Analysis Overview
Threat Level: Known bad
The file https://archive.org/details/DoxToolV2 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Modifies Windows Defender Real-time Protection settings
Deletes shadow copies
Modifies Windows Firewall
Downloads MZ/PE file
Disables use of System Restore points
Disables RegEdit via registry modification
Event Triggered Execution: Image File Execution Options Injection
Disables Task Manager via registry modification
UPX packed file
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Adds Run key to start application
Sets desktop wallpaper using registry
Event Triggered Execution: Netsh Helper DLL
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-26 12:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 12:02
Reported
2024-06-26 12:12
Platform
win11-20240419-en
Max time kernel
530s
Max time network
531s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
Deletes shadow copies
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
Disables Task Manager via registry modification
Disables use of System Restore points
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\NetSh.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Dox Tool V2.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\NetSh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\NetSh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\NetSh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\vssadmin.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "143" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{E0AAB4FF-525B-4C50-9730-9BCA64ECF80F} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Dox Tool V2.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 600712.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Dox Tool V2.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/DoxToolV2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff25103cb8,0x7fff25103cc8,0x7fff25103cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
C:\Users\Admin\Downloads\Dox Tool V2.exe
"C:\Users\Admin\Downloads\Dox Tool V2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6412 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8684 /prefetch:8
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BlueScreen.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BlueScreen.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe"
C:\Windows\SYSTEM32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SYSTEM32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SYSTEM32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SYSTEM32\NetSh.exe
NetSh Advfirewall set allprofiles state off
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 00 -f
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c8055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 207.241.234.127:443 | ia803207.us.archive.org | tcp |
| US | 104.21.66.166:80 | drizzybot.com | tcp |
| BE | 88.221.83.232:443 | www.bing.com | tcp |
| BE | 2.17.107.123:443 | r.bing.com | tcp |
| BE | 2.17.107.123:443 | r.bing.com | tcp |
| BE | 88.221.83.203:443 | www.bing.com | tcp |
| BE | 88.221.83.203:443 | www.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| AU | 40.79.173.41:443 | browser.pipe.aria.microsoft.com | tcp |
| AU | 40.79.173.41:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 185.15.59.224:443 | login.wikimedia.org | tcp |
| NL | 185.15.59.224:443 | login.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.210:443 | r.bing.com | tcp |
| GB | 163.70.147.174:443 | www.instagram.com | tcp |
| GB | 163.70.147.174:443 | www.instagram.com | tcp |
| US | 8.8.8.8:53 | static.cdninstagram.com | udp |
| US | 8.8.8.8:53 | 174.147.70.163.in-addr.arpa | udp |
| GB | 163.70.147.63:443 | graphql.instagram.com | tcp |
| GB | 163.70.147.63:443 | graphql.instagram.com | tcp |
| GB | 163.70.147.63:443 | graphql.instagram.com | tcp |
| GB | 163.70.147.63:443 | graphql.instagram.com | tcp |
| GB | 163.70.147.63:443 | graphql.instagram.com | tcp |
| GB | 163.70.147.63:443 | graphql.instagram.com | tcp |
| ES | 157.240.5.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.63:443 | graphql.instagram.com | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| GB | 163.70.147.35:443 | fbcdn.net | tcp |
| BE | 88.221.83.184:443 | r.bing.com | tcp |
| BE | 88.221.83.210:443 | www.bing.com | tcp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | tcp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | udp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | udp |
| DE | 167.235.34.89:443 | www.maxfunsports.com | tcp |
| DE | 167.235.34.89:443 | www.maxfunsports.com | tcp |
| DE | 167.235.34.89:443 | www.maxfunsports.com | tcp |
| DE | 167.235.34.89:443 | www.maxfunsports.com | tcp |
| DE | 167.235.34.89:443 | www.maxfunsports.com | tcp |
| DE | 167.235.34.89:443 | www.maxfunsports.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| GB | 195.181.164.14:443 | cdn.adnuntius.com | tcp |
| US | 8.8.8.8:53 | 245.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| DE | 162.55.105.244:443 | delivery.adnuntius.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| DE | 162.55.105.244:443 | delivery.adnuntius.com | tcp |
| GB | 89.187.167.2:443 | assets.adnuntius.com | tcp |
| GB | 89.187.167.2:443 | assets.adnuntius.com | tcp |
| GB | 89.187.167.2:443 | assets.adnuntius.com | tcp |
| GB | 89.187.167.2:443 | assets.adnuntius.com | tcp |
| US | 8.8.8.8:53 | 14.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.105.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BE | 88.221.83.194:443 | r.bing.com | tcp |
| BE | 88.221.83.232:443 | th.bing.com | tcp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| DE | 160.44.193.8:443 | www.radioeins.de | tcp |
| DE | 108.157.4.99:443 | profile-images.xing.com | tcp |
| SE | 23.34.232.108:443 | content.api.news | tcp |
| SE | 23.34.233.109:443 | media0.faz.net | tcp |
| FR | 152.199.21.118:443 | media.licdn.com | tcp |
| DE | 109.233.155.204:443 | www.xing.com | tcp |
| CH | 217.26.61.119:443 | www.ksgr.ch | tcp |
| US | 8.8.8.8:53 | 108.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.155.233.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.61.26.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.4.157.108.in-addr.arpa | udp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | udp |
| DE | 80.228.115.101:443 | www.weser-kurier.de | tcp |
| DE | 178.16.58.35:443 | www.teamdeutschland-paralympics.de | tcp |
| DE | 217.160.0.204:443 | der-goldene-ring.com | tcp |
| DE | 81.169.145.144:443 | bernhardhahner.de | tcp |
| DE | 116.203.62.44:443 | idw-online.de | tcp |
| AT | 193.107.158.18:443 | www.erv-gmbh.at | tcp |
| DE | 108.157.4.94:443 | media04.meinbezirk.at | tcp |
| US | 8.8.8.8:53 | 101.115.228.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.62.203.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.158.107.193.in-addr.arpa | udp |
