Malware Analysis Report

2024-10-18 22:20

Sample ID 240429-vn67dsgc2y
Target 1_R-bNQuTbgcQda15zyXeMpg.png
SHA256 2686676de2878920710d925c2a94afbd2bc9430f8f946190a5fb92425f797f72
Tags
qr link
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

2686676de2878920710d925c2a94afbd2bc9430f8f946190a5fb92425f797f72

Threat Level: Shows suspicious behavior

The file 1_R-bNQuTbgcQda15zyXeMpg.png was found to be: Shows suspicious behavior.

Malicious Activity Summary

qr link

Legitimate hosting services abused for malware hosting/C2

One or more HTTP URLs in qr code identified

Enumerates physical storage devices

NTFS ADS

Suspicious use of SendNotifyMessage

Modifies registry class

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-29 17:09

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-29 17:09

Reported

2024-04-29 17:29

Platform

win11-20240426-en

Max time kernel

1177s

Max time network

1201s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\1_R-bNQuTbgcQda15zyXeMpg.png

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \Registry\User\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\NotificationData C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "2" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1696768468-2170909707-4198977321-1000\{6A09DB9D-355D-4333-A64C-A2BAE15D0379} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 200000001a00eebbfe23000010009bee837d4422704eb1f55393042af1e400000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RPReplay_Final1714409412.mov:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1936 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\1_R-bNQuTbgcQda15zyXeMpg.png

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb0b7d3cb8,0x7ffb0b7d3cc8,0x7ffb0b7d3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004F0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,18440667083780268198,18346785337178143699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 /prefetch:8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
FR 20.190.177.82:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 162.159.138.232:443 status.discord.com tcp
US 162.159.138.232:443 status.discord.com tcp
US 162.159.134.234:443 gateway.discord.gg tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 162.159.137.232:443 status.discord.com tcp
US 35.186.224.25:443 api.spotify.com tcp
US 35.186.224.25:443 api.spotify.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 35.186.224.39:443 dealer.spotify.com tcp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 35.186.224.39:443 dealer.spotify.com tcp
US 162.159.128.232:443 media.discordapp.net tcp
US 162.159.128.232:443 media.discordapp.net tcp
US 162.159.128.232:443 media.discordapp.net tcp
US 162.159.128.232:443 media.discordapp.net tcp
US 162.159.128.232:443 media.discordapp.net tcp
US 162.159.128.232:443 media.discordapp.net tcp
US 162.159.134.232:443 media.discordapp.net tcp
US 162.159.134.232:443 media.discordapp.net tcp
US 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.186.224.39:443 dealer.spotify.com tcp
NL 52.111.243.31:443 tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
GB 142.250.178.5:80 gmail.com tcp
GB 142.250.178.5:80 gmail.com tcp
GB 172.217.16.229:443 mail.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
NL 108.177.96.94:443 accounts.google.co.uk tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 172.217.16.238:443 ogs.google.com tcp
GB 172.217.169.42:443 ogads-pa.clients6.google.com tcp
GB 216.58.201.110:443 contacts.google.com tcp
GB 216.58.201.106:443 waa-pa.clients6.google.com tcp
GB 172.217.169.42:443 ogads-pa.clients6.google.com udp
GB 216.58.201.106:443 waa-pa.clients6.google.com udp
GB 216.58.201.110:443 contacts.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 142.250.179.234:443 addons-pa.clients6.google.com tcp
GB 142.250.179.234:443 addons-pa.clients6.google.com udp
GB 216.58.201.106:443 waa-pa.clients6.google.com udp
GB 142.250.180.10:443 taskassist-pa.clients6.google.com tcp
GB 216.58.201.101:443 mail-ads.google.com tcp
GB 142.250.187.234:443 people-pa.clients6.google.com tcp
GB 216.58.201.110:443 contacts.google.com tcp
GB 216.58.201.101:443 mail-ads.google.com tcp
GB 142.250.180.10:443 taskassist-pa.clients6.google.com udp
GB 142.250.187.234:443 people-pa.clients6.google.com udp
GB 142.250.180.10:443 taskassist-pa.clients6.google.com udp
GB 172.217.16.238:443 ogs.google.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
GB 142.250.187.234:443 people-pa.clients6.google.com udp
GB 142.250.200.42:443 subscriptionsfirstparty-pa.clients6.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 216.58.201.110:443 contacts.google.com udp
GB 142.250.187.202:443 peoplestack-pa.clients6.google.com tcp
GB 142.250.187.202:443 peoplestack-pa.clients6.google.com udp
GB 142.250.180.10:443 taskassist-pa.clients6.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.180.10:443 taskassist-pa.clients6.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.180.10:443 taskassist-pa.clients6.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.180.10:443 taskassist-pa.clients6.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.206:443 play.google.com udp
GB 216.58.212.202:443 waa-pa.clients6.google.com udp
GB 142.250.187.234:443 people-pa.clients6.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 8.8.8.8:53 dealer.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.234:443 people-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.234:443 people-pa.clients6.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.234:443 people-pa.clients6.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 api.spotify.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.234:443 people-pa.clients6.google.com udp
US 8.8.8.8:53 api.spotify.com udp
US 35.186.224.25:443 api.spotify.com udp
US 8.8.8.8:53 dealer.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.200.10:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 api.spotify.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 api.spotify.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.200.10:443 signaler-pa.clients6.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.187.234:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 172.217.169.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.186.224.25:443 api.spotify.com udp
US 8.8.8.8:53 dealer.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 162.159.133.233:443 cdn.discordapp.com tcp
GB 172.217.169.10:443 signaler-pa.clients6.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 api.spotify.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
GB 172.217.169.10:443 signaler-pa.clients6.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 api.spotify.com udp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.25:443 api.spotify.com tcp
US 35.186.224.39:443 dealer.spotify.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8ff8bdd04a2da5ef5d4b6a687da23156
SHA1 247873c114f3cc780c3adb0f844fc0bb2b440b6d
SHA256 09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae
SHA512 5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

