Analysis Overview
SHA256
fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
Threat Level: Known bad
The file b28242123ed2cf6000f0aa036844bd29 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Enumerates system info in registry
NTFS ADS
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-11 08:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-11 08:09
Reported
2024-03-11 08:27
Platform
win11-20240221-en
Max time kernel
1017s
Max time network
1029s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2C1D.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC41B6B1B\MrsMajor2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eula32.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2C1D.tmp\eulascr.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\eula32.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\bsod.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\clingclang.wav | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\fileico.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\runner32s.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majordared.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorlist.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\bsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\rsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\GetReady.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorlist.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\NotMuch.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\Major.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\WinScrew.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\WinScrew.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\runner32s.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\breakrule.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\CallFunc.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\DgzRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\GetReady.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\breakrule.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\cmd.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorsod.vbs | C:\Windows\system32\wscript.exe | N/A |
| File opened for modification | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\fexec.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\healgen.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\RuntimeChecker.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRunReg.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\checker.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\excursor.ani | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\thetruth.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\example.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\Major.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\RuntimeChecker.exe | C:\Windows\system32\wscript.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\regsvr32.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{4C7CD938-CA6E-478C-B72A-E020FD6F109A} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{B84ED09A-4A2E-4779-8A89-1431745BC4C3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor2.0.7z:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 157831.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zOC41B6B1B\MrsMajor2.0.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1508 -ip 1508
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 460
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0x104,0xdc,0x7ff8c23b3cb8,0x7ff8c23b3cc8,0x7ff8c23b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2300 -ip 2300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 1452
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004B8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3296 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14725178794500465302,111895992563588031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.0.1089829640\87034683" -parentBuildID 20221007134813 -prefsHandle 1752 -prefMapHandle 1748 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac9b22dd-6e69-40c8-a27d-2bc487f744e1} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 1832 245ff2ece58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.1.1825300327\303572747" -parentBuildID 20221007134813 -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdadeb37-c7b1-4492-aa27-f62d29d5b511} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 2212 245fee41d58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.2.273600884\637542475" -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3056 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d90b390-354b-40ae-b91f-7d79d6d22685} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 3032 24588cc3558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.3.1356962394\1062609872" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {260ca00e-24dc-4357-88d0-fa9114e7236a} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 3460 24586322658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.4.1636774196\1115307315" -childID 3 -isForBrowser -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3214c6b-87c3-401d-b7d6-37480a0ca603} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 3448 