Malware Analysis Report

2025-04-13 22:30

Sample ID 240324-z7w8rage88
Target http://youtube.com
Tags
wannacry discovery persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://youtube.com was found to be: Known bad.

Malicious Activity Summary

wannacry discovery persistence ransomware spyware stealer worm

Wannacry

Deletes shadow copies

Downloads MZ/PE file

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Modifies file permissions

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

NTFS ADS

Modifies registry class

Modifies registry key

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Views/modifies file attributes

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-24 21:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-24 21:22

Reported

2024-03-24 21:26

Platform

win10v2004-20240226-en

Max time kernel

233s

Max time network

211s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD141C.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1423.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lpbyrzvsckxo497 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\@[email protected] N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{A79B3606-A91A-438C-A977-7EFF55443687} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 825555.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 489535.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 464 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fff361146f8,0x7fff36114708,0x7fff36114718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6964 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,12775043303416181421,15691639556661489035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Hydra.exe

"C:\Users\Admin\Downloads\Hydra.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 199311711315517.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lpbyrzvsckxo497" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lpbyrzvsckxo497" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

Network

Country Destination Domain Proto
US 8.8.8.8:53 84.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:80 youtube.com tcp
GB 142.250.187.238:80 youtube.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
GB 92.123.128.150:443 www.bing.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 150.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.170:443 th.bing.com tcp
GB 92.123.128.170:443 th.bing.com tcp
US 8.8.8.8:53 170.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
GB 88.221.134.130:443 aefd.nelreports.net tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 130.134.221.88.in-addr.arpa udp
GB 88.221.134.130:443 aefd.nelreports.net udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 92.123.128.170:443 th.bing.com tcp
US 8.8.8.8:53 201.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 88.221.134.130:443 aefd.nelreports.net udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:64990 tcp
DE 46.101.169.151:9001 tcp
US 128.31.0.39:9101 tcp
SE 193.11.114.46:9003 tcp
US 8.8.8.8:53 46.114.11.193.in-addr.arpa udp
DE 185.233.106.34:9001 tcp
US 8.8.8.8:53 34.106.233.185.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1eb86108cb8f5a956fdf48efbd5d06fe
SHA1 7b2b299f753798e4891df2d9cbf30f94b39ef924
SHA256 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512 e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

\??\pipe\LOCAL\crashpad_464_UJHSMXUZSZWMFVSO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f35bb0615bb9816f562b83304e456294
SHA1 1049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA256 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512 db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34c5923f7fbcb16ce72c5b9ba9c8ac3e
SHA1 8ab9f9c7c86bde435dfcfbecb282adf9c39722ea
SHA256 2ffc3facfc48704bb0dbaf15f595303bca75d93122d83c898fe56d6c5ef723d1
SHA512 0501dd565c9fc8dde450744f354ce8c7cd0589fa20ba40b9ad1f535e6f84208831d56f255b3dd5185c14024201e419dc0afe4cd8cd0dcf2b6a3289e039063e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d22109dda52a608618d4912bd5477274
SHA1 0743bf5650904a6fc492872e0969631dbb8248ba
SHA256 92577f24fc160b7e40828241bebbd0e754c909f7548cc52d70675f20098aac20
SHA512 73df85daf884c65b04bab3d62434d1661f4ff8f500f23d7176fac447b5a41401f600872bf6961a34b3ee1d83c8cd55500e7059b826bab68e3c1cce9a276f425c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c9719efdf9a5818a6098d93e96572cf2
SHA1 0180a9793d43deccefba0ab7fa96d106d62680a9
SHA256 cd3bb3899e880d3fb43af9b77a399179499f20b5ea069856bc8a90d86d46c21a
SHA512 bdd7e4267b5871da89731f11e2c3d416c4daffc63dc69a902d2d35c591737679de8778f2c3597fc0f8a22c6a1752d98415d178a884364ca8a034f4530416fc1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0f15be755fc4103dfae2969047920b61
SHA1 041b5938599a0a0e130bdd1628e4de209b1ad749
SHA256 d2267318858372dd55f37288d40231da252705d137e29c222dc47c7cf8cc98be
SHA512 e9243083928700f0cdac49a1f32a7a66a67f738ccffa37f4c0d53455b262f0239d1769923644d8f6c9dd8d512f734ab19bb465fa308ce11f808c6fc8461eb7f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 be1cf22dab384a368e8e1398dae53a9f
SHA1 e1029b31cc39777725be6718acfdb063149ae274
SHA256 b468d615292fea74a1256ab652b9ce8a85ef99f4246abbebb3986390f75dc182
SHA512 b42c4a899a4843a8e5dd7578a155e238ef5eda1e2e9f13e8a9768c1e8e387e979034d79684c5804a5582053bba4ad94b10384327e8a31cc895ab5f3d6885bba3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 02214b097305a8302b21e630fa201576
SHA1 90c2a31521803b73e847f7a3e0cfceec84df9fa5
SHA256 1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4
SHA512 553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 805392659850fdfa60226fd42ef81971
SHA1 10470407571d6def6de4f96c9a2b0c3f7a47cb18
SHA256 45ae0c1890c434bc0cb4cf2cba10a8dfcd7dcff7a40f653bece6f2c9f02da195
SHA512 f9ac02dd1b2448af61ada309de1cfd8d3c18e2d726b188c4d0ef088d2566256cfcab2b613357f3156c3d2d6d3763d7e70e95ecd61127d1e7ff8749a1b71b5023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 702c0f14652ccaa450056341b4226f63
SHA1 8e888997e934763988ff26449da19cc7c927fb36
SHA256 f4ebd62eeca9a38cae6fd04b0a334d025b5ecba2282d747d3f6e59d7e1905a9e
SHA512 3dc305c30e7d81547764cd4364922f569d2fa6338668deb771af485b45de33ac8c12020da63be2cb43a0f8ec114611848b0b99a9e1d8f7a1e33dedaee304ada0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f2c1611bf691a034535f2c7ac5875767
SHA1 67d0494f15f1a45e49a4e589347169979bd4c7ec
SHA256 0f4276c0f3e70ae0c7eed8a46f8079378d59aa52f276fd15492e9c3ccc2816f4
SHA512 33d69249469c684d792cb37cf2587f93f11177bcdddfec88f21af5046675dbaebb2ff2947e3672fda055bf9c19f02062516faac3fdf720668583399f4394cdea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b2a6.TMP

MD5 0fcd26910f0a08b538d0b4ed5f028b05
SHA1 fa85757a5b81147be1bc056e1558ed249e496a71
SHA256 420bc8be9be7af9c49eaff97a4f0f8900eeb63fce776e341d8f4673216d9bb46
SHA512 634fd7e495abeb741effea30997cf8720d69f67881a30352b25cdfa60dcccc44f1bee1976ced58dbe50afbc1bc924bc8f010fa8bd52620bb282ff45af476dfc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a028102e7de7528ea91a9d8c1dcc1de6
SHA1 9219d12c9ff3c972cb0854fab93620bd45229d1a
SHA256 a05b6c55a4df03c0a58ec346aa7328b6a3a4da042dba06617151741b79eb66eb
SHA512 059e8268ccbd517ba73054b52d218b7a895dd96d0611398cdbe98211821431f028137641b117cb67f45aa8d3d8861ae1eca8bfac2c0d2a8325b349816d6e897e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb3f21a66a15964e2c4f9deadce01034
SHA1 c8adcae7275e561aa3d8327bc3c0f5fd50b3ffe6
SHA256 7171fcead23489f322985ba8adc3b17dfe15f3861bd2902bb5e78bd1cfac52b7
SHA512 639c90bb90ef6c2839ab8401c354500dd46d54b964bb38fc06dec95ff438c7f114598c123ebac2748c45f74dc8a12f99d84fc42e1af5499b0bf42113bf20376a