| BE | 88.221.83.219:443 | th.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | udp |
| BE | 88.221.83.235:443 | th.bing.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d0f84c55517d34a91f12cccf1d3af583 |
| SHA1 | 52bd01e6ab1037d31106f8bf6e2552617c201cea |
| SHA256 | 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c |
| SHA512 | 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ade01a8cdbbf61f66497f88012a684d1 |
| SHA1 | 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f |
| SHA256 | f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5 |
| SHA512 | fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b |
\??\pipe\LOCAL\crashpad_5100_HZMCYTSVVYSIMXTA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38a8c382eeeae44f25a371afa8928043 |
| SHA1 | b3a62a6a32cc384e93840914bc58cb490a7dad40 |
| SHA256 | 649f03224f89db98cf4e15768acea81dd521b8a2180a6189304339ccb8992260 |
| SHA512 | 8e7bb826ae72790e85e20f671408d4a56040b96ec9398a9a39abe05327360b6a249159c94aa27edbfce7409b56df0e2a4fbb191ef19c4a8f2b7a48102ba1c135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eeae838840207f11285607f381f775b6 |
| SHA1 | 3529a021193ec64b542ea82875c4d98f2d7b67ec |
| SHA256 | 258676082351365c4b5f8642c1ef617e50e30b14ea93942d9c3704442aeebb6d |
| SHA512 | 0783ce0329206d6c42c09c112bd482c42cba6c0b84ba9743f9c6244cc6e7cf24ecf928086e622fefc0a65de1a4f84dd71b8d1608f130fd3289509ce5b67d06f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22a79489a96944c72aea4ed5d05face2 |
| SHA1 | 53d7866a6b7a7fb4ab1db58d4793263080b02624 |
| SHA256 | e9b7e0692ab60d6447048dda975fc2fea493aa9f2179df24ceb2490c4494978f |
| SHA512 | ee6feb5be0c2c858b53ebce736166f13bbf8eb7d5c51d58e2319f10ed994e9977736fc5592f3cbd5d5aacbdd48e23967f9c8e380b554118a4cd1ed94209b9cf1 |
C:\Users\Admin\Downloads\Unconfirmed 600712.crdownload
| MD5 | 3075fc835b4f3b7b20dfee9ecc5dfaa0 |
| SHA1 | 6cf171b5372ebad3adfafeeb6afa0b57b88dd9af |
| SHA256 | 81fdaf72bc2de5cdef33f74d867092172c40a5c1fe86c3313f9fcd0a0c22eac8 |
| SHA512 | 41f81a88bab647ba079b5ee176213c392b172e73459396d18e249a8acd80b416d2bb8679b3a97cce9fd63ee18aadf0f9a552770f1de4685efb736114403f53e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46991c0b61a3e5b318b73207cfd11cfe |
| SHA1 | 47df7d4a89a931d09dae0bacecfaa17007d0e025 |
| SHA256 | 0cc12e6308c2571075dfc10afe7a71586afb351da3ae28e0fea703f6676746e4 |
| SHA512 | 5c4d4303fde3efa7068d252375ea26d79de31a77d5a52c807a23673ef78344504cab0d1cb3074951b164b99edcc2518e6e7640d217416e7c9e15635f1c596453 |
C:\Users\Admin\Downloads\Dox Tool V2.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe6f472f58185712bd7622fd691861d4 |
| SHA1 | 69b7a2a71b01cbab4cb9108c75370c7672483e6a |
| SHA256 | 661b60c8c768a67c42fd8e5a78585661abf3b1234d446032112587b86c1e387a |
| SHA512 | d12f5291da466454632dbe14b22eb345d96ee42e38b580ad15c0bddea6c6e8ac11e91b10def85b414f67b6bc9afeec5af1b59b7dc696d272508002ddda20df74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1dbdfe4c36869a221a485a34d0941f06 |
| SHA1 | 06648ad7d026e95dc2f9b782accf339e198ee32a |
| SHA256 | ae920504283b7b7fc0f2bbd669b2a6b941ad6237c7690205792dfba6e8e9aa94 |
| SHA512 | 1a4f44cf2056493f5d11fe6af192855e8312589fb0b669c5504e5247525f13444fd0c03f239aff8692963f574adde2a81e19b823e8d41b8c1d809bf692091ba8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ace9.TMP
| MD5 | 2bd20866680db25afe86f6819a0fd930 |
| SHA1 | 75ca2e22c4bf66357c6da6fcf80b21b8f80e6941 |
| SHA256 | e402b266272e90c4b9a5f87dadbef7ca0552bb588b086a41f320b12bc4fd9f57 |
| SHA512 | a8ddcdbf088bdae3812b73234a9f0eabc01c71d99c0bff20223158dc258bc885096de03cc543b43a277198ec2443dfb642225fb88e52a5682a99e1e3ca918e6e |
memory/1780-150-0x0000000000820000-0x0000000000852000-memory.dmp
memory/1780-151-0x00000000052E0000-0x000000000537C000-memory.dmp
memory/1780-152-0x0000000005930000-0x0000000005ED6000-memory.dmp
memory/1780-153-0x0000000005420000-0x00000000054B2000-memory.dmp
memory/1780-154-0x00000000053A0000-0x00000000053AA000-memory.dmp
memory/1780-155-0x0000000005610000-0x0000000005666000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5028fc7bedc0a9ddf4c09a9a9db6d631 |
| SHA1 | bbcbf286ea5bc5fdaac7816c7fb0ea1473944bd1 |
| SHA256 | b09c52c9851ec5b7324aab7cfd3aff0416a60005057fdf1ed281212376df736a |
| SHA512 | 22682c7338abaa0bd2d9997d4a5d6ba0edc1469e8c258c4222a898364d719af572255121ebfab39b9ed762708323a3524ad32b8aa71843f0f35b60c6cf222f5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6755774854c216b9668bfd228e49d291 |
| SHA1 | 7704e5b97e3011d5f1f1f6249b48c7c62b95b11a |
| SHA256 | 08d4b65efb66e6d9360b07befda3232d72782475b2880942c642d99a197f8d61 |
| SHA512 | 2c10f3b4c1031cad00344da100fe05c6c59e45348d3fca8e857d6fa1fb3c7f56eeec0f17d1bda62341cc58645f16741c9752496fb872976ad5d588465dc638bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7142a2d585b94f5693dc9720b230f22e |
| SHA1 | cd94209a92d445ec2ce74af8f9fff0e94274d47a |
| SHA256 | 7f4ad39fedbaca60bd50dcd35e661a10a16063ed96ab88839d4a0050aa9b9229 |
| SHA512 | 8024b6a53148aaa2406a710807b0053bc456d99e2da059cdac8d44b3f7c0be9da0b9bcf9aed19eb636f57330e795462da17d91d40e75c7ccc67e669ada572799 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 76c36bd1ed44a95060d82ad323bf12e0 |
| SHA1 | 3d85f59ab9796a32a3f313960b1668af2d9530de |
| SHA256 | 5d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542 |
| SHA512 | 9f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 5d0e354e98734f75eee79829eb7b9039 |
| SHA1 | 86ffc126d8b7473568a4bb04d49021959a892b3a |
| SHA256 | 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e |
| SHA512 | 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | f7189700993d4198ee96bd6af5569539 |
| SHA1 | 1ad2e11bb23ac04c9eebba69fe755fb27fcda164 |
| SHA256 | 2447d53bd765b1f2c752ffda92b6f9a1dcabda1e4edc4d7496797f6cefdebf23 |
| SHA512 | 3b5522068842502f5f6dcb6678248746eabdcdeb25e21d21fb0c9e446b75eb97077f15be7ca8e5b04abd4094bc7cc8ac8452c74a946d369614ee4e77a91753b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 635efe262aec3acfb8be08b7baf97a3d |
| SHA1 | 232b8fe0965aea5c65605b78c3ba286cefb2f43f |
| SHA256 | 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06 |
| SHA512 | d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 2923c306256864061a11e426841fc44a |
| SHA1 | d9bb657845d502acd69a15a66f9e667ce9b68351 |
| SHA256 | 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa |
| SHA512 | f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 77e89b1c954303a8aa65ae10e18c1b51 |
| SHA1 | e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73 |
| SHA256 | 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953 |
| SHA512 | 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 07b8315363e1a64516fd0d61771c3262 |
| SHA1 | 4d9b2f58a85be89426eb33d4a84dfc1fd7bf583b |
| SHA256 | 775d85530f2c00015de11fbe8bda8f6a291c972f9547c0df12ca791e776c62d0 |