2458aefe858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.5.1173138528\1590319976" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 5048 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {186da7be-1539-4b17-be9a-a9372d5c4e87} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 4456 24588c7f858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.6.521901782\2002939034" -childID 5 -isForBrowser -prefsHandle 4456 -prefMapHandle 5264 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd249070-baff-4a2b-8ec1-d189a4e90cde} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 5252 2458b1fbe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2760.7.1428495669\1314358951" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5528 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb7d6659-cb3f-4f5c-9eff-a3b5b599891b} 2760 "\\.\pipe\gecko-crash-server-pipe.2760" 5540 2458b1f9a58 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c23b3cb8,0x7ff8c23b3cc8,0x7ff8c23b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\2C1D.tmp\2C1E.tmp\2C1F.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\2C1D.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\2C1D.tmp\eulascr.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\MrsMajor2.0.7z"
C:\Users\Admin\AppData\Local\Temp\7zOC41B6B1B\MrsMajor2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC41B6B1B\MrsMajor2.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\630C.tmp\630D.vbs
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe
C:\Users\Admin\AppData\Local\Temp\eula32.exe
eula32.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,6389388615841963674,2945957008741191181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1348 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| GB | 92.123.128.192:443 | www.bing.com | tcp |
| GB | 92.123.128.192:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 192.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.78.101.95.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.174:443 | r.bing.com | tcp |
| GB | 92.123.128.174:443 | r.bing.com | tcp |
| GB | 92.123.128.158:443 | th.bing.com | tcp |
| GB | 92.123.128.158:443 | th.bing.com | tcp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| GB | 92.123.128.166:443 | th.bing.com | tcp |
| US | 104.21.95.69:443 | youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | youareanidiot.cc | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 88.221.135.105:443 | aefd.nelreports.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 88.221.135.105:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 44.239.242.57:443 | shavar.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:50669 | tcp | |
| N/A | 127.0.0.1:50685 | tcp | |
| GB | 92.123.128.184:443 | www.bing.com | tcp |
| GB | 92.123.128.184:443 | www.bing.com | tcp |
| GB | 88.221.134.91:443 | aefd.nelreports.net | udp |
| GB | 88.221.134.91:443 | aefd.nelreports.net | tcp |
| GB | 92.123.128.135:443 | th.bing.com | tcp |
| GB | 92.123.128.135:443 | th.bing.com | tcp |
| GB | 92.123.128.195:443 | th.bing.com | tcp |
| GB | 92.123.128.195:443 | th.bing.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| NL | 142.250.179.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.142:443 | redirector.gvt1.com | udp |
| NL | 209.85.226.10:443 | r5.sn-5hnekn76.gvt1.com | tcp |
| NL | 209.85.226.10:443 | r5.sn-5hnekn76.gvt1.com | udp |
| US | 8.8.8.8:53 | 10.226.85.209.in-addr.arpa | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 100.21.251.158:443 | locprod2-elb-us-west-2.prod.mozaws.net | tcp |
Files
memory/1508-0-0x0000000000400000-0x0000000000443000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7c194bbd45fc5d3714e8db77e01ac25a |
| SHA1 | e758434417035cccc8891d516854afb4141dd72a |
| SHA256 | 253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3 |
| SHA512 | aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1719eeb2227021ec548c9eb6dbcf5397 |
| SHA1 | 2b475f1a11799e58c815cbd0c5f613316375c96b |
| SHA256 | 956cbe6f001b9609eeb2676c3566f2d2d3613bce4656321307db56ec81b74e8a |
| SHA512 | f92a6281c4a2cb99ffcbc5e10cb8911b3c1dccf4085eee760d6fe5659a4ecc1727e07dd31c28ed766cb407792e9caa577322173d47014443846b0061ad28f5c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | caaacbd78b8e7ebc636ff19241b2b13d |
| SHA1 | 4435edc68c0594ebb8b0aa84b769d566ad913bc8 |
| SHA256 | 989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a |
| SHA512 | c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc |
\??\pipe\LOCAL\crashpad_2056_UNLBIXCMDHJSOXEQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af3da21fa9756c8b58ce7275f70a38e9 |
| SHA1 | 592c2b3003a799205b4cf92a8762cc8198fbd5c8 |
| SHA256 | aa23101e293f992c14cfc6be65f09ad4a2aebb2971bebf1b6af62ee3928c8119 |
| SHA512 | dc1dbe4780f579bf14f7323cd79ace8bcda8fa98dc2cb28c383ad08be987751190384e8da72d189264e3e0fac0bfa9f17729e0da8dc1d261cac8857baeffcce6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5925ce9d608be445989fd7802d3e754 |
| SHA1 | 9692faa059d6546cc0f253f9ea5ed5422e73faa0 |
| SHA256 | 4ce6f45b94e3eca1c3dec474814df342242b28a80ac345b19b8b5d1359db3e32 |
| SHA512 | c01c50eff9c443ab69137d48b3aa700b9ffd4e3a2ead596e1f08e4d67c7dc921be3c00e7163f9953ae951768e266fe0d445b20af867681bb8a5e15f301bbed00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea006b7327e8d0d98391f440eb4db394 |
