:443 csp.withgoogle.com tcp
GB 142.250.187.209:443 csp.withgoogle.com udp
US 8.8.8.8:53 209.187.250.142.in-addr.arpa udp
GB 216.58.212.234:443 signaler-pa.clients6.google.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
GB 216.58.212.234:443 signaler-pa.clients6.google.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.187.202:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
GB 142.250.187.202:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 104.110.191.150:443 aefd.nelreports.net udp
US 8.8.8.8:53 150.191.110.104.in-addr.arpa udp
GB 142.250.178.3:443 ssl.gstatic.com udp
GB 142.250.187.202:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.187.234:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.187.202:443 signaler-pa.clients6.google.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
GB 142.250.187.202:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.169.69:443 mail.google.com tcp
BE 142.251.173.84:443 accounts.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
FR 95.101.110.189:443 aefd.nelreports.net udp
US 8.8.8.8:53 189.110.101.95.in-addr.arpa udp
GB 142.250.178.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.169.69:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com udp
GB 216.58.212.206:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

\??\pipe\LOCAL\crashpad_4688_RBOKZWMZBZUDZIEU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5155e6c22d46c8025961eed533baa64c
SHA1 632b7215f29d9f4c14b8414d7fde397fb97e0048
SHA256 503b9f64292efbb5ff708242d2b6e46aa9395285e47d5561d9a5b115bfdf6c49
SHA512 a769ede989b0886975ce4c1c99acd4a73ac1eb6a7eff104dbc30a0bef2a9890076f3707d061ecfd187b07685bf95c6d6126d7c8ea468011496a897ab741b48ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ef88cda5273ab7aaf2788a6a7027a08c
SHA1 4402f4fcecfa43ce242b18f211894c7f9e5ed377
SHA256 baf1b2d2e23ccde7f972b3ececa76c3b6980802cc51dffa8a2cf7f9c82122833
SHA512 04e2ef2cdae3223140bfca009173c07630ba8c8d0d25cc68a09464e9741fa82a30cacbcdad1a3010ae8f929a5f3d1744ba57fc8ff33323f2bbc7e2b787c763d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a0d34a946f8e8e2feb8b5efc31cf0ee
SHA1 984dc764e6a65189c1ccde7866580e22d0f7963c
SHA256 ce03dc76976a3bbf10c547501fa1aa9ba0bb52ddb4e3ebb586e74d6363d91b9e
SHA512 880d11ee894da70f047206c2b486c98277bdc78503f72d963003a975e863ad7692809320c64c97f76954a5f77402d13d110d1797d93ab3b5a4e3dc56001303e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e8102fe56bbaa68d35815127ae0e385
SHA1 cfa566ec7bdf51a0fcfbfbaf6b102ffd209a2a47
SHA256 c478132f280543a21150bdf0c25af697449b9aaab3fdf221dea37437961d4655
SHA512 bc81f125dfd507f99130d3de7c0cc4c86554b7c97bf4106d7cde4434dc6b96b8287ccc2032fdc8b73311965d07b98ac1007dd11018ddd240300012b84b6db8ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580848.TMP

MD5 aa53904066e74524fa0db38cc1118e4a
SHA1 15dca9d269fd30585f399f1d556ae088369af76a
SHA256 d6960f3f66ebbd535e661fc8e9149670328d0c5d337356bfa168d45703117560
SHA512 b33eeab538bed54a56d6db937e5aecb6d79e427684f5faff55e1c7044c6f1672c95fe2bb441efc8a96038367ce5e49f4e14ddf6ef427cab0c0ca55c14145a1ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70735d986df633273f4ff4ff786cc109
SHA1 4f8a29e695ff50d4b462f3ecb461bc363c1df943
SHA256 6cdd75e5a6461e13f0eefde0af0bb9d46f5e5592649b3e1b4f08351b3e98a8b5
SHA512 ae40e0bb8130ed54880787f92a44490a72ce30d2f49af32b76262859bdd1ad8ca40497ccaf1f7e5ef24d370ccb5922711ef958041394a590ecf7aab89cbf7cd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1a29783846661b69bfc19056f1099d6d
SHA1 535ff5ced7ff5655c7de37f766f76a79e1710c40
SHA256 8964d90c15df43708bbbed3c43c1d860f7de7f190dfbbc95b5b21ae82acd7466
SHA512 50fd2db37931f33b93733aa0d07b5c04f556ce6848539258989e9fab45ca9f387acedda013a0474a060e38549b393c72e8d7be565cc97a27f76cec70d2455f61

memory/1020-160-0x0000024FC8B20000-0x0000024FC8B40000-memory.dmp

memory/1020-177-0x0000024FC8B80000-0x0000024FC8BA0000-memory.dmp

memory/1020-224-0x0000024FC8A40000-0x0000024FC8A60000-memory.dmp

memory/1020-537-0x0000024FDBC00000-0x0000024FDBD00000-memory.dmp

memory/1020-325-0x0000024FD98A0000-0x0000024FD99A0000-memory.dmp

memory/1020-273-0x0000024FD98A0000-0x0000024FD99A0000-memory.dmp

memory/1020-205-0x0000024FD93C0000-0x0000024FD94C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b134297dadb8426a8b208ff93634770
SHA1 5874f2ba2d58d5d4552f8b4b853865370b188e88
SHA256 985464813c35ea63a2002c70c5b9dd8c21f7dfc226aa00821031c87a9d181e24
SHA512 d90ab08fff76927cf6a3f6974aa8b173c270a4863f78bd4f5cdb41a34d877fa782ea36d6725993c310b7daa14e13b90a2e2d3ae9b7d249b54b43110f8843e17c

