Malware Analysis Report

2025-03-14 21:47

Sample ID 250130-ae7fkstkdz
Target http://www.google.com
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://www.google.com was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-30 00:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-30 00:08

Reported

2025-01-30 00:15

Platform

win10v2004-20250129-en

Max time kernel

393s

Max time network

396s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.com

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-70482961-775596374-3727440602-1000\{1960CD40-8BDD-4C0B-B3CE-312043303C47} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3436 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb27fb46f8,0x7ffb27fb4708,0x7ffb27fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4048 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6232 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x310 0x460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9811743695555671018,15521359840572904855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 1.31.126.40.in-addr.arpa udp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 88.221.135.42:443 www.bing.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.135.221.88.in-addr.arpa udp
GB 88.221.135.25:443 www.bing.com tcp
GB 88.221.135.25:443 www.bing.com tcp
US 8.8.8.8:53 25.135.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.27:443 th.bing.com tcp
GB 88.221.135.27:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
US 8.8.8.8:53 27.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.136:443 login.microsoftonline.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
GB 142.250.187.229:80 mail.google.com tcp
GB 142.250.187.229:80 mail.google.com tcp
GB 142.250.187.229:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 229.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.202:443 r.bing.com tcp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.133.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.229.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 21.229.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.130.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 status.discord.com udp
US 162.159.138.232:443 status.discord.com tcp
US 8.8.8.8:53 234.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 162.159.133.234:443 gateway.discord.gg tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae2a8f2ebc841509f7b978edf590d3cd
SHA1 91358152e27c0165334913228005540756c35bd3
SHA256 631550765e3db02be0709748c0634a2cfdab711cea94f5890854d0c1dfbcb214
SHA512 e52180dd175f1e6ff72d76400085869387cd70da33919de219a04dc26871e8421e93b22e7c59125c19c6ee54a8a8f742d796ac68ea9077c9dab5f03b80967d11

\??\pipe\LOCAL\crashpad_3436_KRKFWVLFWJJOCUSU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9bfb45e464f029b27cd825568bc06765
SHA1 a4962b4fd45004732f071e16977522709ab0ce60
SHA256 ceb8f1b0aaa1ba575c3704e73fd77edf932d68c8be902b33f1ba3b1d130cd139
SHA512 f87cce8bb5489b56027f5a285b948b639a1c7b0f213a111f057235177e5bffc537627c82586736704e398a0185cf2ad8ba8cdee788531fb753a2d08f16e906c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0a40344c8390943c2fa510c57eaf629
SHA1 5dae940270463d10d5c49c4e6b9f4de373bf0bc8
SHA256 5dc0475ee370499df90d7cf43a1a5ba7cb4698b07ff2ac729ba04830d76eea08
SHA512 bb8db0e925c4161209b9cdce4ff5655b8cc2c959e80a7d99b2ffb6a6e52f20da2f35d65397e82001d28833a5a92c2775809f0f27198018e41e5ee8c452cd5348

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 ba958dfa97ba4abe328dce19c50cd19c
SHA1 122405a9536dd824adcc446c3f0f3a971c94f1b1
SHA256 3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607
SHA512 aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ae699a699461b9a31e58985438c7545
SHA1 827fd5e4854201843352810dfb8d505b253614ce
SHA256 3d623d8ac60e9b68adec67ef3449cde56cc7bf558f335f044a7d1cd1bbc5a12c
SHA512 454bbed13d96b0059d98fc79bb374a9f2f528b331bb066be0ff6f3933237838793603ba17c5e2d969e99bf3df4013b04e4173a6abc5e2539cb05ea9410a2108e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69a7dac6aa1696fb2e418ee6ad20be81
SHA1 52747ae3f655c8b3409a55064e7fdc100cc703f7
SHA256 d3ab399857d7ffcbf645d9eceaf2ffe480969531e4ba8a9a259885cacda95336
SHA512 ef1f6c268980e41623deb90b2a0d2c3f1d588d01a86b688377035c2b92e55e04a0557a861541335115d32efdf60b3b364680491b6a43b1378f210d53f62ae973