| SHA1 | d3450a9af4c63d0fa01637ed02574d55ca35219e |
| SHA256 | 716ef7678dd76381331a13df031fcd3ce700fb08de32906609c6e46f2fee6f72 |
| SHA512 | 33208ae05301c5042808acea7aa55a9bfb1c36f99dfb74931537d62dee2b8d6f19e597dd2e137d7153e456937d81f340bbe6fa4bbdafe5231a1c0de504f23bf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bd46ca8d673ec99647ce584b7953dc4b |
| SHA1 | 125462efe2f667962ff1e8881ec8bbb60893dcf4 |
| SHA256 | d4ee91a1370fb90ee49b27c4346ecbe3654d27056b9aab2cf83e7e68f615a0ea |
| SHA512 | 0f05e96da4325be39681c78120338353db4ed11b175ab5d62c07854c46ca55b1bd0029dd020a9bd2aaf8943083bf8edd9ee5a6d173b2dcc98371bc90a2652206 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582805.TMP
| MD5 | d17021d8b9d39bbf10894bda4c362bf6 |
| SHA1 | 8ef8f54ac941810d105500d080a71d507cea7959 |
| SHA256 | 385ddf002e456be37dba59c58727bf698450434f810675a986687895608f16c6 |
| SHA512 | dd73362a34d008fdc0072bc42748f29ec1e84ec1d05f91ebcba796b0395e3ce3390722df672b45cc2a5d864191573bef3b2efad03a19270038db23c45127a98d |
C:\Users\Admin\Downloads\YouAreAnIdiot.zip
| MD5 | a7a51358ab9cdf1773b76bc2e25812d9 |
| SHA1 | 9f3befe37f5fbe58bbb9476a811869c5410ee919 |
| SHA256 | 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612 |
| SHA512 | 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d |
C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9eb2f2375fa88085936ef90fb038e08f |
| SHA1 | d61a394a3935c59f3880b4232657c7778bafabbb |
| SHA256 | 2bca0b31bb4ed6953c1f0caeeb84c3e9141ec816f755e98eeb526f1d7d6689d7 |
| SHA512 | b83f4c8ac677443a8b169ca6e3b24446ebd0518f09b33c9024122f57d20690c1f58babe748cde53c42fcb04aaa3bfcf2976336bb3e44ee02aaafae25fe453180 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3b5c3f0d0162a2ebea07b746427f91a5 |
| SHA1 | 6e15941dcb68c71c35c98e3166f54a3a2adbadfe |
| SHA256 | 072df953dd05c596704534e44f178520381416425179b07b4f7cb798a99da5cc |
| SHA512 | 2881e909512a93b5b1b833a9e2c28e72668e026c3e06c9873ff53ae0ad5a053a1a642bb76203e331724771da5201572adfce3b64a0e68bf54d0587d5c09b9cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7416844302b194b29ce38ce676fb821 |
| SHA1 | b2d3d4a3e85973cfcfa75fdb263281feb7cedae1 |
| SHA256 | 4216ef2af6aa10ff91d1d7f9f0db9e8207e219aa6726bd58a5a472a7a8b7a048 |
| SHA512 | 3ab334feadd288ddaf8158527632db5bfb1641ef53d65b5948c5ca79886a6f48eeed75555f2082b2c80dd7ddec9a46d5368435fabdb20befe5cf7b46c4e1c831 |
memory/2300-418-0x0000000000FA0000-0x0000000001012000-memory.dmp
memory/2300-419-0x0000000074920000-0x00000000750D1000-memory.dmp
memory/2300-420-0x0000000005A70000-0x0000000005B0C000-memory.dmp
memory/2300-421-0x0000000006120000-0x00000000066C6000-memory.dmp
memory/2300-422-0x0000000005C10000-0x0000000005CA2000-memory.dmp
memory/2300-423-0x0000000005D80000-0x0000000005D90000-memory.dmp
memory/2300-424-0x0000000005B50000-0x0000000005B5A000-memory.dmp
memory/2300-425-0x0000000005CB0000-0x0000000005D06000-memory.dmp
memory/2300-426-0x0000000005BD0000-0x0000000005BDA000-memory.dmp
memory/2300-427-0x0000000005D80000-0x0000000005D90000-memory.dmp
memory/2300-428-0x0000000074920000-0x00000000750D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fbd52b25fc12db37ed5076da9262ffb6 |
| SHA1 | e28aeaf353de7472ed6907e95bfb0b53604bf508 |
| SHA256 | 76d94db4782aa9dc1d6e5aa01aaab80dbac838adef29b96fc2db58df522bf674 |
| SHA512 | 4967ec029db052f3006af0d6e364d42826bc9cdb462c236163bd29cab9161114af078ed672549e816146af3a8094a64454d6a58bfda3dcae8c422246d299c8f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 1fddfdab08937ca30e43dc454840c64d |
| SHA1 | 25af586ab7462e30465c9306426062b9d10bd058 |
| SHA256 | c578d1b5c5f608df3926d2658217ae728beace6455244c0cd9e3e3d15e455013 |
| SHA512 | b0f5666b0fed1321f525f72b5950b8c694032160e6e5fe101201f4fda3ea3c04fae226a997f949478a93705c8a2f25e3567eb69e35dd7bb6bff85d4bdc481fb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | f86ce2628602974d4a9d5d06f04aa5fd |
| SHA1 | 87954f89c760c24836909c305dc359c6de974488 |
| SHA256 | 33c09ca0cf367dbb24c92a6b0f14f017c0b500df9a2c5de292cdf5e8bce87e6c |
| SHA512 | a1319c15cdc4063b99e7c2de939d63302779fbec9b0ca4f48d2428accaa4df7643fede261076292f0de1fba907beda820188c0fd7b4aa84506b77636aabe0af5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07f6cac91ed9a3ae303b6155ec08ba88 |
| SHA1 | 1c220df43b11c25ef59172f956f05e89521257e9 |
| SHA256 | eedaf311986f6bc4e8053cb26f70368c7571171e9e8620da512f46434e7792c1 |
| SHA512 | 406da959337c964478f671e4d381c9d73108da4c08d7fa46bcc2709830c2460ff6ea0a0d487cf28b3862ed64281939ae02cc43514a1be84a8be995e7e2e34d12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 133ea1e6b899cd1041ffd6e784c76dfb |
| SHA1 | e27211c9333f3063d43ea9367fc9ca88f6a11905 |
| SHA256 | 14f2091c7ccf691dffe121f99831d9eac26dc479ad8ac391ecc869e018fdb20f |
| SHA512 | 71315c60b3d27fe121821b8663ba6b1c35b64a8ebc35e0c08deeabe174a55e7df0c4936ab422662e87fbb1f7ea63cc52b7740abef3e36ed3757478bc1da6e03d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 9901c48297a339c554e405b4fefe7407 |
| SHA1 | 5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e |
| SHA256 | 9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2 |
| SHA512 | b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7028b14cfe96869d9696f0a5acda08be |
| SHA1 | 965d5fa39544d0005cb5394668cee7603ba730d2 |