C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QSHLM8PC\login.microsoftonline[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96fba143bbff6ff1568e134ced06f338
SHA1 6c053ce61dbc0b514212fcde007dfd85fda07df5
SHA256 ce49c69baa9e86dca23ab00a7bfb985872e6ed11fd41c68aa7fd634513ff0427
SHA512 74d7754d67812e39275f52f9d04182247792e8148ae39dc41c81fb265060647f1c9df061a38727f5cc1f75893069edbc31c348fe3fa44032cecfafe564e3607b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60fd48243e32049ffd0ca66500185827
SHA1 e0fee3cff791fa06687b6ce6566e9d5761c66d9f
SHA256 6fd89ad3f016b161ba1149128de6d4b57005fb2b7807839efff7aa42e6f77c89
SHA512 1d9598d0190cc550be20642ae4af3dd9d9f9498bf5d054a14cb8fbb6a87b6492678a4966dc6bf22813fa120fe7503f8e52b62d788b78a5ef36558a6dc98c2da8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ea145221db663cdb313a9958d7339a2d
SHA1 20c4f818113ab2c1e31a5b88765179bedbb5e5b6
SHA256 debefa41f9fa872fd2e8543e3faf4f5a7f1f20375dd050ad87cb2c029aad6567
SHA512 e721e4249480cad9a68b6cae9759810835d643b1f358cca1a2f6ebec5d311745c0810824f3810d1f4460cece2aff48cd104e8cbf8934aae42e2ce4e720202187

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 60233331b0e4a44143bf6c940673ed87
SHA1 b2962437a3dc8a142077239036949588f3190627
SHA256 25a7a30a27500aadc6fa454b07e46a863c3e00b6cdda193a1a11ce7d2f0de0eb
SHA512 021da9c10e4314940f5590648af0857e66e1ae0763a81509245184c5614aed26d11fc701fd4c8895f7957c2aabfe5d9133828937e6791dc3c0f5c4007556899b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03631e3b53d0cb91d5179ab2ffb8a2b1
SHA1 be766eec1f78221feff9f05efeef9434e0f44137
SHA256 cf72e591d0916e28a82201bd0a248c6808d86a16c0638fd1b2dd6bb02e70ada7
SHA512 177736b1a783fb055e3ab05379f608dd3cc4bfe4eb2865a6b2b3b745ae4d2715c7d0e47bf7737c03015c09f034702af1e66cd33b77b21e0fe7d565c599942402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ba7d5714847a1615cab840f027b53a3
SHA1 35d9c13db170367475877378b2fcff2649ee9b25
SHA256 51be52c389ebbdd6f3e35fdef757ad8a8bc9d6df69d9cdbd2c2c8721378ab2c9
SHA512 f857bc80a45ef8744e8c988e2b1747dee71f31d1ddab0a387726b2094e13b6e833e755c2fc03b4c60a6bb3f812919780a60e46a0955119e42192002cb4d8df8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mail.google.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 216f206756827ab7045cfea69949a9df
SHA1 48df38d51404a7df5db5b61007d83f29ffb7d54a
SHA256 8268027d79c1e008380115befbd14ef06408d0e6ac299ad02a9d25efdaccb91a
SHA512 b79e443ab02febd359d9891538334e5d9c10794c1ce7f223ad312ff1dcc2d1b9b0098a4b18a43582e79343d363ca04d279dfd2f2c9a436d6d5f8da93e7ee028d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 3c95f2617f9ac7e57a5b570b200c0959
SHA1 0e25635f03766270c10cebe4b10cdfeb3b85974b
SHA256 bbf5c64acdff51ef41e69a8a1a33f43d657e08ef1c90767b54126a7f407b0ac7
SHA512 c02e6ddded94f9502ed92b0d30f57d734cca37406a1f7fff1527d62a92d6672229d6a87d3298e3c47311099dbad9856331ba5700b86427c6e00e927972fb1061

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 7ed68b71f0bf5f0c141821875e5a3a42
SHA1 13e189e20f829644010271f1a48451c64ce39b0b
SHA256 1aee68c2ca3f9b6a48a85de53cb3c9e04491872f9d6bb31860917c66b2461ec9
SHA512 085eef9cdf50025a4c7ad4b3ac981f77bcd174b50e3ea76346f50edbca224175ce167acd83f592dfdcc8291b9f6a128dac9ffe57422fb4ff90e346301df4a207