\??\pipe\LOCAL\crashpad_1936_VFKXNBXJQLJQTIEU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c78861eef6b462cfdba44aac90373908
SHA1 a54a9e68a4ff7e55b024e970c67451f7fcf645dc
SHA256 6b2d9acf171b6d22c0138db2f0228e20cc42b658444dc7c73ae62d60a9972d66
SHA512 00ae2521b88d631e4e407cf5fcdb77b9cfa5b67f04097d54e63588e036ca3f53bf14a58b62e85078a95ad4803a25d4d6c46f2428bac1bfb4dcd4ea5263f53649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e4ed4a50489e7fc6c3ce17686a7cd94
SHA1 eac4e98e46efc880605a23a632e68e2c778613e7
SHA256 fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a
SHA512 5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4c1857ff1cfcf1d024002065e1ed815
SHA1 4c2f5bd069796ed4ecbfb4b1dcfa3a3f11324101
SHA256 314e7c627ca7c4ba3a99a4fba787f98437906a84585332d4050f8b99a925bb7b
SHA512 e55710ac775ce0c996e9a32567b52972fd83d5f4d621bacaa5531134715781408e73a2ba61991f8033457fb37068a56ee122696c205ed179cc6f87a787c369b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d053a665aebd182769d490851244b4c
SHA1 f825d1e182501fdda3772a347fc1a3eb5858f8ae
SHA256 cb9ae81dca1db742468e49852689b65bc3b127183660f03023f2ac07bbeaf96f
SHA512 bf59db7f70ff53b6e6a4f5b78220aa33ed73b1b9e0c6509ff0a109bc308180192637a18bb52ddb5796b1893ba18ec3cb271bfd547423c997c7465e954971fdf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b2355fbf3242a0f74c075bcc26617d4
SHA1 f06f6afbaa2154c97f7ecc64dc19ed003996284f
SHA256 47d60d69fabf2eaf0c0325a8d959dcaf3f4565aaba1eda72da1c2a7120fe78b6
SHA512 0bda90bfa24057aad2bc9048c040c4b2f6e86d8bd00a96ac6b38c10c1c4bd135d0e09f982be2f82aac64d643b6cc6eefc1fafb255e2f377b554577982c54c027

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03db89f76e659576a8621e7beb8d9c5d
SHA1 f796956d4bc2ea7a35a4a5fc22d54ece65d0c7d6
SHA256 0d8a8048d62f551bdca84cba0a72e85d1b8c51e7e7e39ebee166c1cd8dc943ca
SHA512 045b2e3ae690a2e3714b3e4612274efb05a24038ec74f995c4fe3904717b5897b077bb1667ddb3fc35aae4523ce70336befff48d0002444d4c2ba43006970f8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583f75.TMP

MD5 a161db75d46d53bdd95dbc9baa4772ef
SHA1 489c8fdb1fc2522e132f6e6c7ccad0619e1a62f2
SHA256 c768b351ae438e2b7e5147e1451d60ea06aed3fb2ce73470fa2cfbd022662a95
SHA512 30af4375e83e6c682b49c6b2844302f87543414f904cac9fcc25b1e19b3a8103a369277476bda59fb99a3440e5321f8dfa28d4e3eae808764b0a523c86d936cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 bdb1597f3b61a502c177e63fd02ed45a
SHA1 bb3450215c7d363a234a218d33b910491bebe334
SHA256 f24af4bcc1da5e99510e69e641a3feea5e01bbd08cf510dae37428682fd4b155
SHA512 fbba83ecde8198f823957a29baf7ee9c0ba9a03c822abc8c11865c161c368c9b860911a0bf9c7c452919b8191ccace5d2c6780e0d4b735ae7a013ef38dd78acb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 dee1201356e92076c6389c2c882698f0
SHA1 445617a830af9832022eb7a54c7d866e4aaeb760
SHA256 0581c4aa4c07a12ad827093ca0d40d51418713bdafee5bdb2a0063acc96b1658
SHA512 7e7b7ba862d00b00ecf82ca2836f53ffaf4278b1033b79e27f3d27c9bb1dce992f60d289bdaaf4805f6b74fe9b3fd3abc5b7f8469cf6ba29372806a1b78f495b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a1fe7de5965c66a7a5c781b8c82004d3
SHA1 eaca10ec4432aac907c5480ef39f4c3d3c0eac59
SHA256 abebf368d3a889fa606cfb1ecf1bb3c8598c0a2a2fafebbf019ff71f51ab5e60
SHA512 7a7bd664fc9a6667a0ae1742046b9c6e7f75325b21cf3b28e4866f6898d300aa74f90ed14309a87bfd0a63c0ce7113cb4e955238f502092356dec0c8336d3ac9