| SHA256 | 37595d9b14a2a027b0efe8f2f19b8b72fedfd4579bf1501f8d68f9b3af0f8a06 |
| SHA512 | 6360d79fc7e7e00c1286ac05cef63c2cc72962d0106641a1877da2d30a7b446e9e9a88c4e89d72827e849a67b8e4c55b084e2af987afe9fe8855260260622b10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 669460979429af210e0855d8f593466e |
| SHA1 | d6424dc1c39499e61eb93648ba2e89b9f33c1a31 |
| SHA256 | 052043fe4508253313fc841b1236c2ccb1223184aec7b31314b9386d48d57036 |
| SHA512 | ba62a56d5e00c0ad78dc5b85ebd5190bed2e770482b33131a6204f657028400bd46b444a48c5be91b7777712f9a25ff4d77b13315ac89d593310cde69db00638 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acac6aeeed0ad969f23bc15eca5f6d29 |
| SHA1 | c72529a9052747ec57a78161dd9427885ac91171 |
| SHA256 | a5cc6d6a22f1ae4474506e75ca5fdc855accc50109382d892c1fe87f3dec835f |
| SHA512 | 603540003854ce28c086ae1f0086d19c45a5df4ebfe186c0475a878c54206b53f5fe817ab2e955583cc944ee8d639dcc273f3730b0f62f5b6466928fc2356820 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d65d08b3531a3c53e566e06924a9faf9 |
| SHA1 | 7373f8231add10b40b64bb553148927314c87a12 |
| SHA256 | 5469c290b1ed71010d7baf1e664b47ba9a63ec00865eb2f3ef7d54d90233d083 |
| SHA512 | 6cf5e1c6170f134158a571ef1fd63c0d16df262b6c68539dd0d360e275cc38c52f94f9a2f815863270ba08fdc2a3ab34eb8756a55480fd5cf02870ab6f590eb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6207bd0ee39accfbfdd3eb3c484ff407 |
| SHA1 | e5141695303fd52cf1e514d4d5e72c2bfaef2674 |
| SHA256 | 0b681adb7a7b93341dce159b4a2a70f3b36546e126edddcd47b7b5f9848677d7 |
| SHA512 | 13051961ba2445412d19b8a813f451da796a05ae3a1adb67eab7db6ece0509ed45d26886f91fe84b3cd39eb11e37a28e6cfd52e7be799f9ead107db8e40bda16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 56344c1ecaac25bcd8f6a0bc88944502 |
| SHA1 | 54741983f11ab24b8a509765e9369b1287724061 |
| SHA256 | 312cd3095a65667cc91830080f588996f62d73f77e9726666cbdba8170db7517 |
| SHA512 | 1c75765474a368ece38a5561497b1f1fa7e90e5a0dac98764586b771f3ed5d55deb0f2214d23a76c60a77efc586699447adc1e92863ebaad6541108adac67268 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\datareporting\glean\pending_pings\79128931-1a64-48e3-8a71-af913899acae
| MD5 | db2bc7d09d9b4149c7d2e068c32b64c8 |
| SHA1 | 3c80f5e08d00f09609cada7214bfead60d85a924 |
| SHA256 | bfc582843ecb3bec6b6a3d72c53dadb318f5c0180326646817fd23b5fc5154e2 |
| SHA512 | 4cce1914bba6481e1f78ddb728a0ebd88350ab3245dff9049ae7eae5d8d4024f0530a0fb79de2138b2716f6e2a47597edfa23a25bd33595bb9ea320387e5de2a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\datareporting\glean\pending_pings\edd879c7-3fe7-417d-8a50-0cd3768732ee
| MD5 | 16548be609288d1dab2661451c3b4e04 |
| SHA1 | a6c31841ec665703a263ca290eb3a9656696aa8f |
| SHA256 | 059e561a4a07f58780d5f9045d350d6aefdf92bb6c80a4b0afa4c1e1ed01aec5 |
| SHA512 | 9f9f2dc9883cbbf1948a70526773770bc1229ce8fbadc4279b40de544706139cf9596086dff89c6bc5197d0bf098c6e370adca8a5f5ad6f11884941719b253e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 13e02b0b84451ac40fa50997785ced38 |
| SHA1 | 2716c11f0df9d0339a15b9c4ba5e98f133a22b1e |
| SHA256 | c328bce71dda661f89c1658642dd23d10561541f01d1285e2711fa0cad0c5657 |
| SHA512 | 293908ed1fbc97bcec28c1d4ea5859ac580b176f6c6cc0b5c4ce2be7f6de778b240d8098a63806e2a0b5400a3c601cd0e6701b644ef7abaae46e995511ba18b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs.js
| MD5 | f6f0e9a18f5160f2fd0e778759cb6a8d |
| SHA1 | 165b73af3410e5fefaa1b7e86b7833158134f6d0 |
| SHA256 | 6c1022dabef211673f7ce575273a68d241bec1936a0400330ffbf32bab6b6c4a |
| SHA512 | 5be0456d5b0c27d4e4eb5898aff6f8cbac9c78f56194089324a3c76741a28b9f2d2eda900cbc5b06d4a0c0fa169d554a7560fbeb77390400e47e2fef562b831b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7ebbc879382a384d588036b3c73dd94 |
| SHA1 | 2863813558bc6919d36cb93c0b3a71f385c4c5c4 |
| SHA256 | e84eb04764b2691e9ad0b2e772e46354d2d4951c6e8ff9ffc7caaa9feb65d101 |
| SHA512 | 13118c8ba6a28c85f8fc2ce364cfacec796ae4ddc8c255afb65e833a25bcf4dc3e316300c9effe71a16cb4c01004cf61d5d39db2e77761a710c7adaef6aa6c56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 750cfde81e378c918a1055d50d1373f0 |
| SHA1 | b223512a61d944f842c25126ea85a13a01136bf9 |
| SHA256 | 5865ef5bbd218e26d4b43a3ad6c8da968e6c5aa06dc4956c8ade9211d815aa52 |
| SHA512 | 40c38608432a35021ed188e8f6d4f19e71ffac2970603a0c8f22b6658a4b9f3afc034a111cb9257dd88bfd119125bac947de4b75f3c361e5b01b68b18d3477ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6916add67ea02f0232815d1bf100a2b |
| SHA1 | 1589c5a629f16767d1b78b6d168af79603fba783 |
| SHA256 | a3e1d83785bc540579161384e2f6b3333ef0129d38f0a8fc683ea461b5601497 |
| SHA512 | 54ba63687f6d3be02d623753ae88256d487b4e0e811810933b542625ec9ee8030250becdc5f7c942d252a995ea1a2ced0ac61b7064d81d1a624b0573ee2ce581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 97a869a04e60e862fd3d54aabf7633dd |
| SHA1 | 97b70a205e234264b956811e3421a0bd9d47ab7b |
| SHA256 | c474a0b019c7626c236ecfe46a0d949bebd5762c6428465f2554c51953f1106c |
| SHA512 | 549d96a09582052b68622291d806a43721f301bbfcb2b1095f7b12555a2a93f08c2c456c757e5209615ffb85ae5a65b69484ed3c8c9a5896486ef8b9e5cee84e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13354618196915488
| MD5 | 85a1a4dfcf016dde77bb8b098072663f |
| SHA1 | b1a210826378f183ac20355ca2d357dc564b7e31 |
| SHA256 | ffb123c8ad82aacdd112fdf912c8de856be91f5c84437f3c6d01648ec9f8205c |
