Analysis Overview
Threat Level: Likely malicious
The file http://github.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
NTFS ADS
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-03 16:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-03 16:22
Reported
2024-08-03 16:32
Platform
win10v2004-20240802-en
Max time kernel
595s
Max time network
592s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MATRIXCODE.BAT | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ApplicationUpdater.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WindowsBSOD-x64.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\System32\mspaint.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ApplicationUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\winhlp32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874385" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{D9769387-E86E-4CC7-958D-74489D1D4779} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" | C:\Windows\explorer.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 637375.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 545694.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 126096.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 67521.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 287779.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 646555.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\WindowsBSOD-x64.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\App.bomber.bat" "
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xbc,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Windows\system32\cmd.exe
cmd
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\control.exe
C:\Windows\system32\control.exe
C:\Windows\system32\write.exe
C:\Windows\system32\write.exe
C:\Windows\winhlp32.exe
C:\Windows\winhlp32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528881
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1
C:\Windows\system32\cmd.exe
cmd
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2466047528398516480,7325777944499974448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
C:\Users\Admin\Downloads\MATRIXCODE.BAT
"C:\Users\Admin\Downloads\MATRIXCODE.BAT"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 772
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\ApplicationUpdater.exe
"C:\Users\Admin\Downloads\ApplicationUpdater.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\virus2.bat" "
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9360216174921101486,14026292185758109451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 /prefetch:8
C:\Users\Admin\Downloads\WindowsBSOD-x64.exe
"C:\Users\Admin\Downloads\WindowsBSOD-x64.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| GB | 95.100.244.112:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | support.content.office.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 13.89.179.13:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.97.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.28.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 13.89.179.13:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| GB | 2.22.97.219:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 2.18.109.131:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 2.16.167.184:443 | metadata.templates.cdn.office.net | tcp |
| GB | 2.16.167.184:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 184.167.16.2.in-addr.arpa | udp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 57.28.101.95.in-addr.arpa | udp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 95.101.28.57:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
| GB | 184.28.176.10:443 | www.bing.com | tcp |
| GB | 184.28.176.10:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 10.176.28.184.in-addr.arpa | udp |
| GB | 184.28.176.10:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| GB | 184.28.176.104:443 | th.bing.com | tcp |
| GB | 184.28.176.104:443 | th.bing.com | tcp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 104.176.28.184.in-addr.arpa | udp |
| GB | 184.28.176.104:443 | th.bing.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| GB | 184.28.176.10:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.28.176.82:443 | r.bing.com | udp |
| GB | 184.28.176.104:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 82.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 184.28.176.10:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.28.176.104:443 | r.bing.com | udp |
| GB | 184.28.176.82:443 | r.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 184.28.176.82:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9569e123772ae290f9bac07e0d31748 |
| SHA1 | 5806ed9b301d4178a959b26d7b7ccf2c0abc6741 |
| SHA256 | 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b |
| SHA512 | cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eeaa8087eba2f63f31e599f6a7b46ef4 |
| SHA1 | f639519deee0766a39cfe258d2ac48e3a9d5ac03 |
| SHA256 | 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9 |
| SHA512 | eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55d90275aa2f586fa2a23a408608a629 |
| SHA1 | b9408fdb1fa422740d4be26e5598466e9df09945 |
| SHA256 | 2d61b9f839af42e9687f0e45e6b6a59fdc14c3de0a0f4c936fdc85bd804ecf36 |
| SHA512 | f74a421c7decc158ea0dd50d467d1a30d15837f0c44fb97c5d45b7d507b9f8897f13c8e50058d519fc0d2fc607d6f4aaa766297f53ab1bf83015995c3256922f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3f1222f03306b1bdaafde47874eb85ab |
| SHA1 | 0bfd8a071b9cde0ece38efeba1cb378aa8604728 |
| SHA256 | b66be65e25c7b8dcbabfd8b1765efcc9889fbdf6a06b8eeb3360a1fc26aab3db |
| SHA512 | a6619381bf2ec9f92e8435cd9aff960735d2f5c623272c0321264bd83cd958279f4e0a9c44a98b5238105cbc185c20ca8e07ae890700385def7faa1f5c7778d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63568e4ef2c7b4dca74f8c936e9b0c98 |
| SHA1 | 0880a4dc16b839b66cc27db23aa7cfe25b2612ce |
| SHA256 | c5d5a07440bd2a6c13d771a6c5a9d7770012521750137c84c4411f5cd10499e8 |
| SHA512 | 30006c67dcfb9968ebd403d25ce5a8f454fa61fe6cfa8fc2731526956ee79f1ec7912b70f64495b09164dd5405f616c1e384a0cc5e05fd3606822597a27010ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a42ad155fe3e19d32945217cdc578e06 |
| SHA1 | 516cec0b89f10aec230c5e4d34930429814ffd4b |
| SHA256 | 7b9e82c5a5607989958a0f48fcd19749e98fbcd0e3bf3e4770f28e5fa72885d5 |
| SHA512 | 74b3108bd1e74eaee14e585ff42f8e369b629273e8a9e5cafd280edd323923db19d813b16c0b10ca58ebf291d816274ac691c641fc6d6571793be9ffb27d5970 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d57.TMP
| MD5 | 8aba407d192a0afbaa58d3cfce15b609 |
| SHA1 | b0b62ed42459e2ee4f470ae7c93cacc1888bfb3e |
| SHA256 | 699ddeba2af4e735821b56cf7d3d31ca85a25ffa05d6c06ca38269310b5f2cd2 |
| SHA512 | d32edc45b3a29c360a32078219cd1a9efd5923dadfd5e89095e1ed5a616ef5247f21050c38735ad9972a123420baad304f808fa72eac3b5c8119389cf27770d0 |