| SHA512 | 8c90ab86b582ba0dfa557e6756aa2fd8090c24583295b2015cb8ed1ee56eff87714b478a1b0941617328ec75dfbfbfee0da4dc3782523e468b4e1e6abb2c46bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7c7396db64931dbd1937a93f5140f9da |
| SHA1 | 24145c4ea78b5441999305b0a53cec2cbfacca3b |
| SHA256 | bcc2989d3f71cb766660e5c437075f315947c5d65df30744ea239037af819132 |
| SHA512 | daed0b3866e1bc7e89f5864853af47e5ae9f2112109ce9aa8d079ac4e21952166d8a9cbbd17b8c61d7751ff559484610af472449807dd5f217567a110695bd43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ac572bd5ae9dd75f2b4e1421660228b |
| SHA1 | aa6e1823179e860bbaf150c05b72167c5f91f16d |
| SHA256 | 9d0b1acea91e4b562bce7f93308726fc9e746fb3333707e496eba1e77275204d |
| SHA512 | 0eadf082a6f9082d2849019ff9f3a2227cf2d050ed249ca008f8e617862058f0bc1111aaa40bb3d2707924684d9d800bad8c985556365d118181e79f677cabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01a5db7843440f023ad184e7d22c8e2c |
| SHA1 | 0db2cad8557a3e4065534810c3fc5551a74c005a |
| SHA256 | b90c23c15193484cfaf2e3e03f0000864bfa4677b8f90848546212b60847b5e6 |
| SHA512 | 7c4b5a8a161eb267b965367c227973b366507983f6a267eca939bbb2c73e89aab056d08d5363fda338d1b10033c6009cae69cd3a83a4302e41fd168bfabdc438 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9a259dbe7b70dcf19c2185c9cf01619b |
| SHA1 | ee07b989885e46dc0625b69ea68bbcd7f720307f |
| SHA256 | 54d3599dd0bf05546231ffb59c52726abb23c6250bf54aaae54df543b5c2771b |
| SHA512 | 84a6db23855c26a478330442086b31666d1c3c99e2fae9cbae517074818cf760e9f024daf1ab5c7e1d50fd8dc8743b8f551bbe9b53638f1535fe156898dc3b88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ecfb263ddc895335d8304b55d474bd6 |
| SHA1 | 7052253752b411495aa8445d737f25218e66b5d0 |
| SHA256 | 591c565d493c57e528570364636accfcfe3b3f0683666862afe0c8c3b04f4e42 |
| SHA512 | 804bd910ac6691cbafd862a8a73cefec724d49721c3ee02c7d3d354cee0da579cb962cb85b2324fb0f620061efa498e8133e64726b96b2b0d95689329c0b2cde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c1096322a1708bc859d34615eb370bb |
| SHA1 | 2ce0733cf3f510a9f9a5e65407f9b997310ad43d |
| SHA256 | 3282b268644989745202abc7324cab7b65a6714c2326f884c84ae2236d045ff7 |
| SHA512 | b50518dee694648cd86442775c50395a199d7738c482c9cfb6d771f0be5d822d22eb774b0d1277ed7681b00828037acdbac2ce96d810095f747c7d2b6b1939ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f3a00a879ff725682ef426a40869c85 |
| SHA1 | e2b600f598b0f1fd28921a55851fed88a0253355 |
| SHA256 | a768fd0d59a12611b73d99eb02de627ed5046433479af866ec033ecef810630d |
| SHA512 | 450bafd1d59f066b4c2d02209f57c0493f9637fb7ce1f7f8baa580a07545fdacb9bd5bf27b01000851a9d2326cec000f10268aad53ebfcefa4f93e9f5176497e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 81fa52d69237664179128f280cdfc825 |
| SHA1 | b9f1b48e6dafea7a8ca5cb8c85d0371c89aec63b |
| SHA256 | f317130fe34adf0b76edd375bd54694d8d5773dcf33983d3388cd69b4c971099 |
| SHA512 | 88b855aa182581417e62b4d159007a4788030f9fb9fe7240314b64bdaad343e804e9e20b3c0ea70943eea95a9434c13008efb82581b40ac83e48f77c259a2aea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00c30362464e74b867db9e46828c6763 |
| SHA1 | 448c635a0b02f0865e3ca7ecb14123ec894b2f16 |
| SHA256 | ac4941768d131acb26ac910f100d2fc5ac54a047432b477ef47422f1d318d51e |
| SHA512 | 5d1f87843ecc775989a349df868e348db1e2026cbc7921941af87fc3f455e7bff30a31e20bbe023d46178171c5259cbb4c793bc2dccb4b12b3396297664b7658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d434ebf431a95043ced80a484e95a27e |
| SHA1 | ac1ec921237fbd9364adc46a5b5595d1a816d812 |
| SHA256 | 21981f69aa68175fe1180ddb276d193771e46aeae0d196ab6d8ace8e7a1e5338 |
| SHA512 | b4f5f99d5d0dc5429e665b6c3b7639a7ec4db519312d26a34f7a01bed7bcb06353d31c3f40a588a40ab6d3d751b444c34580d4c10e2684c19140a846f0e6ba29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 9e6a5276bd2a4e6efb1fa772c066ab63 |
| SHA1 | d997a8682d38cf01be38b638ad46f3fd386d663a |
| SHA256 | 1f3d5bd4682b0aae9bd64558edc108bed023f1f67d6fb1d91eb635461c11dc4c |
| SHA512 | 6a4fc5aa84724d8b6a09735f1b4e588184a7a5ffee4cb5609a6a19007ec32bffc169c04327ee2c9131e9be90e166d2321ab6ea014cfe58f386d71a013c9b85db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0b18abdcf363fba6e7676fa1766d997 |
| SHA1 | d3fed8a3dd0d0ad083c7fa3d50bd121b8eb1c77e |
| SHA256 | 3203bba6dcf840726d3180017ccb19062d733875a9f0c669cda38e47fe8b3f6d |
| SHA512 | 42dc08dcab288e14afbdcc886cf75172506ee0e295aefc5ac5c8db43dd937ad88955d50278e65d1cc55cf7441fb860123488da21121d5151c3eaeed8c8cedc05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5bc7adcd9f188a413a23a74b28a275d2 |
| SHA1 | 8170732d4b950431ec1bfef1181ccb7644e23149 |
| SHA256 | 37e78256f9914139ff5b4d0bb4ddbfd4ff4cca76c1442361af70dbb9537d63f8 |
| SHA512 | a875a713a4f9f082ea781004e7049db101bfcdd8e032d0796b3a56b7ad5873dca08d654d8adf4bba87167873cdc8d7fb393a1b3d5e0189afd4dd6478a732fdca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | ecbff2670f32abb0d5f6b065e8ab0865 |
| SHA1 | 916ce6cb642666c0fd281a2e6f409afea432b30b |
| SHA256 | ca8e27ab0e2e61e5ee1c3081eac1827231e90d90f2bae942d1f51831dd0cad3e |
| SHA512 | 709d81d0612041e32019d7366ea36a3f69b8bdae2f2ef78c5e48fe545501ed74e7684b398299c48aa2b848a35f7c51268601fb0b0ebed08c78184d86c3997174 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a76d303add92bb4_0
| MD5 | 404983eb940350f8a31926a5a41b90f1 |
| SHA1 | fa4b7d5ffe540c122485f8f7adaaa675ce8dd04c |
| SHA256 | e8dfa8024263a15d5484fc64753aa966e0091da45f126bcefa128282d929f1a5 |
| SHA512 | 4d7acdb0dec46976bd89f56e0d0e9dfd860b2fce5bf83c4773c0005a5df0434e3fb2c7ee6c52ebe458006f33e8c09b67c6f7fb3959e42588ac5356729331977f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\395cd751464365fb_0
| MD5 | 226c5e8b44854fc924693911f66a967d |
| SHA1 | 46d648e815db6c0bc898c036e995dd9dcbafe7f3 |
| SHA256 | 451da0e5a2eadd7239c23997135043654556fbc9df2e7451729563a2e0822fc9 |
| SHA512 | f71bb23c2dc3f90572b1c6d32f44a54315fe31346518790b436f481ba5a5b8d38a0d63327fe5421ed16d621c3e19bf44cc273ac7ae50994fa93b1629afa92417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\451170c3a768578d_0
| MD5 | b6eb693be5ecc8af1f231950714cc3f0 |
| SHA1 | ea40ef2a8f250c064f0525bea6cbce7a84c47387 |
| SHA256 | 0d704d20ac62a695e54eef5c7405448b3bd8f3b6bb18a3fbf054cd081f425e9f |
| SHA512 | 3e89b0cb2adb9cde554687da08137cd65d7c61b25a02489d256d52cc20c21a8dcedabaccec0bec1bac47f4a49e8217335da1d08a1173c166482a0c0e200e6804 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0a61241278f6dd3691cd4da2dd6c767 |
| SHA1 | b3d52cdadcb96b9c4b62f4b18a48ed7d2f118e73 |
| SHA256 | 9d62ceee587566ccc28d85db43b6fe67bef38bec0daa8847d04edd821bcb7ce4 |
| SHA512 | b1a1e632c93f2cf1c800badc4c499e9ccfb8abc6ab9aa71c36eb7d19815af65a3e51a11325e80531f7b459bc661b0dbe42130e5b3ebb5b547915ddb3746f1ea2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d43b8c01aa6477d04605658d61859995 |
| SHA1 | 18e3866318d61e0072c1495471d4406116f1ad87 |
| SHA256 | df4d512d1c6546c2245d3217d3f9ac3257d4d85bfd7e936fc60d90da8cd0f728 |
| SHA512 | 73d1885e14d96d1397e2943fd06fc1a713c6269fc2e5a86f5bc8451c538886d2b48708483d03e7190aed06ea1a8fbbcd3dcd9597305c10829f1a3804fb2c6834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23bb41b1bf0814a5_0