| SHA512 | 9385e13e637ef9224bf86110d16d0299065e9a82846985c07c52ae62bf30735ff934bbda6c7e27ac7f4f9bcd534c78e35ef7a27544c35a0cc578fe8b5189f7be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 2767fef6aaa66f489ae1e86acb2153a3 |
| SHA1 | bef404b8749b8ccafe468b74d88ca3985a1f0e55 |
| SHA256 | cdb6401f6b237cd1ea713f0ec85b0f58c4939fbd126dcb3d557dcf9428ff873c |
| SHA512 | f84e506c8db6c40a6e2ab4772a938bb75aaa57ba03d1de819ca81273b995f1b1c4a32c4c0a5508f48f11ed60502d4de8269c1ee355ffaf7dc18b84662a2321f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 391026085d665aecf950cabd52b47180 |
| SHA1 | 11b0cd27bcb041d47ee45be61889df129da5c28d |
| SHA256 | b1f6d1ff7f2840a475faab0423de341ee2c47cf758acfd9bccf51af295995e2c |
| SHA512 | cf29a6f5a6b4b7e1e7db21dbc3dac2fd2368e94cdfc6897207aa2ee850602bf3f1c8ba0442a25975ac1d6aa2ee5c4e32a3cc0dfbd4d4f2b3a76ed7d02c69df26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 45f3dce9aba4302613b15641d417cef3 |
| SHA1 | 989c908e6aec0832f25ff42bcfc0d2f6499643c6 |
| SHA256 | aebf950d1c9a064f1a72e31fb96ef2d336d7553a97cff4b95651af52bb1c45d1 |
| SHA512 | f894feebfa4f50251079366856c35bbd9964dee36da340586c725b9d0da698847b2ca2e64f00d0ea739cecd0d4518be2dd9c3828a7b5cdf4ae9fb8e632d651fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 548765bea2dd45e80668a46a0e53d432 |
| SHA1 | a1eb755e1ff672dce8aa617d8de6f5c524b0b4a1 |
| SHA256 | c913eacb1d091f3e9458eedd7d2bc4fd6c0d3f94d364b70697386e72fbfe63ae |
| SHA512 | 175b0ac90df9abbdf37cdaeb2379c7fd3cb1a47edd11fc2036fd8f4a569483adaa7b8dfd42de62c360854a3c116e8ecca747c400f91a54a25e97357f2b4e74f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 5233e7754a53cb34c4203149ab9d424f |
| SHA1 | 44e235c674f10c842e4ba74db8977d0b0e9436b4 |
| SHA256 | 7a873242a18e5224e842069920dbc77675e32c29bab99393c995c74480eca163 |
| SHA512 | fd26b012aebc817ebd76757e97227115726ffa8143996fe07891594a20c1bd047b42d71d9ce2c49e348b1ba85a1117ed5cb31bd53185e436d255a906c7ab7e7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | a36a7ab21fdc5f00267d98028201e85f |
| SHA1 | 4db78dd4571c207d682a69e2c1cbbaaaacd6b013 |
| SHA256 | 493b2fbefd8434351f532965776f188fe71e6d411c017abd5b82ff173669000d |
| SHA512 | a6043fee11c6e8faed6d11e7c0720c2660171c319c3b99b16bd4be39911ddd810c84c437a8773d28b85d59a67adde849d778ead4765fd1117fc7a41bd319989c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | eead1ab4de349a73069f4e8b554ac2ea |
| SHA1 | 7d5d134044aaa0c0c01b84deb4ad2d2599a7aeed |
| SHA256 | e8139c1a898af034d3580f4f7e80a6e1eda276a2b21dfd0b8b66b6bc53a4dce1 |
| SHA512 | f71f8d107996fe885b09047359cd0c9e209f99b9125ef82e6464472feb6c0c2c4f0610402bc158861609ca450544fb1062fde1e417a0ebab34cd343da016eab2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 2e9f0cbf4a04b89bd88688fb6ae40a0e |
| SHA1 | 7aabfc9f409aeaca7157d17d35fe23a61b87768f |
| SHA256 | fff54500479004b9bdd0da87fef7bb0e4b1d783281a0689c41048d895a65f305 |
| SHA512 | 1cbf1dc19c876e5d96230a211da0af88ff9b82fea7cb6dafc83be991d8477e3758513163f26d555115d6446538167360384047f228e0f012f459f846b37ea276 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 1ac3952026b18ac83ee243b8b3eeba5d |
| SHA1 | 169ef0d2bc9f9265598a2693716790646423aafc |
| SHA256 | 110c6c99de4b375814752652ff111b41b839b85c56aaf2b3c26b6e3a81ef25e4 |
| SHA512 | 6dc9f16df08d2d86460f0279740fca52b6f74629ebae70bd0314b0f879ad988d8d3e03b20a0e225ef56561e2313c5e204c5c1c2b82c2cc00e255e4f5651eb8a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 899583b7958f8cdd8bd6119c69c388d9 |
| SHA1 | 2adc6c1e3c64cfc48a4efbb189c84b8856bce6c7 |
| SHA256 | 583743bc2ef873c41e028d33de439538d1a2099c7339ee888102a230c890cc76 |
| SHA512 | 32aa84c358a30af63c3a53ff9a0b54b3deea8ebab04235198c07cc20aaad915efbb39e952188b9d87093f157313b3af80e76f50e6a669aae73192cbfb38d8bf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 66c0fcf146d12d5a00a10f6eb13b01a3 |
| SHA1 | c4b0033a4a3131e01b6728d2d0b2f549baaab2b3 |
| SHA256 | 05cc595271d8db82e387903d523a17b5b4fd0687505608945a0ac6ad64344589 |
| SHA512 | 0785403d7d39de6155b3b367b2c6d83abb62cbffd7ba5e47f35ae0439714367a0f5bfd5381caa6ae58f74af97c21ff111ba79210a6e84fa77858e5d359ea26c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 4d6c0f0fc0caa847616ddbfbee50c224 |
| SHA1 | a5e774d77d1067ec720caa5f00097dbe3ff2ddf8 |
| SHA256 | cb61757828ee8d76bfc0e8562d1a0015db6d73bdcaed9169fbfdc1e1f416beb5 |
| SHA512 | 736b5394ca0f62be460667c8558874c258265f473b5e6b298c3ba1c4eccbec6ecb7b4aa1fc8032150f8a7cfa05d0f54e038026ce17798a5e9e4df947be24c25a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 52af9dbf4f1ac5a482ab9e4515690faa |
| SHA1 | 4ae29bdd281889286c0426541788be7d9a470190 |
| SHA256 | 6ce28c64a2c4c6bd22e681475d8a15e2cb6305287a6ca9657b4b36dca86a0244 |
| SHA512 | 39a433d1346b24c3356997a86350fbf3a1690be1818dd211a542168d034f18511e41a1a1a528f5dbbe7cbdcb2a6c70000d74f19e75cdfd036d28e68d14fcf7f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1a44f39a37cd8c3b88ed524ea1056d53 |
| SHA1 | ce0936191d50a68e9a534b2db7f1ad936ff2070d |
| SHA256 | 84755d4164217227212a47653874f6d1ad7899760eeed1d1215d6e2d5a3164e0 |
| SHA512 | eab22bac701c4b8193f6e61673fc4d9461b7e9b4381e7694f19426ba78edc289a800332ce595dd9b6f81c9a0c90e56dcbaf1bc0bbb31563fcc14f2a964dc53af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 23ee7aca96717da16b720a4f060e8210 |
| SHA1 | 5784813d581cc5283df8bf00a833b0e5ae1bd823 |
