Malware Analysis Report

2025-03-15 00:51

Sample ID 240626-n7tbbateqa
Target https://archive.org/details/DoxToolV2
Tags
defense_evasion evasion execution impact persistence privilege_escalation ransomware trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://archive.org/details/DoxToolV2 was found to be: Known bad.

Malicious Activity Summary

defense_evasion evasion execution impact persistence privilege_escalation ransomware trojan upx

UAC bypass

Modifies WinLogon for persistence

Modifies Windows Defender Real-time Protection settings

Deletes shadow copies

Modifies Windows Firewall

Downloads MZ/PE file

Disables use of System Restore points

Disables RegEdit via registry modification

Event Triggered Execution: Image File Execution Options Injection

Disables Task Manager via registry modification

UPX packed file

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Adds Run key to start application

Sets desktop wallpaper using registry

Event Triggered Execution: Netsh Helper DLL

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Interacts with shadow copies

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 12:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 12:02

Reported

2024-06-26 12:12

Platform

win11-20240419-en

Max time kernel

530s

Max time network

531s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/DoxToolV2

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A

Disables Task Manager via registry modification

evasion

Disables use of System Restore points

evasion

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Dox Tool V2.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\Annabelle.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe N/A

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "143" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{E0AAB4FF-525B-4C50-9730-9BCA64ECF80F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Dox Tool V2.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 600712.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Dox Tool V2.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5100 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/DoxToolV2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff25103cb8,0x7fff25103cc8,0x7fff25103cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8

C:\Users\Admin\Downloads\Dox Tool V2.exe

"C:\Users\Admin\Downloads\Dox Tool V2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6412 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,14927543604536118978,17721813095139735663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8684 /prefetch:8

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BlueScreen.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BlueScreen.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe"

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\NetSh.exe

NetSh Advfirewall set allprofiles state off

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe"

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 00 -f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39c8055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.239.241:443 polyfill.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
N/A 224.0.0.251:5353 udp
US 207.241.234.127:443 ia803207.us.archive.org tcp
US 104.21.66.166:80 drizzybot.com tcp
BE 88.221.83.232:443 www.bing.com tcp
BE 2.17.107.123:443 r.bing.com tcp
BE 2.17.107.123:443 r.bing.com tcp
BE 88.221.83.203:443 www.bing.com tcp
BE 88.221.83.203:443 www.bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
AU 40.79.173.41:443 browser.pipe.aria.microsoft.com tcp
AU 40.79.173.41:443 browser.pipe.aria.microsoft.com tcp
NL 185.15.59.224:443 login.wikimedia.org tcp
NL 185.15.59.224:443 login.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.210:443 r.bing.com tcp
GB 163.70.147.174:443 www.instagram.com tcp
GB 163.70.147.174:443 www.instagram.com tcp
US 8.8.8.8:53 static.cdninstagram.com udp
US 8.8.8.8:53 174.147.70.163.in-addr.arpa udp
GB 163.70.147.63:443 graphql.instagram.com tcp
GB 163.70.147.63:443 graphql.instagram.com tcp
GB 163.70.147.63:443 graphql.instagram.com tcp
GB 163.70.147.63:443 graphql.instagram.com tcp
GB 163.70.147.63:443 graphql.instagram.com tcp
GB 163.70.147.63:443 graphql.instagram.com tcp
ES 157.240.5.35:443 www.facebook.com tcp
GB 163.70.147.63:443 graphql.instagram.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
BE 88.221.83.184:443 r.bing.com tcp
BE 88.221.83.210:443 www.bing.com tcp
SE 23.201.43.66:443 aefd.nelreports.net tcp
SE 23.201.43.66:443 aefd.nelreports.net udp
SE 23.201.43.66:443 aefd.nelreports.net udp
DE 167.235.34.89:443 www.maxfunsports.com tcp
DE 167.235.34.89:443 www.maxfunsports.com tcp
DE 167.235.34.89:443 www.maxfunsports.com tcp
DE 167.235.34.89:443 www.maxfunsports.com tcp
DE 167.235.34.89:443 www.maxfunsports.com tcp
DE 167.235.34.89:443 www.maxfunsports.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
BE 23.14.90.74:80 apps.identrust.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
GB 195.181.164.14:443 cdn.adnuntius.com tcp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
DE 162.55.105.244:443 delivery.adnuntius.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
DE 162.55.105.244:443 delivery.adnuntius.com tcp
GB 89.187.167.2:443 assets.adnuntius.com tcp
GB 89.187.167.2:443 assets.adnuntius.com tcp
GB 89.187.167.2:443 assets.adnuntius.com tcp
GB 89.187.167.2:443 assets.adnuntius.com tcp
US 8.8.8.8:53 14.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 244.105.55.162.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
BE 88.221.83.194:443 r.bing.com tcp
BE 88.221.83.232:443 th.bing.com tcp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
DE 160.44.193.8:443 www.radioeins.de tcp
DE 108.157.4.99:443 profile-images.xing.com tcp
SE 23.34.232.108:443 content.api.news tcp
SE 23.34.233.109:443 media0.faz.net tcp
FR 152.199.21.118:443 media.licdn.com tcp
DE 109.233.155.204:443 www.xing.com tcp
CH 217.26.61.119:443 www.ksgr.ch tcp
US 8.8.8.8:53 108.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 109.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 204.155.233.109.in-addr.arpa udp
US 8.8.8.8:53 119.61.26.217.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 33.4.157.108.in-addr.arpa udp
SE 23.201.43.89:443 aefd.nelreports.net udp
DE 80.228.115.101:443 www.weser-kurier.de tcp
DE 178.16.58.35:443 www.teamdeutschland-paralympics.de tcp
DE 217.160.0.204:443 der-goldene-ring.com tcp
DE 81.169.145.144:443 bernhardhahner.de tcp
DE 116.203.62.44:443 idw-online.de tcp
AT 193.107.158.18:443 www.erv-gmbh.at tcp
DE 108.157.4.94:443 media04.meinbezirk.at tcp
US 8.8.8.8:53 101.115.228.80.in-addr.arpa udp
US 8.8.8.8:53 44.62.203.116.in-addr.arpa udp
US 8.8.8.8:53 204.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 94.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 18.158.107.193.in-addr.arpa udp
BE 88.221.83.219:443 th.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
SE 23.201.43.89:443 aefd.nelreports.net udp
BE 88.221.83.235:443 th.bing.com tcp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d0f84c55517d34a91f12cccf1d3af583
SHA1 52bd01e6ab1037d31106f8bf6e2552617c201cea
SHA256 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA512 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ade01a8cdbbf61f66497f88012a684d1
SHA1 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256 f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512 fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

\??\pipe\LOCAL\crashpad_5100_HZMCYTSVVYSIMXTA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38a8c382eeeae44f25a371afa8928043
SHA1 b3a62a6a32cc384e93840914bc58cb490a7dad40
SHA256 649f03224f89db98cf4e15768acea81dd521b8a2180a6189304339ccb8992260
SHA512 8e7bb826ae72790e85e20f671408d4a56040b96ec9398a9a39abe05327360b6a249159c94aa27edbfce7409b56df0e2a4fbb191ef19c4a8f2b7a48102ba1c135

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eeae838840207f11285607f381f775b6
SHA1 3529a021193ec64b542ea82875c4d98f2d7b67ec
SHA256 258676082351365c4b5f8642c1ef617e50e30b14ea93942d9c3704442aeebb6d
SHA512 0783ce0329206d6c42c09c112bd482c42cba6c0b84ba9743f9c6244cc6e7cf24ecf928086e622fefc0a65de1a4f84dd71b8d1608f130fd3289509ce5b67d06f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22a79489a96944c72aea4ed5d05face2
SHA1 53d7866a6b7a7fb4ab1db58d4793263080b02624
SHA256 e9b7e0692ab60d6447048dda975fc2fea493aa9f2179df24ceb2490c4494978f
SHA512 ee6feb5be0c2c858b53ebce736166f13bbf8eb7d5c51d58e2319f10ed994e9977736fc5592f3cbd5d5aacbdd48e23967f9c8e380b554118a4cd1ed94209b9cf1

C:\Users\Admin\Downloads\Unconfirmed 600712.crdownload

MD5 3075fc835b4f3b7b20dfee9ecc5dfaa0
SHA1 6cf171b5372ebad3adfafeeb6afa0b57b88dd9af
SHA256 81fdaf72bc2de5cdef33f74d867092172c40a5c1fe86c3313f9fcd0a0c22eac8
SHA512 41f81a88bab647ba079b5ee176213c392b172e73459396d18e249a8acd80b416d2bb8679b3a97cce9fd63ee18aadf0f9a552770f1de4685efb736114403f53e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46991c0b61a3e5b318b73207cfd11cfe
SHA1 47df7d4a89a931d09dae0bacecfaa17007d0e025
SHA256 0cc12e6308c2571075dfc10afe7a71586afb351da3ae28e0fea703f6676746e4
SHA512 5c4d4303fde3efa7068d252375ea26d79de31a77d5a52c807a23673ef78344504cab0d1cb3074951b164b99edcc2518e6e7640d217416e7c9e15635f1c596453

