Malware Analysis Report

2024-09-22 12:30

Sample ID 240424-1jqxhaaa91
Target http://cardslive.org/ef058d4
Tags
troldesh discovery evasion persistence ransomware trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://cardslive.org/ef058d4 was found to be: Known bad.

Malicious Activity Summary

troldesh discovery evasion persistence ransomware trojan upx

Troldesh, Shade, Encoder.858

Deletes shadow copies

Renames multiple (60) files with added filename extension

Disables Task Manager via registry modification

Downloads MZ/PE file

UPX packed file

Registers COM server for autorun

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops desktop.ini file(s)

Adds Run key to start application

Looks up external IP address via web service

Checks system information in the registry

Sets desktop wallpaper using registry

Program crash

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Modifies registry class

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Opens file in notepad (likely ransom note)

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-04-24 21:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-24 21:41

Reported

2024-04-24 21:56

Platform

win11-20240412-en

Max time kernel

891s

Max time network

893s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cardslive.org/ef058d4

Signatures

Troldesh, Shade, Encoder.858

ransomware trojan troldesh

Deletes shadow copies

ransomware

Renames multiple (60) files with added filename extension

ransomware

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /autoplay" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\$uckyLocker (2).exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\$uckyLocker (2).exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\$uckyLocker (2).exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\Rokku (1).exe

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\odopen\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /url:\"%1\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ = "ISetSelectiveSyncInformationCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\INTERFACE\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\INTERFACE\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\0\win32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\CLSID\ = "{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\odopen C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{0f872661-c863-47a4-863f-c065c182858a} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\ = "IGetSpaceUsedCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\FLAGS C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ = "IContentProvider" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\INTERFACE\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ = "ILoginCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ = "IGetSyncStatusCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\odopen\DefaultIcon C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\FileSyncClient.FileSyncClient\CLSID\ = "{7B37E4E2-C62F-4914-9620-8FB5062718CC}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{F904F88C-E60D-4327-9FA2-865AD075B400}\1.0\FLAGS\ = "0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\\1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ = "IDeviceHeroShotCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ = "ISyncItemPathCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\ = "FileSyncClient AutoPlayHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "PSFactoryBuffer" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 202471.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 902736.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 585075.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 877026.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Rokku (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 76063.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 806333.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 290315.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\$uckyLocker (2).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 299317.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2380 wrote to memory of 1420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 1420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cardslive.org/ef058d4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd83a73cb8,0x7ffd83a73cc8,0x7ffd83a73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 /prefetch:8

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8

C:\Users\Admin\Downloads\$uckyLocker (2).exe

"C:\Users\Admin\Downloads\$uckyLocker (2).exe"

C:\Users\Admin\Downloads\$uckyLocker (2).exe

"C:\Users\Admin\Downloads\$uckyLocker (2).exe"

C:\Users\Admin\Downloads\$uckyLocker (2).exe

"C:\Users\Admin\Downloads\$uckyLocker (2).exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

/updateInstalled /background

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8

C:\Users\Admin\Downloads\Rokku (1).exe

"C:\Users\Admin\Downloads\Rokku (1).exe"

C:\Windows\SysWOW64\wbem\WMIC.exe

"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive

C:\Windows\SysWOW64\reg.exe

"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\services\VSS" /v Start /t REG_DWORD /d 4 /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\System32\reg.exe" add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" stop vss

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" stop swprv

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" stop srservice

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop vss

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop swprv

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop srservice

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Users\Admin\Downloads\Rokku (1).exe

"C:\Users\Admin\Downloads\Rokku (1).exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5504 -ip 5504

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 560

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\README_HOW_TO_UNLOCK.TXT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 cardslive.org udp
MD 176.123.0.83:80 cardslive.org tcp
MD 176.123.0.83:80 cardslive.org tcp
NL 45.141.59.166:443 cards2024.org tcp
NL 45.141.59.166:443 cards2024.org tcp
N/A 224.0.0.251:5353 udp
NL 45.141.59.166:443 cards2024.org tcp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 151.101.2.217:443 browser.sentry-cdn.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d1mikxzr3lp4va.cloudfront.net udp
US 8.8.8.8:53 d2lmlpk6xgu7kg.cloudfront.net udp
GB 142.250.200.10:443 ajax.googleapis.com tcp
GB 13.224.246.207:443 d1mikxzr3lp4va.cloudfront.net tcp
GB 108.156.32.137:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 108.156.32.137:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 108.156.32.137:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 108.156.32.137:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 108.156.32.137:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 108.156.32.137:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 18.244.183.146:443 d2yz7ddtwusn60.cloudfront.net tcp
GB 18.244.183.146:443 d2yz7ddtwusn60.cloudfront.net tcp
NL 45.141.59.166:443 cards2024.org udp
US 34.120.195.249:443 o425163.ingest.sentry.io tcp
US 34.120.195.249:443 o425163.ingest.sentry.io tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
GB 23.73.138.194:443 aefd.nelreports.net tcp
GB 23.73.138.194:443 aefd.nelreports.net tcp
GB 23.73.138.194:443 aefd.nelreports.net udp
US 8.8.8.8:53 linkvertise.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.67.69.167:443 linkvertise.com tcp
US 172.67.69.167:443 linkvertise.com tcp
US 2.18.190.141:80 apps.identrust.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 p.typekit.net udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 js.chargebee.com udp
US 8.8.8.8:53 maxst.icons8.com udp
IT 95.110.206.108:443 cdn.exmarketplace.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
NL 104.97.14.227:443 p.typekit.net tcp
GB 18.244.179.83:443 js.chargebee.com tcp
NL 104.97.15.50:443 use.typekit.net tcp
GB 195.181.164.15:443 maxst.icons8.com tcp
BE 23.55.96.24:443 contextual.media.net tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 172.67.74.152:443 api.ipify.org tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.26.15.247:443 publisher.linkvertise.com tcp
US 104.26.15.247:443 publisher.linkvertise.com tcp
US 104.26.15.247:443 publisher.linkvertise.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 247.15.26.104.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
US 13.107.5.80:443 api.bing.com tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
GB 216.58.204.68:443 www.google.com tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.2.36:443 imagedelivery.net tcp
US 104.18.2.36:443 imagedelivery.net tcp
US 104.18.2.36:443 imagedelivery.net tcp
US 104.18.2.36:443 imagedelivery.net tcp
US 104.18.2.36:443 imagedelivery.net tcp
US 104.18.2.36:443 imagedelivery.net tcp
GB 172.217.169.46:443 img.youtube.com tcp
GB 172.217.169.46:443 img.youtube.com tcp
GB 172.217.169.46:443 img.youtube.com tcp
GB 172.217.169.46:443 img.youtube.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
IE 68.219.88.97:443 c.clarity.ms tcp
GB 18.245.143.4:443 linkvertise.chargebeestaticv2.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 104.18.124.91:443 api2.hcaptcha.com tcp
US 204.79.197.237:443 c.bing.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
NL 104.97.15.50:443 use.typekit.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 216.58.204.68:443 www.google.com tcp
US 34.120.195.249:443 o1051356.ingest.sentry.io udp
NL 23.62.61.155:443 r.bing.com tcp
US 151.101.1.140:443 www.reddit.com tcp
US 151.101.1.140:443 www.reddit.com tcp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.redditstatic.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 w3-reporting.reddit.com udp
US 8.8.8.8:53 styles.redditmedia.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 151.101.1.140:443 external-preview.redd.it tcp
US 151.101.1.140:443 external-preview.redd.it tcp
US 151.101.1.140:443 external-preview.redd.it tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 151.101.1.140:443 external-preview.redd.it tcp
US 151.101.1.140:443 external-preview.redd.it tcp
GB 216.58.204.68:443 www.google.com tcp
US 151.101.1.140:443 external-preview.redd.it tcp
US 151.101.1.140:443 external-preview.redd.it tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 alb.reddit.com udp
LU 185.194.93.128:443 www.misp-project.org tcp
LU 185.194.93.128:443 www.misp-project.org tcp
LU 185.194.93.128:443 www.misp-project.org tcp
LU 185.194.93.128:443 www.misp-project.org tcp
LU 185.194.93.128:443 www.misp-project.org tcp
LU 185.194.93.128:443 www.misp-project.org tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.130.137:443 code.jquery.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 128.93.194.185.in-addr.arpa udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 152.27.21.104.in-addr.arpa udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
CN 182.126.166.252:54327 tcp
NL 23.62.61.129:443 th.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
US 8.8.8.8:53 41.114.254.66.in-addr.arpa udp
GB 64.210.156.20:443 ei.phncdn.com tcp
GB 64.210.156.20:443 ei.phncdn.com tcp
GB 64.210.156.20:443 ei.phncdn.com tcp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
US 104.17.246.203:443 unpkg.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 64.210.156.23:443 ss.phncdn.com tcp
US 8.8.8.8:53 eg-cdn.trafficjunky.net udp
US 8.8.8.8:53 ht-cdn.trafficjunky.net udp
PL 93.184.223.43:443 eg-cdn.trafficjunky.net tcp
US 8.8.8.8:53 17.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 203.246.17.104.in-addr.arpa udp
PL 93.184.223.43:443 eg-cdn.trafficjunky.net tcp
GB 172.217.169.91:443 storage.googleapis.com tcp
GB 142.250.187.195:443 www.google.co.uk tcp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 track.link-tds.com udp
DE 35.156.152.207:443 track.link-tds.com tcp
US 8.8.8.8:53 t.opt-tds.com udp
DE 3.120.62.154:443 t.opt-tds.com tcp
DE 3.120.62.154:443 t.opt-tds.com tcp
US 104.21.87.214:443 hushhush-flirtzone8.com tcp
US 8.8.8.8:53 154.62.120.3.in-addr.arpa udp
US 8.8.8.8:53 214.87.21.104.in-addr.arpa udp
BE 64.233.184.155:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.187.195:443 www.google.co.uk udp
GB 216.58.204.68:443 www.google.com udp
GB 64.210.156.20:443 ew.phncdn.com tcp
DE 35.156.152.207:443 track.link-tds.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 s.opoxv.com udp
US 8.8.8.8:53 s.magsrv.com udp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.pemsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 246.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 247.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 8.195.45.139.in-addr.arpa udp
US 8.8.8.8:53 248.229.211.95.in-addr.arpa udp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 s.zlink3.com udp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
US 151.101.1.44:443 trc.taboola.com tcp
US 66.254.114.154:443 ads.trafficjunky.net tcp
DE 78.46.40.103:443 tsyndicate.com tcp
US 151.101.1.44:443 trc.taboola.com tcp
US 66.254.114.154:443 ads.trafficjunky.net tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.248:443 s.pemsrv.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.246:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
NL 95.211.229.247:443 s.zlink3.com tcp
US 35.244.130.28:443 www.qpow89xji.com tcp
US 172.67.192.139:443 www.datingunlimitedtoday.com tcp
US 172.67.192.139:443 www.datingunlimitedtoday.com tcp
GB 18.245.162.27:443 d2rv3np9wrkgl5.cloudfront.net tcp
GB 18.245.162.27:443 d2rv3np9wrkgl5.cloudfront.net tcp
GB 18.245.162.27:443 d2rv3np9wrkgl5.cloudfront.net tcp
GB 18.245.162.27:443 d2rv3np9wrkgl5.cloudfront.net tcp
GB 18.245.162.27:443 d2rv3np9wrkgl5.cloudfront.net tcp
GB 18.245.162.27:443 d2rv3np9wrkgl5.cloudfront.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 18.245.162.27:443 d2rv3np9wrkgl5.cloudfront.net tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.17.111.223:443 onesignal.com tcp
US 8.8.8.8:53 udp
NL 23.62.61.155:443 th.bing.com tcp
NL 23.62.61.155:443 th.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:52888 tcp
SG 76.73.17.194:9090 tcp
N/A 127.0.0.1:52896 tcp
GB 104.86.110.90:443 tcp
US 20.42.65.91:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 194.109.206.212:443 tcp
N/A 127.0.0.1:52937 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:53050 tcp
US 128.31.0.39:9101 tcp
US 8.8.8.8:53 225.88.219.68.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 devtools.azureedge.net udp
US 13.107.246.64:443 devtools.azureedge.net tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 github.com udp
N/A 127.0.0.1:9229 tcp
NL 23.62.61.72:443 www.bing.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:9229 tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
US 8.8.8.8:53 www.redditstatic.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
NL 173.194.69.84:443 accounts.google.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
GB 216.58.204.68:443 www.google.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
NL 173.194.69.84:443 accounts.google.com udp
US 34.120.195.249:443 o418887.ingest.sentry.io udp
US 34.120.195.249:443 o418887.ingest.sentry.io tcp
US 151.101.1.140:443 www.redditstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 21986fa2280bae3957498a58adf62fc2
SHA1 d01ad69975b7dc46eba6806783450f987fa2b48d
SHA256 c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5
SHA512 ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1