| MD5 | fd2a61d755156f5059d2c235058e152f |
| SHA1 | fa8da7701de2bde1cf111c8edd5514b9f52b8eee |
| SHA256 | 65bba5d2f3611bfb3e24182caed66c5baa62792fd0bfc4831b338c729a269d46 |
| SHA512 | 7178fc295d8035ec9a1b45521d51075ef52f3e82911ac0a2035aef84b302613215948a5a919111bb053370aea8e52f3f363d3b3a6a7b848b6708833277e1c44a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d00ee6fdc5db6f6_0
| MD5 | ba926ced4c6489711965f43000863ccb |
| SHA1 | f2871ebdcd0022edb2de908a07bde2d6d0ed9aac |
| SHA256 | 0884605e23d4f911e6268c58bd965f0e71145c29f0c3822bdea182dbdcc07719 |
| SHA512 | dd5d65f8a12c9ff7df20afb90445db0662f9a39c48f605354c32b94d14582eb5961255ee16c2e3515ab8bf034c5bb934d58aa151820ecccba095301941ec1337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fec95e34b9c456b_0
| MD5 | cc6f29c24dd93137f5a0ce762dd2bccf |
| SHA1 | bc4350ff28b180b4676dde581ec6c1d5a0469a7c |
| SHA256 | 884e55b162c3e939112828edd88e34d70f48792442e1d5c995062510ef33d396 |
| SHA512 | d3c4b8b961bbd3ce8235b15c27bd600450d5e77630e2d05b05f8469936267d0cc721923c9f6eba71d1c6b0533469167ae05ffbfd63de86d145b19e5980253626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0de8c10d9c612138_0
| MD5 | 61911f37f0302370c63be7df1f710f93 |
| SHA1 | 2a56ac4b62aca27c7e83adb59f5719b4dce4d3ca |
| SHA256 | 3cc59e97a968e1b987c7363cb8f2d647c3948e1a832d4fc44e71b2962214a03c |
| SHA512 | 7019b99f110fb1a877a2ec514328474ee0f4d3846ed7bdab1aca4e94a61c7e1ca79859a69a314438d560b0180b62a791259983692fcdeb0cf854f3803975bff7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b8cc77849d3cd80_0
| MD5 | afd6f375d652aa1cc00d7a7044fa634b |
| SHA1 | a53b482b5a7f244ec513d3fd6d264141f0dd844b |
| SHA256 | 4e3d1845b3b138f6413d1931b762beb992cd4b2ea83c513e76096f28a756d898 |
| SHA512 | db4e920776e281d47d6b4b39a638567166a99d01690a5d7b8d261ec0adbda328abdcd30bc2b77d6801c3e40542ad3aafb266facf0e07627b650ff2aaa3dbbcbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\437445634e270822_0
| MD5 | 2e4789b5d221e4cc913d4fe41f929664 |
| SHA1 | 01b99d10c24dd82da280312f5159988488c78f2f |
| SHA256 | 0fd1a0e6733efb5fce6eb6db42b9c815a050a3a150ddb9e94015f2b06fa62658 |
| SHA512 | ef7d9db56584e5d61158ba7fbcab6002cfe8f08767d35ebdb18a241e575aebfd3f4cde24a82e6a48aae7d802198983d39fc58f99c56dbc929ac72eae6a50143e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2311af0fca936641_0
| MD5 | 3c66303482ad0c6e7de78403f24c2738 |
| SHA1 | ed9645616b2d8071acbde84844c5ac4efbcce480 |
| SHA256 | 9737d1240a231aa32513c994d59f42708d7c97bd1c59f6d7206700599c917811 |
| SHA512 | 1df7f94f4db3033e7c04e2cf1f478f292ad63a0317a500fc25080a359c800c615fb7f1c33d44a32bb152b4bfcab578150795fab12bd592adf67919301cea87ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0344fd820bb6753b_0
| MD5 | 0b27438a3906289dea87997fca949848 |
| SHA1 | 91737df131cb759621e21c4e399aa0e075633340 |
| SHA256 | e5b844ef274f4d55e4879c4bacb7274f7f1857d398676343fa8674d1dfc5fdf8 |
| SHA512 | aad994a6d172e7b747b24d489e55a13e91f2c3292cbdc0f7e87f0f7dd88d7169a2c8f614cb3cd678b83b6bdab57ac4ddc31b8be41bb718508244b332c51bf25f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f61f0a2602bc914_0
| MD5 | 285f4dbc8c0bdfa5facacbe4b56a857e |
| SHA1 | 12419eda80a2e943e4fc3f3ad43f4782c6c2de7f |
| SHA256 | cd3c01f8f284030a6dd5bb14c0f1a3d815f8f6ba3a19e12b04adbd79837f187b |
| SHA512 | 9f8c8bc8fdd8602459bfe471d8dcac8684686e8ec4c1a13f3608ee5ba39851bef93928eee0119a89223a7c6ce29508d0efafe0ecbe3d69f24ffbe647ef38c0f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffdbe15aad5f0a0e_0
| MD5 | 61ddcf260659e95451b0cfd65593442c |
| SHA1 | 69a8ebfe5eb814b83c99deeb481ad6129aeb5850 |
| SHA256 | 06aaf72714fb3f983a8d7262dcd5510adf750b5ca9d0e893a986d759fe359f50 |
| SHA512 | a6e9685c11c61a680479c31768f7d99c70b79577b4f9611f378611384e51be2a7c6a9b331454f87d52974ed93236dd3df3d5edc829d950991b9196c3f3281225 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e388174f596eb0_0
| MD5 | 51a2d1dc5eccbca9de15459f07735399 |
| SHA1 | ff7364216cf019e5d78fd99c203ff180130779df |
| SHA256 | 604a5444af8f6a6fa38085d130c34a97e6a0ce14c865b5dd59117f84a4de3da6 |
| SHA512 | 35c5c983745f38e0ada9f2ab43987d75ef9933325a083e5d43533c20ee1171b6ceee9f5c4121c1b00efd54c7cda56ac40578515675fd01e6e3f6377e49397f13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bea4ab3650bee52_0
| MD5 | 6dcbce1d18365c41ff29449ec5aa4786 |
| SHA1 | 1e170973d61dc60535c6b50bc2ebeb89fe5bf97b |
| SHA256 | e055a42b2bf4c6995e436b42a2b9c84a8fc49172614808bbd29a23ef35bce8d2 |
| SHA512 | 7c2b9f5380d54acb5c024ef7cf1dbe32e35d00700fa9c2c2cbaf9298bb88f06e06fa1a6abb31c1d8d7ffeef1c7bb91cd756b21f6d802d73c362e5eba3d8c1707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26069886e990cc46_0
| MD5 | eb96a3a691f5ec0a583ae44671e85eb4 |
| SHA1 | 9dd6af56461225813d391aab73b287236d522f4b |
| SHA256 | 14421957e19b66128bb0c94921e85eb238894935d48083bdbc3b190a61a79405 |
| SHA512 | 8eb451040b63b04fdd67d169091ef0b3cea0d73c8f171e1ac1299a7469b0f7026b7e629983d8462701d14019e912b3de3314c609dfb5f7244a56efcdb5d968a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8cea48702440e81_0
| MD5 | c87d442072168661126a06f580ba2a7e |
| SHA1 | dd353a3d22046c6aedbaa0e74f9fdd03ff02a990 |
| SHA256 | 9f27c3f0e9a5aa235e60c854c23b36f1645b5398dca0f94ca1126eb527fa5874 |
| SHA512 | 5a3388b42fbfb93e021785e256e6c1ceb27ec8ca79e02481bfa248fd7066755a2de862a6bb00ef55982834708f8cf0cf487a1ebe0f5d64b3d1fcfae64bd182e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b3e0ce13da94924_0
| MD5 | a43e9ba66cd409c08a9af2a06686172a |
| SHA1 | 4d9aebb52e28f2fb0d8e28ef2ebf0d9b5093f48f |
| SHA256 | 7b558d90f4b52605452d2c6b28ab675d3b3bbe26c2fafaf58d0c9ba6b58c89d6 |
| SHA512 | 7abd6cd6b95c45304c15081c21fa9c1912b0be55a60a99c40c1b0494843a84b8946dd08108e092cac407ce38bca4d437eab3218e3d8f7f42d76f14e75915d3ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47f3e0be7720a1ee_0
| MD5 | c99184f2652a261e5674a0e2d8e72c04 |
| SHA1 | 0bf91fa4e1f86af77c5d208ef527e5435401583b |
| SHA256 | 45c3fb079dee92e82ab77c31881b66ef2ccd9127175be448c4224b6a510465bd |
| SHA512 | 2337a527e6a37832fa24cd7eea440f02da657b0cd0742f9681feb85c9374f795843025dae7feca19a22d03fae1df66c0a86d212d9f9a5a78e3966f0cf38a881e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef6ec442ba19a2cc_0
| MD5 | 24a3447032bf16e4ad2298b7487df755 |
| SHA1 | ab34e4dfd1c368a4776c95d792b60b3ccf5886b8 |
| SHA256 | 7c65dacdec1d0425fb3dc8d4071e8b1c3fb95a5f917d7a7367b45e58ac41a0a9 |
| SHA512 | 5d0a6a7d6aa6840fca42b186cd1be0e90f10366af8e3fc71a5714a18c7ed063378a7b5eccdac803ee2104082660ad78979165870dce355195822e806182a2b00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce1059c478c2e6f2_0
| MD5 | 4f40b43d8e882e2430def897798e7c5d |
| SHA1 | a89a57b4dd31b5aed36f79092403767f236d4fe2 |
| SHA256 | 0c66deb7aef77d0767e9ff705670d7cf31ca6f6fbbb423f8fce15c19cae0b892 |
| SHA512 | 5aeeaadc8504a2c4e910fbd87f309bc9861c759f369c2de4b72667213860e423362fe4743ac6b11e7d7810fd8b9df38a31191a33474552c73124e136a200c13b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3552e3a94b35b185_0