| SHA256 | d25e6559907e1d79e48f8abdd18e18f307a292d718aa8d0087acecc2fa631e98 |
| SHA512 | 8612aa0fb7a2fcf04a5eb6a8b9290d59cf2ea4ec997ec1cbd1ac82b0a6861906025e01568c238c5521ffcceaa97a44ed88bce320b95059e1d9bbed12e5ddae70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | f7461fb8ccea78b721c8451a71514902 |
| SHA1 | 93892e416fe6db19afecce9ed486809eabaeaa93 |
| SHA256 | 944d21c5f418f3199ac24508ec6efdf57d221df3e7b48d5e79a0126e824f246f |
| SHA512 | dff60637073fdcd7442e93634ef64ba9e731c40a6c58a759a41eb61d59f2f090707284d9e5c6b68507b7007093373ebbae82424e66a1d5e8a12b8c7ac003cfa1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | ca9e4f40e8c69b5a53c1d826866b0902 |
| SHA1 | c6125a2935664688e7353511ad8a712a5c6bdc00 |
| SHA256 | 8e3d4508afa7ea145f4ce0e80cd1b86cdacb9fae79419f1f882f0b0a743111d3 |
| SHA512 | 4fa725b3b2a50caec6bbf4123689f43efac3e2b5d413dd3457ca0a0b2945bb457054afac877aab0c1b6d2225160eb43969b9a537dfaddd4e36e0592b90edff9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 9a1d22afe3b4253228693145827452a6 |
| SHA1 | d8bbb075d9b2ba9f6da5c499cddad4dd7e36ecc4 |
| SHA256 | 2770cfc90015df40523102bf338d0b06c61b21b2ad16b572442927207f34e6dc |
| SHA512 | a05e0c8ec6b7e7e4da448e0f2cc94087bf7c9795c1270a49b7d00a099a96e896456d6b1360d0aff9116929f9ca3677a834adbb2fd567b66fde3f5d8aa24dc9f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | c7631cc4c861ce220ede1104cbcc1184 |
| SHA1 | d08e2dc48cf269ab2cfb07e2533ec359840fe34f |
| SHA256 | d5b7b5d80a362bc83f9231ae0f1f74557bde3afe40c90fe4f77a1776863608ae |
| SHA512 | f7bff1bd5df8b9ef16ade6539f1cac15af0a30f2f68c1bc3d994ec19bf6a502446486a7d22039b0be7d606d8c615b1a37f64ad5456b45d0a4d055ac3ad44beb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 7bff974d223bafd1845ddd430c4ec520 |
| SHA1 | 72fbd17a79e47af1cb07e0720ca971a5dd444c3d |
| SHA256 | d1aba3f8b43aac29a1c07a4e7f3241a4875ea8dc1f60d82f62bab68ba882d1fb |
| SHA512 | 8c4a29a182d2b1b571ae799f35aa577a42d45ed7b3c2c83dcbb5cb8f796970474e345459c68e39e569289541873489f5f55846135ca03281ef3ee15a68792b89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 94ad63c7903214d9a745a1f95ae8135a |
| SHA1 | 5eb6a0697e243adc719faf74d81b0b0d2914425d |
| SHA256 | 0eeb65fd3eeb7391a0ecdb099137d981aaf82e6b7c6a4423eac287c9a7a25036 |
| SHA512 | 0e368cae189f67ee02d288a711f12cb3a37b06a4087d494b6ea03d2845d89a6153e4cd3f78abff1ab2ed3822246d80d65ef9a83199640fecab125b756214a078 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | c92ddba7cefe874a9e79b6c3123cec6c |
| SHA1 | 6b72ee3b75cb43adbb01e2facb4ef1ab537d83f2 |
| SHA256 | 603517bf51bee6a66d32896954abca3ac4e2b9975e3961b3fac43ec53b1be103 |
| SHA512 | e71341b01f05c136b29cc5f39548c7a6f1f8f408e8f7c13c6431130ce357bc89c9079f3b11892181ac239c6f561a1c9b9478fb13f6051be2de1c7e4f29f59264 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 86e1a65cd049a467b889ebdb0ca0bb0f |
| SHA1 | e6cf8d269b2425a5a6ee0d6d166ea429b60b16ed |
| SHA256 | 0853e0db0ae6424ff220348ccb68967871c4d9b843a83c7cbe21860f2c9ddcf7 |
| SHA512 | 17cf99f06cc448ca9c3feb73fdea4be9ecfddf519efb761c2bc97daff50727f4ff5c4be86a26893b47d80c3354ec1847a0d5e3dc8bc679465279106da25a5308 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c533f248d03f1342d8f0f18cebc1b57f |
| SHA1 | 764ade60385af6e413de2f11220e877d8ca0f48b |
| SHA256 | 62b291ca93e73631faf841d1565062f2ab1615eb03231c70a5caf2a2b3ac7b6b |
| SHA512 | d839d5c8d0bc94dc32b35da19c4d7b1ffc65ab81fd72747586f9c386ff66b9dd91c6889044b9468fa7f4f25d35934456bbfa0e43d1823a66b574a2b2f51692e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs-1.js
| MD5 | 117ee31cf141bfa3828a0209df16dc92 |
| SHA1 | d5b9cf67fdfbfd0b9d6d7f83a7da7305520fb9eb |
| SHA256 | 96cc2d79c8e9972af756129ca8c7dbdf5c8ad9d3c346ac8d554a4efe5da90c0a |
| SHA512 | 793b7a1d2990ea6148129e477af3f97a72d82b1dea136320722664c7f3d767cd7ee8ee40ee37212ec990db85e7cbb80dfe71ab457b1ab8ea0f3d789579e1a976 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eeca917b23e2949e1f271a51898454c2 |
| SHA1 | 3623742a8601b3ed5c7cd2c012eb8a29d86e9fd7 |
| SHA256 | f8e9aebdf20e6cb6fa3e10d2e644ffc17be9664437a61e92980dded14abfaca2 |
| SHA512 | 7f326362fd915b1114c84d2a8c34c78c2b5a3776041d36eb2545b6c5979df0208397ba68074186b639888e3752b66ba60bc832e14f35feac36ca295ab275ea24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c072943d4e963abfa94580b0fc29cdec |
| SHA1 | 00db7b758f668269eb258124e64325a62343cfc6 |
| SHA256 | 7221306a905b1f3b27355fc2aaea91e66bbc7d0b1aa81633e9aef4dbe0f1bb00 |
| SHA512 | c845c231f0b32b392c99913956486461fb52e0d2efa34b8dda6f3376b52698dd38ec8afe4ae7cd271f11eca5ba60a6a69e1cf9048642fed8dc98fb601fb53a3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4cda412d229bc15143d439f880877885 |
| SHA1 | ee0db54488e57863e1dee49c2b4dd0901806f729 |
| SHA256 | fcad48866d30bac6b93b8708499bace6a3c1fbd80306914f2693b42c141b4772 |
| SHA512 | 9df156c3c27922d9ed26a5f7401bccbb042dda0e81c700d0c98712257d64e835bb2464fc44976240f85a8e836b697b4499b538a838428ddb079860339bdd0e07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4b4a40978f411807a1c0a88fb69d0ae |
| SHA1 | 489aa2ceb69cf7a8ef8a047524c91abc105d7788 |
| SHA256 | c285e4a70be5cb82d0df361996a459bf814fc760b3390912bc7d98aa707facc0 |
| SHA512 | 1b52054c430baad1629226ec7ea3fffe0328bb62e6fbfd54894b7b4891dc9227e7abf370e1f016d6a2b8c6a2fc140c7d922c6d0cc16d9416874f49146119a9d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 897db32af8c254cd5d70b1291a73a758 |
