Malware Analysis Report

2025-03-14 21:47

Sample ID 250131-ar3yxswpgx
Target https://youtube.com
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://youtube.com was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

A potential corporate email address has been identified in the URL: [email protected]

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-31 00:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-31 00:27

Reported

2025-01-31 00:30

Platform

win10v2004-20250129-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://youtube.com

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com\ = "124" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\MuiCache C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\Total = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\NumberOfSubdomai = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.live.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200" C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "124" C:\Windows\system32\wwahost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2836 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9cf046f8,0x7ffd9cf04708,0x7ffd9cf04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4824 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x4b0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14707494140843466591,2123418268736754884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6516 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 rr1---sn-q4flrne7.googlevideo.com udp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 209.85.165.166:443 rr1---sn-q4flrne7.googlevideo.com tcp
US 209.85.165.166:443 rr1---sn-q4flrne7.googlevideo.com tcp
US 209.85.165.166:443 rr1---sn-q4flrne7.googlevideo.com tcp
US 209.85.165.166:443 rr1---sn-q4flrne7.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 166.165.85.209.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
US 209.85.165.166:443 rr1---sn-q4flrne7.googlevideo.com tcp
US 209.85.165.166:443 rr1---sn-q4flrne7.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
GB 216.58.213.22:443 i.ytimg.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr2---sn-q4fl6nds.googlevideo.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 173.194.141.39:443 rr2---sn-q4fl6nds.googlevideo.com tcp
US 173.194.141.39:443 rr2---sn-q4fl6nds.googlevideo.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
US 173.194.141.39:443 rr2---sn-q4fl6nds.googlevideo.com tcp
US 173.194.141.39:443 rr2---sn-q4fl6nds.googlevideo.com tcp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 39.141.194.173.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.198:443 static.doubleclick.net tcp
US 173.194.141.39:443 rr2---sn-q4fl6nds.googlevideo.com tcp
US 173.194.141.39:443 rr2---sn-q4fl6nds.googlevideo.com tcp
US 8.8.8.8:53 198.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.212.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 logincdn.msftauth.net udp
GB 95.101.143.240:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 240.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 104.208.16.95:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
GB 95.101.143.201:443 www.bing.com tcp
GB 95.101.143.201:443 www.bing.com tcp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.34:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 88.221.135.34:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 34.135.221.88.in-addr.arpa udp
NL 40.126.32.72:443 login.microsoftonline.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 4.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
GB 216.58.204.69:443 mail.google.com tcp
GB 216.58.204.69:443 mail.google.com tcp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 69.204.58.216.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e8cb3a8ae72d4143c46a67827ca0b7df
SHA1 171c2c090300f33f67510e38358077155a664f99
SHA256 7bf198a75746d630643056ad1571f0d46f6d069f7813a39888f7519b4b843e9e
SHA512 917d6ac30c1975f5266aa380baf9842575ad565c4399ef7da499e8f78d7300f6b1c4d3c5846d46b5c39fbbcd76097fe356274ce44eb35e8ca5c09522def6758e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bf0b2725c0cd068b0f67eb62cbc3244f
SHA1 54ee5cd3bd0ae55707020bf40c4342736e310caf
SHA256 5dff0f70a7691805910a88ef91c9ecc338c6a27b818ff6b0c8bc6e0e8e381d36
SHA512 f622f17ddcf1a364bbe926fe427b1544c3bea200b65f24aee14a5eaa7b260e33f396ef07f2a0a53540dc4c0f5beebf431b6d7d0a9032890de13b99a2089b852e

\??\pipe\LOCAL\crashpad_2836_FBCRPYANASZFVCXK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ccfdb46546fc04e5f3507d077c6b40a
SHA1 27d3eaec8bdd1b4fc933b478783058a249788ad7
SHA256 c0cc3f35433b1b6acd2dec89c727a5f87ab4b890d0881877e8b6bcfdf93cdeea
SHA512 07395db1dc686d27aa4459ab09ec86d8139c5875a2857e1307ece358b3d2fc819855cd3b38f4e58f3f3663cd27723550e5b3df38f46643aa7de01f39bbc0acb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 85beb9583800c78df39b9860f3b806e9
SHA1 6ec614c0368c56690bdeb8cbcdb674a3449b84b2
SHA256 ce695b06983672d27b8ca48acbc5f770627ce953ec937dfff7877dbc9fa0f445
SHA512 a310a44a2ec3790ace906e8873f30d6d714f942f756df330848ccf57ac3f78d54ccb06d48b41993adcfc427a7ed93b3cc0cf39d3777a69e7165f0ed38e324d87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5673d69c179284651d7c65cd99b58cb7
SHA1 899cca97d27b3f85e2f2b59e8c0a10e750416df7
SHA256 0828a83be8a112317bba29c6aa32d5ca489c9ad701d9ffc0cd24765e8b3c40de
SHA512 586d44decee3d7cd6c9488bfd96d04ecf28bdd3998b6da376c675026a7cfc41ae56bf4915992af227c13fa944898b50030aeffbb03ee4a838605d25afe46d0f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 db57be866ba649325f9e77659414849f
SHA1 1929f45d33ee7b22e0a0ea2aa0c6eb4e14d5c714
SHA256 6e4bc4055d5352466130782e238dbb93f172ecb5495a90c612a6e5302df962cc
SHA512 0e521744998c2b93ce5ace465fcb65ef3dfed3db6539ccb00a10a8321bb2d061088b352343116111a724c0c121fa9d2aea98201a26698dbc39352d0fbc5ba699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06111006-5d9a-4ccb-9e1c-4175657b1669\index-dir\the-real-index