| MD5 | 9829c0a6660b9dac70838501f3deadeb |
| SHA1 | fff8f709e4a98dc3a74b153907b2c55637cc3f7c |
| SHA256 | dabd5e8cc639144089dda5c4cbf6dbef42bd50e3fabfcf51454dbecd32a861ab |
| SHA512 | fd13cd1e42d576e90b9e6bbcf39e94df862386ec6a7a983611f70c146c0962b5063a9ba7d418065239be59df477315e8d10631fe2450cac2136d423a5bd82fb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2d10c35ae143851_0
| MD5 | ad4d43b94661a98d55906e5ad2ce25ec |
| SHA1 | 95d876fa36568c6b6079f8211223f68f6f44b103 |
| SHA256 | b2d1f66eef07e552f0a2d95894df97f29eecc45eba454f484062f55e1c2b1c63 |
| SHA512 | c738abddecd0973dbf045950e8dbbc512122c5cd0fa46e1a9d224ff410f91171eb0340a1de6dd2aa7979223be2546d1eea35411171f2b50e73add08b6d4a8cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68c3030e727497d7_0
| MD5 | 4e7747ec6f31c0167945884a6c173b50 |
| SHA1 | 5c8ced4b55a240b078fa0761397ffa78d419854a |
| SHA256 | 387b4c866ec46759a808a8f331e036b23440a34dce076cccb816accfa550bcfe |
| SHA512 | 6f02548ccfb2d7e0a2d3c8cda6a886370ace24fe9c3777b47df54daa0d00e0bab442ad68b62238bba074c4c118ac2d2c85760ba0c0f53145fc212805c4166519 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2d2b9ddaa1facb6_0
| MD5 | 209608bb86f738509c43cc7dd36c7fff |
| SHA1 | fce01275d6bfcd8741e39c2fb3b74972ef37d810 |
| SHA256 | 1b1627b5615f6ad1c4988bee2e2120338c70583fefb528ce03410310b6f840f6 |
| SHA512 | de2fe018c6a0b0ca83913f7e03578b0f6a2d9822f5934925ebea2a896111cae64e166b87816b242c8b04af32fe9049b03c233eeaa5a9d220f82a235fdfd81107 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1335940a5a13f354_0
| MD5 | e8360ed8f55be45d3f027c65a9d64e21 |
| SHA1 | 0ffc2c2acee7b45ee161ea4e232ae4dbda71cc26 |
| SHA256 | ecc66c16c9545bddb89de109c108cd84fd1aa38e0e0c474ebc7ec2762992893a |
| SHA512 | e9f5c46146e8fceb4491e0d99c32541c52a9fbe96b6c5db004c11aa4c640eb47030655a156475b5691882189b1716f7ac96f55bd7d272640b44b5faacf37f1ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa0ba30e9dc345ae_0
| MD5 | 0964b46459fc024fd7c38e292cb60ac9 |
| SHA1 | e32ad8afaa9f0be5e56ed48d0565cb7f01dea626 |
| SHA256 | dcf8553416f3c07c88f9fc657eddc698a52bc1b3a8d45cb3db6e909c3ad644d8 |
| SHA512 | a878a48197ea7e94aba32d59d75e2d21679d6a03ea26a9ca055dc263d9f0f77c1917db4b0a09ae62295ddc9380fa7d98e893ce4cb2dfb44109c886cc5b5bae3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b1c5eea508beb5c_0
| MD5 | 13931f7bbc3ff33c207080bfff92d1d6 |
| SHA1 | 26fc5a43ca4fba77139e3b710443cf9fe3f2b566 |
| SHA256 | 313b96841b7da02927844cee5ecd32c15decc0a063fd6a6957c2dd3e2d7ea9bf |
| SHA512 | fe11e7894cc6b052697a61d2317cb6a9d113ef0e0b40f8d0d99bf660d137bef574dbf8a5d955a42caa5311e65f972408b1fdea93e392adbad1e9a9d64fe86c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95e4d4088a582378_0
| MD5 | 7c6cbb62a5005951ae6c2b11dd83ef7b |
| SHA1 | 75d7cc3561a931c66cdea51b37a6c12db48949f7 |
| SHA256 | e851788ec04e60232f1a53b5b525d771655d049ec434bb86e8521df0d3dcf0ed |
| SHA512 | 7dd0dae976215895fda87f569f2aad1a163f98d65aa7a051077f601708cdf34ed1ed16810dde29b7865d1cd6597f6f242ee3b5cb90caf611f623d5520f98454e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cdc67880c035c2e0_0
| MD5 | 5a12f47c528458888291644cc59d9084 |
| SHA1 | 4c5c42b134bdf10b90faf6c85de61375d94e383d |
| SHA256 | deebc74b2733e3ed305146a0f55c9355f444c0fadae601682efd220901441f1d |
| SHA512 | 3680196578be78e2d19116e824eb8a746c8da223704dc7c7e04b48a8947ad95e673234983e19d13853fc115e9c4f2c473c3a4211cc27ec151fb44ff4d1ff80c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bbe961e1f9256b4_0
| MD5 | e3e0e9d73970d72f5eefcfbfe96e6f11 |
| SHA1 | 53520658dd6773df273ca4cf8c905a879ff09ba5 |
| SHA256 | 9745a8eb1371a6e30f1d67d1a49e49bcd68f9c5f686e342bced5385d7affc48e |
| SHA512 | b4836650c7da196bac6135f98071c3a2ba9e81aac745539470fc3508fa32b8631c4eb466542243bdf611c31387d2e448911d282e9cb3cbd627f8ef1439b90b21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d0bcc513e0682a40_0
| MD5 | fea108c79ac067118c1acc0a25f8830c |
| SHA1 | 6f9a75979bd581d9efc23c07f7555a8aa965567a |
| SHA256 | c85ed579afa242addb0c8e588bb33a55de37480b653b11b4ee64ab2321e49b05 |
| SHA512 | 068e41b3b957b35f3e61c06d440bef322cd49f99158ae1c0a4cdd67f6d072c315290774cb0d912483f703a7d8f94a87a62cc51bcbde9aaa7cb58653de9a0b4b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1f4634f9cb46423_0
| MD5 | 98fc6ace985b74104cf9a15f63eeb744 |
| SHA1 | 6538a5e4113a86a7158e7cd4cf1cefa95876ee36 |
| SHA256 | 94147fb9e24213aee31520741960f0cfb3784c9591ceaa67a786118457c16a06 |
| SHA512 | 34a6f9e45a64889dd5349939c2f2da3b5537607ab9eb16c1855e1691edee103a14450a9eb9b275e77f86d87c2c121b77edd29763e7405373858b4af88e985886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4644b1197fc1e550_0
| MD5 | e6cbcbda2d7683ef38df0f7626c8e843 |
| SHA1 | cd01a84e2d7dea73c7bc7d89a1f48dad28affb1d |
| SHA256 | 3da0e8043bfefaf4dbfd7894e08057d376e0af92286ddbd09e5077e6e6605964 |
| SHA512 | 6120957bb7bc34e7399bc8c288eb948c733d1fda76947b85e4ef2a163f4acd527f5bba732a26940c21c292a10048f99eff85112f033e20dedeeee760c66e2188 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37765bbf5ce52be4_0
| MD5 | b083731a15adaae15ea3eef851886a01 |
| SHA1 | e7dc8a592cdc12c1042f0f2bcc78c7200a81c212 |
| SHA256 | e02cf2c2d3636a0f71c1f3906e15eacd09b28a9ddda537e5b1cd4b9dceb00576 |
| SHA512 | a57cde338d2c4190117efdab365de33704a7d0f1c7fb6ea73729fb9619db6310d788dba9894d5e90b06afe433ab0dd8f06dc47b294e1450a9921d9a5a8f2fa31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f3149bc5e88249e_0
| MD5 | d865df1f7df97fe5f9980e6a0ed4f19e |
| SHA1 | 139e7add6164059ae38d3c6ab1064bc441ece0c4 |
| SHA256 | 08af448d83ee7fb12c3d1a87744aef0767e19c216f7bf2c20b182393d8842dcd |
| SHA512 | ee178a3e2bbab3f0eaa01a3ddd30bea07962519c3158b136edf28c6f85502c42c8be6d66a128bb6e8f6a4d30141c5066252cfa3cae055f37c5c4a54a37e9d7a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d252f20371953868_0
| MD5 | db95c3ad1267df80aa57a958a609421b |
| SHA1 | 99f0532e0258dde5e8f3974e8db2a688f3f1fab2 |
| SHA256 | 8e6488db06a01da1757cde80672b6db96070e52b207c7a6c69bf69e7e1255818 |
| SHA512 | 70a5af3645bef6ac5af7e784a51d8cbf135e1da3298d5011cfb6b540627e0d4bae9a167b4cbc0c3aa1ff24ec86ee39d6d43dcb6871fcba886d729fcee757429f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | c88f69b53606b96dff18c7924bf8bde3 |
| SHA1 | 29fa7b32032ecb1564cb6627a9ec3148cea894b5 |
| SHA256 | 1f7c691bd43a49b47ed23e255c411638953439fa83e5133356aab6e59fe0fb29 |
| SHA512 | 0cc60147c4b0912a9105706e0112e12172679f43896a0ba66085224802bfc6d1b31d2fcfc744b41fd64e37f75183403dd20e0fe43066a60a452c59fd55b385e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | e529668d3aa5f8f348e27e6ef2b04212 |
| SHA1 | bb9875cf7a3db027e78fa28e18c718b3554eff60 |
| SHA256 | b42f812971f896d4d415df864066588e7f0a2b24d2e5c8078b333d9e7829d563 |
| SHA512 | cde1008c536ba2cd3e9b8e5470eb2d40c39af3f41b2acc7947810fdb7b640190630865839f830e889eed458a684c1c788fa3ec478ee3aec41eb88fc2ecb8837d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb152fd45d310867_0