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8641dab8b8e208c4b12eaa5afdeb636e
SHA1 2215d73a4631426306312c50c7ebdd78509fd05e
SHA256 d6d1837c78ea104c9e2134ae4c9a9186dcde3bdc6b043e8b2a35816c837bd8d1
SHA512 c50ae5045610e20b5229a3b1f6a039bd6a83461d4fcc6c673e8792ced2b425d8b6212afb220b1f7792fc98b673ebba72193aa844f9d0460944ee3e9cd9e80065

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf74146c64438477bb24e06a2f42c20b
SHA1 402ef5970f3275f07c15e70ba06ce6fd4e15492d
SHA256 9b8cbf52b344266207bdbc26e09c9330b59433195c454a8f2d6883792b3dcc84
SHA512 11a6cf37f60c5e8e0f206d309f41e2a304c2d1861bd9e9acab9844a77f348a2f12b73ff2c40b19af97a5f8b6384e446f6e8caf14d49615a39e13ff8c05611ed1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e9ff7.TMP

MD5 fb4e549bbce053fa24507bcd98693b94
SHA1 8a6423ef654422b5aa83629f33b7dde61a05d83f
SHA256 82fb84d375516b9b7432c3f828a507aca26e25e4fc5e80aa68bc9acd228c7d1d
SHA512 7ad737d3fa65ed81b231895e257584a43e5b24d8bdcb0ca70c299dde9ca185153710206bcfd0b384719fb8373d2eab50cf4858e9d182926641d89c9ee9e9eeb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 36282fe9e7c67edcd4e6f075bf74c571
SHA1 5da09a1c43d9e25e37c3f14fabff925b41d89f18
SHA256 0fccdb1729360d71cf3cf44d944be01fd6f6c961bc96396329e7836fdfbec129
SHA512 bb098bc763299c929147e9e8d3aae303feaeffe5a5a398a937b999164d50024bb485f60955a438c72d667a331a2cf50ac8be2ca699f3f44fbe5b2093bc0b69b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e37d33123520a44b9a7098c211c04e85
SHA1 3f8e0fa71ee8b398a054861ce9065d19332c3594
SHA256 e26f4bc3861e734752521b8497af14a85b077613ac5291e0c39fd007886df20a
SHA512 b2ad11707ea0a99cb5688a2e1a1ea862d4d0d1fa1cc3d7bcceeb698070831a0bd97faee2b32efaf4a6d2edd8797f46a1368572a31066f80768d97bade8420610

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f33c4f8b-21fb-474c-ae75-bf08ce7a7264.tmp