C:\Users\Admin\Downloads\d4fc5f53-afb1-4a6f-86af-0b584cbe8459.tmp

MD5 405a8c41d58c8f7e8707bd32c2a58ac2
SHA1 33348abf7de81ee36df458e0e83c3d3711aa8d42
SHA256 06701bf78b210553191fd8712bec7c43bce68ab12d34fb114d16fbc64a4cccbf
SHA512 5d3e01daa32d9121acd092dfb3ddb380e796ca2e8d4e75d265676b8d76c90a9064adb2e571fafb534269bba99f3797e528f50b54cc8d3d2c63e8607fb5f07660

C:\Users\Admin\Downloads\RPReplay_Final1714409412.mov:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dde0042b7b8ea0e43801c5b825a7ff37
SHA1 80df1765ba28aeb5ec3654d4a75a8f600dbb70e6
SHA256 f1d89c3debea2e34b72fd8d6551d169ca8d07898ee3787bf7021581de2b25120
SHA512 bff8ca9d618076d6b79597271bb683fad9a44a7eb3f54dc95f714c1f7b0e1c8789a91b4c307c9957151ef2237c262a3d1ca3bd0e0adb378d10fb3ea5f06f5fdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78b3e3948f0cbb8e0e30c5319fe4c669
SHA1 8dea50a96281317f67ae5a3ea1242867119e43e4
SHA256 5295d08579bead29725a8c735f98a86c86da9c812663685cf93aaa3daae194b2
SHA512 d6fceae4ce256c26efe7df2a8b166c4f71f057a830128e7d1d85c0379669e3cf381616d4a2b9bd76ae553a2ddcaba0abe9478908a1ef98ddb73ade37d1ec2c8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f0ae1ec926aaf179c059c4489f4195e0
SHA1 a3cb53424be1651e0983cf172e7c9e078f08ccb8
SHA256 4cf25f41d7b216c567dbec946d3c5402f75d34a322ae726abf1ce6e1cb37b639
SHA512 95bbad516ce3c8062e17bbf27bcabedeb5c2bec54bc47f2be2bf033f39410447c307a244b6d3e4929b259688b28e55bad31e618b58311dca92ddbf597b09979b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2403dfe610568dfaddbcdb61c5f3113a
SHA1 9eafac797654e5489c4d3a1cdb723aaf81d5e126
SHA256 0647792194432fbece8446c0f3db6983e3ec049ce2ce407467964d825a3d0d4b
SHA512 9c83c1a4057d47584a265042a4464ccd206f777927be2abb5616d23ebd8d0a7ff0e61a05b23afa6067b84a2f34f87837d8ca631b4f4e1e37587fd73c5a72f681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff6b7b179f52dc5651bf94f335d41115
SHA1 254aec82067640a25ce3482d6a3be0e41a67ed9f
SHA256 4f2b89ab118784637ced6b4ea79aea6dd0de85f2f59166186d0916669dcfd3ab
SHA512 857d9b2f79f2a1ce8c3c6468c83128a316506be339b1f3ded317e1308b949f54c97ff015eecbb9bc5b0d2abcface29952a78af0578694559e34ad931bb0ae7a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c0ef41821d8e6d6b3e29016a7c3343b
SHA1 1adcef5e92b8c6baf990c01f9bc443052fd5f5ed
SHA256 e8a82255ee8f15a54e77156ea5a9b15a52e3b34e8fb9b73cf9e739869c8ba67a
SHA512 6d4b5fb286fbbd6fa9612e5822d548da5879d63d11443e98f76b6b0e400f99672da5a0eb093a84d10f91c5baa320858c217a0b46e03233fc9986d8d0b62f697f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 890bd03314bf1e2c49845ff941327102
SHA1 5907bed34874f838502b4f5627ad45562405d96d
SHA256 e634d0e2fb07b226960c7bd7077ed56eae6de3211b8b9550e45c586c85c961f9
SHA512 146b2efb9a4dbd74508355703d806067b7236656d7aaa5da54a087f16fa9c4216e9bd2e57d11d59004759f2921d2e9fa60bfa1882d2039ab35668ac19dbe14d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ae023ddc5bc2cdd3ef0e1d0c8e41062
SHA1 c18947d99404019249e1620df872c653a0fdfe46
SHA256 d01dc29ca50d9b4739076de58bd0472b9e851159280b4e559f797d2099cb4b0e
SHA512 de0bcb855d970c8af422006b35ce571c0f061d46d65cbd700730da7137136dc9070a4eb3b7366f411b78a3254b4998f8ba9bf44ffc80eddaa2aa25b427bf3b9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 c7cb1ee0bd6591fba962a5cbc53dcbc4
SHA1 25efb0a8c08418cfa09b91c1ac1cdbb1dcd0e861
SHA256 92258daf01643f8d7c1e274fe0dffc4f745de720c2de6f17a4796ba740a6329b
SHA512 63e8ad4a2911a9aa533343f6ca19dee2c1eb94e82cbf0f93489631fd4022167fbf9bf559e160b0773d5652cf397f275adee588577d1051accd1914d9df1e0639

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 b90ca437f5931b7627408fe88f78f294
SHA1 bacfd95d795715e159a1dcefd5eeccb90b1bd5fc
SHA256 4a8c5c921f025f63c92c2ee8d4f8e0a336f66011fafa1fd361091f6877e7ada8
SHA512 36c02f12a1a4a5e61233089651f9f3b8c83e30dfb731e78d820dd7f2ad9cc9707a6179042320578f82d5b6ec95fa0635231b84c3c09a683ff334913fe821ec71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