| MD5 | cdf39ca3c0e6d5d07db9ff53a395d9ef |
| SHA1 | 749ed13f5fcab4ab874d632a0abbec947d4d6138 |
| SHA256 | bce4c73da2368521223bc62e19147f3b537eeac62c209f10a754434483439b51 |
| SHA512 | 78be00fc79947f2e14bb724af49a28c4a5bdb594a03fb3f26c74a52d867ad6e96afdf301d80ab76729c4a30f0c6775d7e8433085f8f31e7a7c858ef7c277aca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\407e4f62b57c62d5_0
| MD5 | e376b39d10cb71b91b15f50d6a398d1e |
| SHA1 | 062f2749ef16329c60603111f813c8fb8fb19895 |
| SHA256 | 5e63d2093c75e885846f95788db307d9e8b9a8e49afcc575f6d8041e58bd0217 |
| SHA512 | 9edda6353a4d8157b57e44b6bbee9bf727eb71d0a08e8d47201197adf22abcab18e84caedb7703623e4414a4e5226892cea0a2eecd4910d016896b405d301066 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aacf7971e2e1c3e6_0
| MD5 | 9c4e0f2909be2e06b7a0df54bd171f98 |
| SHA1 | fa6b704ce74a8b8bffe71873dd084689bc8df54a |
| SHA256 | c260f226b59f22b47b9876bb705cc1ab6f2d26393c485f8750088534ffb3f092 |
| SHA512 | 81bb4f659aa7ca9040bf1a08d5bf2eb736a1eed2e8392b32629b707cc754bd9e552c232aae1b44c559b067b5f30e4f34837821001c193caf6efae0451d47ea19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91e4ac03c4f64f79_0
| MD5 | a481a466bdc986ebc9dc330371d6a221 |
| SHA1 | 13b4feb09c69c31571fb7cfc0296b70a1ea8732d |
| SHA256 | 186c6a53084352a1c5217f69e9059f410b2a15e9ceb15031243d0372fcd744ec |
| SHA512 | 1ff0cad7e74832ffb56a3f7dc1176c72874193c83c42729307f963831322f92740caf6353090a2686d183f95460da4e603d504c1b0307d4342f1e526943d995c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7dad7c8314a2dde_0
| MD5 | 02b2c4423993709885f506e2b62599d0 |
| SHA1 | a7ff19c045bcdcebf17f63c7815d506a80b96fca |
| SHA256 | 38aa63f510504a9132a65be8296424d7b6f5efe470b8c2c2519908236e2e405e |
| SHA512 | 6c50741847160acc42a46f6df158430164ac256a2b8d771e8496b67caf09c4d14f82b02a5e0e0e54b90bbd71fff1bf4436e8166ba9a624fb6f54ef8d7579b4f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aab63d9783133eb1_0
| MD5 | 604e96fc135494214f30bc6ce1e5b49b |
| SHA1 | 70ee455b0321e75bc1e3aec555386408ef2e9480 |
| SHA256 | d75a5606ffd82041e4837eff940ee093f2af70d9b875115fa5a68b2ecb883c36 |
| SHA512 | 971e1f88a125f50a6c0542e65fb09601d198c1a36d0ba1f3964f65649c33d2d926842e571d74c508854195b564a9afd9e4a2815019c64231afe235787a0bf3da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44d49f9dff020a86_0
| MD5 | f84320eed2fc4e2d0964c9f1d6d001fe |
| SHA1 | 7617f4a9b6adb235308e9fec19a5b16a8cdcff45 |
| SHA256 | 4adc70d269773aa86195ec36fe578094f93c7a1f9c68bb5f3c7ab271a6768cec |
| SHA512 | 39f9750170683077a376c26cfc4a8842a803200bbcac41fc96a2ebee23bfeb929da8b1679e5988e8ed0553869212648816995ca940eed576863a63fc29a662a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74f33820d1338b1a_0
| MD5 | 580484ffda863cc66be597db644e28c3 |
| SHA1 | 8e978c8641db7d9ca0d0283a88cc01009b5733a9 |
| SHA256 | 27233bb2d76c9cf79a92e7637b78f422842dc36725e331e9d93cc3771519f5b8 |
| SHA512 | d72b1176d0fda97e37e566f7b59be01691c0920f43d9c2457ad85c5bf5ea8dd1b6592c8cefbd8a3811a30e7b3baf6b2f065ecccf030535adf2cb1c71de68221d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\642e92cf02934f40_0
| MD5 | eedfebf127bb46323e341d7682a4e739 |
| SHA1 | b9efffd9aca8c008c0a36de69e7bef44278e4a08 |
| SHA256 | e271ff9e9d3624cc511220e709614d5595d32d647d62beef21e8400f9d4c6488 |
| SHA512 | 5ffd6269de74a10cde52dd221f2685ac712c784ba93c6ee75e6e72d34091856013f6e90d22f9526891a8d2dde43dcd61f1324829633bfda3352a8dd7c3a4064a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a2fbab3ebdc368c_0
| MD5 | 549eb18a17ac283962987a7cf7f42830 |
| SHA1 | dfaa4669e4853c06d4a2d1ea46b014290d8d46ff |
| SHA256 | 1984e377559224b0542083dd6da9a3e07791f6d4cc53344e93600cb901e42cfe |
| SHA512 | e219648361cb92a0f7279134231d6b9f8a44379d79c31b2cbdda35304e3bf5f58b702fde58f9702dee02ef3c9704a593e47f9740ac417745dbefe2519e441563 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\209320cddeeadcf8_0
| MD5 | fc8543c8c73fe624821c867779d3ce76 |
| SHA1 | 4cd2782c85d17e8037df242622c86d3ea2b59c73 |
| SHA256 | 2531a1cd01cb21a136af61881c148b63c0becae54647a2276f4b7fe94cf86b5e |
| SHA512 | 29c3c209846bdee26f4f9ed145980685670fea9a413901123737b18e4e4b72e789eca1ceefe8f16ed467be28c7f04087597a8581144d4b882f3480401d6c0ec8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d34e8d364ca71d6e_0
| MD5 | 688553dd54cfff3a884c4f417dbf3393 |
| SHA1 | 6d40dc55b4d18ed53ddbb1c89c2653aea93b9469 |
| SHA256 | d3fa3f7751696d837f150f7615c47ce060b29bf75617199baf982c5323c48177 |
| SHA512 | 0a5b7eb613810b83d8ab0e14eba1f9a1287bf6e5a16adb96bebf633998dd1b926f11c7d71dc28260c9675947ef6d0899353420e779226063633d5126ea97942a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\231d80f54d2ec417_0
| MD5 | 891aead03e2786e9a0e668e276c6cf8a |
| SHA1 | f4093ef8546b443c955c2976cd6f2cbd3dbc9a38 |
| SHA256 | dbae3e80b4104bd5ee6a50b94ed0c20b21219981d10d3fd290d9e891e596c213 |
| SHA512 | 01e51795a295854bc9de3ddcf25c1b0a80489bf662784afe10dffa9d09715ac1ca8e3270e6beecdd6829a3248fd80be9beca6525e074a9aff4a5928d64188324 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca023838a5c184fccb0d8ddc76ddf7c3 |
| SHA1 | 4a9fdde2eeeb8838067c7e4f634d314691dd6ff6 |
| SHA256 | 19db98b764510a7e12ec6843e0b45f50c712f9a54bbed544c9bb9ed678d76183 |
| SHA512 | 83e5792e34165e97156f15c12aba6880609c98ffad1272cc7b31ba2eca5d9dd3dab37ccfaea6f2592e476639f54dbcdc94595104f5bb635de167eb933b4ce399 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 467170fb71d53045f32d3e346cf2200b |
| SHA1 | 113e3b2cfaf37a8eb666bf344f2916d39a4bece2 |
| SHA256 | 5af71db7446526a203155c357903eb0fac86a6a52c85d271ddb8ed4d2e7e9ae3 |
| SHA512 | 14a97c894b4781495c542c3e65438d48ea69e63df23e556f4e8be8c5be163a81c14634b45a23b5535599b7051a7d380563969980d86eadc2c64245c1bc152a4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30bd719eb980b966_0
| MD5 | c47a9fc23281a5401d96a2ff81d87c98 |
| SHA1 | 13cffbb4b470b71c179ad62b8aff3edbd171272e |
| SHA256 | 55d5fe66a623c9ebcb2becea565abe92134fd432ab0278c482c9383bc115f68d |
| SHA512 | bd1d0e4a58199715df61b8e950d276c1c43791ab5f06a07bf378aea3e59e558e9847f5a52d140b10cd654eecea0a808c610faed7996d4ee03b294344e1b4030b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ee423b9adc2ca8c_0
| MD5 | 1512b34d579752b2463d6d0ca88ebd14 |
| SHA1 | 07defcb936973057f95a632dc44519e4f86381ba |
| SHA256 | bd0a6ce1a85fb1497154a1fd356daf9002c73ef3feb26d2f27e51b804115c378 |
| SHA512 | bfef8f0eeeba1b81e478fa56ff059ba5309f4be5971c51c4213d5b59a6c72e2818c7bb6c6560a15ea13789373a0ca60e511b3e2db5dc2f05a00a4d27d2a4b698 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ffa675049b8ab13_0
| MD5 | d5ca18030d29fe07ffaebc167c924a16 |
| SHA1 | b206c2a3e8e732801b07f6b271013061954585ae |
| SHA256 | 0c64e28ccf81d048dc8a761e0df30090edf4a406180d267a4fa945bdb2ebf1e2 |
| SHA512 | 73d9d7a664d93fe8473b22d4c84c78870fe1e06fd99517d661b7641f9585fa21d17ab7de26f6fdddaf29b8db5a3a7abbfda0ef538493ea2c8017c6e5ac4f8863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5cb2cccd7f63f317_0