C:\Users\Admin\Downloads\Unconfirmed 825555.crdownload

MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 92badb14f31ed98c397ce63361083754
SHA1 ff3cfe5e472bb0de45a752fffe95bd73d69dbcd2
SHA256 1aa4f0c0159eed3fb9537fe78f49d8226a269fb3a7bf8325b43c52f7e24a402a
SHA512 df04e51b6c7de92380c133f2a9c430faa43a1ce251fffa31a57a5185c6b28901f963c16b58cbb9dfc98ac1cf6d06e3645517c5c3b863bd97bb34a2d4c1de83c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b5e7113c6c94118f3b43321d4ce14932
SHA1 f089853ab98c29be7ce0d24389b4a8fb11c6b6a1
SHA256 452fbd14d1e9983496a33b9c11000e609e103ffa31f1f8cc085322f681bc3041
SHA512 82523fce2a42606f027a4a5484b463c712a01b677a604502f86141f842141944d5af1f51b374744279c9efa72b1416588f7aaf9f88940fe04bd4428e77bba6fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce37f7cb68e4c7e7c78dc9b19b962ecd
SHA1 ab8cfcfb57abe77ef3a8e5c30046eba87e27a259
SHA256 0d727a16770e660f6991f45e7d7259ddb2cf808c2908ee4f30174e242320d919
SHA512 3327e080d80888cb7e81660bb9b9f273550b40c918857fa083e080acc69f95123d3db0593fb8abed07d5f79b89202073415b4542690ced309b6006a00ce85d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1450f63a4703d8f04f6f6f55f4ad68f3
SHA1 35ef335fd6e033241d966140d8ebd3413a479f9f
SHA256 5a2b8396095c1620d3b66495456333afa62d90cca98766feccaecad69eaef8eb
SHA512 19385e30d880b6aa7bf9a6f8ddf5117d7f4e9aade9e7b83f1fc18114f1b1dacd661d26d10bd023de2579e526ebe3361a696f4d2bfe1ce5add987f3dd5aa96f6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3c5e8068802bd0d3a957f0dc87a58d1e
SHA1 9b195e8d3c5e6279cf9a071581f5bb5b240438f9
SHA256 0f5484d30462016668f8a4249c7e31dbd06f286e641c64666a6396c483cfe528
SHA512 cffbea0e044553ee7a42731ef33c935b724d4174ce02e65decf7598145576936d87698b31e14f9c6215618b026adfcc9ab78d99c0bae5cb9b7cb5c181ff393e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 af7d421a9a0c201f0c8780d5dfd59f9b
SHA1 c0387a97191363c1ce1c28afab7f1b61b6cabfde
SHA256 92c073477d5cdb63102a4a1dc470c5ca067ab11471d49407702a097cf63a2c55
SHA512 04d74bec731538ecb50a99950bae69ad1eab736b37954c436e732cdba77a67ff776b82cdc2fa1dc52fab5eed0770a51f3de2c907c0b81a5921f3b8a445f0e2ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\252c5afb57e673b7_0

MD5 38b423154e23753ecd648ce49ea3b22c
SHA1 e54ed6cc63b52830b1f022bd386b4168b3d35d81
SHA256 387fb7939427b8caae68928c4425d87fcbcfe1824fe09eaca19ec183e1554323
SHA512 06f0bd6464ddbd8cf8b8ffcb689f770b5627366496cadb7428f680be7d32af92e622cff51ddc9f951a8868c4afa213a0845ed31a0d9ff5c99352f0e5eda53fc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8347f84f1ad716d5_0

MD5 77231baf86e5914c93063797026b17ed
SHA1 c30ee810334c36dfe5314efae5da117997e070cb
SHA256 b69dd4c58a1d4970df825f78d4dcef729390a6860942b03386545b7c38df4a8c
SHA512 45f4483ddb98cbb77bc2184dd6a46a702c5a37a1bfd9bc8ed78a9d3c88be5e083cd71e1ae3e43f353e11459ae54adb3da147df9cb96e4289dd532f3c2c64c4af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 096d477fc9a5f444958ceb537f24ff7c
SHA1 2213445e66581673c99bde85a0cca1f895f95f07
SHA256 1057e6a2d5984ea942d31f09f0b40c14de0b64ce00f5a6b2361aa64a9ccc42e3
SHA512 8e676eb84fc65bcc5154ec4e86e7ca11b2d36e97746370d94624337e003d07a805534a787dd042c56ff8143cf50c1daa63668ea00aa7171262394efef81164cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 479903d43e2e9dc25f6fc076c50c37ea
SHA1 26d0baf5a61bec0761880c73f07abfa0618438db
SHA256 86c0065048c32a9c8b1e01e4d8c39975b4eaf00e049b08fda313ff4b85e37c22
SHA512 b03102ddafe49a7d628a0da6d8b101daec178b7d92763b2660ae0cfe56ba5e77a4f6eca4bf58f9509067fc666582d4bf3d9f6c3914da03e1962950d5df88c7de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35fb661c62eb428f_0

MD5 c0749f49e76cdd12f73aa63cdca07307
SHA1 56c7715830a1f42c4360930f333c42756aaf9a85
SHA256 7e5b0feb02effda2df20eaf52f16be7abf7f79eabe8c3fda1b894c38ace6bf29
SHA512 8a0c5cb599623b1cbe37344910f6c9cab70136317033429dbf76d129ef508dd04a7f012fd8d142839485f9ba06c64882aa9bf5ad3292e7ed5c827485b205c0b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db70d675c8a8462f_0

MD5 28104ea37fb4cc74e4ae4669c9ea2464
SHA1 d9036afef90bd69c461ee821898d5046912929e8
SHA256 608634b052fd624295394a03f945648caba1b2ce253ca3458a8ee793ca045c98
SHA512 020b030442ea700ae55f581ee6c94f5a6526ebbf96f8e09b2fbc77cf8237d497b547261d0d481190163a6ed8062207a990e33300e6a25c6f301e9ee089c2cc7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0

MD5 3b1c35320fdbf0fbfcef26eeb9ef75e3
SHA1 5a53de06d21e5874c8cb36bafe8753c1d09467fc
SHA256 6dd4555c25c2963227359810058d54c2f6cb7d99141334af319169e9e0b7201c
SHA512 91009ee6e28023fee8a59a08b5a9eb90e34d8ae23b89ca3a651d8e908ff502f35f474f02e75ba1e33596de38a073e61f75da54bd76f548cd4817c69707214293

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\810c9f5938436546_0

MD5 97064b5eb4d190ae850899f8e24f25f6
SHA1 ef997dcc9a6571fe9c2938d1482ff22733ebdf45
SHA256 80d7db78d384f5b76963cd81fa8298bca1500fd217432b8a3eb4fe4eb92ade5b
SHA512 0dbc740d17303ecbdf8c9eeb95e4dca22bb7bf9c8bca6d62d3bffb2b3c0dd2d73dbc5eab6264b2256b93ddce5ffc04b61dcec9d626ec24e993ad873b4f239073

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0

MD5 fb17963c46eec3c05e6938693fe61b6a
SHA1 0745199016508b61ec1b9259efb8877432350b5c
SHA256 58a35b95d20758a168a5d1ddf204dbe17fda345795d13ce9dee1d08f59219473
SHA512 9d714ab78295b6c0bf55597785292ae8fc6fa09ee9975d607412212917f0a0bb76807a1f66b13008f4eaf0537c969478fca0c1641e6ef7f4372d7071f8367c78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 da088b8ceee1f2a4142df786bd6e3d5a
SHA1 d3ad36d24d65f52d403c585b740a24a5308c408a
SHA256 7295500f21c5d1b06a460981b9d7b8d641a83323fb668ffde2ec6172d789f888
SHA512 660ed9fbd9faa6f27066b138c37d362b946a9553bb02f124878eb1919d0912ff35993789aa5aab082174b54378e626dad95f4e90dd03ff2bb2187bb4533d099c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 b109fe417a6e347bc03c8e1a33b54fcc
SHA1 8dc06a5390b886506dc1a76f8ea79080968d7cf5
SHA256 8424c5aae1551d1957f10e203bfd359e8d73b23adb030177fbd54ef788141ec2
SHA512 57b010b8b1bfb582d0951e3a11b2bdcbdfe73508517d807e45d314f7806bb8d7763e479025b0730d0c92fd445509ff10a237dd8270d8b4baaa0c3fd2c7985bdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8101c300c33ebbd4_0

MD5 296e874138e9e7e8778b6f6422fc4536
SHA1 8c964eff3d36aed54ad22a115fd33c9f57563c7a
SHA256 7bdb759205b010d6afd18701572e56a70d63c281ce35844fb2138467ff95af20
SHA512 07be17bf949f4ad2799669e94312f2816ab79c486054cb02c144f71c82f9a8e4e8f0566572cf116b1060e982ba355d05574d4fd931c5e325f54f636fe4b4a055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63c6995fb9eb98a2_0