C:\Users\Admin\Downloads\Unconfirmed 67521.crdownload
| MD5 | 3346d6e055c976e6d6c1af4d378a9e01 |
| SHA1 | 5be39f92e18d665c32e2f066830719dbc7550946 |
| SHA256 | c9389ef68fedc3a2eb7f4dd7fbe9b7ec365963863d49a75ccbbcdfd6c0c4bd04 |
| SHA512 | 75025f158bcca5fff71ebd246b358e9e712a91d5abdba7a2359c152b7b915c86157b2e55ce0e04dcd00231eaccdbef79e3fec19b1b0e8ed317021e38779a152f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 05e5791e076a6a5c0abe3585ddac063f |
| SHA1 | ac9cee64daec988b6b124eb0ae0b641289c10bc1 |
| SHA256 | aa50b1d8a3fa504b63bd141975b1683fde7cdf3ca1a36e3b45e62c77891916ee |
| SHA512 | c0cd2a29010b2fee9c2b6b30430815684e805509feb17f2aaf4762c3352d488a42a914b5e95b616e3c318443a2d4697f6a2c469df2baacdeb6da8bab144e9979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 285aff0fc8be2c508003555d5a531513 |
| SHA1 | 2f54c308a4f9084221ed060c5ffc663551b377df |
| SHA256 | f0d450184989991fce90e7d0afe53b68ef9722fcac049185e0d862f0761ad6fe |
| SHA512 | 653c95ef5699ff00c306e89d9bafb34854093cc44ce7a084a18ae4bfae43c663eb450d2c5ffc95dd30e70bd8b913e90776f7ea0fbf0787da73899dd4990089c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7117a9af0bf2bba9366f270517842915 |
| SHA1 | 853ad2f899ea021aee83ca544257e9690b9edaf4 |
| SHA256 | f7b421e2597b493529037cb584e61cd6754fd2cecb4f45b6d8a7a6f6f4ad2368 |
| SHA512 | d0d0e873c9bc079f9db193d72da44898d433ce1629435293d3d3479f2dcdaa047da4ba3a536a448ec071947010e72b54306ba01abf399da6aed30116b78a1e52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 3cd900c4e12e5964cfa09b27ae67616f |
| SHA1 | a824ec18ce51bf1c7775e16a2f9a20160173488a |
| SHA256 | e8c2b55f8d9b81de5ea8dca9633e1543dc0f39f572ff95bab36d2355d551e20f |
| SHA512 | 972cc9009aa96e1bb7ce023ec826a9a00947e45781d00e7e977b7951052398f6b8f70599cb9b147dfcb0de77205706c43e7cabbc48ce9e2a434983121760747c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e5e8d183717254a79cc3ad9a3a221302 |
| SHA1 | 5922b96e154ec01053bcb21b9808725542d11351 |
| SHA256 | 37207ed645ab6e5458003ef5bc321217bc99dc8a8fa48442c71f6596435d827d |
| SHA512 | 0afa3d11cac494e71cd62d09240551ce203db1f01bb4f417090697e7bb79e1e2633864fec9f1efa350ed30da49c16a7f2d1b9a02d56474c0a0fb9f62701b8fa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9cb9218f0f96a76b0a81f7d5af6c2a3b |
| SHA1 | bb0c2ff23500fc62299ad72fd57a328810ecad46 |
| SHA256 | d1244dbce5f329b3c0448d2cd5c576d37ec5b664b56ff9c245152ce0dee622a4 |
| SHA512 | e6fa6446f9ecd815c380287278fd30b96267be0498d7da226e602c708fea92876c128255a24623d922d6eb1cd3b1b8a136129c32defefb27c5b14da8e0879a25 |
memory/5444-484-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5444-486-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5444-485-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5444-488-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5444-487-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5444-494-0x00007FFC1F7C0000-0x00007FFC1F7D0000-memory.dmp
memory/5444-495-0x00007FFC1F7C0000-0x00007FFC1F7D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 3c679448e61aba8092eeb953c849022c |
| SHA1 | b1e91e2d212470ed2d7663cdae92969d2f7ef74a |
| SHA256 | ef35e9df689e7f495c2449763e65105beab1706408b5a8a45aa41afe15d1fa6a |
| SHA512 | 28a404e84d04b62a2375517b42ec61621b878282a893429d1a9720742c1e69312ded4571935d19de6cddd2bf58716dfbaf17b2643e576fb7121c7455e5c5f819 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
| MD5 | 1b6a167b7072e73784e3ef0de76f1120 |
| SHA1 | 5879c6f1e6b50ce814f4aeb16c202607e4a38ca4 |
| SHA256 | bc22422966e0b8f8312b3f9724853eccc787804c91e8546beb8b0a01d69f6193 |
| SHA512 | 850e00a7b7d2dc37627de9cd2971b93f7a05a11c05afadcd7950eca6e927846dc616ec8193dcc8fdb0280792fe9fb540fb8200cb74505bd60af81be1fa1e497c |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
| MD5 | 6ffa8e751d7b24d504660ef08b96df2f |
| SHA1 | a7688080739792ffb613e531e50d35813f7abb85 |
| SHA256 | a2bf82e1a74fc72682d2ec00e98e8e7881d4cf2e920f0cf3fa19a5b557149b46 |
| SHA512 | 50db639d6503079bed15b830501b5a1c2ac866913282565b00cf68e9a7d6269b36d9088cdca9562564a7409288a7e3c818eaa9ca9bb63631e8ba3307d9660597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 271481e23edb59812f6cd6f812619860 |
| SHA1 | 008148deb9a47ffb61b010c4341685343ffc59e7 |
| SHA256 | f44a4587d8a79e6ed053c91ca6d48b3a1ac32b9baa57c75ec5b2e410e123aced |
| SHA512 | 40d26c28cbef583d0cfcca1e74421838074d656cbeed0eb235a291b675db7afd1915d83a05aa86a030fe2a86f8da038505c8fac17745996b1eae88b3dd8346cf |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 0c4098d0139bbd526f4de57d157b0593 |
| SHA1 | 260768d9720c868a79085918e8da7bc3737028c5 |
| SHA256 | 42a4c001351d2a66c5ba2c676004faf4840fc48c93d7632b2420aed7ba8c66e7 |
| SHA512 | 31877dea6c0a5ed3a58bb5b7a1d5429cf25a51473cc2679e3bd61c57320dd9dccadcf7e483d7d1dba5633e5ad2df579f572a3396caa686aec5c0b41798689d19 |
C:\Users\Admin\AppData\Local\Temp\03CB5FD.tmp
| MD5 | 23342821dbcd0382acdc1b15d226442b |
| SHA1 | 4c5406c98d084855be022f79ba69fc00d32a6799 |
| SHA256 | 508ac09488a489a1a51b11c85a7a3ff5b8af403b2d0ea2f1270077583ef5b5d5 |
| SHA512 | 45dbd50c5d25a0c2937548025f178d80f5b66400e985b333654781209db0ca682e411b076e556aba562e95bab053fb2649860a42d96a3c3dd8c2892713d35d64 |
memory/5576-636-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5576-635-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5576-634-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
memory/5576-633-0x00007FFC21D50000-0x00007FFC21D60000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 85fc1e5b54675ab8f5e9aa8758a2bc07 |
| SHA1 | d60be166f81bfe4e7d3f58b2b80e3e4af8bf5b26 |
| SHA256 | d7074290818d34cc24a40d6db2933d0843f310b445a6d4d0999040a415b25f6f |
| SHA512 | 011ff75f53fb557e9a114e8b3d21fcf204b3bbf04d726c19398623bd855b055842325a43c7a5a4cbac1b413b7433f08329edaf98460c2119e2a09891488eba2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 9196e81f8ed7f223d765423c1f9bc8a7 |
| SHA1 | 88f9d5c2a6908cf36b8daae803578ca9e1fd2929 |
| SHA256 | a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe |
| SHA512 | e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | e3fff76e76fca5045aba3184f9e242b5 |
| SHA1 | 474f16c68c475375a03b6f8eca9dc68fdf925b56 |
| SHA256 | 44715d222a790b28ef723457564c7160297cdc2c8ac5ad55801b764c9566caf6 |
| SHA512 | fdf510ce4a33ae264437009c82e938b0ed3fce8b02ebb8c018153ddcfc4511d5f65f00dc0dfe09482aee1a3f76e0873d5aac23e7dd40aeb053e419b1cb582ce3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | a5872638c5169b68a6286607917466a9 |
| SHA1 | f331d15d00aeb957e295a32ad84032a61a67f31f |
| SHA256 | f3641a320a56174b560b1b5a2e5d9af26662830fa1aae21b4fe35104db957187 |
| SHA512 | 2614d0fa8c019120dd97b6a11b0f8c03f6700b4a3662e0ae8edddbc0dcf643c6538ba5957f0810780f437f930a4b26228d2e00f8b7f0f5c1b0ade0a745131516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 01a815f69f87bfdc3c02d9bfb4731e2e |
| SHA1 | bed2f558cffb34e51f1d70513adc2dfc74af0ccd |