C:\Users\Admin\Downloads\Dox Tool V2.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe6f472f58185712bd7622fd691861d4
SHA1 69b7a2a71b01cbab4cb9108c75370c7672483e6a
SHA256 661b60c8c768a67c42fd8e5a78585661abf3b1234d446032112587b86c1e387a
SHA512 d12f5291da466454632dbe14b22eb345d96ee42e38b580ad15c0bddea6c6e8ac11e91b10def85b414f67b6bc9afeec5af1b59b7dc696d272508002ddda20df74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1dbdfe4c36869a221a485a34d0941f06
SHA1 06648ad7d026e95dc2f9b782accf339e198ee32a
SHA256 ae920504283b7b7fc0f2bbd669b2a6b941ad6237c7690205792dfba6e8e9aa94
SHA512 1a4f44cf2056493f5d11fe6af192855e8312589fb0b669c5504e5247525f13444fd0c03f239aff8692963f574adde2a81e19b823e8d41b8c1d809bf692091ba8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ace9.TMP

MD5 2bd20866680db25afe86f6819a0fd930
SHA1 75ca2e22c4bf66357c6da6fcf80b21b8f80e6941
SHA256 e402b266272e90c4b9a5f87dadbef7ca0552bb588b086a41f320b12bc4fd9f57
SHA512 a8ddcdbf088bdae3812b73234a9f0eabc01c71d99c0bff20223158dc258bc885096de03cc543b43a277198ec2443dfb642225fb88e52a5682a99e1e3ca918e6e

memory/1780-150-0x0000000000820000-0x0000000000852000-memory.dmp

memory/1780-151-0x00000000052E0000-0x000000000537C000-memory.dmp

memory/1780-152-0x0000000005930000-0x0000000005ED6000-memory.dmp

memory/1780-153-0x0000000005420000-0x00000000054B2000-memory.dmp

memory/1780-154-0x00000000053A0000-0x00000000053AA000-memory.dmp

memory/1780-155-0x0000000005610000-0x0000000005666000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5028fc7bedc0a9ddf4c09a9a9db6d631
SHA1 bbcbf286ea5bc5fdaac7816c7fb0ea1473944bd1
SHA256 b09c52c9851ec5b7324aab7cfd3aff0416a60005057fdf1ed281212376df736a
SHA512 22682c7338abaa0bd2d9997d4a5d6ba0edc1469e8c258c4222a898364d719af572255121ebfab39b9ed762708323a3524ad32b8aa71843f0f35b60c6cf222f5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6755774854c216b9668bfd228e49d291
SHA1 7704e5b97e3011d5f1f1f6249b48c7c62b95b11a
SHA256 08d4b65efb66e6d9360b07befda3232d72782475b2880942c642d99a197f8d61
SHA512 2c10f3b4c1031cad00344da100fe05c6c59e45348d3fca8e857d6fa1fb3c7f56eeec0f17d1bda62341cc58645f16741c9752496fb872976ad5d588465dc638bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7142a2d585b94f5693dc9720b230f22e
SHA1 cd94209a92d445ec2ce74af8f9fff0e94274d47a
SHA256 7f4ad39fedbaca60bd50dcd35e661a10a16063ed96ab88839d4a0050aa9b9229
SHA512 8024b6a53148aaa2406a710807b0053bc456d99e2da059cdac8d44b3f7c0be9da0b9bcf9aed19eb636f57330e795462da17d91d40e75c7ccc67e669ada572799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 76c36bd1ed44a95060d82ad323bf12e0
SHA1 3d85f59ab9796a32a3f313960b1668af2d9530de
SHA256 5d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542
SHA512 9f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 5d0e354e98734f75eee79829eb7b9039
SHA1 86ffc126d8b7473568a4bb04d49021959a892b3a
SHA256 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e
SHA512 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 f7189700993d4198ee96bd6af5569539
SHA1 1ad2e11bb23ac04c9eebba69fe755fb27fcda164
SHA256 2447d53bd765b1f2c752ffda92b6f9a1dcabda1e4edc4d7496797f6cefdebf23
SHA512 3b5522068842502f5f6dcb6678248746eabdcdeb25e21d21fb0c9e446b75eb97077f15be7ca8e5b04abd4094bc7cc8ac8452c74a946d369614ee4e77a91753b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 635efe262aec3acfb8be08b7baf97a3d
SHA1 232b8fe0965aea5c65605b78c3ba286cefb2f43f
SHA256 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06
SHA512 d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 2923c306256864061a11e426841fc44a
SHA1 d9bb657845d502acd69a15a66f9e667ce9b68351
SHA256 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa
SHA512 f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 77e89b1c954303a8aa65ae10e18c1b51
SHA1 e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73
SHA256 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953
SHA512 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 07b8315363e1a64516fd0d61771c3262
SHA1 4d9b2f58a85be89426eb33d4a84dfc1fd7bf583b
SHA256 775d85530f2c00015de11fbe8bda8f6a291c972f9547c0df12ca791e776c62d0
SHA512 8c90ab86b582ba0dfa557e6756aa2fd8090c24583295b2015cb8ed1ee56eff87714b478a1b0941617328ec75dfbfbfee0da4dc3782523e468b4e1e6abb2c46bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7c7396db64931dbd1937a93f5140f9da
SHA1 24145c4ea78b5441999305b0a53cec2cbfacca3b
SHA256 bcc2989d3f71cb766660e5c437075f315947c5d65df30744ea239037af819132
SHA512 daed0b3866e1bc7e89f5864853af47e5ae9f2112109ce9aa8d079ac4e21952166d8a9cbbd17b8c61d7751ff559484610af472449807dd5f217567a110695bd43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ac572bd5ae9dd75f2b4e1421660228b
SHA1 aa6e1823179e860bbaf150c05b72167c5f91f16d
SHA256 9d0b1acea91e4b562bce7f93308726fc9e746fb3333707e496eba1e77275204d
SHA512 0eadf082a6f9082d2849019ff9f3a2227cf2d050ed249ca008f8e617862058f0bc1111aaa40bb3d2707924684d9d800bad8c985556365d118181e79f677cabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01a5db7843440f023ad184e7d22c8e2c
SHA1 0db2cad8557a3e4065534810c3fc5551a74c005a
SHA256 b90c23c15193484cfaf2e3e03f0000864bfa4677b8f90848546212b60847b5e6
SHA512 7c4b5a8a161eb267b965367c227973b366507983f6a267eca939bbb2c73e89aab056d08d5363fda338d1b10033c6009cae69cd3a83a4302e41fd168bfabdc438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a259dbe7b70dcf19c2185c9cf01619b
SHA1 ee07b989885e46dc0625b69ea68bbcd7f720307f
SHA256 54d3599dd0bf05546231ffb59c52726abb23c6250bf54aaae54df543b5c2771b
SHA512 84a6db23855c26a478330442086b31666d1c3c99e2fae9cbae517074818cf760e9f024daf1ab5c7e1d50fd8dc8743b8f551bbe9b53638f1535fe156898dc3b88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4ecfb263ddc895335d8304b55d474bd6
SHA1 7052253752b411495aa8445d737f25218e66b5d0
SHA256 591c565d493c57e528570364636accfcfe3b3f0683666862afe0c8c3b04f4e42
SHA512 804bd910ac6691cbafd862a8a73cefec724d49721c3ee02c7d3d354cee0da579cb962cb85b2324fb0f620061efa498e8133e64726b96b2b0d95689329c0b2cde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c1096322a1708bc859d34615eb370bb
SHA1 2ce0733cf3f510a9f9a5e65407f9b997310ad43d
SHA256 3282b268644989745202abc7324cab7b65a6714c2326f884c84ae2236d045ff7
SHA512 b50518dee694648cd86442775c50395a199d7738c482c9cfb6d771f0be5d822d22eb774b0d1277ed7681b00828037acdbac2ce96d810095f747c7d2b6b1939ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f3a00a879ff725682ef426a40869c85
SHA1 e2b600f598b0f1fd28921a55851fed88a0253355
SHA256 a768fd0d59a12611b73d99eb02de627ed5046433479af866ec033ecef810630d
SHA512 450bafd1d59f066b4c2d02209f57c0493f9637fb7ce1f7f8baa580a07545fdacb9bd5bf27b01000851a9d2326cec000f10268aad53ebfcefa4f93e9f5176497e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 81fa52d69237664179128f280cdfc825
SHA1 b9f1b48e6dafea7a8ca5cb8c85d0371c89aec63b
SHA256 f317130fe34adf0b76edd375bd54694d8d5773dcf33983d3388cd69b4c971099
SHA512 88b855aa182581417e62b4d159007a4788030f9fb9fe7240314b64bdaad343e804e9e20b3c0ea70943eea95a9434c13008efb82581b40ac83e48f77c259a2aea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00c30362464e74b867db9e46828c6763
SHA1 448c635a0b02f0865e3ca7ecb14123ec894b2f16
SHA256 ac4941768d131acb26ac910f100d2fc5ac54a047432b477ef47422f1d318d51e
SHA512 5d1f87843ecc775989a349df868e348db1e2026cbc7921941af87fc3f455e7bff30a31e20bbe023d46178171c5259cbb4c793bc2dccb4b12b3396297664b7658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d434ebf431a95043ced80a484e95a27e
SHA1 ac1ec921237fbd9364adc46a5b5595d1a816d812
SHA256 21981f69aa68175fe1180ddb276d193771e46aeae0d196ab6d8ace8e7a1e5338
SHA512 b4f5f99d5d0dc5429e665b6c3b7639a7ec4db519312d26a34f7a01bed7bcb06353d31c3f40a588a40ab6d3d751b444c34580d4c10e2684c19140a846f0e6ba29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 9e6a5276bd2a4e6efb1fa772c066ab63
SHA1 d997a8682d38cf01be38b638ad46f3fd386d663a
SHA256 1f3d5bd4682b0aae9bd64558edc108bed023f1f67d6fb1d91eb635461c11dc4c
SHA512 6a4fc5aa84724d8b6a09735f1b4e588184a7a5ffee4cb5609a6a19007ec32bffc169c04327ee2c9131e9be90e166d2321ab6ea014cfe58f386d71a013c9b85db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0b18abdcf363fba6e7676fa1766d997
SHA1 d3fed8a3dd0d0ad083c7fa3d50bd121b8eb1c77e
SHA256 3203bba6dcf840726d3180017ccb19062d733875a9f0c669cda38e47fe8b3f6d
SHA512 42dc08dcab288e14afbdcc886cf75172506ee0e295aefc5ac5c8db43dd937ad88955d50278e65d1cc55cf7441fb860123488da21121d5151c3eaeed8c8cedc05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5bc7adcd9f188a413a23a74b28a275d2
SHA1 8170732d4b950431ec1bfef1181ccb7644e23149
SHA256 37e78256f9914139ff5b4d0bb4ddbfd4ff4cca76c1442361af70dbb9537d63f8
SHA512 a875a713a4f9f082ea781004e7049db101bfcdd8e032d0796b3a56b7ad5873dca08d654d8adf4bba87167873cdc8d7fb393a1b3d5e0189afd4dd6478a732fdca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 ecbff2670f32abb0d5f6b065e8ab0865
SHA1 916ce6cb642666c0fd281a2e6f409afea432b30b
SHA256 ca8e27ab0e2e61e5ee1c3081eac1827231e90d90f2bae942d1f51831dd0cad3e
SHA512 709d81d0612041e32019d7366ea36a3f69b8bdae2f2ef78c5e48fe545501ed74e7684b398299c48aa2b848a35f7c51268601fb0b0ebed08c78184d86c3997174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a76d303add92bb4_0