MD5 7d8ad404360b5419d4c6b6c198bebee1
SHA1 648382c2e6c92cc8df8d4e45979c2ce007dd22f2
SHA256 2425857eb52c6776f949e2f7b71c1f53754237499cb976a52882f482ceae3773
SHA512 0d5a3eb32b48f3185c52c663bc01114bd667435be0b7f27d14d9455dd03271f064626e13b1c306ee8c70b6940d4fc28d477558279ec945d47152df105b0b6b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06111006-5d9a-4ccb-9e1c-4175657b1669\index-dir\the-real-index~RFe57a2f7.TMP

MD5 bebf8e7b9504bbc28864f3dd1f3874fc
SHA1 be123fc70d2e32ee05ca53d556732e573052461c
SHA256 c758f86d2d0d39e1453b49eb9888ed6ac63f9f40c0d06cd88fa8f3143f1ef8c9
SHA512 794d835a796fb66b71890ba7cad781468b31274edbbada0d54194ff158545c4f3ead7aac84ec138051044ccc741abd947aed65d903f003bcb46ea1daaec59d22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 908cbb55d6180d46a81cb1596887a2b3
SHA1 195da8e755ea6e876f0efa6e6a149c686804d216
SHA256 18b779e9da38806c033c5ec0e9211be39e01ed367cc3c018d8f05d083c4055a5
SHA512 19750c93980bfdcc94a1b42b128bf67c3eff541fb1bbc1f5f2c44b7416aa39ed58ca762ad754de1cee0babcea3a72cfa78d62aa10c0e818221aa602d921a9454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bacf296b-f753-4e7d-8646-a3b21d7ebd18\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bc628c7894bc9628ae10b6f11f4d4c9d
SHA1 1a8de9daf876d7cbc9fdad646fffc2170515966e
SHA256 22de2eae0aba258196864c787293d8cffc8a0cfb1d0af56e0118b6360e95a55e
SHA512 6c5d81f80f1faea332a952c8dcc066a1f12c9208a152ed453428374fe8c6733b1ef79f6bceaf0a078fd8ee71eef58a2ae176189437e91fc1847b2eebca02fb05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 61ff883fb6731a45e6b49bc7293a01f0
SHA1 77387675648cc5711013c32548ecc3bb135548b5
SHA256 ce99e4911bad5f49f12a3454143c852be7104abbebf820027df577d1d9f0215f
SHA512 7deeda0548a62c062cdabac0f9b2ba82719a6ee5a02185f263dfa38ac5f741b16529b7084b30ea67135771552477013823f6df1c59503d544c835be469e31529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 56bcfc292f5b13f996bcd9e3894f8e9e
SHA1 ef6491aeb70e32284da1b9704a9073e9bfc8b6ca
SHA256 f9872892acf766ffef419d57e033927850e47ff2d1bd111d0ffd353aebc5f20e
SHA512 385f337347b9db945795d7e5bbd84c1de99d7263926edf495c78e461371ca21732f9e693a6040af303ee4369624514b9a0568c86ee6c5e0808ef7c5517cbc300