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 ff771c723fa3267af7a3ac1913bd0973
SHA1 96c3af4fe04cd2cff3982853ecce4ba8a6ea9f36
SHA256 1ec618d0a979a235c184e386c7b24efd92f4184809fdb56c441c22e689deba32
SHA512 7b07a0a2317444194ee21d900bce350ee919a593d70ba10a4128866e5b9dddf89ebe7267e9223e8b932bdb3b933db11e0f659298f603a528c38f328683d67998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9de32184-4b4c-4f66-b658-21c62bc656f6\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 1fb07612583be9d3422cd7fae3a69030
SHA1 ab2080e86b42fe1c352dfc52765d81416c92baf5
SHA256 351bc4914e0a513c1c4f4ff3a1396663508dda3964550adfc27f6f2534362335
SHA512 24fa850ab64549ed5b9b27227ba0dc5f3590368af7dc18362c99475544fcbe0851f809af09d6751661b6fe94985ce380614ae421e1215c99851696f646dfdb4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0903db5c7b05205868b3424bc2083f17
SHA1 6a86fd9dce6010d764b880dd46c09b09cdfe0d45
SHA256 ee4b579490f1848ea7ee1130521eed2d7f193c6c8da96fbb3bd2de017d15d5e1
SHA512 64a3c350983e6280be752f42d3d8a5c9bd2ecf89390035e131a90081e55d2812b471c810a7b40c43521ea8e09407006702b45937a357a7a73b2be25ddc0953ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 44c75323f7d6555e87a11b1ad3b0b907
SHA1 8fb743c8c2b95e0f583ede0bf55f10b8d0d9f182
SHA256 51d544a27b320ac1d3ddf12b69bc7bdba839e64a512a875bc23d4fe53bbecffe
SHA512 0684347732111a49fb32862f1abca04ff0b6369202ae8a46d4da3ed5bd3f79632b8df3af2c3b44837ce6a0ab95243655342b81b3f2e2924b7a148740076346ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks

MD5 c8f06eaaa9a077b3aea5b5149d860d5a
SHA1 4b919296a05614bb06f0e344c315063e979406f1
SHA256 774994234e6deffd74d3e8291ceff6abe6b57a60f7d7cafb6936ee7fe65fe61b
SHA512 2d3901065be4e79b3e1d61c2f203486cedf63d2b387630028d262572833d5bb24806769d72a5077013dc050aa008d52768e77c9d9cd51509b4436abe6b3ce9f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks~RFe594caf.TMP

MD5 6657bad241f4394213d1063b456cdebf
SHA1 48dc5ab06e62fcce89d6d928a244fc3bd8603ec8
SHA256 81570efdba4384b9215e0b42b57625f56c79e2bcdaa8596159d69c2e4fc5212c
SHA512 986f0b6cf7ada1d850549a26fb66b158818f3678a452eafb7482ed6f03e0878e0a49c4054e3c06c0fbcbf90551d03a040e5f822e9fdb47fd00b39a29be4869f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a646c0520e415f31812beb2122cafa3f
SHA1 46be6e209ea7dc7a398ffb080fc1e973e27cf365
SHA256 3288609cd6ba51b2471058f8b7244363b84f8e2819130452653323b955941743
SHA512 561881240f43aae8170ce425819183e87b98ac76dd14227545e0a7e8471c4e564ecf5ca693c55bfc5430f73157015592fdabc4d96ccf8d56afbe59c7249d7b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595df5.TMP

MD5 92ec3950e11e6bf785f39d4b13d6d154
SHA1 c525702b000ed44c2ad6c425d1d4977bef6b3f52
SHA256 047431c591c70d0dc2f2b95c1ae5e63af2ae9da9eca1c38eda142957c2eda7d7
SHA512 c39c267a4c820d5dee82d1fa7adcfb998080b6067361381b366ebfceb1719c5ed341b99dc84d4362083cdfd7df27c7e2d9c1a51d6d33a8ee57e4891e9acd70d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\6cf4c87c-1109-4730-8f22-81e27d7bbcc7\index-dir\the-real-index~RFe59616f.TMP

MD5 891fb70d70adf3c90694c0a54082e2f6
SHA1 fb503c80da235926271eee14983e11d5b8bb4dd4
SHA256 38f22516a816e477171bdf5df90c5f1b4db6fdca8bc57e777f85400e3e52a5f1
SHA512 96c5d7b7c5da7dc3fe5b2eee3bb62b540cb728d69ce6a185fc1dbb03904c0dc14be04bbd551794da25615328e6ed878a43cb889509798e2d4af9b1efaa7dec17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\6cf4c87c-1109-4730-8f22-81e27d7bbcc7\index-dir\the-real-index

MD5 c6fb28b9f917768674dd4d47ff0598be
SHA1 b7f126b6b70507ae9b90c361187ecb1c461a68b6
SHA256 e5d27d61dedc5ee436c66551b1b3008f20cf93685a432a65606e05df487ce00d
SHA512 90993988fdf526d8c0f6cef0c36ba083d0be8493a366e690fcc4925f5d4ced3202c6d4a566c1aac14802dccf0f088a1bda8e5c6230fbaac766998a58d3a2aacc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9820aa61-6a30-48e0-90c0-18a3acece70a\index-dir\the-real-index