MD5 5cc63a9455925cfe81095878e943435f
SHA1 a7c824e73966a5131d12e62ddf68e34efc08c7be
SHA256 dc81f498e68433744621275138cfc4d69a41bce8e1b53e01a32d4e7f65726f20
SHA512 14f58810bd77cbbbf0b63ac2f608a18971b7873e202e92e4729dd7da4c1c88ef3341dbb63e103bba9bae61166cb0de488fea21a25a3d7671a9c9dada1dbe5439

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 78a091c50ef209ed4578d10916e32fe5
SHA1 1b04d4f573c5ca5d583f66103557ca6dd0c74ccf
SHA256 7bed0dcb38f6dabf639fbc214d4cda2372e616e80df7cfe14c0aa11256d963ab
SHA512 f595cbed28d277312c279e2a446bee041cee3c8248a086a3f4c40e10fa77d8e25b3d7e81e38822a2fb0a7aa0528c134e5cd1099dc192bad3ec166e18ffe0f665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 23f53aa1242594f25942236832b93056
SHA1 cc7b4bbb188908a6c58e4e266dfdeb7825de4ba3
SHA256 535474926685a79c5b1e74dd83c997fbf3c3767409bb563de3c60f9ef0eb5718
SHA512 a4dcb3af415df9c0dd4582d07695da0221a4946d9d26d9169af0fcd0391b04bbc2df58980456b95e3be62f20bbeb89d4fd270e1e9478a50bf4743b699bdd282f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\79fe001b-f98e-415c-8611-510c9de2ae1c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5951084fcc71d16b4b5598d3683965cd
SHA1 e23d95dc18fcbe0cf61f61802709a066e26db94b
SHA256 688e68c1599b4db698b53681134b10606fb36bf1232fcee8e1a1d39b45954c64
SHA512 daf38e2a38cef67c7aae9de3689a05c4b47ea4dcfe4ca24d2c80779917ae4b745c89ea11eca6ad6abaea744e613559a4723cef39823aee8748753c79f78ae792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8780d4c49adb768b716a779d97a3d4a3
SHA1 cbee6c60f8e044b48f7da41f76b25017357292e0
SHA256 77b5eecb8fc2dca2dcf9488b8ef8c13d44652cc50636d413467ae4cef7ee826f
SHA512 ca34352bcdd79fe976dcde1a3fe0ea8cbcc5ca69a2604548c27f46a92ea9eafb058e11befd2e1dadf935658fe940a085a32bb1451e0bd6ef65e2c76e4f4264c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596121.TMP

MD5 73815a761bd200d50d3f798654359616
SHA1 4be474e255e965f58d2d6c65b7a3f93b09b1dddd
SHA256 3d6a022aa854ceb345cd4e1e6dd9fd05b8e15a7d2fd5def91a8dc992107c6242
SHA512 cfe3b45375ef480d93b2903565dee19411fb07562bc0ad90d3cf24263585d84abcb502db37000e8fee8b64f76937d4ae0458f93a5f2f7cf83e031e247a99ebbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\20180e9b-7793-40ae-a576-93bdf2f7f7a9\index-dir\the-real-index~RFe596363.TMP

MD5 97ab99a0c692450e039af765ac67551b
SHA1 b8a944547ef031673ef155d39b986118b162c8ce
SHA256 52c945f719e04e76059f7d144e10ce83cd82976e92c2b26e93efc5584073d59e
SHA512 b308f35b7e942b1590aa18c4d435e427b29fce3bfd0bc2b36fb45c9b51452a7107c83d8e893ff97f425a0456f4b25ea638c912db6a1eed6bdc40a1d9849c8bad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\20180e9b-7793-40ae-a576-93bdf2f7f7a9\index-dir\the-real-index

MD5 123edb87d79e206f7af0fd598a575dfc
SHA1 f6b4f36a9bb675c0a39816d50db423b086023d89
SHA256 a478bbdbe523373c568f1abb4d980332bcc727602c162f396eda77c1ecccb96f
SHA512 c48b682d3bc46a299acc158b8060bfa83e00f51ccd9207e89904974a75cd853320898fe74f3873cc3ebb701265efa7ab211653c310a8380050a6559048785fda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bcbf8e6272162eef33a2d846be8b48ab
SHA1 112dbf192fcab65355f5158889d59c696fac8956
SHA256 6996fd7d7fe3c7006c3728be5f808bdd4315f9bffbc4ea92157b7deb3c23f7e0
SHA512 3b1b36634d5bd76c7f9ab1b30586843c0dae12eda7e2ebc22c055c5a1cf0526378aaf8c37dbaa5ada0d683dc175d0fef50ad88689aa793eef38a35a8c8005fb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\b97c90a6-b4bf-40b1-8b99-3922adba955c\index-dir\the-real-index

MD5 22803007b4c88d9d7d35b7f7fe07318b
SHA1 a602cafa0c37243158a14e12305481c41c986b41
SHA256 b4b3612cc7115d7dbeb6cd92d93bd8c582e0ab5cba37b2d57ed0d3865eb4b625
SHA512 c0130ea0bbdb19ffea403fc06fe2dfe5515c2df6dc684620f899f2c66fc93488245d8d3943ba3d3b63afd7233b11f3ec8d52bb4d5c1452c5311ae2f4e8b73ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\b97c90a6-b4bf-40b1-8b99-3922adba955c\index-dir\the-real-index~RFe5965c5.TMP