\??\pipe\LOCAL\crashpad_2380_APEHDRNTXHFSYJYF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0fcda4fac8ec713700f95299a89bc126
SHA1 576a818957f882dc0b892a29da15c4bb71b93455
SHA256 f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430
SHA512 ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d9cc90406fc4dbefeb3dcea6aad85fc
SHA1 f7d12944cf13d05a2e865be1b547d1c2be4404b6
SHA256 6c0e83608239199c0f2fe04c829f65a1eaf229802a3f9cd14de48ecdf51d4716
SHA512 9e2e00d7ee9ec9ee375ec50c9593c6f6b5f7667c94010f443e9897987b0b2a9d591502904b4a97dddd73699c59b9917e24a3dabdbf6d0baed5d5c902e2912a6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9e2e1a84-6841-4fd6-a382-23842e9f41c9.tmp

MD5 6dc341bdd4690bacb2f7174dabb3717c
SHA1 a08f4b6940a4238fce9bc142cbff5f4727d5bb8d
SHA256 45d755c512f387f49ee3ea75b25670d84e0c6af7c1daddbfb91c0b6c033e4b78
SHA512 92ed35bfcfd62cff06b1fef7093fb932034f2622040851dbcded33f2810155b6345126de8baf096d039e06a85f7c91ba15c90498800c3cb30ea63a466eb6b8cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04e3f7b9f312b0f5bcbea7b47b82ebb3
SHA1 3a6075db75b8d58bcc651e5c559b8df5a133acef
SHA256 c6cac39c9fbfa2c24b74bf7a67b12e1e776cb9530e7fdbfb5b2a6db376415d73
SHA512 b8e5b940ba96bd214ac4dbe303dc97aa31e0410ae01c2465133c24b4aa76c4d6383babced5aa885e0c1920054ac9524d85a4565ba869bbdfac1775332d97459e

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3db22202ed648cd272a80a0e9945ea40
SHA1 adf0fa5d4c4969adcec325ac919a51aa01058bb8
SHA256 6c20e4c922a2375bca6d41b5902b7325fe470493256758dd68a7ec596e188f52
SHA512 d4a920d0e0d39a81611a8e9897e757d06101d6448eda92e1f2b9555debc9746433b06835e7b0159d93e2b24cd6dd60e53c3afe15e51de23c71814a34513001ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae5f63351f6e1212f9f8c243e007c81f
SHA1 0994fe84df46556472121b9422401587d25e74a0
SHA256 5daeb911dce4548a7e01c807bd6731d44d0e67b24d00037af73cd65916a148f7
SHA512 b897d6f893758943465825856a956dab7dde66ac75bb2dd961fb23c6ccc7af42c9803cafae2128a291708d927c0ae7ce9926bc12b87ff3cb0e6d9ce1a8bbbff1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19b3e02964d77bcf9f369b691f1ce9b5
SHA1 24f2806932c3a416c6e3c26af08234f9610623c9
SHA256 d24fd94f3eccc6e31b67b3403d42e476f85db834523ec663b9f63dcb115e8189
SHA512 a46d44e1ce81940267829129796e1e259d332609699b13ba94d2d3aa4f1320c9f48491da0c41ad1116dbcd8effe67e7df8993256afab6bba13187652031419f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfa2.TMP

MD5 1e8a20be3a412ededbbedf04527724e2
SHA1 2367045ebe1e7c661fe82e02106680fefcee8b9c
SHA256 8f186fcd7fb47aadbd848241d24e4039d1a9e700aa953128acdf956a279ecf33
SHA512 7f20d3380e70b27de13ff4b6291eb1b2416f0aa54b59c6a045feac10a28659a1cfa92560f34725ba68fd8df9c356e73f83de0d065c30250ef1a092bdfae59cb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7fdcbc398d1f0e5d07bd549c1dcb7fa5
SHA1 47884eb88cd41671919619aec23a1f125811acce
SHA256 bbe0b2054817635ece96584bef5b9a3b67dbd0c591835a3e64c042ee974d8380
SHA512 6fd90dfea1d30df6c0a050e295fb2bd5fcaeaffc89470c0202c8f999081b862ba016c43bf1d1912eaae69964c7af764c059f82ec841148ba0309cd99014b8198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 646c74388b8a12c76be0246157c2874c
SHA1 b31980609f3ace0e26b68338f6a76646adb5842e
SHA256 5dc6362782728c0b69fe172a5edaec3b2e69ce8fe3e4f4bc24dfdbc3f11f3369
SHA512 84fb4aa52e645fec3b9cfb609c6935e871d7502562b9c2be07f020ff2a4e6b1a7730901559b4fb70c875e3a5ac10ec682019bc526b80fafa272655f125bc7689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9834fafa2039872261ce767539034d19
SHA1 8a7acd2de749c18fec0fab2365a49461a5fa74f1
SHA256 23f0dd136dcb188de62dca2d67c95098dcbb04b1f258320e56b2cf86240e39e3
SHA512 87a16c05109e74363173f666f2d0b608fe355c02c5fd7ba3b132581e7606da83c0fb2ba1b25848c85b85383276c5e436bddfdcd0eca02a24b1c5e6a5e256438a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9e8ffef-1768-430b-9921-7bf4cb6e9063.tmp

MD5 c835885906e6ec0f165bb7696e73f191
SHA1 322ea31e7b0d195666ce6e47e36dd131d89b867f
SHA256 902d6ac89a46847fcb6f8501498a45e14a029ba2801b0ded43d109912a2d0700
SHA512 d5f45efa4f5c2a829850475c29e403a5f42fa774bca87c0d272adfb1c4bc7bd71505eba4bbe8fdbc71cc45c89e07d8ee0c9dfc5aba86d31839f7ed04c1ec8076

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\948c1021-cfe9-40c9-b21e-39a302c977a8.tmp

MD5 ae61716be94deeb4ca579de4f6de0f62
SHA1 ffa2619c50e098623736af55f87c60cd739d2609
SHA256 9e591973eacabfc85960ab79621fc11c1ad228be37f7499698c6dd3593fcac61
SHA512 e8a16213a20372454ac4b6d284e35557d6a9afeabe831101758c68b1fe128ec747f10ca53e15aea8e66a1f4da76e9882056092a0ed6c11a0b234fb98d0e26a9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed261b0c97503ffec3337c3734a85955
SHA1 91d54aabf53350cf63cdb23a731237bfe9a0d116
SHA256 91a11869fad3b24db9adddee283ea296f3605ff52811b448b081f1b5b3ad1b47
SHA512 8fbc2c0a05f212d65d24aa90e7b9cb4ce1aa8777874cf80873f75c0775d05b740e9540af91b0e8d6c72510756346b2c65a58f493cbde357cdc680386d7809d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 c32068cc5af65c3041ba5d1169c21877
SHA1 4916b1ecb06fc8dae881723edce23c15f992c425
SHA256 d2236b94ac1e28588be6609b6320fd429146a70e97f37e2a4d70410cb15990ff
SHA512 f6ee1f788ea0ab74538c9661df557b9f1f81465f098a9021d73703a7fb5fa81e849b89ce6a4af8377972b3a39179860483eed32cf7277c414aa96b48344ce3e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25b06b98ca5e0fecb0e5944d8cc03a11
SHA1 f3bbd82dca349c86c624a0e045da24cc4d2bb718
SHA256 4e293721aba4e0209c2b78a8a81370fb5fbcbb7d042a22473c215ed4d62aa728
SHA512 af75c6dee59f17a3266a1309570a510ba10d9545ce76216190a9cd77a6b327733caf5e5d45b59b263d6b247f3ebb764a4361a9fdd665e4676e930a79408d374d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2ed2c9ec05ff1dab9d3dca0080f2520
SHA1 f56838df4c783b2ece0899f7cf3c8b91904bd5e0
SHA256 24c8ecb5e1c0757c3350d8166fe1000e99a256e7331e1f0092f6f52a1f1d0b3d
SHA512 207199c6af46816138f89e495af4a543e2c5eeaad9037eeaa191eae05744b8f2ff18a4801ac1971f9dd7b6f344d3784ab9e9a9f0d004f53e57c28e0f8c4ffdf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e74b3ebe05d96bede620d632759f86f3
SHA1 44635b316eb7ab61794bb86b4cfc4edefc9185fe
SHA256 d4b81f990a4dc9596299c016ae5f464cea8bf5e9c5ce5b9a1c0cc5e506a3f3c7
SHA512 1b5949d68d185a108d9a3d99caa430a0c5744bbf67a0a622efe7b379de1b34b82fd00f41f4f0ac8e5576b84e9a73000c0dadc8694e239b418df30e2dc67bb538

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 236e56708b202213dbf227089935ef6f
SHA1 4db6333da8f8610e8cf69d30ec7119222a44735b
SHA256 112b7a8bd66003b5200bd26b649fb636704346cebc826db226a7da65240e6d09
SHA512 586fce08f53e1f29bc77ddb15a4a52b246d383014962b5d41acf14cc86b822b5ac378f5faa3dc73a24590d2501a9c9465e12f2d0afd500d2e2468a342eb33392

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4c60caf8f580aae32d655aa2b166d013
SHA1 7f05482408364763f34c6df0eda9a17ad8b33f8b
SHA256 4ac371b1f0b69d2be7d99528a4f9abcd070277f88b130a23dc9cbdab3e45b52e
SHA512 6c8f5d4288cea6b9d975ea7c4831195ae0fb5ba0f1924ff84e6d91d429a631a08a8f3e81e42c75ca901ddd41ceecfb188e1d7f883d99f3a19e179d3e134e9515

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 95ab6c341ba904bd83b6d08c2887b696
SHA1 a6f2a1cc985f51cc82b4dec1d8309560fc856fbe
SHA256 a1c2531eaef512e2fddcf84b18369f241eb9423af77c48015a60c9ce1c424f1f
SHA512 3a964fb8c66b40c6dd2bdeeae51fd6476b0a3d7783f171d0f6b1a8d335567e0167b77143097625546d1e9dc24bf6e1566c9c9a0c28d1810e6f1863f6b4ec1337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 798e76073abe579251a34ee1dacf9b3e
SHA1 7e9294eec6545c8e1bbdb7849a73820cdca2fbd2
SHA256 8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666
SHA512 cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b97c2dfb4a9d1d15a5395a3dd0f5ad1
SHA1 0ee3b932afa340437d1c9c14e51e0a5d715fdd04
SHA256 d448e18bb8d59a31f916c48d6469ad84e3c323c22d7856d94b3a5f1df23d6b56
SHA512 6df242a3a872b3c377803e24180bbc3e04f68945c51a57cd2b96924328444eed2e959a4e4b9812ceecfa20eff87237d791f7f47460cdba125b4660df33e8cc16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 53735c2bc2cae6218f5e9d73bca1f7d8
SHA1 767c6693f35b843ddb0fad196df7f5c367667c89
SHA256 56ac35115a1ff4b684ebcab2698f7c87f349cbec279695d85e80f334c70c61f7
SHA512 0ec9f256714fe2a14ebb2902a1c0d47772a262189dfb94d83da68ca94e347aa121a9a73432edd78932c3267b4d01f4358eb2a580c2990d5b873db0c989b5bfba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 48b6f8e03b16d925098883d20c8f30c7
SHA1 df10ee24c11e26004f09775613e2c777a53c9c56
SHA256 6197bd0fdc1618166ca2f8b57bf1f236cec85832d599d0699ff551501e0dbec7
SHA512 8052df45edbc7a5623ae6a7b2527b758f64a2dd2efebf29453b201c5ef822b90a29db818f0e7e03809a31b0865d5a11997af44494a60c22dd333c1d2fa38a42f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 f5bc40498b73af1cc23f51ea60130601
SHA1 44de2c184cf4e0a2b9106756fc860df9ed584666
SHA256 c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb
SHA512 9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6259b69f212a7c3a0c4eb9269ba532bf
SHA1 d0a91e65b8999a09be652a3bc54f5df62945b38c
SHA256 2883bebf577328ed7ae23c05eabcab50da99b4ae4fa4eab3ba38aff359c6d5fa
SHA512 b387b514ebed1d8ffc12ef3c5cc3ff75b4deaf012b0597896af742645dd60d9637b696b5336c582445aa77c4833696caf81fab1b66216327a0f988cc303a4188