MD5 9c31044e64fe9d2f81fa39231dd40350
SHA1 c0a94f41ba6135585e0b5f4c9dfc37cc51247f53
SHA256 8954527d64338ad81432feb8de0025d5831cbe62f5856068094c29c39019caaa
SHA512 a8c9377f5fc2e1136250c04b3cb98934c923670d0f266662ee69e5bf58c75f4c9ee931ae4849e1b3f3cb622ebcd88bf205c2eb720cc8bd2ae50db816fbf73d38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9820aa61-6a30-48e0-90c0-18a3acece70a\index-dir\the-real-index~RFe59643e.TMP

MD5 d001f54c7ace7c4a180c80ca472aa67e
SHA1 655e8f9f3ea3b024bb2258bb7e71ac1fbf538892
SHA256 6020c7474af99266d7e5cbd8dc3ba6b4d81dc6fe64dafa1b2cf93b0f3a39be17
SHA512 08b28a204f6d3fffe2802561bd5a4c2bbad48740e1f695796abb86b8935318a07f1638d927f787dc5908a24220de22d190df2228f836b9bcccc749af45cf4455

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\f47a1552-4b3c-4400-9e89-610434e05924\index-dir\the-real-index

MD5 91450f0299cdb681b809af51002a9bf5
SHA1 c564555134c00232d49ddb5b04888f4e483f0006
SHA256 b9b5db2414e78a41cf9769cc087aeb8a50aeb7be7b1996b5e15f85a36081932f
SHA512 f96512601fc7e80b5c70d963fb0852a15abfa27a4348d0b466b4ae760a35493b916fe4a34126eacdd07fab29c55a217ba6e2ace2989848c2a1b00f48b356571b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\f47a1552-4b3c-4400-9e89-610434e05924\index-dir\the-real-index~RFe59644e.TMP

MD5 8b49625cf0dda806914eabcfe8c1df88
SHA1 dbb63a8de0e4d249da9c5df3806e4cf0e1e3d4dd
SHA256 04dae35b20f223a7c75cfb7ce88947d9e643af23162f86da2351229653d8cbaf
SHA512 d58b9fb4fc55b428664957e198b7a7730d02fa38915203fe5ec5c9c0ba5945b6e8d8126010a9bf30de4de8103c423b3e3408d08fe44f446ed90ccfcbfca70666

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6214c6122f6e52df43a4efa456a1a816
SHA1 e1526a390642fdf1275b7b32d795e78a8111bca5
SHA256 44b1be875b84d4767b796a46f7a10f60b3720e7640af160ecd74069de16a920b
SHA512 83bcf25c8bb650a19ceeaa0859ba7e84defa791e4685e71b5ec6fc6da7229b979759d86f59d7c43ca840e32a657b44a015d09d495e70bb2ceff822a295b3e8c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 431d965df8b545e095c348e631c63b10
SHA1 bd7dd2c8095fffa55603b4d79ee6ce1cc0054041
SHA256 650db91d711bf5f460de74b270b29e6f0abc6ea8bffcbf1210b697de5c5730a3
SHA512 4e4c173f962903c787382067fdba9d26389e9963e6ee619f6ece3840d2dcdb81b71a7a147fc975dc62de249e1ac68764af34123c04838916caf002ad1c8a972e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dc4fc58d-71d9-4e21-832e-3279539cbf1b.tmp

MD5 927dae10a0e28e534be99a258ff8e745
SHA1 ed4480414d9393b123877165bd319aff9308a0aa
SHA256 5f66720f46e480c7dd7c611c19c19408e1cb0421658c3be62ff680e908005240
SHA512 59a5ea52cac9910693aeb3729087fe3b78a60ba6e1f73dfd611ee3d532c7a11a364bcf2f3bd9b3723b7a4c28550cb98b2ea1bb8c4da8280d833f483f5db27058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b8af577ba0e7af82d56bc47324f0285
SHA1 a7744cef0508531d99a8b5168c335a61eaeb9ed2
SHA256 aeb2706c4833092c420c4d22ad00ce6e741d786bd12624adb12ebe193e56d2c6
SHA512 cfdf0651fbbe8dcf37f71d4726998d6f39e317b886f31e7185e74107e0078ba744b329484961d36ccf4f5174c9694464971349c1f9cf86d99a02f66209b808ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fbc6724fedf93ea844d970a43990e2ac
SHA1 97e7312335f6c2937598c1f6684915daa340b07e
SHA256 6f830356ad3ec4fe337c912f4faba3a2584f224df2caf26ee709949d539f37b1
SHA512 b8a5b98a257d7a1993a1438a93dad82478eb9410c65b68453087b486ffb67852952408231fad6a581c95cce37aa3442a280283423c371baf030564243687c66b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2dac0785f9fb251984b2d74bd346bf14
SHA1 5cae018c1e051076cf270790c03db3011ad928a7
SHA256 efc069b58fd705f99dd22cf979613eef4e8e85e709bbc9bbbc8dd31a570f9115
SHA512 500b319abb6c9392a4006a841e7b629f608bb39d42eae1880f331b04ca140f1f9176a69b642109a5f94c9e2eada8e7b49a9ee8b4397e21e7e93d992e701d7b6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f4ec6d2bf787cac861e6121a97d8c34c
SHA1 08700a404bc9f5e22a33ae3c1837aa95e6abc60f
SHA256 9285cf2831d2131531fa5a428c5cc7b0ad8c36c247a65285a19a6663231d6ef3
SHA512 66df00425c3ff3f37f04edeb6b54fba997e83c7f6b7f6c9816cd997891e650ea1b9ef57d2a0b3714242652a3f4de615bb586bb85f5e24a5955af33491198f3cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9de32184-4b4c-4f66-b658-21c62bc656f6\index-dir\the-real-index~RFe59ed06.TMP