MD5 404983eb940350f8a31926a5a41b90f1
SHA1 fa4b7d5ffe540c122485f8f7adaaa675ce8dd04c
SHA256 e8dfa8024263a15d5484fc64753aa966e0091da45f126bcefa128282d929f1a5
SHA512 4d7acdb0dec46976bd89f56e0d0e9dfd860b2fce5bf83c4773c0005a5df0434e3fb2c7ee6c52ebe458006f33e8c09b67c6f7fb3959e42588ac5356729331977f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\395cd751464365fb_0

MD5 226c5e8b44854fc924693911f66a967d
SHA1 46d648e815db6c0bc898c036e995dd9dcbafe7f3
SHA256 451da0e5a2eadd7239c23997135043654556fbc9df2e7451729563a2e0822fc9
SHA512 f71bb23c2dc3f90572b1c6d32f44a54315fe31346518790b436f481ba5a5b8d38a0d63327fe5421ed16d621c3e19bf44cc273ac7ae50994fa93b1629afa92417

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\451170c3a768578d_0

MD5 b6eb693be5ecc8af1f231950714cc3f0
SHA1 ea40ef2a8f250c064f0525bea6cbce7a84c47387
SHA256 0d704d20ac62a695e54eef5c7405448b3bd8f3b6bb18a3fbf054cd081f425e9f
SHA512 3e89b0cb2adb9cde554687da08137cd65d7c61b25a02489d256d52cc20c21a8dcedabaccec0bec1bac47f4a49e8217335da1d08a1173c166482a0c0e200e6804

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0a61241278f6dd3691cd4da2dd6c767
SHA1 b3d52cdadcb96b9c4b62f4b18a48ed7d2f118e73
SHA256 9d62ceee587566ccc28d85db43b6fe67bef38bec0daa8847d04edd821bcb7ce4
SHA512 b1a1e632c93f2cf1c800badc4c499e9ccfb8abc6ab9aa71c36eb7d19815af65a3e51a11325e80531f7b459bc661b0dbe42130e5b3ebb5b547915ddb3746f1ea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d43b8c01aa6477d04605658d61859995
SHA1 18e3866318d61e0072c1495471d4406116f1ad87
SHA256 df4d512d1c6546c2245d3217d3f9ac3257d4d85bfd7e936fc60d90da8cd0f728
SHA512 73d1885e14d96d1397e2943fd06fc1a713c6269fc2e5a86f5bc8451c538886d2b48708483d03e7190aed06ea1a8fbbcd3dcd9597305c10829f1a3804fb2c6834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23bb41b1bf0814a5_0

MD5 fd2a61d755156f5059d2c235058e152f
SHA1 fa8da7701de2bde1cf111c8edd5514b9f52b8eee
SHA256 65bba5d2f3611bfb3e24182caed66c5baa62792fd0bfc4831b338c729a269d46
SHA512 7178fc295d8035ec9a1b45521d51075ef52f3e82911ac0a2035aef84b302613215948a5a919111bb053370aea8e52f3f363d3b3a6a7b848b6708833277e1c44a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d00ee6fdc5db6f6_0

MD5 ba926ced4c6489711965f43000863ccb
SHA1 f2871ebdcd0022edb2de908a07bde2d6d0ed9aac
SHA256 0884605e23d4f911e6268c58bd965f0e71145c29f0c3822bdea182dbdcc07719
SHA512 dd5d65f8a12c9ff7df20afb90445db0662f9a39c48f605354c32b94d14582eb5961255ee16c2e3515ab8bf034c5bb934d58aa151820ecccba095301941ec1337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fec95e34b9c456b_0

MD5 cc6f29c24dd93137f5a0ce762dd2bccf
SHA1 bc4350ff28b180b4676dde581ec6c1d5a0469a7c
SHA256 884e55b162c3e939112828edd88e34d70f48792442e1d5c995062510ef33d396
SHA512 d3c4b8b961bbd3ce8235b15c27bd600450d5e77630e2d05b05f8469936267d0cc721923c9f6eba71d1c6b0533469167ae05ffbfd63de86d145b19e5980253626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0de8c10d9c612138_0

MD5 61911f37f0302370c63be7df1f710f93
SHA1 2a56ac4b62aca27c7e83adb59f5719b4dce4d3ca
SHA256 3cc59e97a968e1b987c7363cb8f2d647c3948e1a832d4fc44e71b2962214a03c
SHA512 7019b99f110fb1a877a2ec514328474ee0f4d3846ed7bdab1aca4e94a61c7e1ca79859a69a314438d560b0180b62a791259983692fcdeb0cf854f3803975bff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b8cc77849d3cd80_0

MD5 afd6f375d652aa1cc00d7a7044fa634b
SHA1 a53b482b5a7f244ec513d3fd6d264141f0dd844b
SHA256 4e3d1845b3b138f6413d1931b762beb992cd4b2ea83c513e76096f28a756d898
SHA512 db4e920776e281d47d6b4b39a638567166a99d01690a5d7b8d261ec0adbda328abdcd30bc2b77d6801c3e40542ad3aafb266facf0e07627b650ff2aaa3dbbcbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\437445634e270822_0