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a99e15ca40efc2446fce632cbdccfcf
SHA1 633f1d22364be5fa999f3da2361ca56ca3c14fdf
SHA256 be99f1e1244c37ed434202dd1d328002a74da5094ee954336a8ad85293161603
SHA512 4c4fb132222a1325c8a420541613b787e4d15fa9a261fb6a49a2784a25ec3331b64627d7b1ef277d02ff44694cc2863d32f520d76f41a76d466e9fa32420efb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 375f6d31c7706657c52e0097ddf5b928
SHA1 0848a425ebf836e59e147e63b860c20249c1e53a
SHA256 3bb78ae066ee1634274342e4a93cf29f32dd566bfe9b8b2460496208768db81d
SHA512 9f48e06ace5d7d7a00777a3f5b4dee82f9f04823f88cc29ccf7e38ec3690d79a375c392f2c2f7638319e08fa54b15275dae6d15ec2ca99efd9c0dc63541e97b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a73cc9bb2b624d867e8b9ae6642e1423
SHA1 5da59c770b53afc20f0818098ce63bb8917f18b8
SHA256 306b70e75d6173257343324280f7007e3154f8ab5853a24f1ca04b4963717e8f
SHA512 97ff22167812239089c42e17409dc1785436db7b5d428ee1af9ef0baf5e5a67d0b86a64b8e633aca07a9ba1be9baabfadc86eae0aa4ddbabbabe9b3e9fceb031

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5c4630e1969445f27aa187a7a1357dfb
SHA1 62bc4290aaf5f28a7bd4c8836689c9116ed0ab4d
SHA256 bffe81e1635d747bcb8421d0d05456bf6914f82597f87d3a3c7012592e6f0b27
SHA512 8cc266895604e1b3e75a869bbe55ec2d69a5f893a2a47190ba47fe2e0ad95feaf3dbfd59d15133c865075d3af34709620b7a1b4f7f3b0862c64dc55845eb61ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a96dc97d56320f60c1a81f8882e7934a
SHA1 2c48261105c45eb566388a45d0a583805e4dddaa
SHA256 f301d5693aec8c1c5bce6fa5918b217ffa6afd1ed99e20f2494d1fdffa9b9140
SHA512 d51d3381952edaec78ce1884a18a432cbcf604c373648fb4723965a3ca4ce0d54d447abf11aaaa3c5afa2c29980796965b678487a7f401ee41afbbdae7a28f16

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d51949880b94fe250558c15c826e6cdd
SHA1 11ecacb015f73486035863e9deb59a87aec474dc
SHA256 0fa251abe1abe8257dd458bba79e8776bd79f612acc25bc78f4953aaccc9f17e
SHA512 5b69283587107862fdea785c9124dbb6267e29e27f01e7ddb4f67d649884aff995e941028d10c67db280773d4d9b9804adf0c1c93400e378224018d4ba80ca88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15c4291c0def1adf4bdd8f6ba36deb50
SHA1 eca957b1828c7f9299d3015e1d9f09df7bbf2bed
SHA256 8b5d263f2b2e97abeefd1e78db912612270c63d61f7d2718ab8e46a5947350aa
SHA512 cd662e837de399b5b1a65b10a315724a5bfab1c3543ea824cf61f78deb59cc121909966f4e876abc6bde2338d7ecf344dc1c69a21ca016156328e898e5781fa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87b59f5fc30e28063f8c99f483e09ec1
SHA1 76c3eb02411b8aa6c6b6a8590a3b284d56e66bb9
SHA256 221f4b6203aacffaf5869ef4554a544990902e656a17cc5f97c1c1ef382eb574
SHA512 f175bd2673912306e304a4ad6ae078e34d97cf5178cc6b5ef154f13138e476ac2b56054af99d18e5dfeec0b4bad16458aca7813c0137eda7f73d2c20d8fb76d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d1857fa1d3de6e0b42a0d053e7b369ee
SHA1 f7961c09a2e14f295807edaefceedc522a54b0b8
SHA256 a02cb6b9a4d004420e7564cda43350dcd6697869abc928afabd013537a7c5efa
SHA512 4f143f1ebc95cfb59cf643771b020be868bdf14ede95fb3bb4cc9899af5014ecfea7913d8b4c2c8755ef629d24a3e6214a9760a64a31f66995f293af5ccbc8c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a67c262f46c24d48f625cc1594cf4207
SHA1 7f196fe827b526e09d6f135bba407426c5f25d30
SHA256 4dca0513c08e32c398a7c88f11835276b9419b3630b5f8ff09c978e497e0ce1c
SHA512 dd463c2f37af929d4c75ee33354070680289050029af8510cc80861fe4ac550e1163d1e0b94874ed00e0d0442363a5afee753d9272256bbd0a9a63e0e21bc136

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

MD5 ba8944a1bc1f34593e69ebc891c12426
SHA1 a30a994228bf594d1dda6754fff0e9a69efe8026
SHA256 9340ba11edb902965c4418b16c657856bae3308705da60a5db551a16dee552f0
SHA512 3965c0260ebc20d1a1a1b2a5d0c61357b596703cebd838379a26f7fa0e5d8178417cc9eb43d5e534c971af14072afb3f78fa9b6361592d40ac0ad8f751367d9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

MD5 1eac12645fa31d5da3f8f3cfd35a8df6
SHA1 6c23b5e73223e5840618d35144b5dce6b833c694
SHA256 dd82914d39a90b7c439c815bc3bef13c5b16c5118046936e096b77598fb644c2
SHA512 74d8aa68f804cfa1673d0150e50205495808ea472774e31df2ea152af7a466f0e51ce01921c5782a0ad7f95dc7b42866ece0d327ad4d773b5fbe26e135595301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

MD5 44d537ab79f921fde5a28b2c1636f397
SHA1 b2879f9e1d0985a96842bf7f55a2b2cc4c636d04
SHA256 3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be
SHA512 08836d89ba7c7b7645c9de36e2e856cdc31fbb1c3a4a83045848d772720b98d352fb11182471161ef07d01739953a6320355ffecf25a06881bb1111ba02a73cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e6cecfbf12ba2350217b9b55ba2d514
SHA1 a487ee332521838fdd058fd5a18cca4ba0e0af42
SHA256 65bd9bee9751eca5ff2e4515e49d6707eb46e92d22066a9eb5e126449ef87db8
SHA512 3f388984743fc1eb148ecb7763fad5484b2aa66ef128a0df5d6660c9d9a6a4b5fc1ceebdaabb38849322d47b9172eb2862310865af672a7c25b9f1b28444f4d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ece0a9f52197774ba3cf786ddd1e3b9a
SHA1 665c47b76760407edcb6fc4726236dcaaa5261b9
SHA256 64316f3fdd46c2b384d915782926f3411e760878bef37eee31e43379eec0cc75
SHA512 b3d875741bd992cb25909bacf8e546874278d28f412b7b542dda264c73d3358da1c7d4ae346ea4f8306e692f7a12af1fa05362e80e43488fc16d5914ba72c78a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd31363dd883e1ab0c2a51bb2e99ba2f
SHA1 fd2c7d1890ea2ecaed98bccf5ab79d16ec39b2a3
SHA256 7b0de38a625530b6fb506280e41f16ae3a3d60cada1da4b9c1918ad860640aa6
SHA512 15d6cee58b8795459ecc8c1335cb8f34309ca820b708af36c236b90df539d99549aed7aa6426af041d7afb7b06c188fa65f8c8d38c5b5ff145eb13b94144597e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6aa8e960d399557cb02ab3b8cedba55e
SHA1 1ae224fb0e20876ea272c3f0ab98121bb4837809
SHA256 ab6175965699e5b94a49a47f668fc8ddaa9d2e0526d1599b40884fd8780a144e
SHA512 554995efa538137c3cd437cd1753c7bebfd28f79d19d65b39a9be6735040fe67ce586bd23707bc0a416fc5033aa9c363780a5a5d09e55c78ab622cd5eea13c7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9927c681d630a86ff28be5a36bfcd62
SHA1 994576de377b6ebf99b0bc22192bfe88d820c9fb
SHA256 f53e081f15cd3df70dbd51f507dc4b3550c5c5a4397431bbf54c48120965f9b0
SHA512 9cc76d21cda319a8130d1bca1347c5a16d244d49a16d070272950a26793aab5a5802fe5397d3f44a3794705747299435446372def77064f4a5a5a195234fa385

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c08c9cee95171198d597135e3dfe0b74
SHA1 6b099e2389f46328cc5997cf3f993d3d7948bb87
SHA256 1e7fb24f4586f83b35e3120c53f9b3ea22200601ff0d67523ee2a3f0d54f910c
SHA512 c7c894b3cc8d25e7df85d9e08fbd968a34bafb43ee4ec62d6a6ced89e6586cc56f7a623be8bb488626933d5c3255efdd220e1212a883c1a43159a68378a0ac00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40f73d02aef9e589cec7913bdbf21468
SHA1 7acc0c423d43f05ceebc8325990c57c6c7cb4bcd
SHA256 b97e8f9558d4eb680d64e7e35ad40e11514868cb76753ba4ddfe322381c3e93c
SHA512 7b9f55033b2c116d098b9501dcc059db90dbb9a1d7e9dcbcafa437ac663c646b2ab51b024a173d4e4064cef9814d31714f0366ab419a85daf9396ae852164e9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 88004f03e61f831134c92ca7ca66cd5b
SHA1 a4bfb12915c7e717bf90d75629f811dba94e7ff0
SHA256 d23bfa9bc3b8f7281973f76f929aeb23cfc644373b4c9b3cae670c93cf12d70f
SHA512 a9c0ac0432802d9607e3d729bffe897284b35b2343ecc3e3defd729c9d30b11f34d093133037e0eea1db80909557f9c63f03a98e09aaf203796aa4c4cdead80d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ddd24c84ad8a45c1_0

MD5 0ee09932e50e989c9a5f98b5c390c53b
SHA1 d41841aeb44babae5880c4c0f515d181a29d356f
SHA256 aca0763d1ece123e94e5009f1c2419418611d7de76f147bc393fbf307bf9018f
SHA512 775176ea6d357a6fc7c53e4e4f470b8327b293e27041cfef0d1544011a1c04243057665475db5ba6e7f4c4af96eccf180434add8f68f3b922ecca7e0168ffe32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096fae0c49b6663b_0