MD5 bae4793f4d78005014ed0196b194f1f5
SHA1 7b1b9cae25af2f51547bd554f9235dfde446f822
SHA256 7070d657d8fddf150fce5aef9d4c194bdc57c58710c04aae08fb2a0e2b29b8ee
SHA512 ddb40135f7df781e4efa28ea85ce97e4ddb3861183d318b4b1c498726536f223aa122dfe93f8d427efec1973cf7d216392cef81b0789dd9275c790bd84867aac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9de32184-4b4c-4f66-b658-21c62bc656f6\index-dir\the-real-index

MD5 96ab2de853502610f0c04102040d7390
SHA1 e8e1e8e425ef0805817fce171768476e40fc1fce
SHA256 85cc441846abe2285955db3f45e1c15bee767d9c3feff4abcb9b92a7b5ec6161
SHA512 1f9db521870d7beb3e5d1c119e2779892f1b2b8145a1af12c7dafde72a2de7994f748abb459ba4eac1e9b761123e53210ba4a75c6bf051ebb9b28281d102380e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 7bcc4f4204b33d1586b2d0352b628b09
SHA1 e64569a0c6267040e473c90360500804907c9f15
SHA256 2eab89b462d31e5eaedd9ded182883827c798415b78367e8a8af8f7ee9f61bf7
SHA512 8cbc047891c049ef10ffbbec1f92e0766b217ac716739958ccf0f896b62944ad108e816cc9cf30e4207d6c2fec1629c4a99fa94070eaa874fbed2265624405d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64d85779aab8294176761fb1da6c378d
SHA1 c2c4d744f17b6d93378da9d54f4c66c19088fdf9
SHA256 827f0060ad43ad881060d872cd014121c292c9135ef152a3d71ab786b5412767
SHA512 958d726f3eeb1c723bdcc98d812db45f48e1ff6d7d7b88e68541d4227676cf2a0d491b2617d5fe26e8f431a11ec85f99e65f6f84f242116586034f38bbc5a89c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 1547569c7545f53f54854d01060992ba
SHA1 e3129a3f568a7ec19b5ad92caaf785c46ab13ad2
SHA256 7a1f9be9bd04e7d1fe9e889042173e45e001a00a92444fcf15aa0c866a2595f5
SHA512 4a354b0342c9161308426dcb56c841bf830c89a4cc373985ec0f4e289e935d02877ccd1e53ce30525fd60eaa001161ddbfd07b32ac718aa1065b30f9e88ffbdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 d8299d38b10d15f4776624d669f982e3
SHA1 42c649975569fb9be34e51643ba3e13311a8e6ca
SHA256 2196dd6933f01c013236f2e68aa9a226a6ad2d7ae9697332adaf722790da42c9
SHA512 8011ffe01ba675d641f12babdf7a84b6296825398ef9518aaeb1e6972e7d53c1c3b48cc1af0cc3176beefe3187e1a5ce3a921c390a122819aaae49fdc533ca5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 58a32a6e4c4dbc8dfff275a61d0abf55
SHA1 b14aa9b4a26478e8528190dcea576c23b0604f15
SHA256 d9f1b367f9e4435847817cab15d96638b179a9919f46c9fa6b63645cfeffee52
SHA512 83127eac33582dbc6c4dbe271a65461fc5ef4e4a88fe93cfeb20bfcc2797454428002b2b629d9800f25b0dc0553c738f976e1e74ffcd0166bc413b9004d9f0a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

MD5 ce4d311bb254fa0e9432d8920678a1f0
SHA1 7961c2b854b40c1babd12bb13f0420ed19382e16
SHA256 905a377918849c0e54664bdc0bdf8e844dd41b1cf96fe4076f01b447021ad262
SHA512 ac3d1343e09d5cdfe0e34751f01bfcdbc065daaa8ae69ee0ee85eb4e09e4474d1a671097dfba89a2e9bd7a013a0eff16cd429fa0e4bca82283e5a82bc1256227

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79a5b6031ea8e51e985365a7b6576543
SHA1 3690bb1b37e773c62ce206fda09174d551846961
SHA256 d6a45408ec471b0a7f06d130de74687288590f57a750f52c4a98acdca584eeac
SHA512 a6a2c29a6721e83ebc1240b7f6ceb744b9dc273b34e5945b518685df58e3acdbefbfbafb6ecc28a90c725beb9bc70c3ce58d367c217aa7ce462bd2b948472e50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ab6de7b6d2cb092c2b15f19604dc89e
SHA1 c23b8a7d7bb5fc1a206dd6ab36fed2c1d2768d40
SHA256 a41926a329b7269c8ad11cac1695a60580efa93e926ebdfeb7f2d460c9252883
SHA512 3f5d03309240e028414f950627ccbc01f4ac737ebdcccef0d00a201a9a25211a186a56c7362af7f37a4510808707ffce43e620b5d588a74e8aaebc82e8feac5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