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 82b27369ba8658071b8bd1d6225c7e17
SHA1 841b25262c82e63fff0a54a770d184ba1794f1c5
SHA256 712db373ff62a1ed4a7eaf61b2a9e124609cb48ccf3d691b2814f3488a4867ec
SHA512 4d79e5c879845356fd8b4db599720a919e52e6da9f3e31f281e9c75376f2d74c3e65386a3297ef78629369ff25fbaccb739c5f1c801d2058665e23585fb0e6fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6671db324ad9eedbb1de57388bcbf733
SHA1 e55795d4cdc052932c285617ef6d17c0c9cb18cd
SHA256 c120e24e62c50e07b84fc6578d905aed780bdbf6b6c9868b698925917d53a81d
SHA512 d2bd7ca2dce0b741a2f783d452c0f0b0b62d74c38381fdc1f22117d4e4c725ff27aa3fad0d972fcd344cce6aedbd9c91ab40ade25c3274dd1275e4dd30d90801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e845fb9854fad7ac634bfbbf1822c37a
SHA1 0e88210d92001df7a6e77d76c1ee54b5f8b91052
SHA256 8e0a0fcf0398db250a7ac40ebf70e2554f56150cb2c06bdd5cf7a8f8c656cee2
SHA512 e7a5e1b3de7d740b6c81f4bcdc140e9893e65e0e8d2afc021cf5546003f89fe2ebf8eb296a98637e987133a3e1b01595d7d79bfcc5bdf8e4f1a36df9f3227fe7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 61965d76cd4978e210f0017c3994e73b
SHA1 045f0f516fa241f9458b38337a058909decca0e7
SHA256 efd25f75d926fef59064b9fca45add6b12c1457663b6c924eabfd4e80727ca5f
SHA512 91af3d393c2d42ecb523be7269c3b146c8eba3a9686389dcf87863b74ad641059edafabd3b7e7950d72bc803a75eef421457f5f001f4d14d98981ca7ff149dd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 d413a36141874ae917b386dc6519dd64
SHA1 89cbf31338d134c79cd6581d4b8a344d5a8bfc15
SHA256 2985db0cb277691840fb78dffe693ccd3a1afc2269688f9630fe4fe3d128581f
SHA512 0d0289ea45c78c4dd78810731b44307bbf6b084f156e43566fa790480688fd1c6834fa9a0829379325d8729b5bfedd622fabeb051fb613881120e0bc54192463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 4a32390f2a0613e576710c12da01dfa0
SHA1 e3c96ab7684f5adba64a86829d580f1cd1acb9bc
SHA256 4d770224ea2a1b601f7d8a64401696305f846e147721f77b7d3fe4cd6e706da2
SHA512 17bcad18e406adbf8c0a3e071f62828784bf2adb8eecc4e7e6391e61cef0292353d17225327bff17fd84c9df292b83d8a824eb79eb77615d2873756bed5bdaf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9fb50afb636ddd61ee88ccd2b0333609
SHA1 dfa3d2fb98d526aaf7733e00c965ad452fac60d4
SHA256 12483bd6fa0a505914906ff3211ffabfe77b3c08c73bafa8179800a4172b4310
SHA512 9495cc2ac459c151369f15d90e931873e5e9c701294abf1203606bd78fdef702a70d39b5869ecf01790ae920ba066efecb3d44129aee334ddb1e7ddb42c55ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 76edd41146b65fcf4162b0ac32ae612d
SHA1 494866796f9a1242cfcb3c7e94575c35065d936f
SHA256 45716f3353c4d937947f632bfeea31900021deff0de68bec126a5e53916e244c
SHA512 309184cf44f4a82783321b20ac070f5964088a713a6cff089751f4c0f921769dfdf04b2abc9d8ef0156a87b29c80432178a6f9fa34095cfd2024ece31d5800ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d532.TMP

MD5 99274b1da51c8b7f677dc6ed396adf95
SHA1 13b0e9dd838b802f6d4d0418972973fb664f1740
SHA256 a921aac315248b54586125b863e25b44e6a74b0338d948fb5a7c000dcc202507
SHA512 b6a2dbdcdc0a991ef69ba11962a0dbab4b7056b90965c93f8d9f31346f82cae0247fcfcd1b9a4e4ca961fb45db842cc6afb09616af907010941c16d0502610b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f4a1.TMP

MD5 fa18cce58cca259be2a1ce9c16df1b6f
SHA1 648cdca1232bf1b8e12ec02353772acd56e8107f
SHA256 f8edce0c19e4314156b63f2e3870f2d7818cbe243ea8076a020805d534cba3dc
SHA512 6075a81e90a943a4154e4fd3e8d03155c4d1be82117e06c0e0ba942e7c6b38fd85c9dfc952744e19ac0172d16315136b64c4d743d715085791eaa0e610fb4cec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1e411b0cb9f70b8bb513f5b66bd88c90
SHA1 b16893c2348320ab9b9fc831bbf52bb21e459041
SHA256 ae507a87eba2546ebefcbcd879e7a46ea5a2d1ecc116c2aeb83b3c56403022ea
SHA512 3e91c1703883e97a4d80b50ea59afe0b92736a9a142adb1a0cb6ed20689c58227d841902373b7edac599de3d387f94c4ef29400d0ae895b90303761e0f4bfdd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d31698d0ae43027b9a9dc3c8df15ec9
SHA1 3cc0efcc0c6436c607f29040c2bd4719f96a0b49
SHA256 92944ac95bbcac1951bcb902bceade3c5bf9f994ab2c06394118213ba9cdd065
SHA512 043c94e542c25dea99fe5d199e91e936a88d0e50189f00502e6d735e09ea6a79a014329aac744dc5ad07cc9ec6e56571e06f8ea9c163a6f4087a8fe6ae57092a