| SHA1 | a8c00d618bbf4e9f4058ffc96c48b2165f3401ce |
| SHA256 | 2bc40aa1f028da86d477e673257dfe39eb2220ced2d51e7dba9b206c573c8098 |
| SHA512 | e2d6b99ab68df6338087e5c048245173e8ed6ba9be7acfad1720be514aea9ae3db20f6b6007d496d7448d6e596cbe4d3b7736a0b3908905c264bd6a3727b7065 |
C:\Users\Admin\Downloads\Unconfirmed 169130.crdownload
| MD5 | 534544172f83e1b8af2b3c762e738aeb |
| SHA1 | 56800fc7315b3670ff75ab161e3676cd13ddd308 |
| SHA256 | 776d76522cadd46d39f575782f8f805a07dd289ce76b45842c2e322f8d2b03e1 |
| SHA512 | 100c79bf1f7590114379a4fe931dfb370036069cb00c29fe6d285f8297049c6abd2a78c657568762b1f0b4469339860b68d56fa5081983259e2b4f17bdb3a799 |
C:\Users\Admin\Downloads\Unconfirmed 157831.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8b8b9ed7cd24c47832fd86e6ce4c9b4 |
| SHA1 | 735b61f2704f620d37821778b1ba69f1849ad4fb |
| SHA256 | 249282e98d59e13a3580ed56ab675abbe9306d0234a6dea0d56bb36ace93504a |
| SHA512 | 62d2e0ea8ff2316a2add97e975b0de5cd4ffd27548b971836d5bf42f5182675c5ca5fa96d8d8dbdca1348cbaf686ac32bcef790c5349e1cfdbc78ea4afccd8f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d41cb04f820727a309cb66fab01b9cad |
| SHA1 | 2e1f1429fb11d7dbfd29fdbd966012085f1cacd3 |
| SHA256 | eb7e4ae8a2dba1a9da166cde076dc2356567de918f2025e30d2cc59fa84319b3 |
| SHA512 | 33ac9f3133cd5ce6e5bb6b4b117958fd433bba42ec1a2277486d7fd855c6b183bed74ec5a414377c3d4a415fb6af3bf950e2bbd4665d77fa21f25a4dada125ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b45f72093157da4acff98651a0e52c2 |
| SHA1 | 1d8f0234e12fa3f11e71869fb94575118ec9af6f |
| SHA256 | 7cc83fc4c54e2aa89a1e13911d41357771ff61788367fe73e8770f621b14c7b9 |
| SHA512 | f2b2424401c7c47203543d5355f33d93ac80d1de001a3c80a7f50ca30f60906bc28109c5dd17b2b01ce0d4918ee50617e9ef8f03ed515d980a6c24b1e88ebdd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | da3c50d939f9fb2de19529b105cb1cce |
| SHA1 | 61ff821afe0555ebaee0ecdca5f1319ebdeb1c9e |
| SHA256 | e9f8250f2816d9c4300c8f1313c5c033d91babf34ed8895ec47f870d8c52c2e8 |
| SHA512 | c7200bc251b235543bd53ea4cf5e6c54ded49288bd314453af154d5844c0080642f5b952a50771c0ba5dcde681ee40fbe51e3e8dee54551cd66b06c73033323b |
memory/4512-1509-0x0000000000810000-0x000000000083A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/4512-1516-0x00007FF8BE430000-0x00007FF8BEEF2000-memory.dmp
memory/4512-1515-0x00007FF8BFE20000-0x00007FF8BFF6F000-memory.dmp
memory/4512-1517-0x0000000002930000-0x0000000002940000-memory.dmp
memory/4512-1518-0x0000000002930000-0x0000000002940000-memory.dmp
memory/4512-1519-0x000000001D0F0000-0x000000001D2B2000-memory.dmp
memory/4512-1520-0x000000001D7F0000-0x000000001DD18000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3fe275465bebf345b0b7d79ca6156ba7 |
| SHA1 | 53a21fd693a3078a2f587a4f52cad9d5e0515147 |
| SHA256 | de6cbe8e98ec5556bd43140754dead1a4739c7755e780ccc633e14baf0f2dc0c |
| SHA512 | f8a468de3ef641b40b64124892b2c31facd1af62455763162847e27067cfc427f6c7ed8e635b0f7ea2016509296cdf4d2e58306a7f36b71bd30c7d07f105cf30 |
memory/4512-1536-0x00007FF8BE430000-0x00007FF8BEEF2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zOC41B6B1B\MrsMajor2.0.exe:Zone.Identifier
| MD5 | 7e46bf5d479652f114a78df7d50ee2ed |
| SHA1 | e9c0c655ab2dd7166aff8a4faab5698bddb662d8 |
| SHA256 | 0640789c96b52ae18870494209751da41f66b19f785f628551250fd7908df9b3 |
| SHA512 | 42d4c3dc3e8e3894e9fa44c414afbd830f1763b0f117f05d134f13850d32a9f452a45cbbd78985e2203a9278eb27e6b4c2165baa74ea8b8283e9249163c62221 |
C:\Users\Admin\AppData\Local\Temp\7zOC41B6B1B\MrsMajor2.0.exe
| MD5 | 71363f11b837f5f26a5beb661444c675 |
| SHA1 | f0664de78f47a41dbc87299c9437b3045ba040cc |
| SHA256 | c79d90243ae35235ecb8b65e9191bbaaa430fd2feea89b6885e5b60b52b538d8 |
| SHA512 | 6ebd157f4d660fee07ef314028bdf9e4297bb50f845198020f67b8bdfc1ea1e2d8b7d5f01166424e1420b573bc92da866d08fb8f49f79607cb91d01f31ef033c |
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
| MD5 | 57f3795953dafa8b5e2b24ba5bfad87f |
| SHA1 | 47719bd600e7527c355dbdb053e3936379d1b405 |
| SHA256 | 5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725 |
| SHA512 | 172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98 |
C:\Program Files\MicrosoftWindowsServicesEtc\example.txt
| MD5 | 8837818893ce61b6730dd8a83d625890 |
| SHA1 | a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614 |
| SHA256 | cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb |
| SHA512 | 6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516 |
C:\Users\Admin\AppData\Local\Temp\eula32.exe
| MD5 | cbc127fb8db087485068044b966c76e8 |
| SHA1 | d02451bd20b77664ce27d39313e218ab9a9fdbf9 |
| SHA256 | c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9 |
| SHA512 | 200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41 |
C:\Users\Admin\AppData\Local\Temp\xRun.vbs
| MD5 | 26ec8d73e3f6c1e196cc6e3713b9a89f |
| SHA1 | cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa |
| SHA256 | ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0 |
| SHA512 | 2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195 |
C:\Users\Admin\AppData\Local\Temp\runner32s.exe
| MD5 | 87815289b110cf33af8af1decf9ff2e9 |
| SHA1 | 09024f9ec9464f56b7e6c61bdd31d7044bdf4795 |
| SHA256 | a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4 |
| SHA512 | 8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc |
C:\Program Files\MicrosoftWindowsServicesEtc\data\thetruth.jpg
| MD5 | 7907845316bdbd32200b82944d752d9c |
| SHA1 | 1e5c37db25964c5dd05f4dce392533a838a722a9 |
| SHA256 | 4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476 |
| SHA512 | 72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0 |
memory/1724-1678-0x0000000000B70000-0x0000000000CAC000-memory.dmp
memory/1724-1679-0x00000000730A0000-0x0000000073851000-memory.dmp
memory/1724-1680-0x0000000005830000-0x0000000005840000-memory.dmp
memory/1724-1681-0x0000000005830000-0x0000000005840000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
| MD5 | 248a03a9c14cb2eb0caa2cd509c2d760 |
| SHA1 | a2c730803ac2b787402f08f648e83037849b30a7 |
| SHA256 | 1a8819f5749a0a35d49d3717a12f33cbf78b0b4c9e83c282ac38ff3df47b0081 |
| SHA512 | 053d6ffcd1fe2b4f0b991626431202488a8c0e4a6689db2660a2b570a920e543fe35b66585843adb9abe57ff723c3caa5c1b900b75ed30f59f378050754034c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs-1.js
| MD5 | beef04fab07b2d2aaceda2263b465cf9 |
| SHA1 | 15b746dbbcb3c6fca9027c905160c83988f349c5 |
| SHA256 | cab4269884a93c3bbd74cfa8cfdd753dbf821c3c09e48fed939c0c99fa8856de |
| SHA512 | 65295cc9ed411f2b7d6a3000ba82dab5c0d96ab666d3b4adca76447c515a8c3eafa8d98843e2b375f594143a06e89b7312e1ce920582e5c1bb52453bc9333ef0 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | dcb398f1aa5e0f6c710a5ebf413b6a8a |
| SHA1 | 5e2a3080bb00f4fc962cd38239282c871195c578 |
| SHA256 | 39f50d11731b2c3a64a55cc0cb3b7ca0b4cf67f46b99eacc91242a69027c5a8e |
| SHA512 | d3890f41b2d6a6ec2c600493475d4b60006e1ba0fe665b55d5dbc4b5e5ab0e2486e4c4ccfb83b108ef6cf60e4328a31afce26102a8726376d796b35a1f866635 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
memory/1724-1877-0x00000000730A0000-0x0000000073851000-memory.dmp
memory/1724-2119-0x0000000005830000-0x0000000005840000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | b1d220ee3fec3623b634a487ae428774 |
| SHA1 | 2a4f33ae542f981f6dd4045190b65bc692f18de4 |
| SHA256 | bde1487c4bfac5a3bac04fa8b02fb59d5defc224a6c70de6b8888a6343244ade |
| SHA512 | 130fd8a3bc38e541abe1f670e3356f3bdbf938a58bd866930b47c13b5eeda70429da33b5a97e50b3993b39b7ec3d0f759061f1c290b6c58052d0924de6681599 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3ML4EK4MZTJ2H3ALBV8M.temp
| MD5 | 1d6bf5196e108ef96150553d27b9a4ea |
| SHA1 | df5619d24d27b141f41a6552899379f76decf5bc |
| SHA256 | 18552e5b88590188a0107002de5a57bea5a0e283faf980980dd4cf6e816c169c |
| SHA512 | 1c2720f047d2ae293f7226e5889944dba77906784c65e5f0267a22f84fcf8f42aa7cd87021aefd6da88c3f71f86acfaddbb9ff3088d6bc867d99bb14079029a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs-1.js
| MD5 | 66063391bbb6be93143adf6f059de6d4 |
| SHA1 | 68b6d03953477800d95920c8dbfa18912e7999b3 |
| SHA256 | d2e8a586ed0b00714974d6c8be530ba8d798a4f040aac9ea1239776f2b354c1e |
| SHA512 | 1b1cb66bb788212139f552db457472ec9fef541acd5d44548c5e965160a8aef2ef16ea6c6af5ab9ce89cb4535bfaf8ae0f0db530641cd4b29b15410f5eaeec9b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\broadcast-listeners.json
| MD5 | 434be9399a0d48d321cbfdadb78435a3 |
| SHA1 | 3d95e42fe4bc0e2513b75def79b7d050aa5c9650 |
| SHA256 | 5949e2ae80ddd89dcb1a858fe837e05e316a3bede44d908e4ddb5ece94bc9923 |
| SHA512 | 5022da5aaddae787410f09f9766ece019f3f7f9eb44a0a58634bd18c778d88a0de89f45f717751cd4e727e9b715daebadd7dc5428c1965f498f788d60c63c32d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\targeting.snapshot.json
| MD5 | b746e3c39371d073b9563fce771f2a5d |
| SHA1 | d17b8566d79bb9aadf2650ad30af842428f5abda |
| SHA256 | 53f3f9d474398d1deeca80e1d55c8ab7b27ff2e21ce3dedd681ff0a80ed71bcc |
| SHA512 | 6cf3aa144c5cb922d600552d81457a83bf7d1b70bdfca012f38d3dec746169b80711bcb5612f6e12d776883af342367eb1ab6d0ef8761c36452a7243aca72ab0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\xulstore.json
| MD5 | b847f28acdec63348ea376efd4278d02 |
| SHA1 | da4ae0ce914885ad7fe1f89aef3aa4f324747091 |
| SHA256 | 7e63f727108182d4afdf0ae5131c9e0692d857b934fe8d93a7d4a8cea58fb834 |
| SHA512 | 07b89826d35c5b9f056c8556ed5dd0a961f779d1aa7639321b90c56ef65bf6706a653a22f7790543b1482414069d5587c1f1c28215e92a7ffdf0fa4a55537c08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\bookmarkbackups\bookmarks-2024-03-11_11_cWWqaaS8o3I6mceIRlmYXQ==.jsonlz4
| MD5 | b798e6c763b7587855342413a96e20f2 |
| SHA1 | fc71928a1c28bc1fa11d0e41879c1115ab3ce3fe |
| SHA256 | 0195cc56fefb96d5259b772b620a547414903f37d8f8cd3326afe629df04bcf2 |
| SHA512 | ff30d2ce3cbb86e6277d09265b68a697f5eb8dcfc32b789af821afde691b38ce2199e5cbb6e96e3ef7fb2e031d1a56479179f39199501647ab53905932dc90a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs-1.js
| MD5 | 126d7f211208b17a79ffdf73f961c2af |
| SHA1 | c2d7c7a588560d9f9588d2b717b16c5c1d329057 |
| SHA256 | 0dcd43e58dc51e38ba0871b76d281d1911f5943ecf7e58cba5f448f001aa033e |
| SHA512 | 6f8764a54036f8606c0bd18074dcbc9ef6a8de0621eed82aa71d2306d3d6f628f4e70520c41bd5d97acea0b06457341d9929ebdea19b4565cb42a9893a813831 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\extensions.json.tmp
| MD5 | fa61e24d951ef46d6b0ed2e46bb1219e |
| SHA1 | 43419dc3f076f6d6c0d238f62d35038c56e42001 |
| SHA256 | 6927565b0e4d8186beee5b34d8acde4c40c15100e350a7dcfa9992970db4df15 |
| SHA512 | b8f6ae166ce3a5367746d923870db60c92a037cb50a1f50f9437f80f9e1e0479d059396d6dbf3a809599a54f37050c57f349b4bdb2fbd041598ce78d26ef857d |