| MD5 | c76c54e657a2bfa792ce46e9df172195 |
| SHA1 | 2d8f35576c28ae2d9384710cde87524dbf38cb9c |
| SHA256 | 83e50b734ab2792954ec828f3ea7d4ab9b9dd4d187560f6d8786e5f2d2c822b9 |
| SHA512 | 3d73b10b3d46ecea5378dcfc73ee7f3c3f58d978c965f14bfc1edcc4072dcbd8a934c36bd567f5ac4e0db440f080251b86ca8cd4e8145c7c8b4bb149dea67a9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b670c6791c122fe_0
| MD5 | 208f44aab00ed879e1cbf558b0e0aff5 |
| SHA1 | 155ef501c373f203776dbcc4cdf67c6d64ec8975 |
| SHA256 | 2a08d3e94a41be1d4c591e8181e8182b0ebd0b526b56301b889a51033bb244f0 |
| SHA512 | 7bd522de2f153775d95649cef60f16095f8371b5c38a29c1fb7997799dd52a5980e3edcf54f746a95e3b8fe2d0557204730fb29e496e42209146d3be265b9b07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\169980bfc955fd07_0
| MD5 | ae02b15d02900e9128ee16c6b9211966 |
| SHA1 | bb8a756d3df8e2c87f56bd804557fe7bc68491b9 |
| SHA256 | cec6e0517de6dc49106b75e0c10d0218df789de1c7cecb23cac1ad9b3e92a182 |
| SHA512 | 96948a96adadbfd1cd139f165b3b67ad04cd4e04dca45f7ad603bc4fa905a420622594c622408de5ae82cf7acaaea61a60ad677a89a3c980bfc5bf1755f648da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a01bca4b3c20890fa707941fbf139de8 |
| SHA1 | 2e35669b5e52bd271bed2a0668f8dae6a28a4a7a |
| SHA256 | 76cdc04deff711387313970df1b3922dff6411962e0adcd07aa66fbca50004ff |
| SHA512 | de7d387019f491dcf83609caef6bdb2efa42a32df8b6453e0150b9b99a38916a662b34a59380ac4bd2801bca4204ba191ce3f520f1a4a6fd4f44303c49346e40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12a043bffaa654134507c1c14f3d08a2 |
| SHA1 | 536533ad0095e3cff90a000ff41f1ba36fd7d51f |
| SHA256 | 1391b609b6da407db8a60ee30d9077849dede22817c840b5da0161a04fd569c1 |
| SHA512 | 58902737fc3d54d4acb175f0616c129297ce876ace033af36411114cad204169397ff76c591cda4453f1dd5d1d28e1e3bc1666772e41b8361e11f21b19bf53ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 469034baeedf74d5e11e8b9d076e007e |
| SHA1 | 15df9f0c824fff6567ec956c18e4e80a46ee9d4e |
| SHA256 | 2ea31694dcb47b3deae928db26e81a25f23aac24da2ebe151490b8c0ec0d802e |
| SHA512 | 42d43dddf08cde67ae53ae56f93a8ce2c6107e7eaf9578f6880992c83ce2a9f983acda000672f578d02439d2a96c5a617b436857cd0db7651912f8e07c88557c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b163b150e9f2cfdc_0
| MD5 | ac1cc8ed3a1edb9f8038960d3fc5e926 |
| SHA1 | 78eacb103306fc75884e8e593ebe0fe9f1bf7113 |
| SHA256 | e74dfbd3a5952c631858f48eeff2b5cd1c344f00353205b8677f519f4ce1f3ac |
| SHA512 | 0e20797e66d1c9fcb13c7637a4d647525a4fc76c9010bda55a1d600f24b8c4d88a5024fc2543d563ab7e57cddc64528d9004b306f374e2c11f25441bcc387309 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2faf3c6e4c4f195_0
| MD5 | 48a17aa1a864d1d4677d106319d6e082 |
| SHA1 | a76a16d6abc006b28bcd2ae9ad05a1441cb4ef6d |
| SHA256 | 5d5bfe0a02686c92bddabc1767ad89882f7665a99379b5311495a9520ae1fcb8 |
| SHA512 | 7f83c1aa5bbcff9cdee05136b024c204175c4a8c4c00100303057912ad3752a9e0a8b0943c74b79c610e6760319fe84022de9ab2ef6eaa297472efa352dfa0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e62dede2e0e01b60_0
| MD5 | 38a582760fb985c94b6db45e7e3dbaa3 |
| SHA1 | bf783bff731c67279ca7955ab6e5a83bb9d7da30 |
| SHA256 | de4110069be453ea6f79f7022692cfba485e700f44c688ea67e6c8b7a3455042 |
| SHA512 | c1de7b85b6e0d2b53e7f7324b05833e0848fa2502c07bd65f09df77687a12ab21df60c39104862eaf314201fe62cfb16775c042e9823ef6da775d3224aa0980f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec4db310980d8cb8_0
| MD5 | 662cf2ebc4ad0c733c1f8eafa4bb7ac4 |
| SHA1 | ae5717f6c9dc6414a758cad32c228b19329acd6e |
| SHA256 | ad43ea159b432b61ff328612c60daf9783db194321108cb30440bd28e9434c6f |
| SHA512 | e3b6c8072c26059898f6aa95637622225c1be1633662ed6e78ab3733f026d81f88acb0746d40d6a8e5958f2fde5791912e54fd8a044ba0b79a2822a155efe720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\669f768dac0cfcfe_0
| MD5 | c82b6f9082d770abdd98a43c1849181c |
| SHA1 | dc5222bd99da17c491603c5c4cfc723899e877b6 |
| SHA256 | d19d0b77443e73c0b6c10e4f7a244fd59482f9bf257e94302247b2830deeaf12 |
| SHA512 | bbd8de63bfd31f2714225695af893df58aa73e9a8e21a9d3c7d26ef86a76265f999e3a21bdcb10411bbeaaaed5eb64b721a33bbe7358945ed7f2cb2eace91ea6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\770e1e24b17c80e0_0
| MD5 | 12d309449f0545735ab5dd754b74b273 |
| SHA1 | d607c0725577f35c0cec0014a7806bbedebb3d0c |
| SHA256 | db09e34df98834d2e5c97f538fa8386c549b301ac85a51a41c3d0a385f8795fa |
| SHA512 | 78729364a5cc400b9abdfdb7c72846602eab9c9c36ef7e7b4cd81646143e80ac1019687f00b08aff741a17b8d2beed5cc4ea9ab2abe9079dfd7b688d803b78e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42e1b451617cf754_0
| MD5 | 919d0b22302a3aeb77045193b8c7ab24 |
| SHA1 | 22916ab2c33e3ee9b633ddab07da0c1e15781b22 |
| SHA256 | a2edc41a0039c8dc8bb7f995039f617a571ab61ee100edad099376e0c9b92da9 |
| SHA512 | 915e220f751f8a1e04e9f7564eef9f301e0af30b6cbba31ce60db62c31ff29eab37893a4d6a7b595b3d8f80de10ee4041b814a2bd4f3c3657b130b80f9dc4b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d49fe0407a2b1c8e33a2ce13ee073ee |
| SHA1 | ad2a068fa3ee5602c6a19aa871ccdc276cd23b13 |
| SHA256 | 413b00cd88f56fb098d127745dfe624b312bb7ea001e8ced56aad5973fcf34d2 |
| SHA512 | 95f972a9660206c381052cba4c7e387b1be6576218c639d627e10c66406ffce21166a4e3e0c6acf6535f39a26b7f8569cdddbb159d43b81e9f5688957260774f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082
| MD5 | e14ad681d304516efa040a1b85a74c70 |
| SHA1 | 65245d9bee3ab13cc48cb5d67f0e5d637487a0e2 |
| SHA256 | f964ef506e7683684d06ee19a7352f2ce84235fb7a7e51210185506bbba08767 |
| SHA512 | 52e1ac2bd88f163fb468e2cfc07886bafdad4263b2f306eeebcb15e9cb84ad5ae1b356a3dfa83024f1b1e066ec6fc4776e2d8f54a6d73250263d5a3d8894c518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 199ee646d5200dca0cc49af377f6eb61 |
| SHA1 | 5234db91f8d3140df56edc8fe8d6956e05ca1842 |
| SHA256 | 404d6421d73b876ef746e2ee3346537c309a4721ae2c4212c6964b2bd16a4a6f |
| SHA512 | b8f8f698f8ecbbb1e7d73b433aea2a2e003fbae894c555a6037835724c852b386d4b0581447aaa8e6c6f95598414ec601e88c6bab2c0165e8815463a68ff7e68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad97b4eb7c78c8446d3e34ddf005d045 |
| SHA1 | d5ac07a963cacf837757a8cf24064979fc10d2ab |
| SHA256 | aa840d2635fcc3899ae4b951ddc81fc24aaaa3de5aa32947553e36e8ea183a00 |
| SHA512 | a7de139803e87f24acd277d841e8467aba994eb0712b3fd54272ec6c779a754dea51b42cb5cb4e82fd4ce87b3d5802152cd0b52c3d6e8af26ccc434bba72b60b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 329adf9b8b61c0a784133a1ed7bcb965 |
| SHA1 | f76538716a2f55b0fb5dfc6c596f12411b8ee582 |
| SHA256 | c61634a359918dd543cadeac0a73a714723e90902335c75fdd59008d89a7386c |
| SHA512 | af1b023f9c1e67b9ccc094bfa46cf66e8009f80f9d1f231c6e5716aebaa2aab7d800eba64ada5b8b9dccdcbb31a207e4a4be19db1b0c41d77f65149e2899942f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b10ab8034648fbf791e45c39609df977 |
| SHA1 | 14795dc1535ada00c123b112433a606a2864cf43 |
| SHA256 | 46dc3951e4777809f79d12f7943522458e7356dd71571a8f1f2fe36ded46137a |