MD5 9dc81d16abf0ebe0e494d65d6b4470d8
SHA1 14f2dfeac52db513f8834a78d3472fdbdae8eacb
SHA256 31c0c3ed01a85066f8896d72641a19a29869a92c2d7cf3c3728832befed5807d
SHA512 54ec327975f77e2e86de1f0bf363d0051b91e7f48f2d35d14e2342cc839a56b5f4d744e90be8b09eb382ee3ae5d7b525b68b54c57f4e82f44e2a64d41a5cdf50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 f255b8298858a3b4c5e4c57e6eeaef1b
SHA1 1590e95dbc879ff8959bebd35c1a1ad261607ed0
SHA256 85514598f9d6839648126513822b7b87027f35c606146f2a161d67e8f5a8cc9e
SHA512 f14e9cdc48e47237e6c863756c8fe7ebf26b84af6bea756234cfa87e2550c6f5af9d8b2bf84cd323db82f67b327e08f9454651abaa40f38257155a8c46d9011d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 e0595142a80771d317d27440fd29b8e6
SHA1 db3710d0d8d60dcb64430c342c6fd921d6792fcd
SHA256 3ba245011d9a8ade367074a3774a786f50ca51d71a83956dbb0ad2647a14d7ed
SHA512 6d298295955fce4166720ee7cc42bf4562ff311b6820025a7ea710a19dd8553d8677fe194876db5e2e6440d9d21aeb603a6b3fcd73f656405428d4ec00dba288

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 1538b116ac1d82b34723c14506c116da
SHA1 915f43aa05de689aa64f33b842d1b5df7c62d7bf
SHA256 05337bfc960a7786bb8af2c8a19d203c099ca83fea11c1056612ef7d37d89b3d
SHA512 afcc85d5e84e87433f21acb5c6efb7851389ca65f208a1d86914846b0a90bfc14992218fa3b77c3235021ffd6fc2f184a0b730be8c47a3336191996210179f6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 c45d499f302fd479afbc097ee8bac78f
SHA1 5fbf55bee1ed1bfc4a7ab88238b302414257dc7d
SHA256 f7202006a5aaf0d89a4bc1a58ae0af8861c4540b7898f2771ed3cb4094273337
SHA512 b04648c10a905f3ec6cad883f893a6c30e8c63d46562449e43a52f57b49042106ff728ed37f0388258a9750a11436be1a16dd0f3b666c3d59fc0c306c939060d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 39ceaf4aec6adbc7ec30a99e8f256ced
SHA1 65a6b5cdf7a63cf9e4da6c83dcd09c5f3bc767f4
SHA256 49f0c650e3f74c4803a2d9f390fd5ab19e082a99bfe7a64c30be767fcd9b77e9
SHA512 945b61af2ae0aee54da5db49de4f56c68436037936e7513347521ab207a94e98c9427f772d0da2cc85ed578194affec689c8f84516e6c303c334e091d46bcb72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 68628ceb90da59674fcb837277749b28
SHA1 b5564ba800acaa03dfceb0f4a23c088dc1cb508a
SHA256 077f88f8fbe31024d74e53d7e46e26f60ab6de38affbdb3152672977609ad1f9
SHA512 c12a9f70ffe39e03d99f42bac8ab857017cb50dd256fc1ec9634a899d2b33b9909a57a64be5031d1e9e3dac94ff3fa809fe9971418186f138e707765d0ecc3a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 3c5e701c6e24e90c51d996acad2b8581
SHA1 c5a0aecc80c3ab4894816792ea426217c1719ccf
SHA256 e7a95257d581a17eb6ea2a3576a89cc10183dbbe2810e4d0cad40d1d2164ccc5
SHA512 e7be50489b13908195d78392e18b4fad8096ccfdde1bbc4b282e0232f37406eb3fb41922827a963f86d924274e1f086133f15712a51cd23b8c5d3fc556537cb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 dc0ad025509c966716f971b6e0d36ee9
SHA1 64c5b5b0bc022961bcff062467df6cde579a7d5a
SHA256 ff30c58cbd4693a19a964c528b653c80ce1968b7db93a92a5ee9f3788efe4103
SHA512 3580ddfded853f05ce10d96292ae23ac2593079cb2bcedd1e5081d99e8aa54c7ec985cbbf29e5961425192a00ef639cc3969e5bc1f6450bcbbf855e3f161ea83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 445346eb3721644cea13192731a75e46
SHA1 9e121dd238ebff74388898d3b3698f35f77f70ae
SHA256 8ae4ebb19179543dd7f60b0818ea4f00b2c75f888e1cf3e35efeab5ce4e66490
SHA512 5ce7fb98910069539447c6f4e8fdf776770fa43f0b6fab6aea3b92876907eed0c6e2c363fe5dda16738bf9051587c87cc10180b6832d8435e0ee9e55cc657b31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 356e1b5d12f937e31c02e41b7892bde7
SHA1 2cce25cb2b7e2233ec28693e227c19f4752e3f45
SHA256 08f7d65c71ff4f6cde3b55368578db602fa1e91e8747c3599557f5523a6439f1
SHA512 bb35046f64d67ccc9abe5fae9d7b25de818650b674d522e490093091ea56f0d0d824fba6743405ca53a82ba2e25d9ed1a338dc1ed4a330336ae211b9755c7b96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 42c6e70ed442343d2b822cb0fe315a95
SHA1 1f384ee1523e58137d9ef4695c66ab259d0af2e2
SHA256 304a78016ae47ccd02451106836b9daca63201cb82a02157dfae99431ea8b9d7
SHA512 da1942f808f40c9cb943b5863b7d3af01c43ad4f7ad1bb1389969b1deda5116e4012d0fc6937bff8284645d33f4578a309e9899bdd80a47dca65547cde6fbefd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c89cba3b6042221387caa71226976c29
SHA1 2fb48cf979cba1bc50d971a5f78da634ae092835
SHA256 9602ccd6545a2a29c2514c91849e2e04b37b6d14c0bb61b8d78fdef545a0c367
SHA512 e9ad9cc6587571efa52ea8edb849c6a0303cd42300b515ae84e5072b729ff465ea3c9ee734978db7fc700c5d27cd7d0890ccc04c16846866bedecd02bdadd2bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e4e6e426620cfeeb0c62fe4c791b34d
SHA1 b3dae96cd002640e2d9a13f7cfce7b5710b7beec
SHA256 198d39eefe107a9f80de546a92c94a6f293c52d5d2de3d252710ce5630b21e79
SHA512 6aa10b2791d857523ba280143944dfc2531100ca3185fa0b1fb632d82c940c76294aca32ffe703891a2c33d7b543501d8afe5e7e7af741f7b62c2307fdd0c5e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0

MD5 3ced3d2c40b5cf827ad6f735abeb42b4
SHA1 14e64e92c96beab41b7f90257b3b5f8f1f7f7edc
SHA256 1b1176a81c2f78cae0ef9198c7ec9fd755b730d082ea288717413f3713c1e299
SHA512 57c9010684dfc96d0930baaf0b1ca854583c9773afd99762b97f94eeac85dc4f181b338b7f773a830b6d113959c7058d143f2366244a86b631d1bf899a2f4710

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

MD5 8ff12d521968b3d227fd5ff7955ccd35
SHA1 0edb27c2f05808dfcef34d5f6653a25cb7dc4d05
SHA256 15e3217345f3e71b36c3d66f00fcbb8bdb6c4ed9646211982ff04b7a7040b257
SHA512 399fd77a96bf3b587d39fea4cb28eaa97fd4512fdf860953d47720f2727082dbf757a728865bcd2c2b02a8b1d9399844aebfd49295920fc7c41400cf5a8e63b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 0ac1e36dc0d9bc21f3ca3ddd766e48bb
SHA1 3726f684883196c6081592c7fb6f0e21eaf3d130
SHA256 f0303722f85441aa14508c109149a2b76c5af937ed717c3e4a4006a7576cf00f
SHA512 f794e4ddbd0bfb97e2daaa9a0e6a54e663f4ef10ce1a94f97745378aece2e983a6e2c087333a2795c955b3c7fa1827248a943454d0a94591fb00e47542fa5feb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