MD5 93bf7010179b26835d2bf555f8f5d2e0
SHA1 8b16d9014f68c8b206f498d6f39053c4bf991fc0
SHA256 a71ad6d8959c424607d3b942475f2993025c53372ef67e10b68eb9153f1d604f
SHA512 8ad3d5e30ed971160a211c8e6019e7a4c5197a3a553e56e15602c2b7f3bc0d8f4e12fd4349ae12f043b858aa8b350579edec4e33e993c5fc684fd9b75d34fc32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 d5074a68cba36e5f148b042c6b5863d9
SHA1 5d8b058d50575689bfa6697f7107d58ea5ef2b70
SHA256 d94b4878df1bdbc6fed58586e9eaaa7e706bc0bdd4ea7a6a3442814f9f5116ab
SHA512 04cc3e23a8345b4a590d9b6588c35eeff3f0c8a9976fea6385aef641b7750c3bb160501c4bf9b33c5634361ba7f0f4d75f19178be51fcea1dfa923e3e584ecb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

MD5 897f7f7918545c5d45c7c01d993b0992
SHA1 b38274a6aef9e7daaabca0a160dc9ce31274801b
SHA256 da38ac378b0db708370654c1a2910c53b1f72df1d4dadf963bdb5f197433f850
SHA512 f2f0f7b955d8eb16afb3d46f9e2e1e486dae99395ce2958200714bc4907ae74f1acc80bf884f02ba571a4eb1dfb47dfc21909d99b63d376e45ea908b9f0f716c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 848a8a22589e47f98265c8213c8ffc0a
SHA1 20e30ded1c241e691f148da9a5d8b03aecb25016
SHA256 4636ed3ef2d2f3a12411d29865198c485faba029dce7435f51b5aaf80646646d
SHA512 86d843303a317b73507585d1782ee0dd80c12b71bba27ed1f6df56c7e0f2694b4c85cc842c8df00ebfbd62f32e48af2c3606ae2a71718943fcc8689ec6bec841

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 83f6b9a8f4ff7882a684e38b0cb963ec
SHA1 fc59be832640c4b7e53cb494354f3062b06b99f4
SHA256 998f6e53d56cfbbd372a4618dc29adaf1c5042a4b2035624163d125a4a338904
SHA512 730a399506514719b1df9880ac9e8d9bdfb0d0ecf68acedb6a9da2bf2dce259bf616cb0b2a458db534f0133253c49d47329a38b4bc7ad05b0654de86e92e2ea9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc77eb8468bbd89b4c0b91d067f5b0f7
SHA1 2b656fbc28de13191d06ad79431ffba8405aef0e
SHA256 36b12a86936f8df7dc294bd7023c42b6c7d38ecaa20edb6169354251728bf497
SHA512 f08bb136bb9acc887b44308ea2acbb2b3015c8adb871cda9b4d0138e9c418cea44f6cbab6cb261fc4c1c37c3535c5b6374c4f4e56c59d2e408262e3df9c18979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a19c8961364596de214ce95448c28b74
SHA1 bad7cb369284b6592a80efc95b46ec794c7b6aa3
SHA256 5b0ff6f5d420b4a1056be7b327dcb318b687ceb61d5bba63a212ba68d73c18c5
SHA512 d3c07aa510b53779ce00852615c84723a8adb37bd6b3c1214484be1b5cab8e485096e4507fc1b28c63be20de1843b9f9da64a60be44d010fc7bb7458fa8cf6e8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 bd9f70697dd566f3ac19b59e7a22961c
SHA1 3d134d28e13c9bfc774a46e4e94a8ffd92812a8e
SHA256 2aeefb39a911f290301fa1e2baf9f06d5e000277da26256a99ee0ffa20515338
SHA512 a94b5d0b5cbc1750b701b2d6f5d0b6d76a5b17bcf50a7aea43119c6c0bdd9585ed54cdefa2bfaa873380b7fd45043d7acb36787e3aac6a5745f80aed731401ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 077456032d137a3f9f6c21c1fa63cc85
SHA1 a99f13d20f5dccd872a7552bbf4745442ad67002
SHA256 ff15d3d168424fe4b55d220e970ad020cdad865d5426e8c9b375d930f7927c5e
SHA512 c9382664969e05be8728cf15e8c7de1772512409e373cd8e748d25b5d5375deeb549c98343d22daa3beb6b92ba2400a7cfe1a13c0ccdd50fc1ffd3412c5e0793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 033923612b5c3b8cc4223714325e905b
SHA1 0ff81cbf3a42bbc1918f756adf786c7845d34590
SHA256 aefaf21efa3decd7b848272bac7f58750eb2521e6a1f062d73cc4b59d6e1aee6
SHA512 c85e2ce24b140227a58aa9e469b1da042afea8bf6f76bcf633ccc310074c05277be6f3fdc33b1d5f104b22ccc597ddc221a962b07929c2e670a6e039075eb864

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e2512341c4ea1ecc847b0ef5cf7eeb04
SHA1 47fba5ba4166d70f6f9d20affff090e13816288d
SHA256 e6936c8748630108a4198b11cbbc75e8e812fe6a0f2ff0246b64b11a8c5f00b8
SHA512 a6f6fc7e19ae6807ca9550e165dec48f6698840af08311b6635843581208e13b14f0c73a235b7a30aa452055141b1af20ad36c6e81976d15269d083524860f04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cd8c4.TMP

MD5 9f440a6941732703fa1208f809d3e34d
SHA1 52f7690b3f3f23a7e03b5086fb5a5fc5bf860c63
SHA256 8d68f79750e9f36085d68fae96c4574da35a851f5f3d21e69e835e928e6b857d
SHA512 209a95fd995907f37344ac13e29fe3e6a744b95d40fb023c9c498a603d8d8bb0b7d763d1d23f31f11998b133f901e5c3f8e9a71e6f01f23e1fee9ce91d6f1730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 cda11197165c552b9f133226c428b9ef
SHA1 6b9ba9a76783fa5096dcdad895261f5d97bbc620
SHA256 8eadfc36e822e3a266d472da11194680fb23c9520c6c7b5dc6f63b3639fa01fd
SHA512 090cef892b110353f87b9e8b8a83724b5cf564d52c1a05df510f4754d93bcf0f5faf7e72d8778f130159b8527300136e39512d223910dca35cb23ad05460a78b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9efad497e301958cdfe40d5008354b37
SHA1 06a0dfe066b129145f2dcd798d9fec3aeadf329d
SHA256 f3e783376e2435c62a7ec541cd73d6a4677cbab683029dbffa171326953cef20
SHA512 ad9de0d4616b329f9c561f3f15fa6da6745c6be561f6236ce6908379bab93559b1975b83e36f2e6aed7673424168296b8ddd491240240b6bb53858a118553c7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1975f17f307186349b7f99c0cf88207
SHA1 29a68224c349d44da6ad85ecaf83c8d3b5a5b8ba
SHA256 21c420babd40e57bb15a3c25b643d193d4d821343f00d0b762bf159d7bdf5595
SHA512 6788c45f2b279cbbb5d6f10151ba75023ecabd6c00eb6bf35d600399556e1a5b0e3820edb64a133a77c9d6ae3c9135d2a195a091ac1555b85daebc60267aba00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 481d483fb761308d4a2b9836f310e3a0
SHA1 e484a8369d922613da4d47792d60630d8e67ccea
SHA256 84dd6a185581528b33a3beaa5813ffd0e23f5080727ac7bf071a1ca81c345896
SHA512 c80b2e5c252e62cb9eff4c92cdb3328109dd541b97e46aa35581dc10311660f412ba601499c3375110e9d973b873a82598a3c4d80d42a9deabb45f0c523ed231

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c075f5337b838d33ebfdbbc782c59739
SHA1 42c750e062894f92dbd75aa4ed6c5d552979b478
SHA256 17739a7a721be9d2be7ea24491012c40674abbe2d5f6d0a693af47d155220a20
SHA512 680a7c71ff036afe2c281b2df191ecca3c0490f352df72831e936186a89eb11ff1658c2c881df0943560337266a88c00b2d390040461e936986bef9f78427711

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8e8fc3e-b4a8-4efe-89bd-fafdb7e93ed7.tmp

MD5 5c9f3aca9df59054daa01c22e2a38071
SHA1 eea640e97be212b8762cfdea2eedbfb9ef053728
SHA256 e85b98ec07e1c0b1d1a6b96db22932dbe2c4a213f6b5fa05b2eece8605d7b009
SHA512 322abc49d97da3cdff7b69f25f4db1f8511a270beb486667dd4c62661a60ca7832f5840891ea5671de31a65f96a64d3517b63eeb471b88144bed5eae27191221

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90eeba1ac3664ced834ac17b896d7626
SHA1 5012c7f913f9bdd1c623e93c71248b0c39e6040c
SHA256 8a01cbc6655b4ce233c10c713d5ca35573c1eadd55274f13606e55f56fa7e09d
SHA512 9c946e6038dc7414b1ee192783cccdb4dbbc5bb08496651d016733c10e2865c5817cf29940460af3b968da90c84fd2a2c4ab89597c2f4b0613a2c3cdd3b998b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9f2f4781078d913dbaaac53125dc16a8
SHA1 fefad1cd16cc6760dce775ff035077c6c6d2dc68
SHA256 27cb4fe7f61b71d7a4d1f85c04fa9ffd2e12583f6d482f8851e9b75cfbde1cf0
SHA512 2a78611bd3c5ab5a7b51e353df9839d1dbe7ada1b591c581fa97cc86f2753c56580b5aa0e3f30baf94f1936198324062947ee134e727f14494ae07c454e35e57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 178e838c6a0c0216e8a39393c7b5bfb3
SHA1 d62f9a7feae7838fa736bdeac472182d91f12421
SHA256 d4f449563218e241c33b67c31aa279bac51fdc44c80e5df1b42c260b8526228a
SHA512 61067d77a8e517affd0727ceb81e27f6b9149dd8d38c887177c11dfaf45939a7e48d3d5c03458225f9c8c82ee75e45fcca8365e216c464568589f7eb6bbbfcca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7046bb2c49352aa63aab98375a14c8f
SHA1 910985da5b0afdd51e38ddfab5e97752b1444b63
SHA256 3940a92f922715a4cd8acee21004009d437573e453f4702f97f822cbef8b7fae
SHA512 025c7f6d68835b259ebe04f0d2d4f4e522cdf66c9c6832b6f93a27825f91012fee4db75824829c7258b69436582da8fde5b3546765a71ef7eb9e0746325c36b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c670566370243aae9cf9a6ef8f3b53df
SHA1 b440aa50c59a696baccb1563064074f03a175888
SHA256 637362b1365787907b64d7f2d939948105e2f16fd335e7a95198dd08f8bfa333
SHA512 4fefc89777d548f2bf59d4154509942fe5d672e8b1713a204020b672d2647b31671e06012cddda2ee61dd5a1c83affc669943818498e56cead76de76a6917018

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e70d442a90d44aaf3069fb6998f55bb4
SHA1 f7e36306ffcb8c416f23b05ce4fffe5e17d28474
SHA256 bee7cea86cb6986ea6bf085fa40fe1f5977b023240ed97bbd61f85083df95da1
SHA512 0e3b068b71cecde3e31bef8bf258ba2e3bdf6162e5424b8a77c1a0de4543b74536b980129180b1157b958e571bf0762ccab6ae73ffc097341edaa1074156df69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aca10e16aa07caad61ab7160c3805d76
SHA1 b54c41a7751e8c6fcf4e65d3f26eded4b01331f0
SHA256 eb3639bd76f65b1b9e8c04904fc0434f2fb87fdc6b2a791aeda2a62f9a407723
SHA512 f58927b80c7d6c8aa617a9ad9996551beaa460b9731831dfc5200c6ce76fc2e769399c561c18b85ae1605d922c026e28d4aca6b60fdf5051872a2a63fcc73bbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0

MD5 aa946db17af88fa32d98b3cbb2035a15
SHA1 7dddef2316416cdca2d2126607c0e4deac474317
SHA256 ee259b47fa340978cfda50c067217eefde025ffcd4f0b462750ad9821056ab64
SHA512 ab70ca0d5a2294fb6da65bf26e1d33d5137abbd4c4277e3ba8d77a1a1b48a85e2ef8a2ff1460c08a574978f97e05bdaa63a9e37c5a03f137ec432222dfa9862d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