MD5 bd8feda5d03cdcd0ea029860d8d1a3e5
SHA1 a8a5bae3331e27938c4315bf5b168310c063c8a5
SHA256 b51dd1ccb7a53a3171aa6ff120b400dc1ca8fb117df79243dd6d8628250a33d5
SHA512 9af5afecd3851f4f7f5845849643ed3ac8af0640863d99cd1dcd1da7223eba72360402d55112e59891881db8227ee854d4b37104dd1b605076ebf845c4e507f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 31f4bacd3f6813d020ade7b11c1cc559
SHA1 bd9a13a152f4fa4211b92e00be13e0a24404ed50
SHA256 f21c13f9f5362471f35810356b658a437ab634814a396a9131e12f9a0255f6a2
SHA512 1fbe6e6a3dce7332878c6032506888c4fda9e22558ebd09b555317684584199cee7116555791bbeca5df148ba2b4feaac293fb0c691584362696c12dcd6315f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13f00ca28133854f89d809a98baa6062
SHA1 6951b8bf9598099aac93003a1213619a8343e262
SHA256 4b70727ceba460dda807c4f22777063e24b493c0eef6b35d0ae9ff433167bcc9
SHA512 eab5597053e24604b3fbb2dd690fd2d4772d81f213a831bd157a8900953178f0cf8f16021a4a39189f833336e56a6fc3f7c38a9b6be94c97c89c4e6c585dd4e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 042b8b12a1f4a4e13ea84ac554ebeeac
SHA1 c7015987d2e18b33284cda28978139a239856498
SHA256 ac58fb86115d7eebf0f6d9afde60f0c907a36e37ba9698baca8f487ccd89cfad
SHA512 4f96055d35295178bc30d7f948ad2ca4cc672e00b24b7cc9a0a27d8ef0bb1783ebceceeea1c18cd8f68492de89239a0fe11321ad7b6a2af511c00f596bee3eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2a44c6b668867931f25febd92c01ec1f
SHA1 0f8ff64cbcfef51e79e5e8a6386ec4c3eb80ebd4
SHA256 9667842e9b96ffc1a9f889940fbae7ac8cfebf1d84810074ac537ee5f4d064b0
SHA512 10d629e814c44eb97f090ceb89fea3fe2f5ac71fdf08f4374618d3aa2f100475428fc080e9d72c7b6a084ff26789d4e3ae8f9fe26fcc756ac01808e2c33e847f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 964023d134d8aa92f9c4d86dff839564
SHA1 43e7bc3ce9763ec08cca34486e327f7d5eb46e85
SHA256 da42fde4753830403a493bdcfc16d2b97ea04815d446f9de2d6593334750a9fc
SHA512 1fea87d5b64bcf505970567e3156c7a36930c3f20000f226a6e04a385af40cd3f1b7b3ddabdab9c40791f0459962f1231e4ddbf15f8fbeba7e7fcb3cea68f77a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4a19c5073219add70d4347f2d197b72
SHA1 c96250cfd8d2cd69c539cf8618480c7ad2d2862d
SHA256 0ca42f66a37e645bd78e15372207c45aac9b416ee3ad3b3af21f3599d2fd266e
SHA512 7858694aa24ad244ceb1ff98caca9d4a5d8a8d40593691315e60277599ab879b60621f7f9fa59d1f1b56cec5d21be56ab85ca1d6942633f24ebe7652e4a61632

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 541e70c3410bacd4abad99861d133cf1
SHA1 fa39e67da99e0ee4a53144b1cdb759580b0cdc6f
SHA256 cdb0003e73960619f4ab4bf112052bede79c35455de331168482ade35e67f369
SHA512 e997aa6aba20b61fe84dd971eda3fde8d22290414fc2ee563d40fc92de8b500640014b243d869d275a436783f11885b68d0ae4948300ae19981068edaa9aa378