MD5 161a3e05da7a37c85c4073bedd26f693
SHA1 2383e01f8ff18ee476c5a559fb0d195ac625dfba
SHA256 0d41c88f207b67f71f065963b72521c28abdcf7f4036436a995e7a0261194706
SHA512 a2e8467f3a5effc79ea41db2897152b639e5e1a443bf2fd123e6ca964a242ae00cd70961b8c8f9c841356b08eeeea12ff1026e152b247bc01cf68ce67974f68e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 565bc182849216587c11af823f5fb24e
SHA1 07f0a92638f0a6d0f1ed755252b141816215f4f4
SHA256 200a5208ea966d146e3439a23ce5ac113e8c96d8cdf161b4def589e9e8136adb
SHA512 5b30bb91efd5c175049f713d3b857adda586135d66141267a4b90411b116ab0da66167ed115f6b226318c6f37c93cb36f68f15d01b3ceea822c91f4a5337313a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3996afe24539d3d_0

MD5 68829a27771751ca87dc13cd5613a20e
SHA1 9f9d42f8bd1522af65b55f31ea6e95e8995cdd91
SHA256 979d7599abad56692c860463d890e03a53b516e0c606e1d1c90ade2ef70a3ba1
SHA512 f8e8dc580ba49861742ac389e3cd30df655d8739b3970306ce4462964631e8b7a5d160203e6081924ea0be7272fb8d25977f9d70bfcac3fb464e023ce1a7a0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 f9e011d69eee47f07e8fdc0bebc64002
SHA1 fe38e6c9c2cf55a71c18d8ef8853a881db790f85
SHA256 535763282ed5433d53800ffecaf11f6e94b9f0732e7ac70a2a81b4702b3ce494
SHA512 37a213620aa9810a59fc36acb519ea4674fac5f39c0b8ee23fcc15356c8306b1e131bb3f669434df717c44dcef473d400e003c5ed4da7ff401a7e6fe9f6ccba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

MD5 47f04489ae028d58f465a58210fce6f4
SHA1 0478921598261963e4a56546e639b76fbda9f049
SHA256 3058c0a5c64a56cb054fed4d55051c5eaa271a1574d64a399a4fa62dadc8b007
SHA512 5de794954ae6e1d5518f877f911a237c636bb72f751be5d2a4a03a0458bcb42a4d2938ac7977f7b0084389ca91a28907ba360ed35402dfa1f2f6527ca3979a3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63a83cc07ce36e98_0

MD5 71398a3888102b553ad59226f4ee9c9c
SHA1 d213fbe88ea236f5707d983de9cc145e26363497
SHA256 0bf7fc8797df59167c96585094310be5939e659864a755197441472b4183c4bb
SHA512 afe601821f0c83a3f209f4056549e5cc9938253b4bab8da42049c27d4482124e5b401a25daf42ff30dbe6ddd88d2d9e01a0fd47d68ce2eb16c4b7980cf367a68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 6c76b32aa654e7a82ddd5d567373670b
SHA1 82cb4afbe12c0b0442085f10babb3364f56aa8d7
SHA256 3a82faa25b938d9ae67f53b3239f8a866f71901b2e013a854dd5a3d0df497cb8
SHA512 f11e3b648fca2820ea2138cca4e94777cc8ffc694019df05bff73fdb21c9b6e8744ed846b96d9b535301a0accdc987ae5159a12dc06efc2205eac890c503c175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 fbf39fb3760bf5bb3129d2cfb2087bda
SHA1 921ffdbddfb830635eb83ab74ed0a4513e9e1776
SHA256 dab78ad086df3d697fe85e0434b049ce0282d73c7daa3d279710b3ecdf84b046
SHA512 0b0c6bdd0c979d69b30281e875182da889d9b24c2a630e2698864a0acaa6110874b9478eeba365873502602ce405136564d2d5c49680b7e78ad9aa8b40f6475e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\00f194399257ca72_0

MD5 42e6034ebf1509dfafd6a66d94a2ac74
SHA1 e6d9914e34967c25f2bd78159209b6d37ad7c21a
SHA256 0f67ef931faf515fa0fa72c0699ccb65e54cfc8c3a0052202b001b5610dadc90
SHA512 2017f977cea13c82498692d665ae64d3b90275fac850cdb131a62d9e6973ff3c145d7eec09ab0649970e2ac5663837c2446b978d4a30714d29f808a3d90cada3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 8e0b65df1f04e42d9a0c586f86b29f79
SHA1 a7cd6f4d480502640f026514f9de307aafb5be2f
SHA256 78905aa342701a5efc737b37d4c9781caff974bf0f5df49100510eda080bc04a
SHA512 57c589ce47a215d8e8785b4945b120ec52bd52a79990bbd4d1c6927110a2cb842055b29da0a6aabd9a7f5874a55ddbd63e2d5c6d0c6ab004f83ce311273e7473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 df8e5f3365e13add4d4f9854b7aff893
SHA1 7f6d86dd9e9357c43dc1fcb06d89d4804f68ba94
SHA256 81c088f510cabf4005fa0d2d2c8317d43c2a7f109e17d9bcff455b82449403bf
SHA512 699c8554ab13e094b7351e259edc1abad371157670eb55223bc6e0301f8de363dcee3b084eb6e560576b167deffb7e62404ea939cd1420551c87db6a3bde073c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 fd0207988560232fc2a47adbaaa7c33c
SHA1 4b46cb8d3b4ddc097ac89c9485d65125997196d2
SHA256 1fe035bdafe9570a947439b0c1485245bb74a37fa5e72aae5a5cf997733695d6
SHA512 935cf8248245bb4243e35649292b4d0a84925d21ebf2cf2dc07a8e594258f1f9e626507280fe1487b35b15e2422ba2803bfc5fc4dedbf5a6de1aaddaf2a77f65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\733a2ebc15407e86_0

MD5 8d9545a9d6ba11ebed86cd8557d33747
SHA1 a8aa3baf584c773d6952fd963f6ffb652688c91e
SHA256 6b483abafcae671edeb4818cb137b86269e2c359fd9cc24ba518b11b79017ab4
SHA512 56d27c5561e41a98287f992a980f39c3b37878a732e1a263b5d5cc003ce7e996f988a5eb1d31c1a0e17e7c2245bee780095a05ccd5159e972b88810a4c570f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

MD5 67253178e127779e3de3b23d86cb3ac7
SHA1 f765ffc03c73977c2c45e98c6914211cfa1eb9d2
SHA256 0788331bb66cd5ea96ed7a79e41fcd1969812b10db161c87700da84d3c696c9f
SHA512 60360a6212d745365d2886b86372bf28d2751c28da23d40638c585a465288f3c45a531fce2761c02484361f82dc1d9e43a93366ad7048f677a65568ebb1081dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 a587173b04a4704bfd66ecf27ac436e1
SHA1 604969e1611e414bdd402393b9e9ef4ef6c575d7
SHA256 a3dc688019e0635918a1bbbebcfa82ed6aba7f4d0a06dc602657b2f19e39bb51
SHA512 53c0cab8044b720e4fe51d23ff4773b81c8d381b4ad1ff3e22164e706dbd5c4d81d6bd855a287f26fbe46a2ada95e821b42968caf1a3734468e03beb2300662d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 9cf88c82558affb44f5780ef76f64878
SHA1 68f2f2780f64734e17cb4b61027f7e138b5daa64
SHA256 e39a20a3849d21d9a7615166a153fe8f58a9ecb69ed61732fb5ba0b83add03aa
SHA512 824b37d105dae37094a79e3c9354068f7dd96697280194c793bd193651050c9248f86f6af62a5365d74ba02c33553138ad77cf492f8c00697d02c07957ea10cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

MD5 ea0920befc66ac731f8e3901322e46e9
SHA1 36a06a0d23be782ed40a7f8f77723cc7bcd32be8
SHA256 a1eeebb244078e9945cf783cef2e3e3a5abfa38d75b1f6d8472866f91ee59c82
SHA512 7f28402592790f0a2aef9b514ef3c4740b967eae09edbbf61f023ac1cbddfe801d3470248ec201de0a1ab1215edfb38400f72a6ea857b91baa4224c2b5bd024c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 6ab23ac95032adddfd78c9aa6183fc1d
SHA1 4939bb5f4d570c04e7eb53d83561ba46d6fb7938
SHA256 b2f6ba7c4f3c0e96c44b3090448465867706055f0a6a06ccad7986599e21a982
SHA512 831e89779a7b407d396a615f4c8469e4d35ddf7457e39f7aca64f56313be8f2c331ff7cabfbdba84a8c68d4cce904b848b713f1910ffd7af59da64df93134231