MD5 320c8b53a8bb35f997401c89dfdd0bfb
SHA1 4659dd4dd4c33eadc79e8e9e0c75533f6f05493f
SHA256 af89f0347cf6e37331e6fcc1cbf5d33e4ffd7fab57a21eca47f95c05b92450f0
SHA512 eb02c2719ea7a41e7a3fe12777535f7d034aaba4e25d39344486ddafa1bce4becf1f776e37afe014cef3f76cf81140f9dd666bf849b13058c685930430b05cf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 37e22ed62589c8510100bbf6beada1b8
SHA1 a3b72c8f17584df264db3b482ef8f79232421a7a
SHA256 5bba9548a006caab5bb5d10c0550c3134df5e98c6d2ef77639accbe1dc52703b
SHA512 a1cea3cf6f6845f2a92ea4b914c21e2d72379bf5369419bf8131447d56656df7b7808079508a4cbf5be1c3f9d9c6bd5f55fc372cadff927a9656d16dc1c87fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

MD5 3ed1e6ddca37f19ec46f23c44532fb48
SHA1 68461d6f89ee31126a455a9d0390995c7dc2fa77
SHA256 542792d2703c59787251240bf91f6561532e0f265d78be0d19ba026d1207edf6
SHA512 60460d7bd51fda9313690c9e5c780ce50dc2b7d595e5b1fae0850d7b329eb1ef153e3e17c586843ba8839eea02efe9e838cc3b02cd3c2d7fde2f24c7cffcd7a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 150a5bc6a97b8eeabcaffc0d73ef57c1
SHA1 bd9be5b61adb70a53ec9641d0498eb5cfdbee04a
SHA256 23a404b8b69ae37cd3cabe26c79debf10e3dc4d98cf57166fcdeebd0a8026eb8
SHA512 3dcb267e83626da1a8da4508532d85b7972fe20222b6840aa21aaacec14f404fa91e53e263a829dc0e100206c8085ea7c89295476fa616c6463cb86a345214f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70f5c3c247200e69_0

MD5 9fbabc5b8f7c3a7d717a573b4ba081ae
SHA1 c9b00df8745b4416ee83336fe6dd7b5603f9ebb5
SHA256 a14f6d7b23a19eb4616fbd44cfdacfe45791513e42b893149417b2f4d126bc58
SHA512 b9253118e0924f546c4be3779026b4739c3fdf4f03b3aae2a271d58294fae74e618684e0f03c929e2629bbea084ba9a1aa0a5f21521aa861d694fe8cdf3b8d73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 4cfcb9a1518be7a0be959822359f839c
SHA1 268c5c577fb77aa4ac9b35c787f2811c256ed3fa
SHA256 5d789356e37200321bd41d5f4ba362b6fc52f65f5ad62d2a65dd35d809d8c653
SHA512 4b73d9cdf88df07415ba5b763c535d700306f0aba0608ae9eecc1e1358c758436e6a21488b3233b9fcb348c153a501d9a3944a7f2a6f7a07c9b425dcb254c866

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0

MD5 239dc7728f46f8cc63fd000b32eed2ec
SHA1 e2bab12a2052f5507e39243ea2d1ba993c031dde
SHA256 0f9c7f868b2efacd20807aa999a60639c27a620363fcab1d77f0e7622fd8591f
SHA512 bd94602c191afc1908bb5dddaa416818ac1353d26aa26820b44bb3184affef09b0f6167410acbb52b7e6d14157eaf8c07eba6e6f1b224618b954fb2e5e99fb03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b0642232c5e45ad_0

MD5 0815628aafd2a9a57e6fcd451196af65
SHA1 9b6ce7bd002665d20a39346d3b135460bde35b66
SHA256 2b3ef46a159bb95805ecca41f8aa6988801f0e9940d92b1e5950a89a61186d99
SHA512 9dbef141fdd77850533e0364a771996aa85730106e132779a45d9f1ee9696c11caf6342f843dbbe78ef79af70678b6748f24e2958851d4539bf154f4f7ea5f03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 963b29bccc839168063000f1246df71c
SHA1 ec7d7d5d6796cb9cf66188b4869c74cae4d1ef5f
SHA256 f7780123ec6fa1bd35217eccaac91d72e6a894f6602dc82e2eb00e805920f7e6
SHA512 ab8b0e0c725aaaaf8cf57e0d05a2404fc9e15862d7e86ec4e5d80e9252c6ca589bbb902d1e893790d1081c9d8fb3ec47b1f1df19f5cc5344c3c83e04d82e8b73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 4e44e31ca6872e000812969a859398ee
SHA1 794747a05b6704dbd0b082590495e0ff8da86480
SHA256 11e83ded4c6425f94a3930d8761d662a4fbaed28e9f5cb45fa155ff491a1777a
SHA512 6602b0f9339cd691e67a6bb9226f0a8e7bfcfef7a4f202ecdc987167aa6647ceee98ad7607c375d78da5d02ffd0aeb28db80af9d6f09644e07cc38ef6f8a4154

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 d295b7694d66b76a513149a0e3c6734e
SHA1 e191f2ebec4f1888b5618c225bc69036367f1338
SHA256 1a8672b93c620fc7f97b3d77c605daa0f1e9b61175f468f640a95e6740b3aadc
SHA512 3d673ac672dda772bec6b77babc934c6a466e2a9e1956d0ef5b4b638457454283f2c09ca8e8f1bc1fcf3389f69be49946fbaa12c22e32e870d7b4c9dd319022e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 fb2bd448a58cd1c0137be8430307ec0e
SHA1 d3a356feb25384c94abd0a47dfe07ee6029c7a3e
SHA256 255f1006a17a4ccff6497191e685f9023b140461528004cde9ba60a502677b2b
SHA512 04ed5e09db29f7c054acb46dc9972db4dcd3e7bd414fb87be263585519481bf4b77182498afb840b74468b340299c5b10ef4c147290bb62518dbc94846aa3c61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 75dd0c36dd0ab60b40d132ca902b23cd
SHA1 fe0a550561ee92b0ab89246147d52e09b50b4054
SHA256 9c0c5c9298ceced8c0519aca1276e61e56fa9068429124580999685af43ca576
SHA512 64404f5ca5d8af10a245d11f4f620e739697dde411b05ac0f199e1bc077a4b715c1d9bc42437d66a47fcaa1ba385d1672395a8fc6b800944288322b0504dd0c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 6d6e328a4da563aba9cb6760f6734808
SHA1 2b295fdb2ebb468ef2b0985fb399481e8d84c514
SHA256 15287269d397fb85c72f08d0efb71d7344390b17e080fde900a90bc23ce4fb9b
SHA512 38f46d6274f5d5b35613216da6f37535162eabc9fcf8b8f0dc7103b8b723571555a2e7ef5942a4dfda6bdaab09f26054b448e3ed1699c1062549d5251bea4471

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef9afccef2928f1d_0

MD5 c730dff9cdf7a8abe3b0711422b0342b
SHA1 02e0feb92402fee55a709e51923fca92a03a1738
SHA256 58a9068a8f878f261a06b5bae2d5b42164ec5eabf0d3e1e89c7f7a601ea4b260
SHA512 f317f7154807202843de33b51577fb9c5946316785eeb18de43b097b73274c14e906e7b8812879b4705dacb85e39f200eb4830488c2da34af5f6f98c6d7714bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

MD5 136bcaad22f9d7dfeb1086bb046450f4
SHA1 c62367d45b1682a068d6723927b33ce67acde2b9
SHA256 950cf6b92777572d6ff10fc05f95198302b5db6ae49c09ea790f14414557fad3
SHA512 c66c67d0a8b212a69fdad4e49a0bd1f5452af947618901425497caaed02da3eb444d82356168efe3f3364181a38911655c0bb4ed7e2eb01e8e0d90bfbdafbdcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 1c49828d257b413050d2a9cd4d119d1d
SHA1 3c9d8f484e6d2cdb144697b880e680fe64698109
SHA256 f354e7a1a94cb2cfc8f85ec88bb64d898a13ef48720a7deb39a5e59aaa66295c
SHA512 10a89b86d5696e44107a53ddfe641a2d1a84b2256cf266eb0477f23f3afe040847a263e790c02d29156858bcd10e3ff005cbedaedbc694b08aef7fcb9cc7a4b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 98fc2329e9f1bc55089941f8f6a26d4c
SHA1 08d13f00aa98d5090ae9d9a3bf222ee3032e8800
SHA256 57e476b53a44ec234e64a01d4421e11c5ce4609e01c698a321cd3e8fb05ebebb
SHA512 0e90b1040d1d43fa3bf39987966e138fdc922dcf372100c170e18f8d8ee09eb446cacda38e7c54227b6de6a2a4dd79de1ca2c828497281452e6544b006355a05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 385605dfe77fdf7eccd8c87d28ec3ac5
SHA1 eb8d2930534dc09b90232c98c1a1b7e4e2557e61
SHA256 3040a0e84b9d2c2aeec9a4d81c0d02810de9f51367f5923c80b453f440686145
SHA512 a17b90ef17979492c9269f96ff8938bdbc9a8c3bb841a1f1f800576b40eeba4fcfe0bd8d78c9722b17053d722172ac83f1b6e8d17539ba4849b7f2bd441a26dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

MD5 57c26fea5c99a79259ec274446d111fb
SHA1 32eac656cad8f9f8e29dac99944828b3187563d9
SHA256 ab97a8dab59af72d6408064b683f0c61fa7d24672c1e71dbf0f4cb97ad0ab781
SHA512 0fdc4e26941b08a9fd03d917adfb718540e1f630963eadc9ebbf83beb473632e99d9eeaa19a0beee760e670da9d50e9199c0411e5ac408dab84263d885820cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebdb4ad61d7b6f2b_0

MD5 558f267d4c90f4e96ab347976ce8b992
SHA1 0b4ec71e1867ad3a7d1a4a60db327e57e1bd34cb
SHA256 a69d80672ae05d5f9e46c3bee89200b4fc6511f8944b96a98ffbaaf0fbca643c
SHA512 8c89e00ddcceb2ffb2d6c1169acdc078e11655bba391f910b5868d267f4e012a1ae3fdfba88edaa3f35b90c58658044ebbd4e0eb8661bfd97e705d1110d1b42c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 fe3030ef32910e158da3bad41d981486
SHA1 898937f845212cbbcae18b4ef5e4c8dd76a9034d
SHA256 fea527a16bdd85c42bf333e5496a0f977c29b6c1f38f6ae6e410df80c8932c8c
SHA512 a6996092dcb976f9bbe6ec660c1b4cbcb096fd89fdfe1657f7ef1bf3d7c20da0d3f749a478b135d9870df41423a096e35c570a0de30bfedb1969b48e443ba4a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 669352052e6e609de38879f47d64b3f4
SHA1 82484260ff5239d96a7f2985511e000ece62c7d2
SHA256 b0fe494041f6c358cf06194fca52ad72afabd414259434b31abf6b7c967690ea
SHA512 017ac06fa12758958f2d881cb901b4c910156f620726a7d19e53e1bd857d6e8fe9255f80c252e8f741351f261548c4044dc9a8f6cab86d7127867be1deca3d24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 f81ad2255c4c0d1c03dc51ac299e892f
SHA1 31ee661bff47fe0d5be9ace6f5825036fdb7c189
SHA256 74471bffa22c0a1609a846adfc71e91ee3b3adb172d101bb7785253f6f63c151
SHA512 b01dad7a0da9ebc0bc97c7f0da809235d1c7456b9e77349028f862adab611841e7b66441cae8d4f7ac26e3153ab3190d3f395402ea510aca299f52cf1d9ef509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