MD5 2e4789b5d221e4cc913d4fe41f929664
SHA1 01b99d10c24dd82da280312f5159988488c78f2f
SHA256 0fd1a0e6733efb5fce6eb6db42b9c815a050a3a150ddb9e94015f2b06fa62658
SHA512 ef7d9db56584e5d61158ba7fbcab6002cfe8f08767d35ebdb18a241e575aebfd3f4cde24a82e6a48aae7d802198983d39fc58f99c56dbc929ac72eae6a50143e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2311af0fca936641_0

MD5 3c66303482ad0c6e7de78403f24c2738
SHA1 ed9645616b2d8071acbde84844c5ac4efbcce480
SHA256 9737d1240a231aa32513c994d59f42708d7c97bd1c59f6d7206700599c917811
SHA512 1df7f94f4db3033e7c04e2cf1f478f292ad63a0317a500fc25080a359c800c615fb7f1c33d44a32bb152b4bfcab578150795fab12bd592adf67919301cea87ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0344fd820bb6753b_0

MD5 0b27438a3906289dea87997fca949848
SHA1 91737df131cb759621e21c4e399aa0e075633340
SHA256 e5b844ef274f4d55e4879c4bacb7274f7f1857d398676343fa8674d1dfc5fdf8
SHA512 aad994a6d172e7b747b24d489e55a13e91f2c3292cbdc0f7e87f0f7dd88d7169a2c8f614cb3cd678b83b6bdab57ac4ddc31b8be41bb718508244b332c51bf25f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f61f0a2602bc914_0

MD5 285f4dbc8c0bdfa5facacbe4b56a857e
SHA1 12419eda80a2e943e4fc3f3ad43f4782c6c2de7f
SHA256 cd3c01f8f284030a6dd5bb14c0f1a3d815f8f6ba3a19e12b04adbd79837f187b
SHA512 9f8c8bc8fdd8602459bfe471d8dcac8684686e8ec4c1a13f3608ee5ba39851bef93928eee0119a89223a7c6ce29508d0efafe0ecbe3d69f24ffbe647ef38c0f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffdbe15aad5f0a0e_0

MD5 61ddcf260659e95451b0cfd65593442c
SHA1 69a8ebfe5eb814b83c99deeb481ad6129aeb5850
SHA256 06aaf72714fb3f983a8d7262dcd5510adf750b5ca9d0e893a986d759fe359f50
SHA512 a6e9685c11c61a680479c31768f7d99c70b79577b4f9611f378611384e51be2a7c6a9b331454f87d52974ed93236dd3df3d5edc829d950991b9196c3f3281225

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e388174f596eb0_0

MD5 51a2d1dc5eccbca9de15459f07735399
SHA1 ff7364216cf019e5d78fd99c203ff180130779df
SHA256 604a5444af8f6a6fa38085d130c34a97e6a0ce14c865b5dd59117f84a4de3da6
SHA512 35c5c983745f38e0ada9f2ab43987d75ef9933325a083e5d43533c20ee1171b6ceee9f5c4121c1b00efd54c7cda56ac40578515675fd01e6e3f6377e49397f13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bea4ab3650bee52_0

MD5 6dcbce1d18365c41ff29449ec5aa4786
SHA1 1e170973d61dc60535c6b50bc2ebeb89fe5bf97b
SHA256 e055a42b2bf4c6995e436b42a2b9c84a8fc49172614808bbd29a23ef35bce8d2
SHA512 7c2b9f5380d54acb5c024ef7cf1dbe32e35d00700fa9c2c2cbaf9298bb88f06e06fa1a6abb31c1d8d7ffeef1c7bb91cd756b21f6d802d73c362e5eba3d8c1707

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26069886e990cc46_0

MD5 eb96a3a691f5ec0a583ae44671e85eb4
SHA1 9dd6af56461225813d391aab73b287236d522f4b
SHA256 14421957e19b66128bb0c94921e85eb238894935d48083bdbc3b190a61a79405
SHA512 8eb451040b63b04fdd67d169091ef0b3cea0d73c8f171e1ac1299a7469b0f7026b7e629983d8462701d14019e912b3de3314c609dfb5f7244a56efcdb5d968a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8cea48702440e81_0

MD5 c87d442072168661126a06f580ba2a7e
SHA1 dd353a3d22046c6aedbaa0e74f9fdd03ff02a990
SHA256 9f27c3f0e9a5aa235e60c854c23b36f1645b5398dca0f94ca1126eb527fa5874
SHA512 5a3388b42fbfb93e021785e256e6c1ceb27ec8ca79e02481bfa248fd7066755a2de862a6bb00ef55982834708f8cf0cf487a1ebe0f5d64b3d1fcfae64bd182e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b3e0ce13da94924_0

MD5 a43e9ba66cd409c08a9af2a06686172a
SHA1 4d9aebb52e28f2fb0d8e28ef2ebf0d9b5093f48f
SHA256 7b558d90f4b52605452d2c6b28ab675d3b3bbe26c2fafaf58d0c9ba6b58c89d6
SHA512 7abd6cd6b95c45304c15081c21fa9c1912b0be55a60a99c40c1b0494843a84b8946dd08108e092cac407ce38bca4d437eab3218e3d8f7f42d76f14e75915d3ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47f3e0be7720a1ee_0

MD5 c99184f2652a261e5674a0e2d8e72c04
SHA1 0bf91fa4e1f86af77c5d208ef527e5435401583b
SHA256 45c3fb079dee92e82ab77c31881b66ef2ccd9127175be448c4224b6a510465bd
SHA512 2337a527e6a37832fa24cd7eea440f02da657b0cd0742f9681feb85c9374f795843025dae7feca19a22d03fae1df66c0a86d212d9f9a5a78e3966f0cf38a881e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef6ec442ba19a2cc_0

MD5 24a3447032bf16e4ad2298b7487df755
SHA1 ab34e4dfd1c368a4776c95d792b60b3ccf5886b8
SHA256 7c65dacdec1d0425fb3dc8d4071e8b1c3fb95a5f917d7a7367b45e58ac41a0a9
SHA512 5d0a6a7d6aa6840fca42b186cd1be0e90f10366af8e3fc71a5714a18c7ed063378a7b5eccdac803ee2104082660ad78979165870dce355195822e806182a2b00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce1059c478c2e6f2_0

MD5 4f40b43d8e882e2430def897798e7c5d
SHA1 a89a57b4dd31b5aed36f79092403767f236d4fe2
SHA256 0c66deb7aef77d0767e9ff705670d7cf31ca6f6fbbb423f8fce15c19cae0b892
SHA512 5aeeaadc8504a2c4e910fbd87f309bc9861c759f369c2de4b72667213860e423362fe4743ac6b11e7d7810fd8b9df38a31191a33474552c73124e136a200c13b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3552e3a94b35b185_0

MD5 9829c0a6660b9dac70838501f3deadeb
SHA1 fff8f709e4a98dc3a74b153907b2c55637cc3f7c
SHA256 dabd5e8cc639144089dda5c4cbf6dbef42bd50e3fabfcf51454dbecd32a861ab
SHA512 fd13cd1e42d576e90b9e6bbcf39e94df862386ec6a7a983611f70c146c0962b5063a9ba7d418065239be59df477315e8d10631fe2450cac2136d423a5bd82fb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2d10c35ae143851_0

MD5 ad4d43b94661a98d55906e5ad2ce25ec
SHA1 95d876fa36568c6b6079f8211223f68f6f44b103
SHA256 b2d1f66eef07e552f0a2d95894df97f29eecc45eba454f484062f55e1c2b1c63
SHA512 c738abddecd0973dbf045950e8dbbc512122c5cd0fa46e1a9d224ff410f91171eb0340a1de6dd2aa7979223be2546d1eea35411171f2b50e73add08b6d4a8cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68c3030e727497d7_0

MD5 4e7747ec6f31c0167945884a6c173b50
SHA1 5c8ced4b55a240b078fa0761397ffa78d419854a
SHA256 387b4c866ec46759a808a8f331e036b23440a34dce076cccb816accfa550bcfe
SHA512 6f02548ccfb2d7e0a2d3c8cda6a886370ace24fe9c3777b47df54daa0d00e0bab442ad68b62238bba074c4c118ac2d2c85760ba0c0f53145fc212805c4166519

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2d2b9ddaa1facb6_0

MD5 209608bb86f738509c43cc7dd36c7fff
SHA1 fce01275d6bfcd8741e39c2fb3b74972ef37d810
SHA256 1b1627b5615f6ad1c4988bee2e2120338c70583fefb528ce03410310b6f840f6
SHA512 de2fe018c6a0b0ca83913f7e03578b0f6a2d9822f5934925ebea2a896111cae64e166b87816b242c8b04af32fe9049b03c233eeaa5a9d220f82a235fdfd81107