| SHA256 | 216be4b56ac0c2d9ac8923ff4870fde36d91328a9974d94959444c9ed6cdc6fa |
| SHA512 | a8deec491a7c3e2d5798994df60584cd69c3064409be37b68eff704c81caee8207f43daab592ebe73a644482d3daad681e1c7c4ef9a08c25c7fc6a0777c9ead5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 66bfe390b6a6874ff84fc45799166e25 |
| SHA1 | 0a4bd30e2106d6e57ef9d234394c75dc4ead6bc1 |
| SHA256 | 717839367693a90b1b9151d8b3e4df18dc3fc5e5b7ec8952c2a22f76d9b4535f |
| SHA512 | 92d65f853abac12cc20a1b34c8405893135653bf2e2cf6c292b5328eb3e93c9a7b680bf2534af8d5fa522a24afef32a04527e84cf31a288362378f0e2c509a47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 88749b8058f99835f5a6b87fcc9ceda1 |
| SHA1 | a491726e067475e187e270d4469a96e016bd30a7 |
| SHA256 | f447d199f99f6ec55b5308b737a69f384032d3d0c1d05fbc41782aa50eceb92c |
| SHA512 | d595cc3e4220cb879389138d34b2dfbc9dc40ea5e83a81944fa73cbdfbbfc70d53285f8a11ceb921f55c7171efb4a1242ae1819f0a505c0eca06772357b2af65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | e465f101f881b07ccfbb55d51d18135f |
| SHA1 | 0d76b152ea1ae4aa68db36dcc7bd204acdc571d3 |
| SHA256 | 6f5ebfd0fc9a520adca234fdd34b4dfbeb106942a6f44e65fc1ac54f7d2d6498 |
| SHA512 | 2c1f730db5108dde4731f22838ad7eef4d6698ed5ea0c0951b81b21722df8051623923672c46f9397f81e74741cdec794f03aac37e532d1223a1a1ce448c73aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | d0263dc03be4c393a90bda733c57d6db |
| SHA1 | 8a032b6deab53a33234c735133b48518f8643b92 |
| SHA256 | 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12 |
| SHA512 | 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 31f95c6c861dd854263854a5b054a21a |
| SHA1 | 20c49d3566f95686a3d012b259012ca4b88ff7f8 |
| SHA256 | 3cbc8210e6a1a9a5521ae8e5831219c0a9f5c337c805fe41dd769ee76e4e52af |
| SHA512 | a8b1a01406c71499a2c993c5b00234c8db390e98af4d98d554add3f93a1f2d8513fcb3ebbc923f758a93d5ef31c0683a01706160395c9072f8c2d7bea57c1c43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | e0f369b578846dbd57e05e6882142b52 |
| SHA1 | d9725ec9fa2ebcf3c55361f69a7e936beb949f9c |
| SHA256 | 7dd73e2d2fd4d8bd1a155cc2c5b3bbb0e83d03aaffff91475f05d86020e770cb |
| SHA512 | 6bfce123993b5ecae3366a909bd96ca95dcd1264da9f57604f201a19f74bebae5aa58d888177161cc3054d5d49bd505b698ef84e3aaf56cf2a53b0c1ada0c684 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | b786554392ab690a37b2fc6c5af02b05 |
| SHA1 | e7347fa27240868174f080d1c5ab177feca6bd84 |
| SHA256 | ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51 |
| SHA512 | b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | d11c31d3f46a8ec9e245a81961aa6550 |
| SHA1 | 53b569c898147ca5167deef9846992aac8f58d7f |
| SHA256 | 745e9fcb30e1e9c44f3f1e0851e22d64d1ea6d54c91b0cdfe8b36f6846ac40d9 |
| SHA512 | 36b967d223ac24604501770b07f126b63a1fe73eb9e81ee9965bbc2c6588ed09d8e8c55419c83b8f670aa880423f81780a14160fb14adde7af5d4827206237b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 155efa1ea9f539ef10817bc05f19c7a5 |
| SHA1 | 9525bdd40acf9ca08a4bd45f3dd15a846ce5e037 |
| SHA256 | e61c934121851d7ef3da5872f9a36c68080e52d26bee1e1b926cac9437e216af |
| SHA512 | 29c54d72c60db7d582c7176303c11f80376489aa7da5e36dde4e0ffc96f4a72b3ed667df4cc8bb1b2703e165cf63e6f274ad18719f7034f16c0f2b06a09b6a0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 808fbf34a5d219a5f013299137a5767f |
| SHA1 | e1a015de1a82ea9678e2cce536fee37fafe1c672 |
| SHA256 | c6d0f89ed569bc22c288b2c7aae6fb7a5f4bed62a9abfffc185eb14698812b5a |
| SHA512 | b963ddf9fff1cf3f081bff5137f3fd110d770cef07c0c0e1a4fe5aa71ddd9ba808024610c9fbf851732e85aee817f14b4109ad26895af92a3ab834599ec5deb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 1271a1c5d6f720a7e67d7baf824f0fff |
| SHA1 | bfae5896c4dbe5dff9b950b4e767293b65101b4f |
| SHA256 | cdb2472eb6fe9d7ccb0f8bea3c2a3d71dda7622574fe24e8b0daf7255d4f2599 |
| SHA512 | c88bc90e883ab09008bbbe5dbca421d79d053f68167f7cb5b830a90db4652b4fb277126ca95aa93f9256f630c250de337039c2e6a7d8dc72ab10fb1edc1da46c |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 143865460ef9866a78a55ef123e2e789 |
| SHA1 | e7085e751503c04a043970e61a5752a4fc2858ce |
| SHA256 | 74a198be2207ca1750bee800d161573e1591e48d060844324e907efa444ff5c1 |
| SHA512 | 61a7e4c004dcf0a9ec0f1f8a65bf11f3efd1ef69f9c4f784dfc19d48363b3492870edbed2d4192a4ef53866f80dc057dc91e4556362a97bad621d6260342f63b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\11c8188f1b0cb378_0
| MD5 | 60eeab9683ae44519d4f5b7922c5a76b |
| SHA1 | 7a8911c1e4bbfa21b2edce636285154cd7b3513b |
| SHA256 | 55bb558966cf01b9d092d68946988f41e04f4c8c2d164ee8b06231069faa2c57 |
| SHA512 | cb0331e2387c8e9abe5d4d2d017a6b547680a7a315be861b390b33ad5dbe7d115241c7b0688125d01d91fc4d42cb2146aad7a05d8e1c005130df643b87abaa59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\716c250a17fec65a_0
| MD5 | 04ae5c015e7789ca7517f14185da20ee |
| SHA1 | 0a966a8978661b65fd1b7c00e596c2300c93626d |
| SHA256 | 142a568bee65b6152d86930891e46f9c0f78a3ecf849e0b2a9d7eddde03e09a0 |
| SHA512 | 6d2309dde8763172ca431d4351623d066383ad733790ebbe9029dd149b4c1193a81f2a91ad71fb39f08432c8f565a476545ce9375ead0e1d0def8cab98223ddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\947fa8912ae424bd_0
| MD5 | bc73fd05e6337fa3890c25e6f591d1aa |
| SHA1 | 74c6ed95793a25972d643b8f7d0fdb6bd7d00d10 |
| SHA256 | 3ac71291f97e354650aaace26ad07f75b173aeba6f06d6b041ff1dc0261c2c35 |
| SHA512 | bbba0f5286801ebb2ccf68d30eab3d5c4338fa4d625ba3f5577f190bf6702e4a1f903bb86300cc0b7ea5e3047ce8ea5680aaabe487647bb6ae7d2e3f662d5611 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a41173cbadc68f7_0
| MD5 | d3c909b11ad7f1f6e1b8484851d106d9 |
| SHA1 | 6881e2da29bc4b40e64f5df3ca2c6aeae74434e8 |
| SHA256 | b8bb34468c1aca5ebb13076e7174e63ab49c0ac09985bad15a2589e9f504d2fb |
| SHA512 | f6bee2e8c996f4cf12b06fd220259612183e585158848a5afb8a101f2fbc5af66d96008c6b357ed3b86bc319b8bf29d30dd492b40e05f3e27e920bc4b16f237d |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | a5998a31658fe8d0ff1accf54053f636 |
| SHA1 | 43f13ebecc35609cd21d889713977e4d8881cfaf |
| SHA256 | 5b6c6a9d992d815a72347b744500a322eb54cd2b2326a00f6dcf48b9a76dd540 |
| SHA512 | 1c297606dde65d4216cc38b9a61e860abf87933a88c503e23c30001aadd0bf1c679f6c039304530134ee3a202642013fa37a2799d584bb611c7447b41092fc54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c14bb0a6a9a60ef_0
| MD5 | d2c9cfd694a1274a0f94216d1989517b |
| SHA1 | 93cd7914fe0216e8d68e7b4224dffdc4a7278647 |
| SHA256 | dbd614dcd8f78f8d9ac5ac5c24267895176bda794d82e84f2759a5f334967b09 |
| SHA512 | 9427cf4d1a154f8a4644274156bbed29bc1c40e79c1eaa7cec1cd584db2397a94810215b743d05c8ff03b37682dad023be30ab57dc14985f968dddf20420a765 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3ec19b56b2b01c0_0
| MD5 | 13f5b854f3fa2a117c285909af0dff43 |
| SHA1 | e8b30672001fa5c0d86eb1064837f48e5e3d69b4 |
| SHA256 | 2dfb6cdf67841892a10e0c4df46d69cdd9c420b9c4406e0b7ae1829518e52787 |