MD5 836946aaa596a2590b2790ce1618c9bf
SHA1 bf7d4b468233bf357bde56afc290f05aa77f5601
SHA256 abcfb6ab57668d1b6f3bfaa65d261d4b50f9ffa4f19e3eac5d9416b5b8b417db
SHA512 a1098ba348417e535cb1bb4a9f0296cb3e094c95eb121dfcef55c59e3fd6fc1594db764cb26786eca3a8bdb28a5a9e3df1cc1e97d6e91a77b27928f092612d14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23c07bc9a5d23b64_0

MD5 cf6f264adca74d438b46570a8e25235a
SHA1 2dd66ab96d768957a338e408ea5ba61659d14641
SHA256 99e36fa7cde65af6ac8c5a8ef3557dd3e5bc2b7bd104c0a7aa653586b7800836
SHA512 21ca90c60fee4a399fd0392086841ee2f15af6d133c362df0d574b6a568f092b4395a4ac8a67ce7d706f08f97401689ac527fae09a53324327dc232df789715a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0

MD5 43e9decffa32ca23b0d656fd77efb655
SHA1 600b41e7d579c4e18e72f1d512b9c5b96ec3b5dd
SHA256 55c17422d535f799958b25e4d9fff58d00be3dcaaa71ef919cfe08293b52fee4
SHA512 f37b40b33e887d6cf275b5e182eb1745c2a76d08d86ff8d3eaac4c02d5e52aa281a33fde0a55ca2c39409a0f37fd9d62bac6f79e7d114fe9f4ef1f9d0f989242

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c5e3ce4a9483f3_0

MD5 1f513815ca3c133f627721f7916b3e1f
SHA1 a98424406f6056cb6402f4c77b7ae1f417de06ce
SHA256 edabed16d3e1a3e637aee78b7b2bd2f3c1b0c9b3d465bcece4a41d3ebd583e38
SHA512 4c254ad46fd509290960f1f2327f4ae928f35b7f8271e3c516b44392650f31b6196ed40b5522f12be9cd129787e58d1a3d926ca3f08627a2c61a0f730433a47c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bbf6589fef108e69_0

MD5 e498f64c3a6e8064f6b4dfc48746374d
SHA1 9bc4aac3231458cfda343db6abe007aaedf1059c
SHA256 49fdba45e9ba290a1cac5fc82128054d14acb7783c0833b87e3dfe2c949cda9a
SHA512 7301814f6c5284f0958887ad027e6cce4e4c4cc28230b8d6cc9d4a64e3f50d78ea8282f31d9b9ef664e2d874f27d89d912a45e4463bc1370157d07bb939abe35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 fb155b522d00952bff2595c7fed5f396
SHA1 71931e2fcaea937b59fb2b82e5b956e709669087
SHA256 872cc753149c7b006c02a00858b61b169e05a74b8cab63aa58fa9cbe0e189f4f
SHA512 1d29deb337fdecd84ee07671084d4c94bfb21119ae3d020a5ddb103d066104dfa209191c46c1895381f475c21aed8d896d0ae456cce078122252097a55693f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\671b86e53e859f9b_0

MD5 90aba15965e39092e0e69dcec7f25672
SHA1 a339096f5a5d1f3b7cfc2c2a04d216923555a54b
SHA256 2eeb6e4e62ee6da0451a109a5709d88d8272fecf4519475f00abc77f0d5e00a6
SHA512 a0a429ef69c3c4e4a1cb5c3ba5d7cb0b4c26f5050b4a656b896bd095cbde494f8a547a7e43ee42d77b51b2a9b3ccdd53a05e564b922dda7ced3cc732e002cf45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\839f0d8c7f1a4c83_0

MD5 f2f7bd88da108c6eb93e37858d0ab032
SHA1 11d726029299434450710ec2cba32aa8944250a0
SHA256 bab02566d8b65f7115d8049d65fdc95d682700eaeea6989bfead72f8da651058
SHA512 ac816fe468987091633a6109b021aebeb889e49bab87356d2b3d012016507a114fec44384fe7164b6ba211a47ea7dd85e013b78103657283ba20ed8b0f5b264e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ddf4d032175758e_0

MD5 40b859f2b5e0ee174dc5754d1ddf1948
SHA1 a5856f4b1cf010220d059b5349c08229aada8a8a
SHA256 fbf4c9610ed54cbd76a0b4f6d88bd29e457fe6f836e8c50add8aaea8dd896871
SHA512 56f4a11a64bd41e3b9dc7102dd6a4e11cbe095c2bc87a4f6f16d80cbda23996a5b463f80005e60d5cfeb9ef8a792d2443003dfe48410c0313279141d950ae799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

MD5 c083b2ed7ac75befda85abf4092b35bc
SHA1 99f45c12e077875a087f1789cf31ab5d57af1fef
SHA256 5960326201247c875e48118f9c846586c8d12201e99d516e4bd02290ea1993b6
SHA512 011c477fe27affc3779d017d38619bc88e7e362fe3b52e3e07a2420ed4a7e9e73bb8785dbeb4d7d68f317fd3c0e3837333c8e83d5b01c29744c1379886adc2ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fc201b5483e4dc8_0

MD5 94c05dc6660e4a8936db9973f3fc82b0
SHA1 5364da0fc6f01373993182da3900b268c49db3e4
SHA256 c96201caf0f28a41a9dcf4f089f44675ff8218f80b8e00c04e96c6493f83ff0b
SHA512 5cd5ff36f9d049779169553fb7829a3f43668fa662a5ba3cdf3d14b8e5931c565ab665a49ada9cd549abad68d5c3b83145be0287e5da6b9b708a3a50ec2bf7b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

MD5 01290bdd56b06dd533d18083483b3916
SHA1 42ee1c39f8663965f8767c2078eca2a672f2dccc
SHA256 d80bbccb67c4a622c356eddcf3e714273d99e43d184418faacb4c9bb623033bc
SHA512 13c4693cf72e06757bc893b018fc1b4aa910f6e991872e0d77a659b6c7888a955c7232793a92e1dcdb40b9a34374e0439f03fa89dc544486f0f8eea28efac779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daf0b019d07753bd_0

MD5 f085f2512f6c6a3141991e998102935b
SHA1 bb7c326a56fed42dd90aaff50b4da96a42e2af06
SHA256 aaf1d53274fd90c74c1e956e0e40fb8b1e3af8ec5dbc163b3ee953661ff6d77d
SHA512 a0629b19ed40f520654864ce6b9b9bbbb0afc08a4a33bb128ac4387e649d3982dcb3ae2e0a1f0381412f4a0203d4e24b1b1b1937cf2befbfaab7b99d95e54304

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fda0aba9e3042332_0

MD5 16e2d34a2faaf86bc04dd4dec14a5102
SHA1 fa67886b9d8d9d06186645cb608e1add0ba1b7d8
SHA256 db585f8f01002cf9167defd9025a5dc04b2488d760540c5c517e33afd8bacee9
SHA512 7abfa8e4f3ffea09de97741e92177a4cc95e315aa24d91812659fb12398bb56ef13908eb7bef0773cd8c2a5c2eec9fe07ba9cd1820b9782d6c13d1c74bc5b9a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2e8c167e1462fb5_0

MD5 1c7b508244c1d5397422661de66ca9b9
SHA1 dbe732cf462b51bba506acd7353929c49cf9bc4e
SHA256 fbaf5a3b6f843c0dfbc06c82bd134534509416049252fe7cabaff964e6e149ed
SHA512 11237675f91d17fa764335667bf2190ca0f374ea739f5d00715cdf51346e6b43013207a9ae8069fde2decb196f438520b69a81b8816e7ac1029256c7d4b6cab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 eb44c46aac104fa6f68cac17b915dd3b
SHA1 c380a78d5ca31427ae1143f1a014486c6bc2d6db
SHA256 382e4c916c11480c926a5b1cd812fb3640956241aa65af4df74b7e792d12f2d2
SHA512 8eda3307789fbc73b6c70040bf752109f1b5f73d5e254c1f61875859d177991f0cdf48f03377ea0548ffcea34696c5ce3aa0dd8b0a68f30c3227957745b7edcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 16721a579e5edbdf125aa18e6a7b2d3d
SHA1 b8989447fed4e10f22112deb62908b6db73a1ebc
SHA256 f3b91b077ac89ec91dfd5e14357597ac77658ef2ebe2132a106f53280064476b
SHA512 4afcc9c3d6e387816f41f0b4e9d34af39085449780ab8ca28cd707192c79bd8798c80cc79b0217d3b664b96b6d08df7f322b02ae954b6aa904377bea65053306

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 eff7b6acbb29070abe3aea6685e4b44a
SHA1 6badc7f467be2884b87e74ba48758dfb1fa77a22
SHA256 2bb141e9e106ea473d450d730bf32e6e789b25bd4f7b271ee0cb49b975c8f59e
SHA512 8e55aeec2f9b36d243cadd68e1f9240a0e0d09cbf0f0b80127bd7e3fc2176862de7e3ae80e64d573c44f21c2d0f015f92931917e05fcaa770eceaef4dae5a1e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 f706c4bf6b066ce573e07c129a3f8cfd
SHA1 18158fc1c8c751ae115e093a52ef7b717c4513df
SHA256 3b5a8814887bbc38093ee4765abb809e6ef2259d22ed5d0a06b43fda1b58ac28
SHA512 99573edfee51e67924ef570d6502aef375f6a6e7f79c06fd15550fd0d4a59e0ff23a567ece29b9e0266bd8e8b4ae481d5301490fa0e839e8603747b1c89cf366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91005327c4788773_0

MD5 cb37479e024ae5fb81fa26925c3f62de
SHA1 9b7027acfc14318bfbd2168f0abb43567d77604b
SHA256 b092414a5214c5772012624cc9fc0690dfbdcae7e19b9ced5692f3a829c616d0
SHA512 bfee4f46a676b271968dd10d0a7e863197fc50bd4b69faedf38f0e3830813cbe793b51a75a8053d273ce74e3bd4d4bce211291e46fd76dcdf1fabe48065526c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 045f796bbf8e121eb7df173b8e200e83
SHA1 2bf7e8ee7519ab22c4e07ea8b09474d644c2e477
SHA256 b93f51cea6e676524102534a9bb5be271ec874902db15bb5f57e5bb4888ef7ac
SHA512 ebd0cfba69007c3bfe6c777b47f5fca8be6f5c06427e350bbd2fde8cd2b53a940a49762ea64c1c9c7750998c1c58453355aebdd185784498b072b2d1707953f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e708d587df685aba0057d977ceef50cb
SHA1 e920eeb92fa99d2a568fdb26e838a7c539bbdab1
SHA256 3f397d3d585fd57e1d6af0653629b245514e2b9ec5c64b2640a5bd5d93ccd5ec
SHA512 ed390479482ea857eb627d17289b559b3ad96ab6bb3c0ba7c36985a6cf195fd96825ba8f954bcbd8b92106237e3008ebb38b95777b4ff045b67711beddd1a8e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6fe094ed4e410c337f96d21065856ca2
SHA1 39e86701d57f5bde4f96b1aef3adb35aa9334559
SHA256 a579e325f47d2f3fc101ef67737da4f59255833543f8b929106d057914058d07
SHA512 ecdd92743aaf86566f703744afb291becf7e51aaf5233a7b3eb372f35a1eabd6a2a41e3070c591d4416b7be1f9e4cfc966296c01ff611caaebda518cbc7b47b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f642c61d274073abcd606e2314935f0
SHA1 ff78a13e6a75aee3ba85582abf1f662b939ce395
SHA256 34252656dc22373851428547ec19ff6ac5844d93e8aaadd121daf22f2e473f62
SHA512 3dc97d31b6946dfd265042fb32a5615cadc1b52d6cb8ec9f83502a4981b6a1daadeedd2ea2aacddf6170fc5a934a8c5e1a25067d3c6944e26b4b01417daba84b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fd9969fde9eda60c466eebbecf6e89e
SHA1 2beb451cc2c57c292a30bf77df1cafd77c60b321
SHA256 122f13b9730a2bdc5bcf92135cf170f78a6d2995d088ac2636985c8a21d9460a
SHA512 43c75de0690e6b6eb79ccef29d9e2bb9a024cfa471037b5e89549a548677dda3095615d717717ecb9240ae334ba7b178510be3eafe2a27f7e7079e23786125d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 763584539c3c01c7615c13257374b7e1
SHA1 594e6a259dc1650e14ca5799326b895de4669162
SHA256 6614264c29ed1c1244798bf23443efdcb836256ab85c88254227bfb23e722fc0
SHA512 ff86ed3a4f14766b4e48947ff811d36e6ee96320664f40659fd90f1189c2a0d9d0cedf50600b77dd0301443ed62512a1508c1ac502073333d5c92036f4427a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e11f371f8eb85ac39285040acfb3ef35
SHA1 eacd69f54ce9be52c8424ba4d551ee757d6911db
SHA256 1858a50955292105ecf0f12c6c77aa9e4c9726928657497f533a47e74fbe2e90
SHA512 53cea0e16f665784fe7ca5f977c165e1fb797eb7940ec247ca7b127649283a3cb150f591cf6d77e8055648f02cce206e692002ec89a7b9d4b4587dfd8290f290