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1335940a5a13f354_0

MD5 e8360ed8f55be45d3f027c65a9d64e21
SHA1 0ffc2c2acee7b45ee161ea4e232ae4dbda71cc26
SHA256 ecc66c16c9545bddb89de109c108cd84fd1aa38e0e0c474ebc7ec2762992893a
SHA512 e9f5c46146e8fceb4491e0d99c32541c52a9fbe96b6c5db004c11aa4c640eb47030655a156475b5691882189b1716f7ac96f55bd7d272640b44b5faacf37f1ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa0ba30e9dc345ae_0

MD5 0964b46459fc024fd7c38e292cb60ac9
SHA1 e32ad8afaa9f0be5e56ed48d0565cb7f01dea626
SHA256 dcf8553416f3c07c88f9fc657eddc698a52bc1b3a8d45cb3db6e909c3ad644d8
SHA512 a878a48197ea7e94aba32d59d75e2d21679d6a03ea26a9ca055dc263d9f0f77c1917db4b0a09ae62295ddc9380fa7d98e893ce4cb2dfb44109c886cc5b5bae3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b1c5eea508beb5c_0

MD5 13931f7bbc3ff33c207080bfff92d1d6
SHA1 26fc5a43ca4fba77139e3b710443cf9fe3f2b566
SHA256 313b96841b7da02927844cee5ecd32c15decc0a063fd6a6957c2dd3e2d7ea9bf
SHA512 fe11e7894cc6b052697a61d2317cb6a9d113ef0e0b40f8d0d99bf660d137bef574dbf8a5d955a42caa5311e65f972408b1fdea93e392adbad1e9a9d64fe86c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95e4d4088a582378_0

MD5 7c6cbb62a5005951ae6c2b11dd83ef7b
SHA1 75d7cc3561a931c66cdea51b37a6c12db48949f7
SHA256 e851788ec04e60232f1a53b5b525d771655d049ec434bb86e8521df0d3dcf0ed
SHA512 7dd0dae976215895fda87f569f2aad1a163f98d65aa7a051077f601708cdf34ed1ed16810dde29b7865d1cd6597f6f242ee3b5cb90caf611f623d5520f98454e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cdc67880c035c2e0_0

MD5 5a12f47c528458888291644cc59d9084
SHA1 4c5c42b134bdf10b90faf6c85de61375d94e383d
SHA256 deebc74b2733e3ed305146a0f55c9355f444c0fadae601682efd220901441f1d
SHA512 3680196578be78e2d19116e824eb8a746c8da223704dc7c7e04b48a8947ad95e673234983e19d13853fc115e9c4f2c473c3a4211cc27ec151fb44ff4d1ff80c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bbe961e1f9256b4_0

MD5 e3e0e9d73970d72f5eefcfbfe96e6f11
SHA1 53520658dd6773df273ca4cf8c905a879ff09ba5
SHA256 9745a8eb1371a6e30f1d67d1a49e49bcd68f9c5f686e342bced5385d7affc48e
SHA512 b4836650c7da196bac6135f98071c3a2ba9e81aac745539470fc3508fa32b8631c4eb466542243bdf611c31387d2e448911d282e9cb3cbd627f8ef1439b90b21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d0bcc513e0682a40_0

MD5 fea108c79ac067118c1acc0a25f8830c
SHA1 6f9a75979bd581d9efc23c07f7555a8aa965567a
SHA256 c85ed579afa242addb0c8e588bb33a55de37480b653b11b4ee64ab2321e49b05
SHA512 068e41b3b957b35f3e61c06d440bef322cd49f99158ae1c0a4cdd67f6d072c315290774cb0d912483f703a7d8f94a87a62cc51bcbde9aaa7cb58653de9a0b4b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1f4634f9cb46423_0

MD5 98fc6ace985b74104cf9a15f63eeb744
SHA1 6538a5e4113a86a7158e7cd4cf1cefa95876ee36
SHA256 94147fb9e24213aee31520741960f0cfb3784c9591ceaa67a786118457c16a06
SHA512 34a6f9e45a64889dd5349939c2f2da3b5537607ab9eb16c1855e1691edee103a14450a9eb9b275e77f86d87c2c121b77edd29763e7405373858b4af88e985886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4644b1197fc1e550_0

MD5 e6cbcbda2d7683ef38df0f7626c8e843
SHA1 cd01a84e2d7dea73c7bc7d89a1f48dad28affb1d
SHA256 3da0e8043bfefaf4dbfd7894e08057d376e0af92286ddbd09e5077e6e6605964
SHA512 6120957bb7bc34e7399bc8c288eb948c733d1fda76947b85e4ef2a163f4acd527f5bba732a26940c21c292a10048f99eff85112f033e20dedeeee760c66e2188

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37765bbf5ce52be4_0

MD5 b083731a15adaae15ea3eef851886a01
SHA1 e7dc8a592cdc12c1042f0f2bcc78c7200a81c212
SHA256 e02cf2c2d3636a0f71c1f3906e15eacd09b28a9ddda537e5b1cd4b9dceb00576
SHA512 a57cde338d2c4190117efdab365de33704a7d0f1c7fb6ea73729fb9619db6310d788dba9894d5e90b06afe433ab0dd8f06dc47b294e1450a9921d9a5a8f2fa31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f3149bc5e88249e_0

MD5 d865df1f7df97fe5f9980e6a0ed4f19e
SHA1 139e7add6164059ae38d3c6ab1064bc441ece0c4
SHA256 08af448d83ee7fb12c3d1a87744aef0767e19c216f7bf2c20b182393d8842dcd
SHA512 ee178a3e2bbab3f0eaa01a3ddd30bea07962519c3158b136edf28c6f85502c42c8be6d66a128bb6e8f6a4d30141c5066252cfa3cae055f37c5c4a54a37e9d7a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d252f20371953868_0

MD5 db95c3ad1267df80aa57a958a609421b
SHA1 99f0532e0258dde5e8f3974e8db2a688f3f1fab2
SHA256 8e6488db06a01da1757cde80672b6db96070e52b207c7a6c69bf69e7e1255818
SHA512 70a5af3645bef6ac5af7e784a51d8cbf135e1da3298d5011cfb6b540627e0d4bae9a167b4cbc0c3aa1ff24ec86ee39d6d43dcb6871fcba886d729fcee757429f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 c88f69b53606b96dff18c7924bf8bde3
SHA1 29fa7b32032ecb1564cb6627a9ec3148cea894b5
SHA256 1f7c691bd43a49b47ed23e255c411638953439fa83e5133356aab6e59fe0fb29
SHA512 0cc60147c4b0912a9105706e0112e12172679f43896a0ba66085224802bfc6d1b31d2fcfc744b41fd64e37f75183403dd20e0fe43066a60a452c59fd55b385e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 e529668d3aa5f8f348e27e6ef2b04212
SHA1 bb9875cf7a3db027e78fa28e18c718b3554eff60
SHA256 b42f812971f896d4d415df864066588e7f0a2b24d2e5c8078b333d9e7829d563
SHA512 cde1008c536ba2cd3e9b8e5470eb2d40c39af3f41b2acc7947810fdb7b640190630865839f830e889eed458a684c1c788fa3ec478ee3aec41eb88fc2ecb8837d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb152fd45d310867_0

MD5 cdf39ca3c0e6d5d07db9ff53a395d9ef
SHA1 749ed13f5fcab4ab874d632a0abbec947d4d6138
SHA256 bce4c73da2368521223bc62e19147f3b537eeac62c209f10a754434483439b51
SHA512 78be00fc79947f2e14bb724af49a28c4a5bdb594a03fb3f26c74a52d867ad6e96afdf301d80ab76729c4a30f0c6775d7e8433085f8f31e7a7c858ef7c277aca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\407e4f62b57c62d5_0

MD5 e376b39d10cb71b91b15f50d6a398d1e
SHA1 062f2749ef16329c60603111f813c8fb8fb19895
SHA256 5e63d2093c75e885846f95788db307d9e8b9a8e49afcc575f6d8041e58bd0217
SHA512 9edda6353a4d8157b57e44b6bbee9bf727eb71d0a08e8d47201197adf22abcab18e84caedb7703623e4414a4e5226892cea0a2eecd4910d016896b405d301066

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aacf7971e2e1c3e6_0

MD5 9c4e0f2909be2e06b7a0df54bd171f98
SHA1 fa6b704ce74a8b8bffe71873dd084689bc8df54a
SHA256 c260f226b59f22b47b9876bb705cc1ab6f2d26393c485f8750088534ffb3f092
SHA512 81bb4f659aa7ca9040bf1a08d5bf2eb736a1eed2e8392b32629b707cc754bd9e552c232aae1b44c559b067b5f30e4f34837821001c193caf6efae0451d47ea19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91e4ac03c4f64f79_0