| SHA512 | b209788e87fda048590372abc275f7f601dbe7d00e8f50f9a520be1b6265cdfc1ad2466e17aa6583600e0def2429282308a246ecbcce4e12a14979064bb80d6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb6cc79fc9444978_0
| MD5 | 783d8c4fa9d80fc277391e770b98bf6b |
| SHA1 | 517f135cad74204046a635e74f50d5a2f68cf372 |
| SHA256 | 3c4ccd4fff1da0428b276b95f2ba0bc13b8b9f74403ac5ffe9e50d8d31bb619f |
| SHA512 | b87b7cfaf8ae903a3a083339376895292a4750ebe52b3c3ed9e9b17de01b022bfddb1ca778b3dd90dd2ff2b7f1046814b87455be414f02c39a3d7ce0d898c73e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c430aa335d356f9_0
| MD5 | 1545ea17b0baeeceff72fa10e4579b3f |
| SHA1 | c535b8ce57dc9d8a2701129d60ca4cdf894465b5 |
| SHA256 | 90af23f3af5ebfb5f3ab1214bbeaa958489c14ac1c4b96453e6db3d054ebb5dc |
| SHA512 | eb812815aaa141a7bc5acb38c514ef9b014e6e9c81e1b7f56415d914795f91daf55b99fbf6d7c0035a5a7dee14e52125fcc17b674dea270a00da74539c5794d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b93d115fce3c9562_0
| MD5 | 0e98c356dc580605231b002c2a7034f0 |
| SHA1 | 616b8f0449fe192ce0f32bd42fccba260be749be |
| SHA256 | a94015bcb5c444ab7a9858eb42494cf901217833718f5d3301dcbb2122ac663a |
| SHA512 | 78ccfd0ceb43d5d229edb58ce455deb531573579d6a138ca07bfb6f1b66e9c8b7e42a19f1d907d77b37fd528dc61fa985ba7b129456b06f1cec4b0137f202e50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c6dab83ae63a0fe_0
| MD5 | 0c56dbb22f56aeca96c8e0ad1be9ef9c |
| SHA1 | b146567b6b008691cd64f3c683030b846bc6e0e0 |
| SHA256 | a26228e8ce600e76c1dfd69cc5908dc4210493f2c300edf2757046f8d1bdf53f |
| SHA512 | bb36b553c7e46362db2be76bddcce4214337300095809bdc7e9bbb4a3878f4676da5092b077feb449c80f6acc92ad2049cf35eb2ec63e68163057f4ec0d255ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\562ff5e21715a618_0
| MD5 | 43e5cda54362cdeb44c961a5a564db6e |
| SHA1 | 22e27c6f4765af85dd86cba1abede3fbb4e6c539 |
| SHA256 | 20e19a9240e6dd4be8148e62dddb0fd40db2944b2eb9d1288f18e66ee54365bc |
| SHA512 | b89be8a955f0bfb9c8488dc04f40f82afa942b4b2d957f9c2020282f714e18f23e3a86cf4c74f1abc6019fb09874b4408d7b7ab31418d4bf15c32de08aad2652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\909a926c9176f7a2_0
| MD5 | ca4155c65bd4fec0a08dff3448e89e84 |
| SHA1 | 275babe4e4714e4f243f8ca3d1e7a532c0acc077 |
| SHA256 | a5387168ea7c89bf2bb9a3b1dec24ce44c494cb4c17315ca1436709ad0935717 |
| SHA512 | 16f70a2c277ef690727dc20e41cb3cdfd92ad3f6c614572de949155674f83b01fe9005feb2894edc13db2f58a5251d6baa2aaf42aa30ab407c23b4bca110793c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8930d3d119cc8572_0
| MD5 | 4be96e3539022b859102331f6b441b8c |
| SHA1 | 0ff913dab5b7a43df52cbc9db53615d941800f50 |
| SHA256 | 853512a432e6f075d31a1af804fc65913cb7899b68ef3dec6be39cfdb19c62f6 |
| SHA512 | 4a63f475b24b5d514eb96019abc6db2b821c88b19c38d4ccec602e4252e31e0599f78be428f0e8b8cabd6ab3c354ec1f715ecb60d31d5323f10373d4c792bb45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a0d093503278fb5_0
| MD5 | 15542d32afd26d8613d932dbe11584e5 |
| SHA1 | 7cb15a38d2ef8fb7a82922eec5ac15e36963fabe |
| SHA256 | 8076fe9d7a6f8b2c4bc2c00a6f5288a9dd9920a83b0e89ace4e3144c4427e0fe |
| SHA512 | ef42486e4458589e225b3e66df74e55aa0c6240861b0d72d7490df4bce91cc345ec075e1ea8c1fbdfccf347452a71fdc2c92187114f8694125eb7496e339252d |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 25ef5a35a4b29d41ab312bdfaa0fe91c |
| SHA1 | daa7d3ced05c8b31d70a1e93d5e2054d2a3fae30 |
| SHA256 | 2b0e3ece2895e72e210e26ae88ef232f00db09a8aef7918c44702411da9f7f98 |
| SHA512 | 70957ff44712b7fc97804108851d14f09481e208b241726d01de79a8465cd98b79cbbee29897ca909f0d7fa25392d424db1db19d577a45f0fedc152d77a25c38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794be9c79cbc46c7_0
| MD5 | 103cdd665846ce2c4b8cf10740492544 |
| SHA1 | 40051ce4ddeb165b6df3bc9895464504667a9619 |
| SHA256 | 3554827ba9a6760a659e8a87718e06ff97a5e52135198df00d35e9e3ebfb7ed7 |
| SHA512 | b88c8c9b73e74628e38491f85d604dd38b75d602958b9c3d64c663aa28fe939ce19aedd3bfe0fdb20640369af4b45dc2e90dd588e3008b455fba4378c375bcfe |
C:\Windows\debug\WIA\wiatrace.log
| MD5 | 5ef5c6bbfcfc7d0d3e59702ec4ed692b |
| SHA1 | 4b7dbb136bec26a88011457425c9b793208d16b7 |
| SHA256 | 7ef28534b71ccb022541a3075f8407f724e14c96081582483cf605dcfd89faa4 |
| SHA512 | d2f786e0d2827c71cf1ed564e8da2937057458aa363203d9698e7d173e90e2d77426976ade42a6ae6b8a00d26b63f4633d9225c1ff01d60924562db71b9d57e3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
| MD5 | 8109b3c170e6c2c114164b8947f88aa1 |
| SHA1 | fc63956575842219443f4b4c07a8127fbd804c84 |
| SHA256 | f320b4bb4e57825aa4a40e5a61c1c0189d808b3eace072b35c77f38745a4c416 |
| SHA512 | f8a8d7a6469cd3e7c31f3335ddcc349ad7a686730e1866f130ee36aa9994c52a01545ce73d60b642ffe0ee49972435d183d8cd041f2bb006a6caf31baf4924ac |
C:\Users\Admin\AppData\Local\Temp\cabDF5D.tmp
| MD5 | abbf10cee9480e41d81277e9538f98cb |
| SHA1 | f4ea53d180c95e78cc1da88cd63f4c099bf0512c |
| SHA256 | 557e0714d5536070131e7e7cdd18f0ef23fe6fb12381040812d022ec0fee7957 |
| SHA512 | 9430daacf3ca67a18813ecd842be80155fd2de0d55b7cd16560f4aaefda781c3e4b714d850d367259caab28a3bf841a5cb42140b19cfe04ac3c23c358ca87ffb |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox
| MD5 | c9f9364c659e2f0c626ac0d0bb519062 |
| SHA1 | c4036c576074819309d03bb74c188bf902d1ae00 |
| SHA256 | 6fc428ca0dcfc27d351736ef16c94d1ab08dda50cb047a054f37ec028dd08aa2 |
| SHA512 | 173a5e68e55163b081c5a8da24ae46428e3fb326ebe17ae9588c7f7d7e5e5810bfcf08c23c3913d6bec7369e06725f50387612f697ac6a444875c01a2c94d0ff |
C:\Users\Admin\AppData\Local\Temp\cabE05D.tmp
| MD5 | f913dd84915753042d856cec4e5daba5 |
| SHA1 | fb1e423c8d09388c3f0b6d44364d94d786e8cf53 |
| SHA256 | aa03afb681a76c86c1bd8902ee2bba31a644841ce6bcb913c8b5032713265578 |
| SHA512 | c48850522c809b18208403b3e721abeb1187f954045ce2f8c48522368171cc8faf5f30fa44f6762afde130ec72284bb2e74097a35fe61f056656a27f9413c6b6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
| MD5 | 20621e61a4c5b0ffeec98ffb2b3bcd31 |
| SHA1 | 4970c22a410dcb26d1bd83b60846ef6bee1ef7c4 |
| SHA256 | 223ea2602c3e95840232cacc30f63aa5b050fa360543c904f04575253034e6d7 |
| SHA512 | bdf3a8e3d6ee87d8ade0767918603b8d238cae8a2dd0c0f0bf007e89e057c7d1604eb3ccaf0e1ba54419c045fc6380ecbdd070f1bb235c44865f1863a8fa7eea |
C:\Users\Admin\AppData\Local\Temp\cabE03C.tmp
| MD5 | 66c5199cf4fb18bd4f9f3f2ccb074007 |
| SHA1 | ba9d8765ffc938549cc19b69b3bf5e6522fb062e |
| SHA256 | 4a7dc4ed098e580c8d623c51b57c0bc1d601c45f40b60f39bba5f063377c3c1f |
| SHA512 | 94c434a131cde47cb64bcd2fb8af442482f8ecfa63d958c832eca935deb10d360034ef497e2ebb720c72b4c1d7a1130a64811d362054e1d52a441b91c46034b0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
| MD5 | 950f3ab11cb67cc651082febe523af63 |
| SHA1 | 418de03ad2ef93d0bd29c3d7045e94d3771dacb4 |
| SHA256 | 9c5e4d8966a0b30a22d92db1da2f0dbf06ac2ea75e7bb8501777095ea0196974 |
| SHA512 | d74bf52a58b0c0327db9ddcad739794020f00b3fa2de2b44daaec9c1459ecaf3639a5d761bbbc6bdf735848c4fd7e124d13b23964b0055bb5aa4f6afe76dfe00 |
C:\Users\Admin\AppData\Local\Temp\cabE02A.tmp