MD5 f7e55423d87525395c453c1a10ffa1b4
SHA1 fdbcbe9f770a0fe4ed35bed27df8647ba4786f5b
SHA256 f6e0583e92729a80aa0da90d14a9d0c9bf80626fa661ae2e6861e9f96fce5dba
SHA512 7a51fdd4508d747f7b16b2b1e0fa7799b2bb4af3a19811d6cfa2e73f5232e4fdceaa55f94655f5946a4c7af7c09f82687339f7fd4586a4a5812884374a32976a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3722dffc2acb8ac1b0377d9fe155d7c5
SHA1 c5bdc0c144dc32f23962fc8ef771e146b5e3da01
SHA256 b8d3b2bac87c697b9f1b581c25b50e674edc23fd5012ab0b63e2987d90044113
SHA512 d5e0d878a2fe79275d6c0eb4a0fe4345fe482afc360a014b75ae234a24750be233b55db6dafa5d161eb9e24a1e02d85152c11ab98605445458a61fd752d91670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d179c7902ec74b9a7ed171c113b9a30
SHA1 3cf4161f78465fba47b874672bac7517cd422b20
SHA256 7439ba1f9cec7c99454602d949d482d74bee9d6ee71d5593aaa8f52ee135f753
SHA512 39f8c725dbd83d9d40732effa6d79f8f7ed7879145e507c0d32733d417f4a837330fd21275ffcae8a7dc47a38ad36eab2f4a3de7cac1e087fbb43b5a800e8d08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7e77c7183c73a81721c858e0c2af0a9
SHA1 a2533f4e02158216a2a0fa96919e175226b54a9a
SHA256 da7afd09e55d84c496f37f2f20146cff0b26c3fccecfb491df9a3758f5a98530
SHA512 b53d56b188e674e4a889239f0ed27f53f2a60451b78ca14675ffe97ed2f3b659748ec254902b0793455fd87723e37036a1b5f1291a1ca3770c5ca14eb82e4e68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d23b4c2363bc3849155101ef94a51112
SHA1 6019b958e819ae32079cfbe9018636ed5cd29924
SHA256 d3a535641110a85930b394d9d9d727d745a734618a65518dcd4623af0f8ba11a
SHA512 4e71e1b88df1169cdca8546f1a2976fef77357285f1269caf1e42e3df1a144d4a0e4146ab7a51c03b78f6ba2d0e9783af4fcb56c95605d03407681b61a090125

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt

MD5 4e075fef575216a5be604ff489007bc4
SHA1 07be26bf727b123395be443a9245bd10da60ab12
SHA256 f2065536beaee87b9034834258cecb9b53a30f0c61efa4749583ff59c5e79b64
SHA512 7cf1df56abc2e10d8785f387a0df7cce9688c6c829c467d8a07e2edcf64d2ce38ad3bddae50cdfa4c81bdf009501ff4dda0dec9096c057ab5a452a0b2391c292

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt~RFe5aaac8.TMP

MD5 001dd168335f17a76177a504462a7153
SHA1 481db3d35ed4c6cf9a228d3aba67f0e3794d1121
SHA256 1162792d2fc3cd222a23b03238409f36361fbaa8321c1300694bff92b5caec65
SHA512 ca0596386f0c8b67c2f5434ed216497116f7381d073e344c2c1c9b1e4dcf2f3a056a0b2a1d5344ce5852fb8523cdb6667d334774acbe2d69eafe539a09054a09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e35e6f5385f799081fbddee520ce1788
SHA1 4a41c04cdf0869ef4802db84ca9aa8f8ad6215ab
SHA256 bd45c6ac61394e7251b87b30d30cf5ffebb01853b11cc3c99cbd3f4ac3207035
SHA512 9fff78d10c9ff476918b6de90faaa85bde02f2cc0bfc05159d8eb959e94fbe69849b38de5379708ebc231fac63be0b6ea727364b028b2fbbcd378b37de1d1541