MD5 a481a466bdc986ebc9dc330371d6a221
SHA1 13b4feb09c69c31571fb7cfc0296b70a1ea8732d
SHA256 186c6a53084352a1c5217f69e9059f410b2a15e9ceb15031243d0372fcd744ec
SHA512 1ff0cad7e74832ffb56a3f7dc1176c72874193c83c42729307f963831322f92740caf6353090a2686d183f95460da4e603d504c1b0307d4342f1e526943d995c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7dad7c8314a2dde_0

MD5 02b2c4423993709885f506e2b62599d0
SHA1 a7ff19c045bcdcebf17f63c7815d506a80b96fca
SHA256 38aa63f510504a9132a65be8296424d7b6f5efe470b8c2c2519908236e2e405e
SHA512 6c50741847160acc42a46f6df158430164ac256a2b8d771e8496b67caf09c4d14f82b02a5e0e0e54b90bbd71fff1bf4436e8166ba9a624fb6f54ef8d7579b4f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aab63d9783133eb1_0

MD5 604e96fc135494214f30bc6ce1e5b49b
SHA1 70ee455b0321e75bc1e3aec555386408ef2e9480
SHA256 d75a5606ffd82041e4837eff940ee093f2af70d9b875115fa5a68b2ecb883c36
SHA512 971e1f88a125f50a6c0542e65fb09601d198c1a36d0ba1f3964f65649c33d2d926842e571d74c508854195b564a9afd9e4a2815019c64231afe235787a0bf3da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44d49f9dff020a86_0

MD5 f84320eed2fc4e2d0964c9f1d6d001fe
SHA1 7617f4a9b6adb235308e9fec19a5b16a8cdcff45
SHA256 4adc70d269773aa86195ec36fe578094f93c7a1f9c68bb5f3c7ab271a6768cec
SHA512 39f9750170683077a376c26cfc4a8842a803200bbcac41fc96a2ebee23bfeb929da8b1679e5988e8ed0553869212648816995ca940eed576863a63fc29a662a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74f33820d1338b1a_0

MD5 580484ffda863cc66be597db644e28c3
SHA1 8e978c8641db7d9ca0d0283a88cc01009b5733a9
SHA256 27233bb2d76c9cf79a92e7637b78f422842dc36725e331e9d93cc3771519f5b8
SHA512 d72b1176d0fda97e37e566f7b59be01691c0920f43d9c2457ad85c5bf5ea8dd1b6592c8cefbd8a3811a30e7b3baf6b2f065ecccf030535adf2cb1c71de68221d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\642e92cf02934f40_0

MD5 eedfebf127bb46323e341d7682a4e739
SHA1 b9efffd9aca8c008c0a36de69e7bef44278e4a08
SHA256 e271ff9e9d3624cc511220e709614d5595d32d647d62beef21e8400f9d4c6488
SHA512 5ffd6269de74a10cde52dd221f2685ac712c784ba93c6ee75e6e72d34091856013f6e90d22f9526891a8d2dde43dcd61f1324829633bfda3352a8dd7c3a4064a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a2fbab3ebdc368c_0

MD5 549eb18a17ac283962987a7cf7f42830
SHA1 dfaa4669e4853c06d4a2d1ea46b014290d8d46ff
SHA256 1984e377559224b0542083dd6da9a3e07791f6d4cc53344e93600cb901e42cfe
SHA512 e219648361cb92a0f7279134231d6b9f8a44379d79c31b2cbdda35304e3bf5f58b702fde58f9702dee02ef3c9704a593e47f9740ac417745dbefe2519e441563

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\209320cddeeadcf8_0

MD5 fc8543c8c73fe624821c867779d3ce76
SHA1 4cd2782c85d17e8037df242622c86d3ea2b59c73
SHA256 2531a1cd01cb21a136af61881c148b63c0becae54647a2276f4b7fe94cf86b5e
SHA512 29c3c209846bdee26f4f9ed145980685670fea9a413901123737b18e4e4b72e789eca1ceefe8f16ed467be28c7f04087597a8581144d4b882f3480401d6c0ec8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d34e8d364ca71d6e_0

MD5 688553dd54cfff3a884c4f417dbf3393
SHA1 6d40dc55b4d18ed53ddbb1c89c2653aea93b9469
SHA256 d3fa3f7751696d837f150f7615c47ce060b29bf75617199baf982c5323c48177
SHA512 0a5b7eb613810b83d8ab0e14eba1f9a1287bf6e5a16adb96bebf633998dd1b926f11c7d71dc28260c9675947ef6d0899353420e779226063633d5126ea97942a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\231d80f54d2ec417_0

MD5 891aead03e2786e9a0e668e276c6cf8a
SHA1 f4093ef8546b443c955c2976cd6f2cbd3dbc9a38
SHA256 dbae3e80b4104bd5ee6a50b94ed0c20b21219981d10d3fd290d9e891e596c213
SHA512 01e51795a295854bc9de3ddcf25c1b0a80489bf662784afe10dffa9d09715ac1ca8e3270e6beecdd6829a3248fd80be9beca6525e074a9aff4a5928d64188324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca023838a5c184fccb0d8ddc76ddf7c3
SHA1 4a9fdde2eeeb8838067c7e4f634d314691dd6ff6
SHA256 19db98b764510a7e12ec6843e0b45f50c712f9a54bbed544c9bb9ed678d76183
SHA512 83e5792e34165e97156f15c12aba6880609c98ffad1272cc7b31ba2eca5d9dd3dab37ccfaea6f2592e476639f54dbcdc94595104f5bb635de167eb933b4ce399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 467170fb71d53045f32d3e346cf2200b
SHA1 113e3b2cfaf37a8eb666bf344f2916d39a4bece2
SHA256 5af71db7446526a203155c357903eb0fac86a6a52c85d271ddb8ed4d2e7e9ae3
SHA512 14a97c894b4781495c542c3e65438d48ea69e63df23e556f4e8be8c5be163a81c14634b45a23b5535599b7051a7d380563969980d86eadc2c64245c1bc152a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30bd719eb980b966_0

MD5 c47a9fc23281a5401d96a2ff81d87c98
SHA1 13cffbb4b470b71c179ad62b8aff3edbd171272e
SHA256 55d5fe66a623c9ebcb2becea565abe92134fd432ab0278c482c9383bc115f68d
SHA512 bd1d0e4a58199715df61b8e950d276c1c43791ab5f06a07bf378aea3e59e558e9847f5a52d140b10cd654eecea0a808c610faed7996d4ee03b294344e1b4030b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ee423b9adc2ca8c_0

MD5 1512b34d579752b2463d6d0ca88ebd14
SHA1 07defcb936973057f95a632dc44519e4f86381ba
SHA256 bd0a6ce1a85fb1497154a1fd356daf9002c73ef3feb26d2f27e51b804115c378
SHA512 bfef8f0eeeba1b81e478fa56ff059ba5309f4be5971c51c4213d5b59a6c72e2818c7bb6c6560a15ea13789373a0ca60e511b3e2db5dc2f05a00a4d27d2a4b698

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ffa675049b8ab13_0

MD5 d5ca18030d29fe07ffaebc167c924a16
SHA1 b206c2a3e8e732801b07f6b271013061954585ae
SHA256 0c64e28ccf81d048dc8a761e0df30090edf4a406180d267a4fa945bdb2ebf1e2
SHA512 73d9d7a664d93fe8473b22d4c84c78870fe1e06fd99517d661b7641f9585fa21d17ab7de26f6fdddaf29b8db5a3a7abbfda0ef538493ea2c8017c6e5ac4f8863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5cb2cccd7f63f317_0

MD5 c76c54e657a2bfa792ce46e9df172195
SHA1 2d8f35576c28ae2d9384710cde87524dbf38cb9c
SHA256 83e50b734ab2792954ec828f3ea7d4ab9b9dd4d187560f6d8786e5f2d2c822b9
SHA512 3d73b10b3d46ecea5378dcfc73ee7f3c3f58d978c965f14bfc1edcc4072dcbd8a934c36bd567f5ac4e0db440f080251b86ca8cd4e8145c7c8b4bb149dea67a9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b670c6791c122fe_0

MD5 208f44aab00ed879e1cbf558b0e0aff5
SHA1 155ef501c373f203776dbcc4cdf67c6d64ec8975
SHA256 2a08d3e94a41be1d4c591e8181e8182b0ebd0b526b56301b889a51033bb244f0
SHA512 7bd522de2f153775d95649cef60f16095f8371b5c38a29c1fb7997799dd52a5980e3edcf54f746a95e3b8fe2d0557204730fb29e496e42209146d3be265b9b07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\169980bfc955fd07_0