| MD5 | 89a9818e6658d73a73b642522ff8701f |
| SHA1 | e66c95e957b74e90b444ff16d9b270adab12e0f4 |
| SHA256 | f747dd8b79fc69217fa3e36fae0ab417c1a0759c28c2c4f8b7450c70171228e6 |
| SHA512 | 321782b0b633380da69bd7e98aa05be7fa5d19a131294cc7c0a598a6a1a1aef97ab1068427e4223aa30976e3c8246ff5c3c1265d4768fe9909b37f38cbc9e60d |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
| MD5 | 7bc0a35807cd69c37a949bbd51880ff5 |
| SHA1 | b5870846f44cad890c6eff2f272a037da016f0d8 |
| SHA256 | bd3a013f50ebf162aac4ced11928101554c511bd40c2488cf9f5842a375b50ca |
| SHA512 | b5b785d693216e38b5ab3f401f414cadaccdcb0dca4318d88fe1763cd3bab8b7670f010765296613e8d3363e47092b89357b4f1e3242f156750be86f5f7e9b8d |
C:\Users\Admin\AppData\Local\Temp\cabDEDE.tmp
| MD5 | 4efa48ec307eaf2f9b346a073c67fcfb |
| SHA1 | 76a7e1234ff29a2b18c968f89082a14c9c851a43 |
| SHA256 | 3ee9ae1f8dab4c498bd561d8fcc66d83e58f11b7bb4b2776df99f4cda4b850c2 |
| SHA512 | 2705644d501d85a821e96732776f61641fe82820fd6a39ffaf54a45ad126c886dc36c1398cdbdbb5fe282d9b09d27f9bfe7f26a646f926da55dff28e61fbd696 |
C:\Users\Admin\AppData\Local\Temp\cabE0EC.tmp
| MD5 | 486cbcb223b873132ffaf4b8ad0ad044 |
| SHA1 | b0ec82cd986c2ab5a51c577644de32cfe9b12f92 |
| SHA256 | b217393fd2f95a11e2c594e736067870212e3c5242a212d6f9539450e8684616 |
| SHA512 | 69a48bf2b1db64348c63fc0a50b4807fb9f0175215e306e60252fffd792b1300128e8e847a81a0e24757b5f999875da9e662c0f0d178071db4f9e78239109060 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe5598acf0142098_0
| MD5 | a8deab57ce532c0e5694693ff921dbdf |
| SHA1 | 5ef404c38b44a9a4e1cdad3e9a5e0844320ac7f4 |
| SHA256 | 29661cd295dc484e6f166aa77aeb6e302bc82e197d07583c94305f851f8cfb60 |
| SHA512 | b4e3a6b0b75f4c7abe19785fa385dd3988809057b607bab9d27cc31f89990f317e47d44e41f206fea800c7df1951c84c3df3f3a269bdfbcd332fd14f78f91d80 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
| MD5 | e8308da3d46d0bc30857243e1b7d330d |
| SHA1 | c7f8e54a63eb254c194a23137f269185e07f9d10 |
| SHA256 | 6534d4d7ef31b967dd0a20afff092f8b93d3c0efcbf19d06833f223a65c6e7c4 |
| SHA512 | 88ab7263b7a8d7dde1225ae588842e07df3ce7a07cbd937b7e26da7da7cfed23f9c12730d9ef4bc1acf26506a2a96e07875a1a40c2ad55ad1791371ee674a09b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 00c7bd9c1001475d36a98206e32f34b1 |
| SHA1 | 8048e4edd1b5602f6635edf41b94b18510a7eb8b |
| SHA256 | 0e2ba947e7a35f2455e13397c70639939e7f67a965ef0ef48d6378622f77e115 |
| SHA512 | 60c1376d8a8dc8243ff40ec6efaf2585aa65fd27d115876ab5b32b03ee3cb84fb307fddba185ba9002252b661bee24792adaf9faf70af61b397f0617ada2e375 |
C:\Users\Admin\AppData\Local\Temp\cabE2F0.tmp
| MD5 | ef9cb8bdfbc08f03bef519ad66ba642f |
| SHA1 | d98c275e9402462bf52a4d28faf57df0d232af6b |
| SHA256 | 93a2f873acf5bead4bc0d1cc17b5e89a928d63619f70a1918b29e5230abead8e |
| SHA512 | 4dfbdf389730370fa142dcfb6f7e1ac1c0540b5320fa55f94164c0693db06c21e6d4a1316f0abe51e51bcbdab3fd33ae882d9e3cfdb4385ab4c3af4c2536b0b3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox
| MD5 | 2f8998aa9cf348f1d6de16eab2d92070 |
| SHA1 | 85b13499937b4a584bea0bfe60475fd4c73391b6 |
| SHA256 | 8a216d16dec44e02b9ab9bbadf8a11f97210d8b73277b22562a502550658e580 |
| SHA512 | f10f7772985edda442b9558127f1959ff0a9909c7b7470e62d74948428bfff7e278739209e8626ae5917ff728afb8619ae137bee2a6a4f40662122208a41abb2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox
| MD5 | 031c246ffe0e2b623bbbd231e414e0d2 |
| SHA1 | a57ca6134779d54691a4efd344bc6948e253e0ba |
| SHA256 | 2d76c8d1d59edb40d1fbbc6406a06577400582d1659a544269500479b6753cf7 |
| SHA512 | 6a784c28e12c3740300883a0e690f560072a3ea8199977cbd7f260a21e8346b82ba8a4f78394d3bb53fa2e98564b764c2d0232c40b25fb6085c36d20d70a39d1 |
C:\Users\Admin\AppData\Local\Temp\cabE37F.tmp
| MD5 | 26beab9cceafe4fbf0b7c0362681a9d2 |
| SHA1 | f63dd970040ca9f6cfcf5793ff7d4f1f4a69c601 |
| SHA256 | 217ec1b6e00a24583b166026dec480d447fb564cf3bca81984684648c272f767 |
| SHA512 | 2bbea62360e21e179014045ee95c7b330a086014f582439903f960375ca7e9c0cf5c0d5bb24e94279362965ca9d6a37e6aaa6a7c5969fc1970f6c50876582be1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a31e6a5db7e20bc48266d8f80765c2bf |
| SHA1 | 3b7ca832fc2edc782f53d52bbf498d9ffa10ae98 |
| SHA256 | 55ecc4b31a4d1db1ca29807a351dcabaa4761f2003d3adf20edb62f4655515d8 |
| SHA512 | 701f4293ddb5e6eacdc0ca9e80970ac09f64777b2bb00a1bb86e42325827757c2d4780a8e3dbe52e862d01f88d0bd1918e67d49c9bee9e254a4a8ab3718c2923 |
C:\Users\Admin\AppData\Local\Temp\cabE2DE.tmp
| MD5 | 8b29fab506fd65c21c9cd6fe6bbbc146 |
| SHA1 | ce1b8a57bb3c682f6a0afc32955dafd360720fdf |
| SHA256 | 773ac516c9b9b28058128ec9be099f817f3f90211ac70dc68077599929683d6f |
| SHA512 | afa82ccbc0aef9fae4e728e4212e9c6eb2396d7330ccbe57f8979377d336b4dacf4f3bf835d04abcebcdb824b9a9147b4a7b5f12b8addadf42ab2c34a7450ade |
C:\Users\Admin\AppData\Local\Temp\cabE2EC.tmp
| MD5 | e532038762503ffa1371df03fa2e222d |
| SHA1 | f343b559ae21daef06cbcd8b2b3695de1b1a46f0 |
| SHA256 | 5c70dd1551eb8b9b13efafeeaf70f08b307e110caee75ad9908a6a42bbccb07e |
| SHA512 | e0712b481f1991256a01c3d02ed56645f61aa46eb5de47e5d64d5ecd20052cda0ee7d38208b5ee982971cca59f2717b7cae4dfcf235b779215e7613aa5dcd976 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox
| MD5 | 42a840dc06727e42d42c352703ec72aa |
| SHA1 | 21aaaf517afb76bf1af4e06134786b1716241d29 |
| SHA256 | 02cce7d526f844f70093ac41731d1a1e9b040905dcba63ba8bffc0dbd4d3a7a7 |
| SHA512 | 8886bfd240d070237317352deb3d46c6b07e392ebd57730b1ded016bd8740e75b9965f7a3fcd43796864f32aae0be911ab1a670e9ccc70e0774f64b1bda93488 |
C:\Users\Admin\AppData\Local\Temp\cabE1FC.tmp
| MD5 | ee0129c7cc1ac92bbc3d6cb0f653fcae |
| SHA1 | 4abaa858176b349bdab826a7c5f9f00ac5499580 |
| SHA256 | 345aa5ca2496f975b7e33c182d5e57377f8b740f23e9a55f4b2b446723947b72 |
| SHA512 | cddabe701c8cba5bd5d131abb85f9241212967ce6924e34b9d78d6f43d76a8de017e28302ff13ce800456ad6d1b5b8ffd8891a66e5be0c1e74cf19df9a7ad959 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
| MD5 | 6c24ed9c7c868db0d55492bb126eaff8 |
| SHA1 | c6d96d4d298573b70cf5c714151cf87532535888 |
| SHA256 | 48af17267ad75c142efa7ab7525ca48fab579592339fb93e92c4c4da577d4c9f |
| SHA512 | a3e9dc48c04dc8571289f57ae790ca4e6934fbea4fddc20cb780f7ea469fe1fc1d480a1dbb04d15301ef061da5700ff0a793eb67d2811c525fef618b997bcabd |
C:\Users\Admin\AppData\Local\Temp\cabE1FA.tmp
| MD5 | 97f5b7b7e9e1281999468a5c42cb12e7 |
| SHA1 | 99481b2fa609d1d80a9016adaa3d37e7707a2ed1 |
| SHA256 | 1cf5c2d0f6188ffff117932c424cc55d1459e0852564c09d7779263abd116118 |
| SHA512 | ace9718d724b51fe04b900ce1d2075c0c05c80243ea68d4731a63138f3a1287776e80bd67ecb14c323c69aa1796e9d8774a3611fe835ba3ca891270de1e7fd1f |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox
| MD5 | 67766ff48af205b771b53aa2fa82b4f4 |
| SHA1 | 0964f8b9dc737e954e16984a585bdc37ce143d84 |
| SHA256 | 160d05b4cb42e1200b859a2de00770a5c9ebc736b70034afc832a475372a1667 |
| SHA512 | ac28b0b4a9178e9b424e5893870913d80f4ee03d595f587aa1d3acc68194153bafc29436adfd6ea8992f0b00d17a43cfb42c529829090af32c3be591bd41776d |