| SHA512 | 2d503ee7655f2b085bc413475ba2df19b3b8ca834da42e71c645f035d2fbdfd4f07f4fcfda6f62f62ba85d07806e65421118af1ed5cd217f673f696e2175cde0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 897136c1ec0532faa3715fb7cfaab41c |
| SHA1 | 5e486e296c237d1995c23e9213e79a5e9870bbe7 |
| SHA256 | a37d8df3253bafc73523ff9551c1686b6ef71e6393f1017bcc95aacf2f48a193 |
| SHA512 | 2bd9647f58b661511c6ff6ef0cab1af3cc2a5927a6700c415214e5169f643e0fb102e68b8babab3d285b860cb1ac760d1594228ef4162394bee7451236177db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5f58beb11e85609f0adc1fcfe2b6fcab |
| SHA1 | e11dec05615cb9f1ee6792a2242df6bc2e0a447c |
| SHA256 | fc823e1e893856c18d9e9f70d186ca8ad91b73dc0d81f8a2d2af93199adf025d |
| SHA512 | 165fbfd1bbba7573a7ba16ba793e04817e2de6abe386fda6b7f58e3d7a14f32903adeed6f03146620c9d2530e28a59c21d6b8d531fb89b26380478a6ca260152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82bbd5cd0501075a_0
| MD5 | cf7ae2c8281d19512ef962858b362462 |
| SHA1 | 78b218ab8c57c73bb69e45a83ec9ee4e5e99c879 |
| SHA256 | 65b4f661d4f6cdf5ba097a40bc0b811bb8416e6a00906a7b7aa1a3752ab08c1d |
| SHA512 | 0c5e77e68d7f4eea62e1f01c9bb6d584f84b63e35a9382694c405805091ccb452a160e87a97d52b986e013fe7b49ecfe752512619ac1bc3ac1d6cfd28eb01396 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 70e5c694785426e4886a38d177ea59a2 |
| SHA1 | 7fc632de10d518c9e463d14a5d92f1df48192812 |
| SHA256 | d8572fe3a5f5de2e00b56738e16a056a56026ae91ebabd5c3b83dd8347f03dfa |
| SHA512 | 7fbf6b0ed16f9a6de88b72cd687b805a9f5f151b5f0d584f4fe307e8e0d326d7efac73cdc9cf6c307ec7ba92b745628c21b28281072121e0d88c6535dee406fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a84ae686f0e5a128777d4d4f01cfd374 |
| SHA1 | 269af0545b3e3b7775836165b11e50c85f32d993 |
| SHA256 | ab74d9ba5e28f9f48de52c2a3461bd4ab6f8222d854142abbae024af29972b39 |
| SHA512 | d519594cf316a90af098f0bcef0051625ae1b71594c44ef7fa083ddb49e64483eb2132595b60330f242ebac8b481d98f99d2774a0754c7648bbde12568182386 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b1128e4da9719fae3e44099b7cdcaf16 |
| SHA1 | 4612af1c3a1067d52c2a8bf9be0759b87355ddbd |
| SHA256 | 0e3fd9d94d7aa8837a66deebbbea1ae4f9eb95fb0bb70c90bcb405f5ead95848 |
| SHA512 | fd084b801f88e01c135e005ea0ed2bed014f3d454ed917c727710e6da112c113246637361a19a18f6cf3de05fcd7ab3b7bbe0e61652ae829c72b0811f0221b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b342244409a7f5b_0
| MD5 | dcbcc83c82c75144362936e97f94a927 |
| SHA1 | eaf309f9991591cdba50197fe51a9c9e7afc8f40 |
| SHA256 | 27656cf5e9be5cd366f9bb017d61a9774ef3eec990f7f3745246137dd06699ca |
| SHA512 | 0efc5ab4616d8fe2b50cf3ad436804a5c3d963601865b6314d943782fa905965ddd45c36b80671cd0226a9441b5fbde8d1d6e91c7d3cab0c70686e163f235627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\939a05e3918f8454_0
| MD5 | 75d402b79944a9a6bb65b6ebf0a04134 |
| SHA1 | 6bb81b5faf2c50c247ac7706d08b3649b6d488fa |
| SHA256 | a3d05614d636f821fcaae96d53f5debd9a0184a959f195a1b6ef81684d205bc3 |
| SHA512 | ee0b5c23a05bde1762e5f1b330e294f9489ddc31ffd99601864622114ac0f3f8a2ad7d524711f078d398daa658c0feee3ca5e4738bad24929228abfd37371740 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db7fd30066ffeb912b06e3f0fff28ebe |
| SHA1 | 23368692745696dbadc200c539bce62cb3360f12 |
| SHA256 | d3e006c8a6402b8dd1a190ee627259b1f11f33a097d8714e973ee0fb1bac6faa |
| SHA512 | 8d5615d34bb324387540a3a1b09c83371eb61cc6f0e3f894247c1bcde4034061e09896f8b1eff37f51100819ee05fc59edf312cdd2ae9f5fdcc8a12088c86b84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 243e08947bc8af74d24fb34eb4fba4ce |
| SHA1 | 0565e67d23f582ab425f9614d0a48070caa44d0b |
| SHA256 | dcef83ba622bc052ddcfe63ddb7e4442e7dbd6948364a3001bbadf3ef924f39e |
| SHA512 | 96072c3d2730486c91e31959aab2862c61a1288f7d24da2d23618596f81eb649d559f8afea5db15dba30056d50eb5735df6608b384c53fdd399c748ffbd9f644 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e92a0a6ec1e8d62c61d27da04e770f76 |
| SHA1 | 4334b92a97a44d4f3310683f0933c768f8a9eb19 |
| SHA256 | 9870a26bb857e3bb9448350cfce45743daf5acebe27ae4a34eb859f2b412568b |
| SHA512 | 7a38abdc02991cc45e2074212c06b7540fd08c76a108adbc84c93ad73d365deaff9f3fa54f22b377ba8628bf38ae8c3ce989dc56700869964c50a4c938ac7bc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ace01e8d81fa3df7d3105874c3fc066 |
| SHA1 | 1e6db44a3c7b8aa5fff9132a01cca05f68c61d8f |
| SHA256 | 79d273713ac9278e73338486c0ad5f947c2b618debf2ba5db1cfbdc07a63a95f |
| SHA512 | a546fef1c8c7c50fbdf2b7b2b0f4b509f33d6b88fe2fe52b61c6c75df62f8bdd29fccbe1e179def31449fc915bda7fe3dc0652441b1d8b52a2b74d52ab01ff4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61645f4a862c957db27faf33a7c62380 |
| SHA1 | e4085bf7cedfd12d39d7af21a7404d403f7f4f5c |
| SHA256 | 74afd7ba15ea00573651233df4298252fbec9b4eb75abe4a692d1792038884d5 |
| SHA512 | d275ae4abc84b6609825dc840537f9833a34a2e4c764b9ab74aa3362147fad210dbf259b4b58094ff8dee6b91d7b8a43767500e32a44af649990335331202eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 25fd6dbdc683fb1d859d8f39b7477c06 |
| SHA1 | 683ffbe343a6929637d086abe81f0bce43fb34e1 |
| SHA256 | e59aea5399237961c8f53505410dd75c3e9c9cc1d0b226e6eb49b0927db2f76a |
| SHA512 | 132065435f71c6ee419736722542151244300288cfa094d4427958ff0fb3d974053396c9e5b39dc29c52ad541675a0b71344102e06f554dbb410f5948dedfa93 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | f1566337c7426e2d687a79875326bfef |
| SHA1 | 497592cd21ebe442393e9356fd463592bd701747 |
| SHA256 | 813b1b7f08626fb30b18f3fa1bf06e262063766f004184a58ddfedef172af502 |
| SHA512 | 6958af259fdb732c80892a9cafd371246e717a2c3f2f97f3e041f56e42e2321b902f911bc1eeb5f53b306fadabdefb02cdcc32cb89f2b7f611b9b4914f1f756f |
memory/1660-2746-0x00007FFF24BD0000-0x00007FFF24C04000-memory.dmp
memory/1660-2745-0x00007FF6F0CC0000-0x00007FF6F0DB8000-memory.dmp
memory/1660-2747-0x00007FFF11970000-0x00007FFF11C26000-memory.dmp
memory/1660-2748-0x00007FFF106B0000-0x00007FFF11760000-memory.dmp
memory/4216-2758-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4216-2759-0x0000000000400000-0x0000000000409000-memory.dmp
memory/2128-2760-0x000002298A330000-0x000002298B324000-memory.dmp
memory/2128-2761-0x00000229A5940000-0x00000229A6ECE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4cdd7ec5a4d7406b41428e2acca49210 |
| SHA1 | 235b1b75ff09517a741975d3232be98446e1d24c |
| SHA256 | 74eb2b187804790ed24fa4742e4aa71451dc90bbc10ca34ccf0ef12fb9fcc395 |
| SHA512 | 1dfde358c3f246e87eb15f8a53ba51618d8ef54de2cc05c91e978819433a245f3558691529fcf7e8ecc8047f4921259b9b50b9358851e679766a4e1f303f804a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa88c70407271031056e00973b92a2c4 |
| SHA1 | 07547f04b3c2601ca368343fe4b9d6de467e655b |
| SHA256 | a755e0b03a82a18b08874f1eca13b6fcf71ca4769a8a04d6e1638c3b0bea39fe |
| SHA512 | 59842e8814d41bd78bc59eafaa0a8308e483e85db54b3bb0218cb3a35c944736faa5f5bbc22c79e827442599f8b44dabf643a45b29b88a392e87f6d5a702389e |
memory/2596-3081-0x0000000000AC0000-0x0000000000B2E000-memory.dmp