MD5 ae02b15d02900e9128ee16c6b9211966
SHA1 bb8a756d3df8e2c87f56bd804557fe7bc68491b9
SHA256 cec6e0517de6dc49106b75e0c10d0218df789de1c7cecb23cac1ad9b3e92a182
SHA512 96948a96adadbfd1cd139f165b3b67ad04cd4e04dca45f7ad603bc4fa905a420622594c622408de5ae82cf7acaaea61a60ad677a89a3c980bfc5bf1755f648da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a01bca4b3c20890fa707941fbf139de8
SHA1 2e35669b5e52bd271bed2a0668f8dae6a28a4a7a
SHA256 76cdc04deff711387313970df1b3922dff6411962e0adcd07aa66fbca50004ff
SHA512 de7d387019f491dcf83609caef6bdb2efa42a32df8b6453e0150b9b99a38916a662b34a59380ac4bd2801bca4204ba191ce3f520f1a4a6fd4f44303c49346e40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 12a043bffaa654134507c1c14f3d08a2
SHA1 536533ad0095e3cff90a000ff41f1ba36fd7d51f
SHA256 1391b609b6da407db8a60ee30d9077849dede22817c840b5da0161a04fd569c1
SHA512 58902737fc3d54d4acb175f0616c129297ce876ace033af36411114cad204169397ff76c591cda4453f1dd5d1d28e1e3bc1666772e41b8361e11f21b19bf53ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 469034baeedf74d5e11e8b9d076e007e
SHA1 15df9f0c824fff6567ec956c18e4e80a46ee9d4e
SHA256 2ea31694dcb47b3deae928db26e81a25f23aac24da2ebe151490b8c0ec0d802e
SHA512 42d43dddf08cde67ae53ae56f93a8ce2c6107e7eaf9578f6880992c83ce2a9f983acda000672f578d02439d2a96c5a617b436857cd0db7651912f8e07c88557c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b163b150e9f2cfdc_0

MD5 ac1cc8ed3a1edb9f8038960d3fc5e926
SHA1 78eacb103306fc75884e8e593ebe0fe9f1bf7113
SHA256 e74dfbd3a5952c631858f48eeff2b5cd1c344f00353205b8677f519f4ce1f3ac
SHA512 0e20797e66d1c9fcb13c7637a4d647525a4fc76c9010bda55a1d600f24b8c4d88a5024fc2543d563ab7e57cddc64528d9004b306f374e2c11f25441bcc387309

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2faf3c6e4c4f195_0

MD5 48a17aa1a864d1d4677d106319d6e082
SHA1 a76a16d6abc006b28bcd2ae9ad05a1441cb4ef6d
SHA256 5d5bfe0a02686c92bddabc1767ad89882f7665a99379b5311495a9520ae1fcb8
SHA512 7f83c1aa5bbcff9cdee05136b024c204175c4a8c4c00100303057912ad3752a9e0a8b0943c74b79c610e6760319fe84022de9ab2ef6eaa297472efa352dfa0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e62dede2e0e01b60_0

MD5 38a582760fb985c94b6db45e7e3dbaa3
SHA1 bf783bff731c67279ca7955ab6e5a83bb9d7da30
SHA256 de4110069be453ea6f79f7022692cfba485e700f44c688ea67e6c8b7a3455042
SHA512 c1de7b85b6e0d2b53e7f7324b05833e0848fa2502c07bd65f09df77687a12ab21df60c39104862eaf314201fe62cfb16775c042e9823ef6da775d3224aa0980f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec4db310980d8cb8_0

MD5 662cf2ebc4ad0c733c1f8eafa4bb7ac4
SHA1 ae5717f6c9dc6414a758cad32c228b19329acd6e
SHA256 ad43ea159b432b61ff328612c60daf9783db194321108cb30440bd28e9434c6f
SHA512 e3b6c8072c26059898f6aa95637622225c1be1633662ed6e78ab3733f026d81f88acb0746d40d6a8e5958f2fde5791912e54fd8a044ba0b79a2822a155efe720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\669f768dac0cfcfe_0

MD5 c82b6f9082d770abdd98a43c1849181c
SHA1 dc5222bd99da17c491603c5c4cfc723899e877b6
SHA256 d19d0b77443e73c0b6c10e4f7a244fd59482f9bf257e94302247b2830deeaf12
SHA512 bbd8de63bfd31f2714225695af893df58aa73e9a8e21a9d3c7d26ef86a76265f999e3a21bdcb10411bbeaaaed5eb64b721a33bbe7358945ed7f2cb2eace91ea6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\770e1e24b17c80e0_0

MD5 12d309449f0545735ab5dd754b74b273
SHA1 d607c0725577f35c0cec0014a7806bbedebb3d0c
SHA256 db09e34df98834d2e5c97f538fa8386c549b301ac85a51a41c3d0a385f8795fa
SHA512 78729364a5cc400b9abdfdb7c72846602eab9c9c36ef7e7b4cd81646143e80ac1019687f00b08aff741a17b8d2beed5cc4ea9ab2abe9079dfd7b688d803b78e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42e1b451617cf754_0

MD5 919d0b22302a3aeb77045193b8c7ab24
SHA1 22916ab2c33e3ee9b633ddab07da0c1e15781b22
SHA256 a2edc41a0039c8dc8bb7f995039f617a571ab61ee100edad099376e0c9b92da9
SHA512 915e220f751f8a1e04e9f7564eef9f301e0af30b6cbba31ce60db62c31ff29eab37893a4d6a7b595b3d8f80de10ee4041b814a2bd4f3c3657b130b80f9dc4b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7d49fe0407a2b1c8e33a2ce13ee073ee
SHA1 ad2a068fa3ee5602c6a19aa871ccdc276cd23b13
SHA256 413b00cd88f56fb098d127745dfe624b312bb7ea001e8ced56aad5973fcf34d2
SHA512 95f972a9660206c381052cba4c7e387b1be6576218c639d627e10c66406ffce21166a4e3e0c6acf6535f39a26b7f8569cdddbb159d43b81e9f5688957260774f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

MD5 e14ad681d304516efa040a1b85a74c70
SHA1 65245d9bee3ab13cc48cb5d67f0e5d637487a0e2
SHA256 f964ef506e7683684d06ee19a7352f2ce84235fb7a7e51210185506bbba08767
SHA512 52e1ac2bd88f163fb468e2cfc07886bafdad4263b2f306eeebcb15e9cb84ad5ae1b356a3dfa83024f1b1e066ec6fc4776e2d8f54a6d73250263d5a3d8894c518

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 199ee646d5200dca0cc49af377f6eb61
SHA1 5234db91f8d3140df56edc8fe8d6956e05ca1842
SHA256 404d6421d73b876ef746e2ee3346537c309a4721ae2c4212c6964b2bd16a4a6f
SHA512 b8f8f698f8ecbbb1e7d73b433aea2a2e003fbae894c555a6037835724c852b386d4b0581447aaa8e6c6f95598414ec601e88c6bab2c0165e8815463a68ff7e68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad97b4eb7c78c8446d3e34ddf005d045
SHA1 d5ac07a963cacf837757a8cf24064979fc10d2ab
SHA256 aa840d2635fcc3899ae4b951ddc81fc24aaaa3de5aa32947553e36e8ea183a00
SHA512 a7de139803e87f24acd277d841e8467aba994eb0712b3fd54272ec6c779a754dea51b42cb5cb4e82fd4ce87b3d5802152cd0b52c3d6e8af26ccc434bba72b60b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 329adf9b8b61c0a784133a1ed7bcb965
SHA1 f76538716a2f55b0fb5dfc6c596f12411b8ee582
SHA256 c61634a359918dd543cadeac0a73a714723e90902335c75fdd59008d89a7386c
SHA512 af1b023f9c1e67b9ccc094bfa46cf66e8009f80f9d1f231c6e5716aebaa2aab7d800eba64ada5b8b9dccdcbb31a207e4a4be19db1b0c41d77f65149e2899942f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b10ab8034648fbf791e45c39609df977
SHA1 14795dc1535ada00c123b112433a606a2864cf43
SHA256 46dc3951e4777809f79d12f7943522458e7356dd71571a8f1f2fe36ded46137a
SHA512 2d503ee7655f2b085bc413475ba2df19b3b8ca834da42e71c645f035d2fbdfd4f07f4fcfda6f62f62ba85d07806e65421118af1ed5cd217f673f696e2175cde0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 897136c1ec0532faa3715fb7cfaab41c
SHA1 5e486e296c237d1995c23e9213e79a5e9870bbe7
SHA256 a37d8df3253bafc73523ff9551c1686b6ef71e6393f1017bcc95aacf2f48a193
SHA512 2bd9647f58b661511c6ff6ef0cab1af3cc2a5927a6700c415214e5169f643e0fb102e68b8babab3d285b860cb1ac760d1594228ef4162394bee7451236177db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5f58beb11e85609f0adc1fcfe2b6fcab
SHA1 e11dec05615cb9f1ee6792a2242df6bc2e0a447c
SHA256 fc823e1e893856c18d9e9f70d186ca8ad91b73dc0d81f8a2d2af93199adf025d
SHA512 165fbfd1bbba7573a7ba16ba793e04817e2de6abe386fda6b7f58e3d7a14f32903adeed6f03146620c9d2530e28a59c21d6b8d531fb89b26380478a6ca260152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82bbd5cd0501075a_0