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 29e5c4ac7faa171f12af2b523c318952
SHA1 9c19c6203780564bf446622983911b9fc93868d8
SHA256 b67ea16766060efd30d7f0da14be0c894a17b8055c96bb4566cd77721dd307d3
SHA512 87b9e5fb1cfcc200e534ce0da8a10ce05d4d908452d7b33dfae270206c2ea3cbc6a88978061b8229dc6358420d9bec72ad48cd0a72b9742ae1334b23fb04c85f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 21854722fa21072e1c23abfc848cd5d1
SHA1 141c6d4270daa428727e4ce2a9eb99552ad7963f
SHA256 c7bb6be128ec4a3a2d8ffd5b71b34af24966c928a8e652aa7117c5a3be23e4a2
SHA512 7b35ce59474692a05db93f8be1a93d707a7f197080f0e35821591e156bb7804c45b6bc078f1e115374782f86bc15b38fa5c99e86c7b10f4b2b5f39eecd4c5a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 a7f5d532c062f59624fc1337f0b85725
SHA1 46b5678fc19f52b058c2fd92b85846a1cad46605
SHA256 a14cca6a9aacc74306b3e6139506a86e4849b6fdbfe5400724a77f1682e543d3
SHA512 dcd91bbe8db4d656fc1d989e3c648abb09ced63f965babd5afe43b650fd3d72ce9ecc4254dcce43873dae181730c5c2906cf06009902655e2d52468f2b33b1f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 ed839d6d933bff990da28bda7998fdb1
SHA1 b6af66e66582155ac2f5972b95c7f4c77d4c3ad3
SHA256 cb69b7d8d20d03caebe719fd03abd371565ad996a45fee357c3f7a8f92d4f35d
SHA512 335a2a255722a4af81a40a59fb818f4898efa2ea98f7103c862685c2b092b44de01247145d28feec18ddce6dd1bc897072f43d8b0a8a140a5bc7bd8429ed71c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 8ce25609d6b553073592ecd479730f55
SHA1 49dd3ad6377b4a58cb4ebfd22d71060cf4a992bf
SHA256 d9de178c5d60b75e60613150f05bb87f07e7ff11d4d3f806c31ad89ce28b2239
SHA512 8c7bdb37fcfa934e0e99c40c17dc20493e9f8a560fc0c9866b2969dfbb46a6d17a894afd0ab2966080123ee3825eff32d0a812c6eead738b5f57d2453963fa4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 c5317201f6deb392c5fb722f13a8111e
SHA1 713c97fd5b19825a18b271e868c55f106db88b85
SHA256 1c9134d2fa318735d5cb52f148758056cdb3f8ec0fa60f8a3a2a6ef7ebc217f3
SHA512 a07026c7ea8e6d79080933fcfa207cec92f1165d0b13521b21dcc62d055283a5fcb1523298b632e5402b68cd5dd9e6e83a0e8d63c32fb990a0f2579ea66a3222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 971a2a8841d69790118c123a52568b22
SHA1 ae3851aecc7cc18920f08167162ed5a3ea649066
SHA256 092e34a515ebd50207361f66363fd29bc2ead7c120899479a38a3014bcd82a52
SHA512 44644ca75c07a944a2ccad923f328cbf2530897eeda999cd2d8d7889e5e7c7f8b634477ebf6a746ded69ad4801f9b0228011766a950eff7c0a21adfc3c75f8b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtubeeducation.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

MD5 b858fc237363972d66d97991e542641d
SHA1 7606f98bac7a726b533d94fb396b7664253f4fd1
SHA256 dc0cfd5ca8d87254594214ff0c328417077699fada149060676898dad3c44899
SHA512 084cecbc28510da61857a2ae0592395c3114633f68c128a5e12eaaf1f55b700776d177f97bbb56210bf86bbc0c9785e62f60efab533e368c8f7c2ec5af2cb587