MD5 fe9ad6c671f4a2fb3b5ee61f74323b9e
SHA1 a29deff2df57037c60610440495673cc7e721aac
SHA256 8ba28d958355ef847110227efe2b5a553f35ff7dda9e085e3ee10896e6bd0262
SHA512 c16258e4f843c370e381f61382e3bf47e9443825a834e28c307b72d35cd5a3c5bfb9eba15181cf41d5ff94cbec63d7cdb7f485bf3d39704f24f356fa5789d3b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\a1a13388-6db1-4891-b19a-04c004eec1ca\index-dir\the-real-index

MD5 b7c25ed279fca1ea106ab2e178c8ae56
SHA1 9a97f07f2611483ddda84530b0d633a277d1b837
SHA256 92ab46b0c713a7d1d9352b7e7a196d0307512834ec40f3d385dc083bf6627bd4
SHA512 64f5e29fabe792fbcd697396a5fb95d9e0c396d86ce81fa446cb4c61fc9881d9f121e834b1bb07fcd71059dbad6df45683e067af837a46432495848cb438896e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\a1a13388-6db1-4891-b19a-04c004eec1ca\index-dir\the-real-index~RFe5965d4.TMP

MD5 2a83991abac6228ed69d22efc731cef0
SHA1 f7f02e45631a589c0ddb444970cf7a26ba6a41a8
SHA256 035fc17f6b02047d2a29d37c06c7c6584e87f4297a760c88ac386f60578b56d8
SHA512 67df00c7cb0299d9b7d62cb77464082547078b71f46b60232c2475d850f45c7c7ab31b5c55f5da55b6924cb1eee2db3a080dd728cb11bb12f3f5e9c536e1becc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c65544afb153bcf294c1a6bc084fc7f
SHA1 78decbd6cbfd64efb99097c5eee80db6577b6e81
SHA256 4691c703b486e8410968339fec20603ce7e7a68601e557766d962d2a159b2e79
SHA512 43a3f8f47321490d1c12ff6f829a216ef9970e4c76ca52f2cddc0a9d0b0628d2260c8ae56f8fa222033c6eaae6d89e4860d6af43151d81bebe87529584a5bade

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 07eb0188537b57c4a8f8fc4e04a259f7
SHA1 74e91b9a2a11411550ffdab68f85656904bb9064
SHA256 7f1adadc055d16dc6076cb52c3efccea3b13f454e3eb5e0959fb7ccb92586f2b
SHA512 a41d62ce4e2d2d79e742fc07f8c853c89ba8000d87936cc4fd216e98e1542ed57a1c4fc05e60ff3ebac2a1613ed7c1413b37134d5ac09f00564b4385308a7ed8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f16bd6a0daf63bef7612a25b3a18e66
SHA1 e37b3570a2eb0cf292f0858cc4a2d7cb218c65de
SHA256 c72b325e70336349e43d919429ce63c4fa6b786f92ee6dbe5f5cf38e9d07c403
SHA512 04473320b871bbe5edee8d4377e4695d153be5bcc80236a8eb3af5e8fb76b8a7ddb8ceaeef57cf041670b809e0e4cb7cc8be71bd64c906250ebae42b1822d91d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 60eb944eaab8c3bd175a7eb97fe062c1
SHA1 f487779d3aedc9ed7af41aca244c0f0533c33240
SHA256 dfc1cbbb617300b77bef10280495b9e64962ba6a15af65664f1630723098cb6e
SHA512 eb67d42bd1446461924483993d5d11765e154dd8ee981688e06e4a214408f5bfc45199439b5a9987e690066badd1aa0e510c7af36e46cbe57c4234409dcb319c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\79fe001b-f98e-415c-8611-510c9de2ae1c\index-dir\the-real-index~RFe59ca0d.TMP

MD5 15ded52e5015a1f9272f96e055c239a0
SHA1 e9102d0587673139bab367cfd5a7b79fe048cb1b
SHA256 abac11f34dc2b089d13bebdd019d4804254377fb3ad92c98be578a136ed913f0
SHA512 ccc6af15772d688b20582751d59fd11ef2d66fadbe47770bd950dd66dd724d1daf52850e43a9dc42f074b98d64f0e744d56806a2886113470170d2cf1a08fb9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\79fe001b-f98e-415c-8611-510c9de2ae1c\index-dir\the-real-index