MD5 cf7ae2c8281d19512ef962858b362462
SHA1 78b218ab8c57c73bb69e45a83ec9ee4e5e99c879
SHA256 65b4f661d4f6cdf5ba097a40bc0b811bb8416e6a00906a7b7aa1a3752ab08c1d
SHA512 0c5e77e68d7f4eea62e1f01c9bb6d584f84b63e35a9382694c405805091ccb452a160e87a97d52b986e013fe7b49ecfe752512619ac1bc3ac1d6cfd28eb01396

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 70e5c694785426e4886a38d177ea59a2
SHA1 7fc632de10d518c9e463d14a5d92f1df48192812
SHA256 d8572fe3a5f5de2e00b56738e16a056a56026ae91ebabd5c3b83dd8347f03dfa
SHA512 7fbf6b0ed16f9a6de88b72cd687b805a9f5f151b5f0d584f4fe307e8e0d326d7efac73cdc9cf6c307ec7ba92b745628c21b28281072121e0d88c6535dee406fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a84ae686f0e5a128777d4d4f01cfd374
SHA1 269af0545b3e3b7775836165b11e50c85f32d993
SHA256 ab74d9ba5e28f9f48de52c2a3461bd4ab6f8222d854142abbae024af29972b39
SHA512 d519594cf316a90af098f0bcef0051625ae1b71594c44ef7fa083ddb49e64483eb2132595b60330f242ebac8b481d98f99d2774a0754c7648bbde12568182386

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b1128e4da9719fae3e44099b7cdcaf16
SHA1 4612af1c3a1067d52c2a8bf9be0759b87355ddbd
SHA256 0e3fd9d94d7aa8837a66deebbbea1ae4f9eb95fb0bb70c90bcb405f5ead95848
SHA512 fd084b801f88e01c135e005ea0ed2bed014f3d454ed917c727710e6da112c113246637361a19a18f6cf3de05fcd7ab3b7bbe0e61652ae829c72b0811f0221b0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b342244409a7f5b_0

MD5 dcbcc83c82c75144362936e97f94a927
SHA1 eaf309f9991591cdba50197fe51a9c9e7afc8f40
SHA256 27656cf5e9be5cd366f9bb017d61a9774ef3eec990f7f3745246137dd06699ca
SHA512 0efc5ab4616d8fe2b50cf3ad436804a5c3d963601865b6314d943782fa905965ddd45c36b80671cd0226a9441b5fbde8d1d6e91c7d3cab0c70686e163f235627

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\939a05e3918f8454_0

MD5 75d402b79944a9a6bb65b6ebf0a04134
SHA1 6bb81b5faf2c50c247ac7706d08b3649b6d488fa
SHA256 a3d05614d636f821fcaae96d53f5debd9a0184a959f195a1b6ef81684d205bc3
SHA512 ee0b5c23a05bde1762e5f1b330e294f9489ddc31ffd99601864622114ac0f3f8a2ad7d524711f078d398daa658c0feee3ca5e4738bad24929228abfd37371740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db7fd30066ffeb912b06e3f0fff28ebe
SHA1 23368692745696dbadc200c539bce62cb3360f12
SHA256 d3e006c8a6402b8dd1a190ee627259b1f11f33a097d8714e973ee0fb1bac6faa
SHA512 8d5615d34bb324387540a3a1b09c83371eb61cc6f0e3f894247c1bcde4034061e09896f8b1eff37f51100819ee05fc59edf312cdd2ae9f5fdcc8a12088c86b84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 243e08947bc8af74d24fb34eb4fba4ce
SHA1 0565e67d23f582ab425f9614d0a48070caa44d0b
SHA256 dcef83ba622bc052ddcfe63ddb7e4442e7dbd6948364a3001bbadf3ef924f39e
SHA512 96072c3d2730486c91e31959aab2862c61a1288f7d24da2d23618596f81eb649d559f8afea5db15dba30056d50eb5735df6608b384c53fdd399c748ffbd9f644

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e92a0a6ec1e8d62c61d27da04e770f76
SHA1 4334b92a97a44d4f3310683f0933c768f8a9eb19
SHA256 9870a26bb857e3bb9448350cfce45743daf5acebe27ae4a34eb859f2b412568b
SHA512 7a38abdc02991cc45e2074212c06b7540fd08c76a108adbc84c93ad73d365deaff9f3fa54f22b377ba8628bf38ae8c3ce989dc56700869964c50a4c938ac7bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ace01e8d81fa3df7d3105874c3fc066
SHA1 1e6db44a3c7b8aa5fff9132a01cca05f68c61d8f
SHA256 79d273713ac9278e73338486c0ad5f947c2b618debf2ba5db1cfbdc07a63a95f
SHA512 a546fef1c8c7c50fbdf2b7b2b0f4b509f33d6b88fe2fe52b61c6c75df62f8bdd29fccbe1e179def31449fc915bda7fe3dc0652441b1d8b52a2b74d52ab01ff4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 61645f4a862c957db27faf33a7c62380
SHA1 e4085bf7cedfd12d39d7af21a7404d403f7f4f5c
SHA256 74afd7ba15ea00573651233df4298252fbec9b4eb75abe4a692d1792038884d5
SHA512 d275ae4abc84b6609825dc840537f9833a34a2e4c764b9ab74aa3362147fad210dbf259b4b58094ff8dee6b91d7b8a43767500e32a44af649990335331202eeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 25fd6dbdc683fb1d859d8f39b7477c06
SHA1 683ffbe343a6929637d086abe81f0bce43fb34e1
SHA256 e59aea5399237961c8f53505410dd75c3e9c9cc1d0b226e6eb49b0927db2f76a
SHA512 132065435f71c6ee419736722542151244300288cfa094d4427958ff0fb3d974053396c9e5b39dc29c52ad541675a0b71344102e06f554dbb410f5948dedfa93

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 f1566337c7426e2d687a79875326bfef
SHA1 497592cd21ebe442393e9356fd463592bd701747
SHA256 813b1b7f08626fb30b18f3fa1bf06e262063766f004184a58ddfedef172af502
SHA512 6958af259fdb732c80892a9cafd371246e717a2c3f2f97f3e041f56e42e2321b902f911bc1eeb5f53b306fadabdefb02cdcc32cb89f2b7f611b9b4914f1f756f

memory/1660-2746-0x00007FFF24BD0000-0x00007FFF24C04000-memory.dmp

memory/1660-2745-0x00007FF6F0CC0000-0x00007FF6F0DB8000-memory.dmp

memory/1660-2747-0x00007FFF11970000-0x00007FFF11C26000-memory.dmp

memory/1660-2748-0x00007FFF106B0000-0x00007FFF11760000-memory.dmp

memory/4216-2758-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4216-2759-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2128-2760-0x000002298A330000-0x000002298B324000-memory.dmp

memory/2128-2761-0x00000229A5940000-0x00000229A6ECE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4cdd7ec5a4d7406b41428e2acca49210
SHA1 235b1b75ff09517a741975d3232be98446e1d24c
SHA256 74eb2b187804790ed24fa4742e4aa71451dc90bbc10ca34ccf0ef12fb9fcc395
SHA512 1dfde358c3f246e87eb15f8a53ba51618d8ef54de2cc05c91e978819433a245f3558691529fcf7e8ecc8047f4921259b9b50b9358851e679766a4e1f303f804a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa88c70407271031056e00973b92a2c4
SHA1 07547f04b3c2601ca368343fe4b9d6de467e655b
SHA256 a755e0b03a82a18b08874f1eca13b6fcf71ca4769a8a04d6e1638c3b0bea39fe
SHA512 59842e8814d41bd78bc59eafaa0a8308e483e85db54b3bb0218cb3a35c944736faa5f5bbc22c79e827442599f8b44dabf643a45b29b88a392e87f6d5a702389e

memory/2596-3081-0x0000000000AC0000-0x0000000000B2E000-memory.dmp