memory/3820-864-0x0000026903AE0000-0x0000026903B00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6b43979c-c535-42b5-a86f-2eee39ece61a\index-dir\the-real-index

MD5 74583f6e8f55104b0c6e0e9fa22380c5
SHA1 2ddfe3f236fb0298213a616ad113e606ae646e44
SHA256 90256f8d8b7187db1d95d73ac11ad43cbe5921dd6c90ece425974502ab4e8c06
SHA512 69e32e3dfb437a59e3c186a34043f2a9b3d5d3d2a6f0ac4890aa206835627967e25ab59677e629e85eaecab8bd6e251b41e02edd19953c102c7f6b666fafc2e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6b43979c-c535-42b5-a86f-2eee39ece61a\index-dir\the-real-index~RFe57fbc5.TMP

MD5 8abe9cf7b3af2524e99fd480936a8686
SHA1 bcf131ca75b622343c60f90472f22d2faa29c1d8
SHA256 c038127f61f828eb7c654b05f4715c620f505da3a5b6bd2c782e6a77cb5a0b3c
SHA512 c8eb884bca17583240332dc8e2e3478ffdfd92cfd8bbfe842f00575bf725691ef20ebeaaaeb16e9d346d57a500bfb58516d05d61bb1271fcc060fa2a871c83d5

memory/5992-923-0x0000018F0D170000-0x0000018F0D180000-memory.dmp

memory/5992-939-0x0000018F0D270000-0x0000018F0D280000-memory.dmp

memory/5992-955-0x0000018F155E0000-0x0000018F155E1000-memory.dmp

memory/5992-957-0x0000018F15610000-0x0000018F15611000-memory.dmp

memory/5992-959-0x0000018F15720000-0x0000018F15721000-memory.dmp

memory/5992-958-0x0000018F15610000-0x0000018F15611000-memory.dmp

memory/3820-1029-0x0000026918240000-0x0000026918260000-memory.dmp

memory/3820-1083-0x0000026918280000-0x00000269182A0000-memory.dmp

memory/3820-1124-0x00000269293C0000-0x00000269294C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 86aabcd599469e9631f72f8a7ccc0eda
SHA1 155c5dca2977587a21e4ca459c9031fac824bb16
SHA256 18726715db1f4cd9531aebd8456fe0713c7f68e1005f506803d48346c9fc2f36
SHA512 bcfba0968a5bc9f86a32b96051a1643c074ee7153cd267d8d006680b33948798049a570b293458c960eda24bd2b99fcba7aa41a0a45b04aa69fefb3945110b6b

memory/3820-1047-0x00000269286F0000-0x0000026928710000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06111006-5d9a-4ccb-9e1c-4175657b1669\index-dir\the-real-index

MD5 1efc4b9de534d3f045fe962725df25af
SHA1 85af13853f42de1f535907edb4fd7a1ff01f1898
SHA256 28b6520c7059b9f952f41a96d9e6bec89f1062cd902f477e382efdecf4833322
SHA512 692d73ba218212bb81b23c58f5866e656c388caa9426214c555646477b7992aa8a4c40f3731b95bf65c73da5f021503446fee89b48dd47a39c13e1093c23e556

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 de27f15a4ba2946f04bd629b617aab9e
SHA1 4e14e7eb43e2d194d2adfaffefca48735672dc3b
SHA256 65c97bf78f6853a780c6b89af09d91ef903a818253beecf1902cdf1da3308d5c
SHA512 29562fed21d7d0ebf144e066234757a65dca3a364d5386956f809d44cb4e1c83623d56097ca3fdeed3ae45e0b673021da4295c308b0c05ae331cd47a8541df8b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SKAH3AI0\login.live[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/3820-1822-0x0000026929800000-0x0000026929820000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93726acd-1324-45e3-bbb8-074f989b9f88.tmp