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 95246f985696e6ee821b95002a3796cc
SHA1 47741e6300acefbc147edcc20630913370c8757e
SHA256 b54be1f19b47f7fbe6f0e3d8c8e7a35892afcff50e42f8d3d25a922ab0e1836d
SHA512 819227c7d53c33d9e39ed6785897b414978183f8b8c692ee989363b9a75202c2da88a7ef0175840adf33820d25d4e6e2483bb3e8fc3350821fc7ddbf049c6f3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc4461626774d3041ad3025cd36e564c
SHA1 2f7d045130c367c5a032dedf70c42c0c366f813d
SHA256 aa42b583f4589fcd87513f15e6f3b386b1800680d2bccdba8ec9c819d4a86e58
SHA512 e3665baa9bb48fe75e8a99370d93fb8e459eceb31aef553219f752e0e2d8fbf267c41c0fa2e5c16fafd98481509f7846ce288ce80e4bf2a6bef6f0e2c1f2afa0

C:\Users\Admin\Downloads\Unconfirmed 299317.crdownload

MD5 63210f8f1dde6c40a7f3643ccf0ff313
SHA1 57edd72391d710d71bead504d44389d0462ccec9
SHA256 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f
SHA512 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ea3ab145eef875a2dd63516cc8e0bc7
SHA1 7be9fc27e7211fb30a39d4f99898093c3b164f53
SHA256 15dec81022b1668778066ded674d06a52b062046a15de327f08b596313379e49
SHA512 f786f92aec2a3b013bc772005233e24975de76ba90a2804d957ed6375acdea9f2d3d5cfa67eeeb4f8b67c66c156a17daf4fd0d3af0b5062647641e2ae9e5f4c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 739e47d7f6ded2ec5939e741eb7c0911
SHA1 13d001fda545be72f89cc8f604b7588eba301911
SHA256 4bcb011c9d0970eeb8c91bd200ee0dbe87a42dea4e4f82a2558206437ce34cd2
SHA512 a5dd31c0d3869bfe4a1fb546032b694b528406efb15b00445ed773fa9a9e578e7463dc2d2646ef32ffc3d711f0289366b050b5fd5338c7b2f4fb197b0d89a89a

C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

memory/4944-2718-0x00000000024F0000-0x00000000025BE000-memory.dmp

memory/4944-2720-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2719-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2721-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2722-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2723-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3880-2727-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3880-2728-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3880-2729-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3880-2730-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2742-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2752-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2753-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4324-2754-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4324-2756-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2757-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4324-2758-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2761-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2cd1ef7fde0e815cb11d453940dc0276
SHA1 05fc6c4c32517696e8f480ebd13ec380f4682bfb
SHA256 378305610b5a584323dfb0dff22376f4daf7d3f42e64356572c5eb5db0048eae
SHA512 cf0492be49fe84012ef9f175ad91d241996e894019fede09ea34342220ad8386eb389fde55ed9b60188440a87e6d4db07957cb800be38bae449074f210c980a8

memory/4944-2782-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a8beffe461fa9171c903b86e1fdf11c1
SHA1 a7828745d7eefa49c1e5f33c4255844211269139
SHA256 1a9aed9a1c393326641b96f1902d9541b36eb4bb83d1d4dec17045aade953119
SHA512 64c3597d0da4df99c2c76c8326f7b7fa8b4f9cf0ec9bec8b990af33a3d2209def85fc65038784ae9176fb1dba38e0c9775f54d0f5f467d28a1a5e18dca05c202

memory/4944-2801-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ecf653a80dcb710df9b74871387b0cd
SHA1 f30d767f02448c5eec4d70cfa8c899cdf82f71d9
SHA256 0d7c051da6ec047724f59fc345a166dc6679aa5474798d3a73ea193a9f351ec8
SHA512 31d6c271e929edb9c5505b05442d30a6de63b70bc1cbe82920acfd852949a990bb96c16bc230ad1ffd6e929575c37051be8d073662b254355b1bfb0571512aa1

C:\Users\Admin\Downloads\a872685f-7f21-430c-8a2c-014c8b4d1b55.tmp

MD5 c850f942ccf6e45230169cc4bd9eb5c8
SHA1 51c647e2b150e781bd1910cac4061a2cee1daf89
SHA256 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA512 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

memory/4944-2826-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb375682c2db076245f3e03bf6ba2c88
SHA1 80a5620f890bdfa7bc5d9635f9669ef9fb78d66c
SHA256 3073cb708143724a49b0683f6bd121b2c92f6fbfc82007b7e676fc4307287754
SHA512 faea8ec88e16b055d824cfc7207582982b3a05ba5685fae36e06d1969f5ff8cddf05491812f87c105d659d4c76f45b793f0f402a9a20c14cd93c28b3ee49969d

C:\Users\Admin\Downloads\Unconfirmed 806333.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

memory/1364-2854-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/1364-2856-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2857-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/1364-2858-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4604-2869-0x0000000074500000-0x0000000074CB1000-memory.dmp

memory/4604-2868-0x0000000000090000-0x00000000000FE000-memory.dmp

memory/4604-2870-0x0000000005260000-0x0000000005806000-memory.dmp

memory/4604-2871-0x0000000004BA0000-0x0000000004C32000-memory.dmp

memory/4604-2872-0x0000000004E60000-0x0000000004E70000-memory.dmp

memory/4604-2873-0x0000000004C40000-0x0000000004C4A000-memory.dmp

memory/4944-2879-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2883-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3280-2884-0x0000000074500000-0x0000000074CB1000-memory.dmp

memory/3280-2885-0x0000000005890000-0x00000000058A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b2ff6933ba78726273952d31c3c1d45b
SHA1 d99fc963b6a546d6bd4e244929c31c67d2f14d2d
SHA256 8e2a5c8cfdd2103648077bcc2bee36e854901640e7c8a48f43722cec7bc8e91b
SHA512 8ac6c604d3abcc6dbee7398d84e55f106c6d10e461a890609dd6e2054c7909631170c35ec48e4928b4b3f3c1c52ab2b66d2a0d6e7fe1e54bdd9c29fcaac433b1

memory/4604-2898-0x0000000074500000-0x0000000074CB1000-memory.dmp

memory/4696-2900-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

memory/4696-2899-0x0000000074500000-0x0000000074CB1000-memory.dmp

memory/4604-2901-0x0000000004E60000-0x0000000004E70000-memory.dmp

memory/4944-2913-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3280-2914-0x0000000074500000-0x0000000074CB1000-memory.dmp

memory/4944-2915-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3280-2916-0x0000000005890000-0x00000000058A0000-memory.dmp

memory/4696-2917-0x0000000074500000-0x0000000074CB1000-memory.dmp

memory/4696-2918-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

memory/4944-2919-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2920-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2921-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\20OIFLVL\update100[2].xml

MD5 53244e542ddf6d280a2b03e28f0646b7
SHA1 d9925f810a95880c92974549deead18d56f19c37
SHA256 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA512 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

memory/4944-2961-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4944-2962-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 fb4aa59c92c9b3263eb07e07b91568b5
SHA1 6071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256 e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA512 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

MD5 0da77f21b2093e6cee583fb70d274192
SHA1 2af74ba1d35cac7ceaf9811569b45f141cc7ae9d
SHA256 aa61f8bef838d7c972fe27d342dd927778d984559b733629257927ed58fc2e43
SHA512 9e4fd91b120d045e90a22c9023b1231d6622ca3d2160715ecf4d3ded69447cf22cbc4547b2a548480758ad8680151cb22f33828bbd149c10a072a5fb8a16148b

C:\Users\Admin\AppData\Local\Temp\tmp51BF.tmp

MD5 5b16ef80abd2b4ace517c4e98f4ff551
SHA1 438806a0256e075239aa8bbec9ba3d3fb634af55
SHA256 bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009
SHA512 69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4

memory/4944-3227-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 cc04d6015cd4395c9b980b280254156e
SHA1 87b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512 d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe

MD5 c2938eb5ff932c2540a1514cc82c197c
SHA1 2d7da1c3bfa4755ba0efec5317260d239cbb51c3
SHA256 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665
SHA512 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

MD5 09773d7bb374aeec469367708fcfe442
SHA1 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA256 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512 f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

MD5 5ae2d05d894d1a55d9a1e4f593c68969
SHA1 a983584f58d68552e639601538af960a34fa1da7
SHA256 d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

MD5 3c29933ab3beda6803c4b704fba48c53
SHA1 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA256 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA512 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

MD5 22e17842b11cd1cb17b24aa743a74e67
SHA1 f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA256 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA512 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

MD5 552b0304f2e25a1283709ad56c4b1a85
SHA1 92a9d0d795852ec45beae1d08f8327d02de8994e
SHA256 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA512 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

MD5 2c7a9e323a69409f4b13b1c3244074c4
SHA1 3c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA256 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

MD5 f4e9f958ed6436aef6d16ee6868fa657
SHA1 b14bc7aaca388f29570825010ebc17ca577b292f
SHA256 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512 cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

MD5 e593676ee86a6183082112df974a4706
SHA1 c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256 deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA512 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

MD5 13e6baac125114e87f50c21017b9e010
SHA1 561c84f767537d71c901a23a061213cf03b27a58
SHA256 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

MD5 a23c55ae34e1b8d81aa34514ea792540
SHA1 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA256 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA512 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

MD5 d03b7edafe4cb7889418f28af439c9c1
SHA1 16822a2ab6a15dda520f28472f6eeddb27f81178
SHA256 a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA512 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

MD5 57a6876000151c4303f99e9a05ab4265
SHA1 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA256 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512 c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

MD5 adbbeb01272c8d8b14977481108400d6
SHA1 1cc6868eec36764b249de193f0ce44787ba9dd45
SHA256 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512 c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

MD5 f1c75409c9a1b823e846cc746903e12c
SHA1 f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256 fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512 ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

MD5 de5ba8348a73164c66750f70f4b59663
SHA1 1d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256 a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA512 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

MD5 8347d6f79f819fcf91e0c9d3791d6861
SHA1 5591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256 e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA512 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

MD5 771bc7583fe704745a763cd3f46d75d2
SHA1 e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA256 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 b83ac69831fd735d5f3811cc214c7c43
SHA1 5b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256 cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA512 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 72747c27b2f2a08700ece584c576af89
SHA1 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA256 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA512 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

MD5 19876b66df75a2c358c37be528f76991
SHA1 181cab3db89f416f343bae9699bf868920240c8b
SHA256 a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA512 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

MD5 7473be9c7899f2a2da99d09c596b2d6d
SHA1 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256 e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512 a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

MD5 9cdabfbf75fd35e615c9f85fedafce8a
SHA1 57b7fc9bf59cf09a9c19ad0ce0a159746554d682
SHA256 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673
SHA512 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