C:\Users\Admin\AppData\Local\Temp\cabE1F8.tmp
| MD5 | b9a6ff715719ee9de16421ab983ca745 |
| SHA1 | 6b3f68b224020cd4bf142d7edaaec6b471870358 |
| SHA256 | e3be3f1e341c0fa5e9cb79e2739cf0565c6ea6c189ea3e53acf04320459a7070 |
| SHA512 | 062a765ac4602db64d0504b79be7380c14c143091a09f98a5e03e18747b2166bd862ce7ef55403d27b54ceb397d95bfae3195c15d5516786febdac6cd5fbf9cd |
C:\Users\Admin\AppData\Local\Temp\cabE46B.tmp
| MD5 | 21437897c9b88ac2cb2bb2fef922d191 |
| SHA1 | 0cad3d026af2270013f67e43cb44f0568013162d |
| SHA256 | 372572dcbad590f64f5d18727757cbdf9366dde90955c79a0fcc9f536dab0384 |
| SHA512 | a74da3775c19a7af4a689fa4d920e416ab9f40a8bda82ccf651ddb3eacbc5e932a120abf55f855474cebed0b0082f45d091e211aaea6460424bfd23c2a445cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 586fbd03a7f8e8efcfb44c02a0c721f3 |
| SHA1 | 9be4c35c9e97db3dd6a6d16604ab58c170f70232 |
| SHA256 | c676919c631bfdf174da2ac3dcb2e3102be25a93edb1ceda7187cf8165ccf3b5 |
| SHA512 | d79b99b84daadd575e8979b5b076358cba724e522673f43962e65dc9b81da438bc688cbbea1d378a79c5674c58514048f622e8ccea0a41059f2abacc7afb7701 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5eed38e26ad399b8_0
| MD5 | 927b1b02159dfab53508a89319907eed |
| SHA1 | 51a1a4154e97994538e65cef550b07a4366f8d5c |
| SHA256 | 72846c808b42fde3288610b351a0935efd7a00da78a25b60072a7e0c9fd5ce33 |
| SHA512 | a581a45f13f253b5df91e4217682f76ef0d24c444e1e5ed88fd2e893e0e8048a9ede7e9288adec84fa4fa2fab46a2e71fc6c18d3b5ab4625ae85bf2a195809d9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
| MD5 | d32e93f7782b21785424ae2bea62b387 |
| SHA1 | 1d5589155c319e28383bc01ed722d4c2a05ef593 |
| SHA256 | 2dc7e71759d84ef8bb23f11981e2c2044626fea659383e4b9922fe5891f5f478 |
| SHA512 | 5b07d6764a6616a7ef25b81ab4bd4601ecec1078727bfeab4a780032ad31b1b26c7a2306e0dbb5b39fc6e03a3fc18ad67c170ea9790e82d8a6ceab8e7f564447 |
C:\Users\Admin\AppData\Local\Temp\cabE548.tmp
| MD5 | 748a53c6bdd5ce97bd54a76c7a334286 |
| SHA1 | 7dd9eedb13ac187e375ad70f0622518662c61d9f |
| SHA256 | 9af92b1671772e8e781b58217dab481f0afbcf646de36bc1bffc7d411d14e351 |
| SHA512 | ec8601d1a0dbd5d79c67af2e90fad44bbc0b890412842bf69065a2c7cb16c12b1c5ff594135c7b67b830779645801da20c9be8d629b6ad8a3ba656e0598f0540 |
C:\Users\Admin\AppData\Local\Temp\TCDE5FD.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |
C:\Users\Admin\AppData\Local\Temp\cabE69C.tmp
| MD5 | 7bf88b3ca20eb71ed453a3361908e010 |
| SHA1 | f75f86557051160507397f653d7768836e3b5655 |
| SHA256 | e555a610a61db4f45a29a7fb196a9726c25772594252ad534453e69f05345283 |
| SHA512 | 2c3dfb0f8913d1d8ff95a55e1a1fd58ce1f9d034268cd7bc0d2bf2dcefea8ef05dd62b9afde1f983cacadd0529538381632adfe7195eac19ce4143414c44dbe3 |
C:\Users\Admin\AppData\Local\Temp\cabE5DA.tmp
| MD5 | 9a07035ef802bf89f6ed254d0db02ab0 |
| SHA1 | 9a48c1962b5cf1ee37feec861a5b51ce11091e78 |
| SHA256 | 6cb03cebab2c28bf5318b13eeee49fbed8dcedaf771de78126d1bfe9bd81c674 |
| SHA512 | be13d6d88c68fa16390b04130838d69cdb6169dc16af0e198c905b22c25b345c541f8fccd4690d88be89383c19943b34edc67793f5eb90a97cd6f6eccb757f87 |
C:\Users\Admin\AppData\Local\Temp\cabE5D8.tmp
| MD5 | d30ad26dbb6deca4fdd294f48edad55d |
| SHA1 | ca767a1b6af72cf170c9e10438f61797e0f2e8ce |
| SHA256 | 6b1633dd765a11e7ed26f8f9a4dd45023b3e4adb903c934df3917d07a3856bff |
| SHA512 | 7b519f5d82ba0da3b2effad3029c7cab63905d534f3cf1f7ea3446c42fa2130665ca7569a105c18289d65fa955c5624009c1d571e8960d2b7c52e0d8b42be457 |
C:\Users\Admin\AppData\Local\Temp\cabE5D3.tmp
| MD5 | e3c64173b2f4aa7ab72e1396a9514bd8 |
| SHA1 | 774e52f7e74b90e6a520359840b0ca54b3085d88 |
| SHA256 | 16c08547239e5b969041ab201eb55a3e30ead400433e926257331cb945dff094 |
| SHA512 | 7ed618578c6517ed967fb3521fd4dbed9cdfb7f7982b2b8437804786833207d246e4fcd7b85a669c305be3b823832d2628105f01e2cf30b494172a17fc48576d |
C:\Users\Admin\AppData\Local\Temp\cabE5B7.tmp
| MD5 | e29ce2663a56a1444eaa3732ffb82940 |
| SHA1 | 767a14b51be74d443b5a3feff4d870c61cb76501 |
| SHA256 | 3732eb6166945db2bf792da04199b5c4a0fb3c96621ecbfdeaf2ea1699ba88ee |
| SHA512 | 6bc420f3a69e03d01a955570dc0656c83c9e842c99cf7b429122e612e1e54875c61063843d8a24db7ec2035626f02ddabf6d84fc3902184c1eff3583dbb4d3d8 |
C:\Users\Admin\AppData\Local\Temp\cabE73C.tmp
| MD5 | 84d8f3848e7424cbe3801f9570e05018 |
| SHA1 | 71d7f2621da8b295ce6885f8c7c81016d583c6b1 |
| SHA256 | b4bc3cd34bd328aaf68289cc0ed4d5cf8167f1ee1d7be20232ed4747ff96a80a |
| SHA512 | e27873bfd95e464cb58b3855f2da404858b935530cf74c7f86ff8b3fc3086c2faea09fa479f0ca7b04d87595ed8c4d07d104426ff92dfb31bed405fa7a017da8 |
C:\Users\Admin\AppData\Local\Temp\cabE779.tmp
| MD5 | bf95e967e7d1cec8efe426bc0127d3de |
| SHA1 | ba44c5500a36d748a9a60a23db47116d37fd61bc |
| SHA256 | 4c3b008e0eb10a722d8fedb325bfb97edaa609b1e901295f224dd4cb4df5fc26 |
| SHA512 | 0697e394abac429b00c3a4f8db9f509e5d45ff91f3c2af2c2a330d465825f058778c06b129865b6107a0731762ad73777389bb0e319b53e6b28c363232fa2ce8 |
C:\Users\Admin\AppData\Local\Temp\cabE875.tmp
| MD5 | 53c5f45b22e133b28d4bd3b5a350fdbd |
| SHA1 | d180cfb1438d27f76e1919da3e84f307cb83434f |
| SHA256 | 8af4c7cac47d2b9c7adeadf276edae830b4cc5ffe7e765e3c3d7b3fadcb5f273 |
| SHA512 | 46ad3da58c63ca62fcfc4faf9a7b5b320f4898a1e84eef4de16e0c0843bafe078982fc9f78c5ac6511740b35382400b5f7ac3ae99bb52e32ad9639437db481d1 |
C:\Users\Admin\AppData\Local\Temp\cabE942.tmp
| MD5 | 9c9f49a47222c18025cc25575337a965 |
| SHA1 | e42edb33471d7c1752dcc42c06dd3f9fda8b25f0 |
| SHA256 | ada7eff0676d9cce1935d5485f3dde35c594d343658fb1da42cb5a48fc3fc16a |
| SHA512 | 9fdcbab988cbe97bfd931b727d31ba6b8ecf795d0679a714b9afbc2c26e7dcf529e7a51289c7a1ae7ef04f4a923c2d7966d5af7c0bc766dcd0fca90251576794 |
C:\Users\Admin\AppData\Local\Temp\cabEB1A.tmp
| MD5 | 7c645ec505982fe529d0e5035b378ffc |
| SHA1 | 1488ed81b350938d68a47c7f0bce8d91fb1673e2 |
| SHA256 | 298fd9dadf0acebb2aa058a09eebfae15e5d1c5a8982dee6669c63fb6119a13d |
| SHA512 | 9f410da5db24b0b72e7774b4cf4398edf0d361b9a79fbe2736a1ddd770afe280877f5b430e0d26147cca0524a54ea8b41f88b771f3598c2744a7803237b314b2 |
C:\Users\Admin\AppData\Local\Temp\cabEC36.tmp
| MD5 | 828f96031f40bf8ebcb5e52aaeeb7e4c |
| SHA1 | cacc32738a0a66c8fe51a81ed8e27a6f82e69eb2 |
| SHA256 | 640ad075b555d4a2143f909eafd91f54076f5dde42a2b11cd897bc564b5d7ff7 |
| SHA512 | 61f6355ff4d984931e79624394ccca217054ae0f61b9af1a1eded5acca3d6fef8940e338c313be63fc766e6e7161cafa0c8ae44ad4e0be26c22ff17e2e6abaf7 |
C:\Users\Admin\AppData\Local\Temp\cabEA2E.tmp
| MD5 | 93fa9f779520ab2d22ac4ea864b7bb34 |
| SHA1 | d1e9f53a0e012a89978a3c9ded73fb1d380a9d8a |
| SHA256 | 6a3801c1d4cf0c19a990282d93ac16007f6cacb645f0e0684ef2edac02647833 |
| SHA512 | aa91b4565c88e5da0cf294dc4a2c91eaeb6d81dca96069db032412e1946212a13c3580f5c0143dd28b33f4849d2c2df2214ce1e20598d634e78663d20f03c4e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4a6c824f70471640ee1f9f34c3f1689 |
| SHA1 | a9fb8b31338c043f91503456143ec31175527f10 |