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f17c39c41f196c25_0

MD5 d1b9eab755180f9907b7684ffaaaf9c3
SHA1 8d169c6eb1c60fb8ad730cc3c4d8d35f6fa8447f
SHA256 6b0b71b26cf78938c404b910be8a4e79539b5e7e9bdae2ce7d7c96e66c64ff2a
SHA512 151fc7298b78741c35e35dbee66ffdfead61b40bc2e46a97ba7cae62b4d3846fbecc663ef9d681a76df5dc81fb76ed11ae8b58d433fe6df729722dd00ad079e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 1d66ac2644985b323ffc258cfccb901b
SHA1 8c02de91817d33a6266411f42ba800d3a6aef708
SHA256 537c01433698bb9dab95a1c2266550ae6385e701081b6d6a058e878798d5406a
SHA512 8137b863648cbf13d49e6f38b138ea01c943721cad0458355064cf0f2433f07c6affce542e8a1af9b73f6b9d188c6c6723dbc2890bb8b01391d9bda56ee68a22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 e1f634c8d18b86ddb189339bc1a8aab6
SHA1 2341c8feaf5cb46e81f3b0e22677de20ef600b6b
SHA256 639ce48b41f870d57251dd6b26966e9c6e4c3ba1ef680670635460c00868eaa5
SHA512 cc5f81456015af28c87f9de123c0e4d272faa2d1afe063b853545dbdb613e18843f78c9b0e710da023d7138bf4221930c9eaaea46f46b7e13e656c1a419a718d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

MD5 76468bf33a75669da525e73a17374b9b
SHA1 79e875f8a7f026efc6d106b135291ed610ce4b35
SHA256 591ddf686a432f2d0a65d5d9b1956d8c48c934373dbf5767f437bdf1a22b0208
SHA512 dde1eeb44870a696769f787dd4ce4d170384d13e5a9c1f6239dca88252f5cbb19a46ad904915fa37814fc1d004ab49cbf741fecd3c58e4fc8914388c0018ab67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7305c0d3a394f0e7_0

MD5 272fae3a6bd854bad175dcdac625d41b
SHA1 9534cbf9201426650f97505798b30f5b7b676951
SHA256 ce5c289e747aa1fe9c6ebfb936712634f1593bd2f737e31c0103d165ea029850
SHA512 a592627a1f23e039039bf699e7af37fe6e1bc3edbd84ba2b7a2b949783c689b9b53c8527a044dbb47039cdc39265741497dfa15eceb8c4de46bf600fcc81f588

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dab535f08c81766_0

MD5 3ee1fe1de02121922e0c6c30500aa4fb
SHA1 716f37f9046f0c1733921f490d5f6819d40d79cd
SHA256 187c9dffe4baec9f9c026eb4145aee146dae6d198f65078a9ced0f0fa7b418a4
SHA512 130158620ac1f933cc8a8bddb308447c6ff1ac2197f344a529d41b4a646da91f2c738cad35ec90ec89bc0e375cec4663ae0eade82f236b473116723ea795bc34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dddb876bc6aafae3_0

MD5 a1b04a32a03fcf6152154dd0fb32021f
SHA1 373420d5f44bbe74d56b1e445afb0558479047c7
SHA256 ac429f866edbab7a9b137fab7b23aaf35d69cbeef46753bc4ac9b5cbc869dff9
SHA512 96069b5058723e3e9295cae9d1fe61ff79c4715724398fad8f251a6afa06594b9828be0851b1d6952ab3a76de6a84128542508ca1cc7d715f3e06ffb0257bfc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 e45e8de001abf8e403166949ad91db74
SHA1 937d781ca52fc1f459180961dc94b2aae191bd0d
SHA256 b680516e02f59a85c86989e21c819040d7848d48506e3d9cfe8dae4f8ae14d7f
SHA512 e2b43f3b023ac4d094e86ed64bc017419c86e598653c71a86b70befdfcc55f2581bf4ed7bb99e6d21c850ece9db8048a341c7a095acfc867608d9b1a66756d07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e28047daf6e77996_0

MD5 84375be8591c81250c67f8dca4c4a717
SHA1 a75d9c04376ca5687e517d715eb9bdd2f8923478
SHA256 89e6131877b4ba52a8771e3aee9c0d92b018698d46335879dbe10922bbfeb199
SHA512 808b06511b44fa9e9c4d19d04d229c261a3b765a4e81b4b1eab296b1679b1e274c84f5922c5cc430f23ea8acaffde523b2bb2b7552faa95ccb12ae451923a07e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd7e26346cc636fe_0

MD5 f57f448d7c226e493bfd979806d4a056
SHA1 ef8ccc90cb22dc4a9c8cabadcde7171ef06d0c0f
SHA256 25d517af0900ca13719aa2c64e5fa3c329cb2a1b37b0b97f0419d52d99b2f64e
SHA512 762be239e4df673231c13925267d46c31e5cc7bc6abfe3f7fbb90077f468297830d39107b5bdd3e09bb300c6e13a2ff54921d90d92c3ab01fa55cf1b480bf105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3632c9bf7c948c9d_0

MD5 1def316e4a27fd3d024eb87ca12ded2c
SHA1 b423ff908b9f6454e652eace878be1cfd3350c78
SHA256 84d44b43c843b337678eb68119b6f728a321cf1b12c3cb0864fc06f20f9547ac
SHA512 08ea28f7444540d520ae0455c60c9409ed43d45718467e1fefa63bb10d03402da36b4444ee0534535a938415541560f1c636a80963fe2472a9f14cd10353593d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

MD5 8e6220941102467394e8492added4146
SHA1 cfbbbee20061d9aa1aba9f10f145bd2f6dc022e1
SHA256 58972bada220f2661b83c0a45c1521ca3c0308362401eb068b8211afff34660b
SHA512 3dc86a28e4ddb015589c4db62bb446ed21b64ab781d4286a0999bbb87609efbef81bd09910d8f123e32b4cd0c07e9b06ebfe77f779fa1ab440dfb8997473cbc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7aa36b32bdcfc7ff_0

MD5 c7258eea1078b497bb8225e293216722
SHA1 38df4289c513c1623b3460a6796f976b0ca87bd8
SHA256 c07f6c241cffededef18079abcedfae9185fb1ea1df2b7aa9033ff252abd93ec
SHA512 078f568cd86a705a9b914fc4a424451af93ef6766986deee57fa8db2ae3a47b54b614160fbb5fa0454ca975a54dba305443ebe3dc84d551fbed3ffc80c2e4003

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

MD5 3caa0a92c4ee912f94980f914ebf62d2
SHA1 c0c0e190fe2bb5491e2d687b3087af92d3a79505
SHA256 6eab9da95899ec906e4a44c8bc9861788cfbd38a6029c8fd3bfe2c370aeb45d0
SHA512 5bbaba0f2b13e980639ceed34d7023b5ef4bf4e823356680648555d847e00867560f6c876339dde0cfb2004b61cbf9ecf2f040c1970ed0a0f0ff6f39ef968d61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d2cd5d8a570bfe1_0