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2395a95854880c7f22f94c3576a636ba
SHA1 dfe8e96035698e59d6ee18d5a4a7b1bd26b1abde
SHA256 af52b3bdee8991904f64245af72c5c432619942733902129563e16ab523504f6
SHA512 a538350ea7a3019c3ce3b283db9108dcacfc33822d8c7625278bdc5fbad384123be661d7c53131156f4227832d9b7d8809010eeb3d4fbb58a234ef01cb1e5b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e780079a7b3a78245d5916a1369e328e
SHA1 f4ddd38fb751341e4349d23b13c68b858640db4c
SHA256 ffad8402aff7dd3b6ed2529f83a53b4e2be9b15b1ebbc4d58e81ebd90fe206fc
SHA512 1737abb759161f4f1571a4abe08d474a147b7f1143b5ca8015c746f5b1aafd4123df4eb0e1e5c2ec32698543890d87ec112cab09ff7c447814171f98957e5842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0477453b947c678c884dc0dbba606bae
SHA1 cb1f8a53cd18e3cad6fb47688a8bde88b923f54a
SHA256 ceeb31ab35c3c0b57e2384eb6ca86583ee9786fe3ce1b739cc93beec3b644d3d
SHA512 d42d92239f296c2286958a4b8592231b4c28c1ca7f89415887a766934fda19bf7025993d605afb65d8cdac120047a8e9a6e0a11e1fec54c8455e7688e8c77058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96d05f4596aa803de26c62c26366fedf
SHA1 f970be0a1f19ebfb2c660657c4fdef456338bfba
SHA256 2e7f33e1c1e2e10e03b901d5f50e2341767a3d142ef2c632875e2a87e2effcfd
SHA512 d62da4026ccd679a99e0f2446ac1ad1897ca52d8fc76938164f6b15b156ac4affe7d4fec7851febb049505d282f931024e795bf86568b84c3ba8e90598cf0f4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bf1d86e00f9cc8befc2a1fefa9c6883e
SHA1 3c5abdb5cafc0eb759447d6e888c8780a6bb24d7
SHA256 15198903a869f2a24b00d12d7c45dfc988ec71e4813bb8173a4540f27d3bb2a9
SHA512 a6bc02d6cbbe9ddb8f1c141834f1131a3f4a75633e0da20660143c356055befeec77514c4ddec7574650b7d0b6f06da4d1936b7a22cfb49ff7bb8baa2558526a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 582738e2d5df090212019c8d78f4e4d7
SHA1 5d26773b8bbea8d9a4141d81763c69de5bcaecf3
SHA256 9c20c5d65850a9f6385d695843e4b5ce76e99098f4a5180bfde4c66070443ccb
SHA512 12faf9e4cc2c35d8739cad08feeb6dba52c999b1693f14dafae69ddbf4772a4dfdd66c37958392360dbd44726d352da0456359388c8016db7c039aa36bf2f5a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a22b2143493aedff33e0d0a670bd5e3
SHA1 e11482ea9164c18c494f32f085fb252d399f815b
SHA256 ce0f912d7baa786a3666fe243ba282068b24ca4f2b0ad9a50dc191dd9c0be410
SHA512 54e0280aa186ad9ae31cfdebc800e6037e12c614042c530103e8ed5da191b4a674b4ef9c7064d38524d44a067e632a48faa5ab31126b79c45454b8e99bd7ade8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cec7566fc7c7cbd67d259a1d4c5a6641
SHA1 833b0c1bfd148623535ad6e6781a37e361c41419
SHA256 37b1526e65769de613b9be7d22af43867bd886ed1f82205527bec94a748f947b
SHA512 38b6ca6d1b860558fa234cc2d262fe9cf3f95f70690adf9d05540dea1df09c6518cf7c2b00a811e3e5c03aca89b45108695fc36c57491d71aeb262f3f85af5d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8be5ded82a9b9aba1cf519b33c435fb6
SHA1 d88d83c6e8d4c7f59be47a9382f93ba0ab460f48
SHA256 9d03c22879864750fd9ff3727a296021e3bcb7e27b09daffb04931e697047723
SHA512 fb3c09f0c9fe2c989fa73e7c046a558f5770444f288bc40faefd8e084f4faf84d579e73d2f04cbb1d9c87a50d1fb9c8f0289ed809c5f6c96dc62b9167bc4841c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b737206d62668a497bed68d5268074e
SHA1 7629c3b4e7608c45f1f57a06ca7e42891a33dee9
SHA256 5de93bf3c2e44071527ac21d9af3b4e6cb475a67cb8fe8c6de10c16619623720
SHA512 3a4bcc1c018df209f573e442c0eabf5bf034bb7d55c588451f41c8c414254cf5c6793b4135833693b2e4e1254a88b75017d1aa1a6f1a941a729fcadb90a32c31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b575d152516b426bf98873d41ee92aa4
SHA1 3a551d468c4bc79bdc5bc11d69a55ee6a5386ea4
SHA256 7e532907f69199b3681899797c5890b1943d189d8a0e277e251b89c1ea1b3382
SHA512 1861f6dada472592390a07e576d74724a0a5aae765b86869366b8b7139f3d7cfc88d0e434cad7bc5aefa66efeefcd2f4256f487ed295804249470c50bb907356

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8692e893fe5e2c4ff0172611fdf4f384
SHA1 f681532e28249a13e8fd3e25fa2d3cfb8195a5fe
SHA256 1e3d84276e20a7986501dd8443246e12249d753fca02de6e636186c9e005af9a
SHA512 66596e38c5961a45e12f73a35e3e603783f929064f1bcc55af30505e68ff2449a4667636698fd9e8670af00d5785c6bf72a24330a70a061f7f8931eaa2daadd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4337c7897c9e992680bcb946571a862f
SHA1 0473d1619aa1f8686a9f0c7b4479367df36ae36d
SHA256 07494d1aec601935732d4303927961372002ad7d2352bb2180f4569790c2b722
SHA512 599dff5c567cd75b08cab108d63bb22082bf7a1587718a9871534550bddb944a9d0f06285b67386b6a41cb33354480a11e8869e5ec3bd04d83bef60c25b35a10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5747a3f1f9d3515f7ce3f4310e86a7f4
SHA1 f8a238594591b10d1dd462e1cbea615a0f88cbab
SHA256 227f70ff81d177711750566540f5b91b6869242be0bdd7ed8f8604af62199da2
SHA512 f933af47c2fb56773bbb20f23b73946a3a41fe14d5b41db9fcea61d9bc18385cc37ec95b8ab94376840e995a0ce922e8dd2e0aa3f6d81687585f1c26446901fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 401826bd6624264ef0ff670440b0c783
SHA1 eaaa32329b8f247abba44aa0e63e8d85a5ba9da8
SHA256 9c8f479cddb2479d41a003dfe427e363c9bedb09971bf8b376e5735a94a24546
SHA512 156a04cd2a62825fbf3eb2b3b6bd98810d587a48b10cb0306951bc8961b970703d601170519d7dce310023fe0981eb2897725db58fa7cf97bb58c2b27d644370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d145c18d2f02a232d94a5bf3d6746ab
SHA1 0795551e100906f2d70a5b37be908daf82c24ef7
SHA256 9a6ddc7fd861e9a81d78fcd772eaad3881cf27270174dc6a488350e2bf1bfd8c
SHA512 82965698338416b7a010e31fb29600cc239613cbac1b979485a370e40ff83b46b5f6e3052caac3113c8705859a1752ae00b0724d2cff2dd691e9084c9a76bb52