MD5 ce6ba0644372b40bdfd86560f16805de
SHA1 e2ca4f0e37fc022cdaf6833c74e81328915a40de
SHA256 5ef5d4cb416c8797eeed502992cbe89e813acfe6accc031658574a33a906bd63
SHA512 a91f8c1a8946479f917a082c1260390c45e73da6334c650dff1c668bb778a3a5d95f37fcc01555aebd6404ba97bf40d006ff78eb247dc2ca060b0d08131073be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 35142dd4393efb0d179d354ec86361a9
SHA1 2d12acd35357e316af3d72b4efc14730ea74fe64
SHA256 e04bf8b8d2223bd2a6f517b692cc96e57530ec88b55cb2d6727d2a41bfbeea80
SHA512 875074b87cde28df8c66f722b0fa07dada047af50795b13b8789ab536b92f0c064e833aa0622e91b90ff566c85f1677a10986c5decf3b79975c5c010fd796326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 92722f8e537e705ab7615e4a292bc777
SHA1 a1ccd6d288bbf8bb7077fc856b2c8fc4e20207a3
SHA256 0b921428afc94110f52fb1cd0be8f3f297dd411d9cb8b9cae9b4314e0f063f50
SHA512 926758b2cdffda89cfa2418882c21684d1fa3d037d780c24d711e90864aa9e0b681854e79c7c84a49488f9349c46653f539686371f15e0fec0cd987fca6345fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d2c5e89df4970f7855de69672c732175
SHA1 fb927ea59b745937f0c76911dc97f340942662b4
SHA256 f5c242c8d756dbdf3890af06e89a190d0b6c2582816b7046470046bbbf22e781
SHA512 f40af8e3295114df8bf7ad7d1a51f5b0492022526fbc4aea9f6c1b774133c48097cfcdfce16f8faa099164af71f19fcf3a76f6ef673bfe077d5af260ff353e44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4cc1ee11a40f1706cb508849287c5220
SHA1 7a5eaac1224127fa5c7cd550448b1ae00a3172ec
SHA256 82fb036fe76e8a2fd98bc439d3b770e22cbb2f994d9359880e1a9dcbddbbbdb9
SHA512 811575a302044eae0b86a4bcc836feb3e0957f76f437d0a5786ef7c2a80f3f170884b9ecaee63401ad4968c069f5bad3fb3a22698288837935fa4d4f04adcdf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07b4450c378f5faf6338dd2313435212
SHA1 3b7d7451afb6f9b5f1d2daba6c23deb8e194db2c
SHA256 45dee620cdc3420f296ddea5408f61c88b7a5a833b9ad0797f1d38bdf95ca634
SHA512 8d82babbd37463eb3cae3806b16a8de58d4a3f3a7854a80cb0045bd887f40947b02d50c60a22fdd38883ee9660d756467526bd56ff6f3e22ed968640a4ab6418

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b947111854e25ddce51086a33a33f3c1
SHA1 c6415af1fa91d041dad91419bacf812a144f3464
SHA256 e616b7ba484db4cac3db8bc49d9d5825ce7f64ab6b993476754ca39e0bed145d
SHA512 9c60f3cdc87719fc414f38ffb8ea6f06dce3d27034f69820bc8fa2a73417cd8cb431a954da0cf023af2b2749d44cd6ae13b125aca4eb20db1dfd61fcd336138c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1caa4d548d9853c4ba7aa4cb2e8527a5
SHA1 5988a06a0354b5a29ecde19429897b797b167317
SHA256 f0ed1d32723ee5197e3731388be4f71be0ec8b2239f594ba8fa2d9cc84f3807f
SHA512 a73f8001bee3a02a5cbdf20508e3c8e7749138433cfd59ea71d993936142e920977931f299a7f28e75a668a479cfb87d84281eb931eb87628db57ae126945b95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 eff3ae6bff90d0efdcdb8b839f5e85fa
SHA1 1159d6f4dc288b23b8819067c7d6c0580bb43a1a
SHA256 945ca1a8663f36c9e782e9bbc9c3add83e6c0dd05889c09f521dc7838f7a8896
SHA512 9b583f5a51eb850df1c3d43c021c336794c2420555ff50beed6b20a93a2f32bbf6bf468a96506a9eb082a830939232b30d90f32197e3f0f9ac4068f513ecaccf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1be264bc7da53b86747371490fa61566
SHA1 8effa3d1d7ac6d6d2345fdea6008c46ba9a48b74
SHA256 482c9b40f692c4973c92fb99a1ca3fabd598ae1f3c4f3d5684081ca1b8b96c10
SHA512 48ea1cb5cf2fbb0aa8461914397f579a7109efbfb08eef51bf2b7cac25fd96b805e0420c0cdcd67f5dcd83812204b41585a6e8c9bb40f4c3b54a185aa4024d4f