| SHA256 | 916769c8cfc978a529716114b2504ae85da28683604e478badbcbf5fe47b8048 |
| SHA512 | 467d019fe6ade9fc9a490f7c421a83b6d8e1483143a9918fdfaefa57413a2470c51db4c8eed523b30295d4d644b433bfb3644f10b1aeb5f24ae4744c321df3d7 |
C:\Users\Admin\AppData\Local\Temp\cabEE10.tmp
| MD5 | beb12a0464d096ca33baea4352ce800f |
| SHA1 | f678d650b4a41676ba05c836d462f34bdc5bf648 |
| SHA256 | a44166f5c9f2553555a43586ba5db1c1de54d72d308a48268f27c6a00076b1ca |
| SHA512 | b6e7ccd1ecbb9a49fc72e40771725825daf41ddb2ff8ea4ecce18b8fa1a59d3b2c474add055f30da58c7e833a6e6555ebb77ccc324b61ca337187b4b41f7008b |
C:\Users\Admin\AppData\Local\Temp\cabEE9F.tmp
| MD5 | 0ebc45aa0e67cc435d0745438371f948 |
| SHA1 | 5584210c4a8b04f9c78f703734387391d6b5b347 |
| SHA256 | 3744bfa286cfcff46e51e6a68823a23f55416cd6619156b5929fed1f7778f1c7 |
| SHA512 | 31761037c723c515c1a9a404e235fe0b412222cb239b86162d17763565d0ccb010397376fb9b61b38a6aebdd5e6857fd8383045f924af8a83f2c9b9af6b81407 |
C:\Users\Admin\AppData\Local\Temp\cabEF7C.tmp
| MD5 | d4eac009e9e7b64b8b001ae82b8102fa |
| SHA1 | d8d166494d5813db20ea1231da4b1f8a9b312119 |
| SHA256 | 8b0631da4dc79e036251379a0a68c3ba977f14bcc797ba0eb9692f8bb90ddb4d |
| SHA512 | 561653f9920661027d006e7def7fb27de23b934e4860e0df78c97d183b7cebd9dce0d395e2018eef1c02fc6818a179a661e18a2c26c4180afee5ef4f9c9c6035 |
C:\Users\Admin\AppData\Local\Temp\cabF0B6.tmp
| MD5 | f93364eec6c4ffa5768de545a2c34f07 |
| SHA1 | 166398552f6b7f4509732e148f93e207dd60420b |
| SHA256 | 296b915148b29751e68687ae37d3fafd9ffddf458c48eb059a964d8f2291e899 |
| SHA512 | 4f0965b4c5f543b857d9a44c7a125ddd3e8b74837a0fdd80c1fdc841bf22fc4ce4adb83aca8aa65a64f8ae6d764fa7b45b58556f44cfce92bfac43762a3bc5f4 |
C:\Users\Admin\AppData\Local\Temp\cabF3D9.tmp
| MD5 | 65828dc7be8ba1ce61ad7142252acc54 |
| SHA1 | 538b186eaf960a076474a64f508b6c47b7699dd3 |
| SHA256 | 849e2e915aa61e2f831e54f337a745a5946467d539ccbd0214b4742f4e7e94ff |
| SHA512 | 8c129f26f77b4e73bf02de8f9a9f432bb7e632ee4abad560a331c2a12da9ef5840d737bfc1ce24fdcbb7ef39f30f98a00dd17f42c51216f37d0d237145b8de15 |
C:\Users\Admin\AppData\Local\Temp\cabF388.tmp
| MD5 | e1101cca6e3fedb28b57af4c41b50d37 |
| SHA1 | 990421b1d858b756e6695b004b26cdccae478c23 |
| SHA256 | 69b2675e47917a9469f771d0c634bd62b2dfa0f5d4af3fd7afe9196bf889c19e |
| SHA512 | b1edea65b6d0705a298bff85fc894a11c1f86b43fac3c2149d0bd4a13edcd744af337957cbc21a33ab7a948c11ea9f389f3a896b6b1423a504e7028c71300c44 |
C:\Users\Admin\AppData\Local\Temp\cabF387.tmp
| MD5 | c47e3430af813df8b02e1cb4829dd94b |
| SHA1 | 35f1f1a18aa4fd2336a4ea9c6005dbe70013c7fc |
| SHA256 | f2db1e60533f0d108d5fb1004904c1f2e8557d4493f3b251a1b3055f8f1507a3 |
| SHA512 | 6f8904e658eb7d04c6880f7cc3ec63fcfe31ef2c3a768f4ecf40b115314f23774daee66dce9c55faf0ad31075a3ac27c8967fd341c23c953ca28bdc120997287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f874b20ef8e89c12_0
| MD5 | e5e5aa603220e8fcc3ae502ec9088fb6 |
| SHA1 | ff0a54dde4f8a87cd22295a392e255023618a1bb |
| SHA256 | d8041e0c353f87e3fe35c42082882f912bca26e7a5a73a930bf0cf013a686472 |
| SHA512 | a92a0727de45c53bcf71cfd8e4ae64aec1b966326f1bd161491cbb68a560d4a7cdf929a992dcada7e9bd3657106b4d5e8c2f9bd824a8c9f6a8228d9406bbfe6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65070478dece76f9_0
| MD5 | 1e10ddcb271e0f79d98c85298b0104a3 |
| SHA1 | c4196469bc8fd53aeb84879ac0e95941790ebad5 |
| SHA256 | b153e37d9cb9cd20d04e9dcb513c5dd3463dd9e44d0a097da1fd1b8c04eeac94 |
| SHA512 | b87061dad8429bca998111f9499e32ceaed130967c06966f6b6e14597adb97c455a404fc01e88d79afcd9df724ff100e086ad8acbf1416b9f3a122442a114431 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f19c7be4e5d0f66aa6b32297719b3a69 |
| SHA1 | db09a8a853f5b3e1feb40cc923904be038c5bb9d |
| SHA256 | f96b2a04aadfcce54d23910ac624c29585167122742730cff9f89fe15ef67658 |
| SHA512 | 5a7442e1155eaaa46c6e8b466fb88ac7915a69e9fadf2ab7b8fe103478e8613521844f2f529d8c86f4cb5c5ffd60063f1b389713d76b6307eabd7c6af8f9b28d |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.CampaignStates.json
| MD5 | f1b59332b953b3c99b3c95a44249c0d2 |
| SHA1 | 1b16a2ca32bf8481e18ff8b7365229b598908991 |
| SHA256 | 138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c |
| SHA512 | 3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.SurveyEventActivityStats.json
| MD5 | 6ca4960355e4951c72aa5f6364e459d5 |
| SHA1 | 2fd90b4ec32804dff7a41b6e63c8b0a40b592113 |
| SHA256 | 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3 |
| SHA512 | 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7a35ef71c460178_0
| MD5 | 68481cea56088e34c2f86adbd1b06871 |
| SHA1 | 2dd4402efba43cef32224b3a3ffe03c9f67a9d59 |
| SHA256 | d0cc5f4f6a85e7e6b547578d97f7c2424cd2ff2bf60cd9e91e792fa70b988e97 |
| SHA512 | 194ab4ddcb8cc87ce9ef489409cab94210afa9a45ba903d2b9c7d86edee4eccb8c4445564571dac37e7609804b073189bec89533e371d199403f1a4e309c77f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 50aca8084e67a0407ba14bc8a7983a41 |
| SHA1 | da49855d6638e006c5fe92f15621a2574714be05 |
| SHA256 | d3d235d44d5ac0279fbc9be68e23f39f126d0611cc32e1a68c5191c13a6bde4e |
| SHA512 | 4dd02c30045d2b7aed8eb7c47ab31377a6222da80e164b712197bb325e1822ee4dc4d3a4f17efda0c2a4adb1783e2749835c77bc10ade35c8b1857593e8760c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 056a0967e04b889091cd2be98d6f4f6f |
| SHA1 | 5a925fa1743742b272593a4c8a44194cbbad0be9 |
| SHA256 | 55d18126a3c6a993b8602a909ae1f950b486c66ad3624c6b4ae579c7e18a0800 |
| SHA512 | 8c621aaacf7c85bb0fe44946fb0718bda86361ff9cac680732e5c78cf859d263dfef9be6d82b0b9f12ac2df1834ecb63e7e0c872da784f1f9db302282e080a79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 20c0b2dbedb4c09e4cc63905acbfd514 |
| SHA1 | e70ac8d06edb347c88a64328dfbbd45ac1439fc1 |
| SHA256 | 53cfbe84b3b17db3016661d3ef92a7f28ceef17edb8833e6d2e37186e791d0c6 |
| SHA512 | dbeec6ef949cb12a3522469fee56b149c68b66b82430661d6d537ec6d6ca53a3dd7e5d8681293bb828db4df2084c58f20b892e0d2a8544963136d5de5202fa92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ee17b0b11cfd56c7420da7293420889 |
| SHA1 | f91a1664c518ab15aa0f4a5c5240f413b7727849 |
| SHA256 | 85ceaa9daf90071944981dc01f3d021e3282bac01cf52266cb4646ad8d975758 |
| SHA512 | 304f9898e584bc36ed77df8a0f3785c9c27b2c8ff7089f2c0670e24def6cdca22528c224a3f4df1206947ad979fcc35a9c321b69fc58cafe28ee486e1bed7cce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c06b14ddc3b5c9488b1ce28a39f58c88 |
| SHA1 | 44cf76ef603f36d9fa5f05833c336e81b0872466 |
| SHA256 | 68fd7991ca15cc36a5e058bb3e540d1775b61c3bad17ef8542c40fe2d9e15c60 |
| SHA512 | e50e50fb64576e7a5dcc4e0630bb42925f36ee7d71fe2c3af475fe0339c1e52eb2398b95bce2b0c905de26404c0b866b271ee406c3cea5f88144b22e004934e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a76745234e7210bfa1bc7f7e0dd81e18 |
| SHA1 | 7c992e766a46bd9c50344392ebf364a6082ed432 |
| SHA256 | b009e7e166eca34bf9fde5f5c2c00c37b7420c6376eb09e452ac5f7349713bf7 |