MD5 ddc594fd6a75cab4e0a09ad130d80dd6
SHA1 e444c5fc426a792b640a2196d7ccb5f3f79889b5
SHA256 53c528de36d276bee710972e103416baf18be41ecd41cd9ca3946f7881966ef4
SHA512 2da6892fad5d4716f41e36a2636404a3ddc4cab2dc3db8d65cae3c1d9d7dc24fb363caae5dec8814ed043e6269c7ad803df0f20c3b0dfc874e5dbc7471c8e26b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 751b1eec27a7203267d3c953cf4a02b9
SHA1 37bfbdc9d9ae978f385779e7953124134bccdfd8
SHA256 3fa81d83967471dcc8dc3e8cc777cb60e83676c5114c8612fe4058a03a4395ac
SHA512 fc7c4dc2ccf3dbe9917e7958891765a8304aed6473b6848e6c4a1e4953060cf9a858cc06d90034cb737cb14c7d39929b5d22c8a4122e17d7e5812dacff6d35cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 c73a48630ad40b32bea02db73a6e694e
SHA1 dea60b5326671a02c67a5bed52183306459f898b
SHA256 0b7afa44052629f35d2177ccea19d2f66aac9312497f0278598e1ae9457ee642
SHA512 74a265b1df0d6176c16da03d311a13d0febd120d81013a9a896d32d958b1bcc0c14c77d65473209d95d016cc772147c381ff2d9594bd3e15c327228fc17fa554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 64d80cf73a378cb816ad650b1fec72b6
SHA1 6acd34b182abe0414e36a38a71ff54c40e007dd4
SHA256 269cc78c8f37b71616482021d3b37beacc1fda82f42a926c16f60ad43f2c736b
SHA512 14159a82457e2a12a871ecf84cd48a74f2c4671b41cfb82ad26f896aa0d878bdc486ff03e6194442f3109b0e9b91f07ff1681479da61b80ea14b47c89dbf4367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 f1bb1a53f823f06c4c165e161b47e3ac
SHA1 03c8f93a26014e27a5b25ca263a9680b5a5cb1d9
SHA256 f31529368e06a00c192485754bdcb2079587c5044019cf71f652f5918d3cb777
SHA512 f4f3479b510d010c19c2927467f9f4ce72115a2b7bbcbfd9ce4d5ec0bc0d1adc8bf25d1edc83803534b279ecb8a579241cc3ed533809a8f7ded1a6b74c217564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0

MD5 6650ee10f9e19cb6531d19752676e6f2
SHA1 084de38f5fce36a8852e7c462f714f9d360d9085
SHA256 cc82ae2d13d0105127618a541a939f407fae0b8a1b64ffb59ee03156d10d3213
SHA512 2f3506e641d5b986b5ccc7b02d6de170d3d3350f911d1e6df4fe468b4ae48e142f61091cdf759c865331e3ee1f61ba9c3cb096a36fb8869a4eea4eb5bba74e7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75ffcd5862ddad45_0

MD5 b39c7debaa221aba4726d9e91851a8c4
SHA1 bd1f9901b07de751a0181d679894d941eaa1ad7c
SHA256 4470906290033a220f937f6f13649a120f3c0f846b3985d937c447481763ce4f
SHA512 0d192bb00261ba4202bf46f6ba35e514216c06b79b461e2ebb27ecb1e146846b75eecbb29cd14be509b4c033f127b5f43ea2af40c01154d25d5a6f1abfa1a31b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 881308ae8086d3d1fac02925d45656d5
SHA1 d06e6f5b0c4abead5d6b45f73238083c56a617f9
SHA256 ba5493da28193c55c550c7a151a2ca210da61514940dd3991e6ffe271adf01b1
SHA512 5c5c42ac76c9ba2f13751981e8d760eb8fd75cd9930684b05fd64a054116e384a4a228446abe02a960fe715e0dcbfe0976d90597d4da3ca4ff6878936ead3cd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edf801781e463cb1_0

MD5 a2f90fec5513cb503d75f09309594d4c
SHA1 bebe5243a8926a8ef6bb83e2c83e418b48ab0106
SHA256 32d4a7f4b1472bce1be0fa3ce27124746ce70611217a591b785cc14edff88878
SHA512 4d1fa4f415ef7b8635c3ad1d0bef69eb3394f04afc148350bc71dd23054201d63bb25184f0d7a5a4a0c62c2fcde668e594a323aa5ca618c7054112c122c2be69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

MD5 fe314e87f4100a3c349e761cea90f9c0
SHA1 d441ae5bf890fdb366a7fdb1300e9722c3212b1f
SHA256 32040438cd5c58286f7a35ca3e984c76b2c6862d491a5e78898100955497f6e3
SHA512 1f68a2ab97971f24cc300b31b25b36d5fc6c515b63e22cd25d21f4fe2a3adde8dbe8a746b6000bd389f23fb0729789060b6276455e969183cfbd9ae1c40a78e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

MD5 839d8acb1dd0a484efd0d035c0060533
SHA1 76023759d6b90f366259368d0155257337b2b0ac
SHA256 4c2900020afa9485d1aab7e64674e9d29580a4995c4a3f317176385bbd2afd00
SHA512 486d2a0060bd275f660c462cab09ddff7ef4bce32ad3752e2e9009e034637cf9a7bfd024559fdbc3bf254c183d32e32cd82fea1efc2e13b690e162b94b9850a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

MD5 d023c6711705ea667d721ec30313d5b5
SHA1 4079eb4a6e742164530e3680d67be349baa24087
SHA256 81fe61f659408a686ed4782647b78f0ba4a4f45639701c043519c1e0870d71a8
SHA512 60043cc3a96edc9b4e1b5a47b575285b0d997bc4aacbba1b644a74acc39f2ee51ee524b04629f017fc331d1d81a27a7498fbd655b3d93ecd52e4c6a27b1e5d73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ce6240506261827_0

MD5 dfde6388d0328da94dd6f8c89bc37c79
SHA1 af7b0ce8ed3e177bf2ea3f857d8b9947a7174109
SHA256 e6ebf9c532031f5be32e590e69b86f24428261d51cdfe4d862a711c4a5ff601f
SHA512 2900db36424dfceb869add14ed8df6e96445177695b6f938292db22b5589d7c00e2fdd7cf9b277607dd458695064e70f4e80e70c2d0515ca047ab900ec827729

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62f20db8aae8f96d_0

MD5 dea3df986b5cbb92145e50edad370ce6
SHA1 6945c870a98fff1e5e7515610480547033456e32
SHA256 6f5ce9f6b773d93c2880bdcdc55bee6d1b8ceb6018d46d6b1ad4e7d0c22eee0e
SHA512 5533e34486011fd1877936818fd76c08028762ef9faee3e0b78168e2a161f35b1a0fad60084349369f750a7041485a5a93511ec137e3a3417c41abeb68f22d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0

MD5 8a8e0ab99008707ed3ed811b2264848e
SHA1 b1bb25247f7c9514bd33fcd017c2a2c0400bfd8e
SHA256 370331ab18060c7f92d2058e5cb0d2babdb9b5acc74e2ee22b900f67bd00f072
SHA512 eb41f4bba6c456f08745a413dbf887a92534d465ba27236f1caf6f4c7cf81e73af1cc897113f00742944bd7335c6fb1115ad12182f315f43745923c0551a31fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\33f0991b0c05bbe0_0

MD5 6cf470dd6b8c8e7d8e12ef6b5ea8196a
SHA1 84d98311b8f1921a0152fb64ff9c27a8648b547f
SHA256 869ed5a657a7c52cb941db4e22e67b16358ff86fd65a12beb7e6f6781c55cb9e
SHA512 0ef911b15c79564df0e1f5c83ee9cefd2c675337ed45cf61e4d9af369287cd1c483abe14c7cc351283ec7d7ccfd95d4f644de549f6c267dcb7e7cc5ce15446aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfecdb17649723b4_0

MD5 44d9678f3d8f97c8cd6807f6203363bf
SHA1 65bf4e6a775f1563aec185393cf14ad6fe2bc707
SHA256 69df9c17c4911e802c4625a3101871f90432302808ad1147667b8d4879b6809b
SHA512 7df5154ffd7eb17284dd3299ce13282a41dcb2792e8b4c456e870f2e9c3182c8497230f86366b169b1de32c94e9d7f4acde0c97000d668e25d1819863d6d251c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 1ea99af4682dde1bed580c8b9e441f69
SHA1 cb151f2c9b9be09de218a19339f93ec22968a4ab
SHA256 2a640593488063bf55ca832d6ea576619ed0516f9ad1a864fad23429eabaddea
SHA512 df591ec6fd66aa8a295fa807c9632bc2dceb7c99d088daff6dc0f578004340699c217355802215645720a7c3bb03e36b721caa63493bd16458e6b07b3a535b3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 fbdc7afce02215410f0abce92debb52a
SHA1 7b9849a26510c911055d78efa315f70c83bd3283
SHA256 60f7d86af1c38360591f9dd51cf54f97862d5703235f371c35cbfefa6475ba02
SHA512 9bdf4ca571f5ec817f4b97cff436879805cb82724e17e7f9635868a8a4ef90bdf5334713555f51eb62e5eecf0c610f99f47aa918a1e08eb4525390b6df6ffe35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6ad28a084c2cd20_0