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b809327a7bdb132204055a8eb952d32
SHA1 1489c0276416809c84723e0185a3a2e44f54417c
SHA256 e238a64c9c389c52bc48e52e4f55a4dda8923b93279cb0ffa83ca6cabf066c84
SHA512 5003ff2c95a840ea347b8c6f4fee21056a8ca87d4fa631f81d772aac7be7d0839df1a8d34331b574819c6c36d7717a1359461ecd8dacd5a7006dd78d59ecde2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a38d220bf3f24d63d74225571b01254b
SHA1 ecc5b758c550009cf35497cf7dcdcef94732f51d
SHA256 78dc17f0b07027eb994c9bf3946951d6c494612a68cf0db6f6dc1399771b371e
SHA512 ea0b7cc9ece9f61fa490f835829e7ef35b3f173826656a0722e6dfea402fcbbac08e602efd1763698813a543390aca838cf6b1d783a094d5fd7742aeedf83ae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f69fa7aaecc6a3b942b8ebadb92a59a2
SHA1 76a122a0c10663d4f448a1184945198eb16a5d92
SHA256 20566956d8b80221a5a748f62cbedbdf44aa82cc5e4623dabf9561e010b9712e
SHA512 898b6ae63347eba3ff35c3e4666bc5bd7faffb32d5d81c526a0ae76d3a188d960266b13dfbf75c969c8edfc88091385ebc9b8751b92ac07c666fece2e424358c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ebd7026293f6ed9be3381590ef93db4a
SHA1 20b5f4067e3d05bea9b6f9a2c4b3f2b8e5fd8e92
SHA256 b672c77f715c0c4cdcd60ce67ba6e549e9da819a67d05b58082d90aa953d68e1
SHA512 bd12c9293e51d5af04f0e213cbfa3272bbd6fb5fce533cffb719a3381bbea2a1e53e32b750c4bb6ed426bbd493519bcd0be44314568db8358d3f38d523f43c73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ef0f3dda2363c64a3ce9e5f11edc29a
SHA1 b3968e4d35c015375196613bfb182b91a0de4235
SHA256 955d6ed781080b9096056b332cbda0d24a19f02e8af62a62f7613fef8176b6ef
SHA512 2e5b9813096f74c6c9dc4ed70d1e50e1a9bc1b042d5674404306d17ec3fcdb5407b093127fcb62d90d24d4c041dd13e3b1b9c749e106953653e2f9f93bce835d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01e5dc72ebb78ec44f46c096753f2206
SHA1 b9da4dea391bf78f796062af4d3172c190930f88
SHA256 fbb25dae6e27724816d40ad0313e0dc41c14047ddde5442bbb9984b330550aa0
SHA512 6d594600111ad8c535102f60989c813c596fae49384c5aad6daa8b4ba704d9328028794b138dd6aa2f5d9da5eb59ff9c68614a2413755fa39f3a49d284535f76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 80724fa4b308c41cbd3c871a9377e9b2
SHA1 cda998bb81df0811751e58fbbdfe8c4f4f048526
SHA256 d90cdb31acfc53b738e14e4710343e4b27827009a2f4ee49884cfcea2974582d
SHA512 a76aac12fdc1e040a4e83ce21badae90e2edc0ebf9e42755c009b8bb59cd5b55eab92e55c9083e0f62c0fcb87b0ecc5ceaf970c23582e1b2e0ff8f281359a056

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c6eac7bd9ce19f108fa8ca66bc4c4a2
SHA1 21447e3aa73968122fb7fd321ad71ec478b28d0a
SHA256 1b6471a1bf29bd2321324c9eba89fa683b903a2af902290128765054a772fed6
SHA512 ac22af43c403c1f1a4228001b5367533c83f0488e798e783b6feaea00075f96b5d8b1f5ac73babeba90f57fb3d203a472abfb7cb7de79423955916d68823ce7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2ff0aada83a2a091d2f27888ded96900
SHA1 2c452b392e42942feb53e369edc874c1f992e8dc
SHA256 106dcaba9fd167bcbf8a9850d287f46b62beeca0c0cd5efc639eba7792f96f78
SHA512 ac9858fb346b59a903b818721ef5cc55860de9666060548cb9ccc9072bf0e97de20235b94c1eb06c85e523bfa896141004bc260b4eb19ca1bac4f8701423162f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 348951310f048b47ca96c7fac2598193
SHA1 e632621d2017e61d3aa8ee46c0b5a8693cefa78d
SHA256 a2fc28213195df1ccabd82638ac4740b1d14763c37f75e7207d9c7c6bc2a64a0
SHA512 3a91572207fc639dc4e941126ebac0d6e6bbfdaca1099aa9a3376234766ff114151e5793a3e1a14399ae0d5c76f05993176dab8ef2259038af335637f17f6ba9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fac4265302750c4a93b87d00deb0d8fe
SHA1 7f2613e1f5d5038923255efa4518707e54e1f529
SHA256 85a88b53230e4e7b62652cdae964fe90a252330665a248e2ec814caa00dbf786
SHA512 82a572e4a042a15a2ebf94804a437ae535582a0384dcdc7799e947c3d800ffa48355b46aea4fb34c0e2146589b55597b1cf14948c0d152c081e1c8090ea36a4a