MD5 6405790a38fa74b3b914a74407d567ab
SHA1 33e19c44fe20d771a74a2d327facbbab52aaec93
SHA256 11589bcb21f9ecbdd96f3e8000d78a88d33e065ce97d45b760d8efb0375a7d77
SHA512 06153228183ba749d72222f21cd9f056918b1643b03143c65402c106b931160a9bccbd906a2b82999259ccbeedc4b50685932a2575bb8b9e1f88e7ff0ab7fc5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 f0cdfa2a3645ca5b8a662209a01cd12b
SHA1 031fcf498dc3c73c7b21b24535748e06b2a34d60
SHA256 e8b7cbf43cd72f0f121f47af0f86fcfb4d2a030c510c07c9192ac93488a0a52e
SHA512 64d598eefb30f43c1cbbe6bec2ff99e0cdfc6cf606019785633c870cfe5603b4d52f4d48a3022f468ba1d6f879b3e7460ea190f03cf00883e49a3b960ca1d8c9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 80f5973fcc8a16b24450da7fb4b43b7f
SHA1 ebf21d5d5bc468044ef898f43fc6abaf490d1008
SHA256 f303c5aa82d29782a2ba4874ab4b2ebb3821479a0ff5ed7c15261825c441ad00
SHA512 f6c55322e2ff2ba2871aa7e94ce7299e896d42937bc6126596f565dcf3a41ec235399807a3d9c4dde4a06b1e2ea07a1409a7bc2aa181f8cba22c7aec40cd1605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a6305011d70198408765b02ad359bd1
SHA1 80d08ef184c8838b8d03fa0047ebc04c83e38d13
SHA256 d8b5bf911ef2aeab02a8344758b664155821ed08dab0e14eab3b2b22814ca479
SHA512 d6e22b3337ee089d96fa5e62a72212e4dfe422225543129d098ba45aa22ca604e2afd20e9f865bd31a3660ad2057a4cdee01b9b0f1d026311189121db7226e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b730404c3f6e7988e619537c54dae73c
SHA1 f476b0320f0bf0c4dca6945b952989fef455a783
SHA256 3e2420e5811318abbfcb6b13e1f4bf15de78e7ee26d49e4b7019743038841de6
SHA512 ae5281c28db71d0dca60a0b38e6d4bd3ee8e19108165475440a7c7d9987e9d12ac49d72dbbc94a44a38ed81f5237c48fe0f7f97f1a7f2525b9c488ae778984d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7c4afaeeb10946ad672dae0b6b63983
SHA1 ec64fc8141b65bc94200f9179fed27e30d40b099
SHA256 cc7ed22652c5827ef5fd1c1f2abff38e59882c7c0a85d17fb85ac8b19892fe9f
SHA512 43a13e953c28f97edf611e04834514c43ab3715e07960b82e2af735a03c40ca72fa586b3a2d097b03b69a425cd4eeec5b36f7201edea8f03f2d96acc00c9be4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0790a61318cf7a82c447fa410a80e966
SHA1 b0d81ffa1249c49e16e1b7e003c955321bb0410a
SHA256 9af7aba014a5600c78ad22188a6eb5e291c2aed14b154f647cdb29a653d129e5
SHA512 4c76fdb611d4c255559224b7964fb2562a6913b024f417818d60ce3e4edde45bf92c0c220e3fc23fab0740edf2a0521966131d12538c0d8014a985181bbecf2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 68e321dc98a13aff655bde0e93848379
SHA1 ac51de349daba125ff60dd83e0c5863ad4eef330
SHA256 ebb61aa55fbac2fecdc0039343c1a56a09eeb4698be0e8bf65f88ee540bfec23
SHA512 c952e5c38d02d7ecd936aad4f969dca93f2e050d24b3dfe07adfdff7fca9bb6472843e68756518aca77015bff411607340506c88083af83b234e0a584219d7ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dfb1034ca69d101374ba1be55bb49d76
SHA1 5e2a54187d4fc8c540bc60fc523ccc6d77ba3e1c
SHA256 06b4793f24ac1c78b7e95ea4ceaec9c7c3e98b93930655ea4c464572b9b0c02b
SHA512 fbc9ebd8e31b91be21e350faec904c464fa045a3b0d8c8278fe3b361bca8a034c2a638b7d7231b03cefe67ea0f7ce4ddaf1fd5ee4b84f596f5eacd935840382b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 514d193eba5bdc0be8b8df9048babfd9
SHA1 2b511d0ef19320655924b20b0f045243529695cd
SHA256 de521dfc2d45f851613132de1dc2daa92abe9efe104c1771a295f4a763febb6f
SHA512 529c3e1c1adf9d52df2a0bb66b7f32204153a9aaeef553d3bdb12be370f44acdf9b12c316b6c20bdc89b58373fc495e3e6a143e07a22cdf8b6e34cf39baad63b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bee60bbc761370ea1549eebc1a562ef9
SHA1 7feacb4447b165f189671fa4c8f942e3ac8460de
SHA256 df206feaae1701521d14f77ad874f8b83bdcd1d82f32a876324f43d4925da794
SHA512 cc829095a4a0a351bd1b8298f25420c56869bbbc026c041f26f4b0c3b22e0a0fcde842c063a02350e9f408b968cc3f39ed66f4bbc7841baca341089d058bbadc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c787fdd93c3afb59305b5f5a2d02d719
SHA1 ec8613f2634be5faaa562d754af118dfeb256c16
SHA256 6d98612cdee19352c03637ca9d0fa6858b9a679e77dfd94c9585f20cc26483f0
SHA512 58f1780cafe869e848431bd8db9d219b51ebd546cb598062171aa77ddae6513a41f2e8e8b964cf6b6f73ee5c0d08a922fa273b2f0986fca26e7c1459fb8daa8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9406e75f1a5c9292de37a0a06c568ddf
SHA1 39dd1d2264c0e5b34f85e78510ac31e3b8b72a9f
SHA256 af225498a8758fd50d12debaad7e437072d21fd90a1b9e60afbeb0a15cf1c46d
SHA512 8da030812d77dc738407f5af2abb21ea2accfb99e9801d2ce3be6a0145e84dce8e42fcf46c383e924938293b44e2a5b4e850542c54d4ce78f3253153a1357fb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\86f26bc6-7acb-43bf-a81d-b36fd9eb9105.tmp