MD5 096d0e769212718b8de5237b3427aacc
SHA1 4b912a0f2192f44824057832d9bb08c1a2c76e72
SHA256 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA512 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

MD5 d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA1 4e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA256 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA512 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

MD5 ed306d8b1c42995188866a80d6b761de
SHA1 eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA256 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

MD5 09f3f8485e79f57f0a34abd5a67898ca
SHA1 e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA256 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA512 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

MD5 1f156044d43913efd88cad6aa6474d73
SHA1 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA256 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512 df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

MD5 e01cdbbd97eebc41c63a280f65db28e9
SHA1 1c2657880dd1ea10caf86bd08312cd832a967be1
SHA256 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512 ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

MD5 57bd9bd545af2b0f2ce14a33ca57ece9
SHA1 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1
SHA256 a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf
SHA512 d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 527e6fa97184b70f5da1caa74293ef27
SHA1 5a67116ccac26fc18a7adfeff8b48071149b21e2
SHA256 76efcf623511a2e1a2eda72f608f77f79c6b656d0a62c92d8de93889d551219a
SHA512 fc07453fff44c57755eba8cbf21db1b1fbd532fa46dca9f80afe8b23fa6ad658d56e223a2c0c5c9ca2c232a5ea29e020adcf554ab80fa10a4af5717ee479aa6e

memory/5692-3819-0x00000000044F0000-0x0000000004500000-memory.dmp

memory/4944-3838-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 10c41e6157777303c4fc6d11e07f1ad6
SHA1 431eaf0625a754180347f84288a8915b4fb7e780
SHA256 e67085552de5cb171cb03659ab516a20d9ca3f4120c2dd18cabdd77349b55f44
SHA512 9b33f35695b1faf4cb4bca4786482a4748e190eb2984a63dd1096bef0d9ebb3dee04eb7c5be5ea59b3f579de229464a2c00157324ac2f2a7ab07131e4b52a8fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c4ac34e2cbdec05805d2f1d5c784091
SHA1 cfcbfcd00bbcffe1e0f734dbe66ec34eacbdfed8
SHA256 5738dd6ac52ef29c4b1302a0a42abb9a2d9e6df6a6b73740fc040a9d36f94780
SHA512 98cf79aa4ea1a4ac0830a6814c6a0512543cea0a214ad9e23ffc7fbcd9289f0572bec79cdca946ec74033a5d01ecece33239bb5f6ae81f2e5fffa78c45ea7eb5

memory/4944-3883-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/5692-3915-0x00000000044F0000-0x0000000004500000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b382286e9797e17b5f405af27b3cda71
SHA1 0e5cf801180501eea08a334de690789f9db77eb5
SHA256 003eed9f776ad3cbb970a493b3db8b78aa4a90d6d54b00136b75cb76499431f0
SHA512 45689057966f1d98da330525f8e66bd633a54dd10a0b332355e6cc769494713e70f6201e3cb83f6a6a4e7e9aab9f4a31f364082b6139770d08d34b579e790ee7

memory/4944-3940-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7654cf206708dd295254e7b6b103d717
SHA1 83c19aef0bf0fd715f2c0ab9d67ddf546f48f325
SHA256 75a3c7a859f2b3de221fb3f9fd7f0cc06312345496b5f93dcfaa5c09cd311cb1
SHA512 d6cd5f1c9160d4a4afc674bc3fb56c5284b15f2a6a1f7284fa608f92e336f3ad75561227cfd18355af2346d3143609b58655ae5cb351642fd733b080dd7884d1

C:\Users\Admin\Downloads\Unconfirmed 877026.crdownload

MD5 97512f4617019c907cd0f88193039e7c
SHA1 24cfa261ee30f697e7d1e2215eee1c21eebf4579
SHA256 438888ef36bad1079af79daf152db443b4472c5715a7b3da0ba24cc757c53499
SHA512 cfbb8dd91434f917d507cb919aa7e6b16b7b2056d56185f6ad5b6149e05629325cdb3df907f58bb3f634b17a9989bf5b6d6b81f5396a3a556431742ed742ac4a

memory/4944-4049-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1670c431b232f804026f661fefa33c03
SHA1 df30fef93d805b2a5349dea9bf3cc3817ce5a9f1
SHA256 ed3e2ff329a07fe568a3c2eae322e0eb64f214f74e63dbb9579184635f596080
SHA512 6d90f68e15c2b76327e52ea1d7c56e985abb5edd721466d7c6aacd5fcc9cb5baee3977216a3d88dd7ea6c197c6a6e02d3bfdafd809b3d274941efb8a60d50366

memory/5164-4071-0x0000000000400000-0x000000000058D000-memory.dmp

memory/5164-4072-0x0000000000C70000-0x0000000000CB3000-memory.dmp

C:\Users\Admin\README_HOW_TO_UNLOCK.HTML

MD5 c784d96ca311302c6f2f8f0bee8c725b
SHA1 dc68b518ce0eef4f519f9127769e3e3fa8edce46
SHA256 a7836550412b0e0963d16d8442b894a1148326b86d119e4d30f1b11956380ef0
SHA512 f97891dc3c3f15b9bc3446bc9d5913431f374aa54cced33d2082cf14d173a8178e29a8d9487c2a1ab87d2f6abf37e915f69f45c0d8b747ad3f17970645c35d98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87ba3134f2c84ee1d482f49f4276c283
SHA1 3fc2eb647c88f0edbaf7fa69684f4278d0f468d3
SHA256 a75c11f3dadfd1c724a97f35147266f1bf6f8348a8e39648f160c11c9ddffabf
SHA512 08f4faf3229f29938345d960f4101ad41eadff399b6f7fa263738b293f58c92a573c8e27970529197e9cf9f09a7ad4fb18d47b13ffab066ee5d642cae55783b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e9e6112e9f2e32ba32753995d2c2cf4
SHA1 79b83740453ef34b2e72b4a5da642413797f070b
SHA256 d18d6df02e61fb9ecbfcb54e64a91d78396eec04ebc35c65c11e18904cef3382
SHA512 baa942fd978070c5e45c487e8dc7c851300adea44ef7300f9a1a6269222c9a432aab5ae21b9bc204ec74f2fbbcf6c24a6f6271b6e22abe393c823c96a3191d91

C:\Users\Admin\README_HOW_TO_UNLOCK.TXT

MD5 04b892b779d04f3a906fde1a904d98bb
SHA1 1a0d6cb6f921bc06ba9547a84b872ef61eb7e8a5
SHA256 eb22c6ecfd4d7d0fcea5063201ccf5e7313780e007ef47cca01f1369ee0e6be0
SHA512 e946aa4ac3ec9e5a178eac6f4c63a98f46bc85bed3efd6a53282d87aa56e53b4c11bb0d1c58c6c670f9f4ad9952b5e7fd1bb310a8bd7b5b04e7c607d1b74238a

memory/4944-4302-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/5504-4314-0x0000000000400000-0x000000000058D000-memory.dmp

memory/5504-4318-0x0000000000980000-0x00000000009C3000-memory.dmp

memory/5504-4322-0x0000000000400000-0x000000000058D000-memory.dmp

memory/5164-4326-0x0000000000400000-0x000000000058D000-memory.dmp

memory/4944-4343-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/5164-4361-0x0000000000C70000-0x0000000000CB3000-memory.dmp

memory/4944-4370-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6a86f80162b121829eb05b4e34577c0e
SHA1 dc19af8cdc1cdc871d95a40dc743bc4f5cfbccae
SHA256 8c388f4b2a5c35c9203f335b697ef0a449c8bb438eb56bed3d33f4224a6a96e4
SHA512 3c67a80f4012f62ebdcbbd788afc3a5e35244ab7bddf1653c8c35fdaa3b7e6bb267c67bd314bd7e66b9654b0121f39c60b391fd892355df1d9de2e5381729629

memory/4944-4413-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d81f062eb9d9d04393f47b7203a16de5
SHA1 499e1292e5e231d3738a814cdefda6fa1a9c744b
SHA256 a1f2f71ae0e1483fff295cfae6ca6223b6b1751a17bdb9f1c3f83f81fd84826e
SHA512 53797908ab96e055f084f1e98945865b37b2f2945693e010842b6a0f29511c9cc85b0bea51c1fd5467452ba4219902fd1a23104448699810474a01e191661e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79c4bb0f3841dcaf4b6d9da1a1537f2f
SHA1 1d6d690f41fd26ea66cca137d0a1299330e5face
SHA256 a26a0dd52b4f3cb2c9b79e87de4e61937ffefeba34beca900c1b7e13ac95d7ed
SHA512 0877120e7576b6be065b34f8d2ceeef6890c4942fd32fede208bfdb9a639c755b9b6cb0c4699483f5ddcba4b4ac1f8ee1aa9954a6c36aab9a1c429f06197f426

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 ad71890acee761dfc0bee32f37ce38f4
SHA1 b8fb6dcde20d0f762ede74ee4733217483d93d3b
SHA256 ba1666a7114c8fa9eca949febb6e1c28f9492e1b7c62671e674ea2588aa00bbc
SHA512 18eace7bab2975343f67517a6985c20ec92e31f7fa0c78e400486407e6fdd48644be94615d3986f2932f2d5580d7e18967bf0addc1f3b2950d1a1864a14d1f86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 b2eef9224da727f8fafbe76d042d5f14
SHA1 8b2d44fade5265407d7010b0692a69341dd68898
SHA256 8806be817ea078ea37dca1f6f93a9fbce42a26527827a7aa878f6ed1aa2a7960
SHA512 9ac5a5945aa5912cbeee46ce87c277f6ccdfb1a839f09d5b0f43888bd989f60d3638e56e929da65004f0315849465d3849d221db255619431d5ba27a81e87ca8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

MD5 8c29784be0965e35f697b90ac64c2d8e
SHA1 853c018538d64bb3d1c16450488dabf480b7c6a7
SHA256 cab18106e0fbcbc368f2e35d29b81939f60030985aafc3fe977249ff58491245
SHA512 ec8ff123632701be8087f97f02af4e7e2b46bdd3c966e11bb1baf4bc7266bdb1e066883d1372261d3e8be4b8e39654ad7c536c727e20240563926f3d94f93106

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a9b3662d971774b_0

MD5 eae8685e390f36a821191bf439c13241
SHA1 a5c880e10275b9f276d893782b7a9b161e27e4a6
SHA256 987e2b05c69b83996535e9205bd50a4ae51bded6a536cc7c042187d3e031d2af
SHA512 b0a5799726b613389f296418c0e0fac63d3664bf4a414d09747033391dc7c749b8f59c065b929f09ef4f0d55b010c90cd868776f82a432b2e4c2a1e107faf2bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb2dca5ae247f4a2_0

MD5 804c43cbc8714238f6a1e5cb96cd3403
SHA1 49678cb9eeb4e6956b73183e2d7f917cbae10356
SHA256 d39a48c684242fb7d63b81760e179098a8886c47c1a644bf90d2c0c36ab4dfd2
SHA512 6de97dad8614278613276e303da6d8f691977414616ad7aa1a443abe0478436a32abd31a4c3dead2b2db19a5110e63980bf75c643e246e11634cdf85b303768d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

MD5 f782de7f00a1e90076b6b77a05fa908a
SHA1 4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1
SHA256 d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968
SHA512 78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

memory/4944-4894-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 34ab1fb8692f43a80a16bbeb2133789f
SHA1 d0ad6146d1e842a5bb407af016aa280794bdf466
SHA256 28f2f136dd2b08390f2455775783e0c561891db3c8c223dff76d6dd1a9cfc191
SHA512 ad23bb2916419b5f0022f98218f19f5cbd31f8cc920273f965fbed2a34592b59dff6acb3b20863e857710a59c64d2549f1278618d36b927103c1c0477de0a9bf

memory/4944-4923-0x0000000000400000-0x00000000005DE000-memory.dmp