MD5 81c51e184d7378bfa317d2f636343890
SHA1 e33f9f06276d9710a874d655474fd08b9a67cc63
SHA256 a647112086c9e1d661c66566bcb1a5821795ed46c53310d67938de6942028f5a
SHA512 b06b71ef38a005c9f84f6f8093ded25a7c3cc1b5a41050c817645df4153d09b7e5b722b4ca6d71bb30adfabd58a533ec92221d85a4658ba5ddcd95e639451491

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d86829ee97a8a592_0

MD5 615350ec0cd06747ead0d843933e7e06
SHA1 6cffb857c94c6cbca19146516a6ed85c8bb822d7
SHA256 cddf073b038e431ead1d93122b848585a8cd3e88b487c55003c45dc20ca04cb6
SHA512 ca8a95d8b8e3597b44576a3be4f24c1fcc4c86f7626c5d28beebc4ca321e9fe9a8f9dc99589ca1aa15e02d8cae256f812214756e7aee5e86462a83e3975c149d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 8e91fb317fed760ad3f0052863f01f6b
SHA1 c8e9bbb4560013b3b6cd7eda1f12e51322a60ae1
SHA256 69fa4b9cd33ad1eff2fe76fb6d22286c25f2a67464b99f369b4d8018abcc8631
SHA512 be70af3cc8aee4b6931232fb61fa495b0cc8d5ae8d4c2782884e6134f72be5363d00ae3b4430a10195489a9995b06b84ed90c1bdf90c9dce7376c2b6d983d468

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1815fb99bc740856_0

MD5 09c2ffe1ffcf5e7756d7b84906d0b911
SHA1 709d32a8eb390bbf6aac6005e904753b4b0308d3
SHA256 c230335fca8209d11e1608baac7e1f36d01999ca380f1969f57a34d538ebd650
SHA512 dd86e30e1d6910d780c550b6fb6f66f4dbada3c80783b66e7e54848be6e8f7a9dfafc89b9281011322ffc047c8aedc6c729822094f476afa67620f598c0186d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

MD5 6010d3696b1762522787b77a3c956cda
SHA1 df033469a0c7d44535871fa301dec0f24cfa496c
SHA256 b3d857081551c5e5e953ba0a25fb640f03351a271e67f84a16e9eb52adf51401
SHA512 50b400f29a3721f2fc5724253942fe8bc576e48926b30f5a31a9244c5e25250d938ed5add448a02cece110e50bb107aa5c8b22b1d70bbc505a0061ed7fea1c67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d700e0dae9d4f8c9_0

MD5 1976608cc820fdee26155e3d9f71361c
SHA1 eb5218fb0845aa88008633c687c6a6dd50520014
SHA256 1527fa905489fd150e7354728b403bcc2cb81f45cc8007a34151f3e9d94e5207
SHA512 e23e8568ad606fb6c4862b827b577701fdc74a28c3bb1eb28ac438da3e5bf1d923d3c9cca1bfa461eb39c216b21cfb4566e7657a542d4469262ee79f900b0cf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

MD5 c8b3176e185e5bc0d53cb6df2ba70d6e
SHA1 5f596238f55c48e85107f6815fd16f6b528b0575
SHA256 7a8f9b44fea860dc471ac4884f1e858110d59d40f14bb8b3786452488aaa1b85
SHA512 e4324d4c80cd1eaddbbb4e572ac5b217debd5eb6890a4b6ac29c5b66ee2936e44c8cef139760e48c8a7b4d4e8f0b799b8e7170bf3794094507195bc3b620f960

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82365cd2a8fffbd3_0

MD5 7a1cb5e3aa834905d98cccbb297aa802
SHA1 c7990f0e497afbff8da55205f6d6802f4cda0c0c
SHA256 fe6f967f5cfb6f0f424bcd6846fa363b8704da4e912db406b4725500a100fe3d
SHA512 67b97ddefaed55383be498164f761328fc913565be51ca47db2f6d0daa9f1a8dd38df7e0fca5a4ca4e9c0c54f6e58b4f797b88398cd11c7e1edd700c1a91707a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da1be081e56403ce_0

MD5 a9f8cd90d68cc44f8a8616d3e3415fd1
SHA1 1157e1a1f9e1e8696af2112db6bec1c0a3657a20
SHA256 2c14e9f99459f598c27fce4de25a1b9cc9831e1b38aa2d6eeb952bcc87e584f0
SHA512 5f095f5cdf2e0ebdc966743c48d3f0e58967763cb6cb566fec40b3112151b4d61b53d28d19fde1422909cf45c8c0ceb8f86469d4ab02d4fcf9cd2923256abc4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

MD5 a8f10b9e046d853304ed64395f9f3384
SHA1 b0bf4782504d4b13e3cb8800189db79bc68aa241
SHA256 e01cc45735703012e2556ad02c1cbd0befba940ba52b2b208282de620961a095
SHA512 453542781b756b4609e93f8128bbcab99671c94db134477e9fddae553eed20c9619c4a275ede7ea9382ca7932080cd2c3fc48a646d372f31ee9c9b59e110f485

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 8de8d2742964560fc9799f298d0c4e1a
SHA1 6a3556494e810fdbde1c7730246fdffa685b8359
SHA256 788679ea9aa64a12d3163a0fe8b9bb91136fbc3ba24c90bd586fd50f959fcfe6
SHA512 8cce04c50975e3142130a422ee03d4fd87db93f6437d02452fa9c78da15b931482a41284b9dc2cec478f8c8dab684d03b8b715299ebd0d96cde4338409111f62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5231410e3ed5d010cc544c235b7806d
SHA1 1065d42bf07d68a83d5dfaa6defd69978b317ae5
SHA256 fc65667bfaea004d9b9bff77de5a7ed1e7bffc9fb406b7fb6f2777659747e88c
SHA512 cc287320551bd98af6646b818e38402d274f889bd97a23a9d0f54dbc83e869b89376432fa2db75d65e964955d209d31906eba68b6c92944a329ef9682ce71174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd8a51eebb9abee702345757d7e17911
SHA1 2a61592fb4e82b50d0915937116bf805caab7a4e
SHA256 80336f57e1b1cf344cd35084b34d89371839cd9d091051b37ea843326348243f
SHA512 978b035022012a1e57768712af5fa62483dda1b089b1cae1b039bb3556cfcf88ed5f3ee5be12446794c66f6eac716f3d86aeb4ffbacc2a1253a824a79fb8fd4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d77b1a62f2346cd2517e64ad8252dc9a
SHA1 e2fd4bbf3807982114c4248f0008769cdfd78470
SHA256 b1987f3bd398c6d1f207d75976416f98b3465996a5122ce2e61d14bbc0eb0720
SHA512 ac3f112958d1dd1bb87dfca200c5fbb0c7e5206db6cc6d498ddc9ed821ef61b09a0a5591ad646bde9dab9f143bcfd2c79673f05c0479833246810fe227270593

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5be1c88c17c9dbbe_0

MD5 7387f95c253ddfbe74f4d757934a1184
SHA1 f9aa07232be7e18b3abc033bdd7d53e58b269bbb
SHA256 d2067941b9e3d0b8e1227a4a2b61fdcb0a8b87738615b60e1830bac64473de57
SHA512 b9ed793955a63ac34ab4e8ccb53a8dc418430b017e4b9dfff92ca908e3f0fbafb29a7d91e557f510b824ef7cecff46d9ccb64f6ddde1a6e18965f0799bd68af1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\75ff3d95-cac9-4d66-9342-df5741a79d2c.tmp

MD5 46ba16fdced9e5391d82d8adb6a47f08
SHA1 345032bac82c51b739e36d53adcd58f6da6d66a3
SHA256 4f5a694358fed437328471096aa984d088f6e4ec6cc2e669d3039bb7ca50f749
SHA512 bf3a5cfd06802c63c1bf907ded2a4bfe0808103a9906924653caef529f894be7926de4ed9cac9c978fe88f292da9bb799a97457cbd85951b71c258001b4cf723

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43a2987c79a6eaaa63ad36abd5c8a54e
SHA1 cdf29a82d39e16333f1860208ca3c8ee6d86b97a
SHA256 946aec8db016688ae95ba94d0d319b75aec337f3ff6c80f42604be96acc594dc
SHA512 176bdc5f8aa59295a5cbbe5dffef4f53c3888a7d0a744270bf2c34d054af70574fd17046b645bcefa5637a1e321981a77c270c80f2946380dfad47286a612470