MD5 bdd9cefba887224a3ab713c8ecfa71c9
SHA1 8493384a6c0275d21453b63ac215e0c58c6a21bf
SHA256 97da3c963410fad032c80168d3a6d2acf5dd04bed4f350ee3558bbe8e8f3f68a
SHA512 8634d0fd7916be44cd46c0ebf60f730eaa462b1088d725febacb2ba432aab3e009e84bb6fec7e6685025d4cb0416d34b4764ca69dc47aec6d42b80f37cdc249f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 881ba4f60411791854a8052531d33f29
SHA1 409381f3af28229891efdc860453e0a91f17e203
SHA256 023d6b96f4f6a2f63daf7d1b5da3e8a9dc886157a987c4e6697ae3f761bedf7c
SHA512 d873af7013102916ff646bebdceb98c514ad8c0b8fe21f69fbb89d05c182dd4b631cf616cbc843d628ba385bcf30e8737be795e91ad853db637a0e7a11430d80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 538f5324424b01a5cac6d02cd2cd4af5
SHA1 f8dedf0149080a85580419de97cbb4f4f84df4f9
SHA256 506dc31d1739d6da594240635e25164dba0406851bb5f17a2f105202b6ab3e08
SHA512 edc41bf62b38e18eda28366a557f25cecb6b283f78ede8e6718355415f3dc63d7252355793edfeef4cc98315436a3b539278f5a913add05e730144a628cdce1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed276e76c7e0f8695e802975d0a6c063
SHA1 6921436757934a4a819535cf54b5b6cab5a178f6
SHA256 534075f5fc5fd164e44bae2bf23c6f57e90c3bd86bb209aac7e256373207e68a
SHA512 9f9fa7ce5553321af10caac16080f0278213615708b38ec1ccb3a85c6535435c2cbd8b1b55ddfebb0ed0da8b23de134efd792fc0a718a62c88c31217f8655e4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 140a80e1dd1f57616597f935c72c5637
SHA1 454ef7df9a1314fe253ed6ce84cefaf2b8dc367f
SHA256 cf3e6d418cf4d58b31865bb9a3b3108e6cee9534d18db4dda7d7d2051a2ae9b5
SHA512 01bae7593d68bd477e3546f0463ed28163883ede2b86de7c183ffd6e2f0d3384f7c162d2354e6ab413f4bf24dc7abd4946741517fc8ef0213c3ce5fcdbe81435

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a8a440886379b18c056eb4b3cff6f94
SHA1 130734c43c30be8d426aedffc9d83845e0a56495
SHA256 cf8080565f4a841f2ffe873a45ce1be4d12ff91d238d06d041dd78cabea33d30
SHA512 0b70fc01252e40918b944463d5d5012489be99fbd09eeef4b7bfc96ca812e5dda2f3f764762f851676ef5d6f712e514e78e8ffaef2cc914ab8c6244171a167d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 56f8fb4a044f0448de30aba7781ab685
SHA1 322b481a8f8f6905c9de8163e4f8ee603ae6d393
SHA256 d3942fa0de441973d8635469e97dbb74ceb129a35855c74833974157bf743f38
SHA512 82fcf0d29b05cc1fc9428c8bafdae1ae5c3476f1bea5571f9763b3d043bd5c3d54b8726b866d5700ca87abe3264686bf1223ebb52599295e7547d574daaa94f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb5afb4a36b9c126f001d04b9d744f42
SHA1 52b931e2c98b45bd6d017ee4690fa8566bd4e119
SHA256 f31de871489191978e7168b6d6e67b8c95ac161c76342851ebf4f3880ac9bdc6
SHA512 9f746456b68abc5b05c5e8f59d09034b34b64ce37a5c45e126630f124c7d7e569d3754424199ea9a72e1b04b45ac2aa5db93ded662dbef7a2c9326fc0174f5aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 05121edc1cf9014d42711accf3621979
SHA1 dae49d32a697e76d9a94e54708fe14268de8476c
SHA256 8d534387169a4b6c8bd321d9987c89e222e828fe89c2e2e494ee692794af5b22
SHA512 51625abe05f280c5054611fbcaf4ed579d2810cf2bb99413666882df2ea71d899937093ae1b85f5191afd01ef74652dd9d2c728bb299f631842864cd3451bd38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24ccd6a628c7fec1e37446940ed99d1c
SHA1 b2a717083792370ad64666ad12d79ca17cb9f7d9
SHA256 2f98d0d01fd4c3c5a859ef1f0954e9aceb3d82adde9fbd709e96259a5ab4e837
SHA512 c95c1f0a031c1d188a6365988e24568536abda9ebd63ef79d8809bd45dd9457309c61ab0be44fddaba1e1f4fee3bd90bb2e5643f45c6140b84fd37e86b1cda58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2ec704820505c00b6727482885b95ad5
SHA1 752f9f67124f3584a12630f19a1bbe9a096cb15a
SHA256 f46615654bfd5bd692c576fcce13e96e0baeef0c64b7eab05c01f41c9783e1fd
SHA512 0944cc55b9aef72d216b36bdcc5199da4dd8d004ba45ec279ba799e1088f535dd28efd4cf134c82a27c711beebe049f144a5f8e64e776b41d8eba40e92d84790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b5f385c909997e67cb2f8ab61ce869eb
SHA1 6f2567c80c3f3540cb5f1acc4c35e9fd38e23335
SHA256 9d384ddf889169d75ffbc36fb8d909a92a00d303d5992f14985c461ac2b1d4ed
SHA512 c461115d78a6f158bbd79ed27beca2b7c2fdc9f51b4fd49ad1764782042578db2292c574f608c7a0ae7b0fa572b98d202b0368cb2793af242787ada84fdac530

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ec7ebca311d40592e70736a7a54aad9b
SHA1 710d3a342e967f3f5dd7be042e09abce55d6f5c1
SHA256 92d048943b213dff9818162cc75f0ecad7295b049211a79cd79c3f9996b3f8ad
SHA512 2145f38ce2ccbc421de36a4247334790ce8f1bdf741562a1d9bffb6d49da3e6fe2d862b11be003017224d5d25f1b6325856f4ace07bd43fe2b040bbb73cce4b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96605a4c44d62e638396d3f2ec23b661
SHA1 88460eca0e5c5b8bf19a10bb983d542fa32237d7
SHA256 cfdc68652340afafe1e480575c5a7cee1a5bb6ef69b2a07e8762ab84c35a3927
SHA512 01027f307834b5f39de096936897f6b893cb9ee1fabe1e6034aff5889883604b108170c264ffffdb71649559c2e28ff69156ddc741fca847507b03afa583c145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11b9b0863f7b6df7e91a11424212ad29
SHA1 a313fb4a3c78d5775ba9c86137c12fcf707f6415
SHA256 7fcbb59f487bac144ed31ab67c46643fb4cdb3947acaed4179cd7625b8f051ad
SHA512 0aebe3bca599fe76e470346573bdd2000afe7079948b20ae7ea089eb729822b52b149b5e63252d8a4da0789c423d83a84ce874cc16db499cf3efa46617d227b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce4bdf6ae66f8941d544b0d8c9de9f20
SHA1 2292a32966d56d70d342c7456371627dfde38deb
SHA256 98546a7c190129074a7313919e24ddb7586ea535fc09df2242a67fcd6e574b76
SHA512 f6ebd56cf012d5b99a7c5a33b4941be92a20874a753160f517490258b4c2ecc907c19b36d03365bd9012cb8ffbedbe5fa54990c3958253245888f38bb5948132

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c993851cdf675801da53e5a2139acb0
SHA1 6c09c1180ff244d1d2d5319c98e09271c092a779
SHA256 63fd1ab012298f43e151aab755a557d13c63f9724aa8f40a7deecf536051fa44
SHA512 39e6b8f1fe9ec091e420ab35c3216a385a0e6a11e02af51b902452a18ed8891e633108f56bf7d55b459e06e3d1be394536d955e853073b61055165698617a6b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae3e4f1a8cbabe3ac7f1a9cfd2ae0cce
SHA1 24e920264b51bbcd92c3212a3ac0c2b4ed1c4815
SHA256 e39d719fd17245947357569adc83740b95965279947dcfe17a9b6e3aa32cbeab
SHA512 0d03db8148143be81534f4136f9d459b0fd2b57eaa3745a3950e4baff6642d121f46eeeb762b6e62835591c6590ffa92e0639f9aa8cc69663334069103f238aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b5f35bc6ef21c1efb5386726c11dc7e8
SHA1 bc017656a8a5726152bf1faa1825eb0df25200ff
SHA256 b8947af6306f494e9f4bd14cbcbcd751a31fd189c7d257877b00fa6c8bae0ad6
SHA512 82d8f61555b158f5b5750aa6636640edf0ae521938dd3d431cf1fc995b0bacfe18642ad3ff2f6aeb5f089b0f3f39855edd07466d80617eaf6d8c622a16c089bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 903ef53e24f575d6c3cd6b1a98cca48d
SHA1 ba086a449d0bff130e44f401974b865fba4f0e5f
SHA256 2380cb818b839fa506d4a316285a07f9e57eb675a2853397ced3fd6f934cf900
SHA512 098b494445f518aabbdd9d82b698bfd61ccb85ab908715ac05ab1a9d36161e60de0e7f14cc3037120ccfb6c8e8abfa0d8a886e4e74129a2f4691381e6136b85b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 03b8fbdb9b98ea104d5976042426c11f
SHA1 4777be0388ea8ca53a3549365b3c7bf4f07fbf8a
SHA256 248beded4a17762bf086fdaa946c4b53669762ff9b5817bd3e6b292e6ffc34da
SHA512 8ecd1300c888c59ed7a8eee9500076110ea5a577b98a0ad28e17b38092f43e6beecdbba3deb99bcf2202a1efcc8c6a5fb99de3c6c6b233db0a5d73f0d0bdcc62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8128c1ddd2050707f265f657122c03d
SHA1 e1fadf3d88090bf8f10e976e480c9d869c64f10f
SHA256 c0576df22aa1889e66c5abb3d98900adf58661a11d99394362984de9a7202493
SHA512 26a5e0417ae3700f595cdcd3d8997cb10a7c6b39658b0b06c948dcdbd695054d32f2a91653eaeff355f4c796c55a89f92a4d910568c8568439107480452df36e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 139f79943a2be951241b56dee86e00d5
SHA1 2297bf33cf7ea7eceb485f8add189a47c99da257
SHA256 add34a1aa3d099ffe11bd53339a53486e3b2eceaa66cf4c86f6e608cb4113203
SHA512 4e759d299a81a136a93847814bad5d54880aaa02af1130ee12297dd9de8961fefea00e223bc708d6821b1f70c3c22fb7a3f3c8a7a573c685af5f7f051b613bf2