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc9e1fd4409420f7_0

MD5 aeba76198b3a46ad51f8de0c6d897937
SHA1 5b66844b0a5356adb7f0dd8a58fe594d05a9dcd4
SHA256 a1dfe00d9f40a5ba3782a9b804e5a2c6cfe094431f5c7b90ba566b7c83dbb8fe
SHA512 89e8ed4365355832eb26b146f1417910d250f8c1b0e7fd4350290ce537fc106252d1791e1bfe601a5401bf24635a10dfeae1d1089fe58b5ba06ff28127fd8cd5

C:\Users\Admin\Downloads\Unconfirmed 489535.crdownload

MD5 fa34de0a683eaac577465805b9c608f7
SHA1 97e8aac39f57e1cc072ed5e1917453e659f7b375
SHA256 966a9be6f6235887c533e14093673d7a7fd857536cd243a3f1193be1ab42c99a
SHA512 85497fafdc5f5a089f55a7fe057a7496aac7a941c8e4102dd1cc245cf98b58cf84c5de272bd8ed546e735214d54b7f083ee5db9d9e5928a56eafcfcba4f33135

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a0e3032e29879126f22d805d033f6bb
SHA1 2ccdfd91c0055398919b07b0d46ecd028874de9a
SHA256 2d13da478507e3741926b7605ce5ac32264766c90f7a25af8b91924de871eee6
SHA512 2a1c4b452fcb58085fb1fab692edf1258e020b708aad97818dd899afaa55a10fd9df2ab341460ba58d4e36038798e4e1b87aa78c94bdf5e9021dd61cc7caed43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9761110e2a8fb859bce031506781ce37
SHA1 393350309945a9b6fd643af9c8563c213808f911
SHA256 5b9a7022e3851af74876cfe1d4726787aa4d6e2df2664ba964ebd70dd5d9f6a8
SHA512 3c90f4abae191e65fdd94fe078bf0471839ff6dc64fa9e4029f4ed469cd53e4a30fae41f4c2483554ea23f3a25852b6a51bc21f8581c0b156f7e6f21e89f6013

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 deaafb8df32eb63d405573d24f4b5caa
SHA1 a1e0590dbc08f7fcfbdc591c75817af138edff9e
SHA256 1250ed22bccf747c2582153e556c0ecd8812320d9e279274cdd897bdb3b5885f
SHA512 80602adaee184d375ea75b55fe9a5b7de66d39023fe91998dbfd88c2afdd6692eeddbebcc06685e4fb41102d91961c27884ef108fdc6f368fdf1001e47ed594b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c792cb19e57c3ee8d2c90834a6a5bd1
SHA1 9a34391b34786902c3b48938df50d6a46ce59f17
SHA256 bc94bdb594eab8ae0106ddf8aa657c58a0cc3041566178c3186abba03363aadf
SHA512 ff730655324cea815730da6719d611e05c21d3f805ca5618d0085d310344859b57b0867fa53de01a20bccf04308ebd2a32796fa91d358425a77ab95f152ca6d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fbb0179aab1bc7d41bfac816ad8e2d53
SHA1 1e14f7946a831d5d6272edb02b97d6856941375f
SHA256 e6ec828d219de79561bbd50cc08934768469ccff47c81b0ef2da2f62aaab828d
SHA512 24d49db874dbd6ab62565ea85667fbd7664ced6a16894b47101e939c6f89cf040bff6aab09c93c0ac4f0fb39e85b7b789bf090263aa3ed26f3dc188a4a0fdd44

memory/2464-2078-0x0000000000010000-0x0000000000036000-memory.dmp

memory/2464-2077-0x0000000075270000-0x0000000075A20000-memory.dmp

memory/2464-2079-0x00000000049E0000-0x0000000004A7C000-memory.dmp

memory/2464-2080-0x0000000005030000-0x00000000055D4000-memory.dmp

memory/2464-2081-0x0000000004B20000-0x0000000004BB2000-memory.dmp

memory/2464-2082-0x0000000004990000-0x00000000049A0000-memory.dmp

memory/2464-2083-0x0000000004AA0000-0x0000000004AAA000-memory.dmp

memory/2464-2084-0x0000000004BC0000-0x0000000004C16000-memory.dmp

memory/2464-2085-0x0000000004990000-0x00000000049A0000-memory.dmp

memory/4636-2086-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2087-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2088-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2092-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2093-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2094-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2095-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2096-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2097-0x000001A974340000-0x000001A974341000-memory.dmp

memory/4636-2098-0x000001A974340000-0x000001A974341000-memory.dmp

memory/2464-2099-0x0000000075270000-0x0000000075A20000-memory.dmp

C:\Users\Admin\Downloads\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/1380-2141-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Downloads\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Downloads\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Downloads\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Downloads\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Downloads\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Downloads\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Downloads\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\Downloads\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Downloads\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Downloads\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Downloads\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Downloads\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Downloads\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Downloads\c.wnry

MD5 93f33b83f1f263e2419006d6026e7bc1
SHA1 1a4b36c56430a56af2e0ecabd754bf00067ce488
SHA256 ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4
SHA512 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

C:\Users\Admin\Downloads\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\@[email protected]

MD5 7e6b6da7c61fcb66f3f30166871def5b
SHA1 00f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA256 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512 e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5 5804c3723ed46c39d1d0fc034919a249
SHA1 0e97fd52132464a546d5969f6db561aff5426677
SHA256 361c53c7f74be8779319d13fe15781137aa449411031a4ead0143d82cf682b07
SHA512 eddfe9ec792ae90539a1475099aba11baf2326f0c90176285d584c7215fa90f28e662376518fd6bf9c340250f9cbf0f03423fab23d4c6b09331f8f05d5b42673

C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

MD5 6c89db70aba870e1ec3fa6cb2631317b
SHA1 cc955be39c4331d1bca9f52058c535b2bf7b30d7
SHA256 2651a194ba0a164c07f512837e9d7e33ae556c926bd709c93e901f260ffb9988
SHA512 cb67e2e50a299e5a5e2cf17b2b19f69d0a7bd39e6742f6bc936bfb434c9a46facbb039a147a9da8d785936fd0fd78648ab9b3c1bcad918e712fc30164f5d6669

memory/4348-3500-0x00000000745C0000-0x0000000074642000-memory.dmp

memory/4348-3501-0x00000000742C0000-0x00000000744DC000-memory.dmp

memory/4348-3502-0x00000000745C0000-0x0000000074642000-memory.dmp

memory/4348-3503-0x0000000074510000-0x0000000074592000-memory.dmp

memory/4348-3504-0x00000000742C0000-0x00000000744DC000-memory.dmp

memory/4348-3506-0x0000000074510000-0x0000000074592000-memory.dmp

memory/4348-3505-0x00000000744E0000-0x0000000074502000-memory.dmp

memory/4348-3508-0x00000000744E0000-0x0000000074502000-memory.dmp

memory/4348-3507-0x00000000000C0000-0x00000000003BE000-memory.dmp

memory/4348-3519-0x00000000000C0000-0x00000000003BE000-memory.dmp

memory/4348-3520-0x00000000745A0000-0x00000000745BC000-memory.dmp

memory/4348-3521-0x00000000745C0000-0x0000000074642000-memory.dmp

memory/4348-3523-0x00000000742C0000-0x00000000744DC000-memory.dmp

memory/4348-3524-0x0000000074510000-0x0000000074592000-memory.dmp

memory/4348-3525-0x0000000074240000-0x00000000742B7000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 106aed702121b68d8f5b46380b98ca36
SHA1 aee0ea0365044853f40bf404f677cb025810df43
SHA256 78e69ed97547a6fe54b5ff4f85ed9d45759d8db740bd1b3ec220b6025990180b
SHA512 08bcc6a89136590eb42ed992a6d624f9c0027fd4d9c6ba1bfcdd5084c2b611629dc0d50e8e8f8cf11bb1393591ad9758e74da035edbe5194d6feeb4a38318fff

memory/4348-3544-0x00000000000C0000-0x00000000003BE000-memory.dmp

memory/4348-3551-0x00000000000C0000-0x00000000003BE000-memory.dmp

memory/4348-3562-0x00000000000C0000-0x00000000003BE000-memory.dmp

memory/4348-3566-0x00000000742C0000-0x00000000744DC000-memory.dmp