| SHA512 | 1a82078584740eeb89f6b25e77d85ee4a0883bba4aba19f9c7ac1667f4708ffd4bc4a79738df6ff02ab7dcea0e24408d147f4f1b401d67a736764455d0174142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ccebc371e3a30f0b4eadf60ee704789d |
| SHA1 | e54d0530187451e0b2213e5f85a87a2243b09369 |
| SHA256 | 7346939a33ecc26e174aa3c99d0cafc8b3c3bc048c09802543fa70731a970161 |
| SHA512 | 3b174bcd3848f406709e059843e62d00ea4b0aa3d21fcf60a9bb513d7a95250165b5859a687ca36113225d2bff437e7371bb54d33467d24a16504b4a9acb344a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9c1968d7cae18c38293cb323b2181a3 |
| SHA1 | f7bbf080715e08d0799f632e8574000536dae70f |
| SHA256 | 70848b0e687e9dbf8eb0296cb9ddaa88e56a092eca423ba163201e477c9b5698 |
| SHA512 | 440effa214d6036d6b59d79744d995041e16904e0639460187221e3af8dd62061fcd4ceab68dbd75a4a80dabe6e96d2acda7eac6ebc63ec78a778864f9f64ac4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63bcb4435d53cb60a6dbab55d53031f4 |
| SHA1 | 1fae9fba015e3bf6bd59ae379440947459b4deea |
| SHA256 | 1906a00fab5d1b605be3af1eff8bdf0603b531f42ba3bfd3564430f644d891a8 |
| SHA512 | 66b9fb0ead3ee098709936ee5f78377f962328c4dee41acf5ad7f42f4722ac1c47ff1c6fc2c978aadf3718691cc00501a1d956b35f1b466e386904e409086ee9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27950ae14dc2cdc5434903c5b3b339dc |
| SHA1 | 25248d827fcf6b65ac997132401e61bfb5bdd854 |
| SHA256 | 95bfc47e7eb9780b8763fa05dab5628214a47c48340bcc04ce21a8df92ce6894 |
| SHA512 | 9e5bc885819233a81a32158a849084418b2337a7da45d375698dfca886114aa9bba23159903a04b626f29bafd17b70637dc591231a6b4a365795e49bda6bda59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 507b03b06d08d90262cf3cadce3fe470 |
| SHA1 | 50791ad7dba518170c951b51b956889646dfb8b7 |
| SHA256 | fd3d935d0d8b30a1a986c08a274bf75598992c9a1ee726269b68bc8d5ebe8b19 |
| SHA512 | 291ab7850ce4a2e6a42dbd24f0e077beed3572aba344af78bfeb6c803b22b1ff33be565d6ec9a4f49a3e8dc1faa502bcd00849487aabed3f2c4913ac7687b42f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a2153f4c38c0aba56490b04b1ddd1c9f |
| SHA1 | f23fc8ff86098dfeec719052331f533e6b7b75ef |
| SHA256 | 289f83def5e1f425d25f6a6d70891719a4a9edc6c5a9b1edc917c7b1a603ba59 |
| SHA512 | dc6d476b727f3e396528cc57cb26ea43b44c1ce16123f7acaa25dca58868883b10cd4d6e7c13d958845f3a46393baa1aff68ad8900f3695b2a147205e77ca739 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79e3826e886a5c821f29a20e4b17c3bb |
| SHA1 | 0d887c0cc1c8a01c5cd04f66bab49340ec45bb25 |
| SHA256 | 7e28ab1c8ccab6d4fd95ab2e5cb9b136012135226ee49ac5d6b819790a67a32a |
| SHA512 | 74630c26004657f0cf10d18905a0815f4ac987b6e2f272cb7d2b276a5c9c7539c900d7ac2305b42b48e4f5281c27f8e274ffdc3821f3cf13f5356cd3d05382bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea7fba6aed9592d7a590a262250e1d40 |
| SHA1 | d2aaea21859464dcfcce3f331ab51873f873f45a |
| SHA256 | 5a055d85b0ef020b5ce97b82fc5bc250405c4b569d18fc82eb95f79025fc9f2e |
| SHA512 | 6ea80aa193630e24d1ebc9d93eeb95ded3c369439a1804347e0c5511b6d935c2b3963952972cdba2d485871176aa318d02608692641d462417c32321a1c2cb43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 0c1baaa02cbd987648e6c8532d29579e |
| SHA1 | b9abc8a7711fbb8d383db8e034fbc958da19c808 |
| SHA256 | 3e80d4afdc759ebe366b9e89b1e9686d37726a68d8fa66c84d7e1529d96697a2 |
| SHA512 | e770e7ee351bcc260f5ae7b370dd89aa69532e35a8e257694bd3e46f3c21a9dd3f4124ff3196803f1da81f54d8f5adfc96f7147c0cdcf589c2b8cd31ff6f4e67 |
C:\Users\Admin\Downloads\Unconfirmed 287779.crdownload
| MD5 | 727b85f3261c859156f946850e1509d3 |
| SHA1 | 8b20c9a0e489ea239598265e78bce185cae10c92 |
| SHA256 | ad4f677c5897c3e92cfdf8c8cb39f0f9998aa37e7261909289b78554cbdfb322 |
| SHA512 | 1b6a49636096085bf392aad18243f0d06ce8a24458401c5479a5b80e4d9bf0561109daa4c1c3ad4525a63a3fc1e1fd93405d803fe9c8375653727f8ac760a037 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ac99e454e4ce0b46618531213ad8c58 |
| SHA1 | 6f864c75c88937d7ce0081899aee29f67f8e92c3 |
| SHA256 | d595ac5df5284119885de065c393e10d92b9d252bf251bd287a17c1fde876e2f |
| SHA512 | 387f9ad4e6ae0c77232214906c1715cf8fd0e4960a054a56ef91a270b8e9cbbbdf0eb6b21885d225d4e1688a9febb8eeac12cf877ec226cd1feff22d8c9f7ca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8309e51f059d4149874d5e82d03ed616 |
| SHA1 | b6bd18ab3c0ec4a7a0fffd51f373e45f3e360ac1 |
| SHA256 | 395027294b5b6b94044ec19a53f2542d43c68ad70243d4fc3e112e69dcc2f793 |
| SHA512 | db3e99a11708e5f8bdc9540b14fa75675a5e26ef8b9e5edc22d2aabc965d83930b19b314f6ff3ef2e5c13368af5f4159056cceed93845b51f855198d3dfa85ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6cc7f2491b840df89d4c2103c8de79d0 |
| SHA1 | 4602067e58060285b444ed6f2307e073feee93c9 |
| SHA256 | 5040ce83fc271448cc8f895f2d5c2d15faafe1d63cc42f56dd291f8d9eaf9bef |
| SHA512 | 7447196bae37ef9b4d69159faf6cce26ea5499039a1ef4d2c0f49e5ef6b99d5420a44425e21ecb8f3a5b0af9b56265589ad987a2d42f49e6048296a3d4703644 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b35ae6136449334c658f47a85017a510 |
| SHA1 | ed76a164f1a97b7418502dd7d034ed5bb0f0fbe6 |
| SHA256 | 80d45c4c395b6725b861e372432f94c76dce32b942a01342590b26d3a440508f |
| SHA512 | 949c779c346174d9e49354ce5b988d5782fb07bc780603674f25992c0f386813f325ba226f5d0140ff9996a660b96538ff301daed1c1044374ba4c61362c0bc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c1c5ad39123d0cf5b1b4e6d4eaededeb |
| SHA1 | b8636b033b08d131e6ef23daac36cb35796309be |
| SHA256 | 22d8761582fe8f688cd150ca2a7099b6842888ab11af40439d42e3d89a206956 |
| SHA512 | db1066fa8230cf9aedbc834ea1b32696cee443d8ff1cf99ae67f6a1ecc7ea1d963c8dacda3369442964cdaba950bbffe87b9a05448a73d5681530be989becde9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 196e12061b6c5fcb27283810f0419f3b |
| SHA1 | 507a90fb84e6dee12bf69008852dc38b860174f8 |
| SHA256 | 6dfd2b0277cf9ed22cc3904a550e26622f90a75fe79ebd0a3d504ac0749c288b |
| SHA512 | a8a3f0ce6446883955bbd0b989f816750c37c9934b0ac4f5fd868c80b3245bb9563855299133c494531e7609b5880cdd2f327b45d289361208d67ab726c45c9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7f962172f367d8ef6925a3e6f67f1b00 |
| SHA1 | 3a5ba93ee25fb69d09b05958e376d4c86f8dd2f3 |
| SHA256 | 20420e216664c5f0694a83fc6df276e7d61bc42c42977a762b9329ab12ef6c74 |
| SHA512 | 1fccb843699637a8d3373f3934dee987c95b6a8373373efb771036a50e15d6136096bf6f2dc1b8ff95e04dfe2af7f523dbb69ff9ede608a18f2a9e3d52b2df59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f59c965b6c7c07ba7930b1fd90a5b99 |
| SHA1 | 7ae23600ea9731f883d300f9d3d2b5aef4393810 |
| SHA256 | facb4cad51d3bb060b68ca385682d2701c3b7ab5615d8ead2b163248aec0c073 |
| SHA512 | f4cc944c08a203b89be084163f796da0d5ed0d447c714d5e4bca311e3ca3ec9a2d490e711775b17fdb6a2b1c16123004d144048f2619169d8ab0d0a5123bbec5 |
C:\Users\Admin\Downloads\Unconfirmed 637375.crdownload
| MD5 | 0805ecf10476a091999e4d59d0db71a2 |
| SHA1 | 101bee2e755897d4a03fca09a1232478ca5dcef4 |
| SHA256 | cd87a8cbc13f1c3742d574eb6a98e1a2b4cf21128f2372143f791ba46e7b524c |
| SHA512 | a385b3028c30b029ce5d26220d7c5db669e9b658826ba7e5f186ed243af5c2ac8398f2ed6bf815a0729aa504f58becaa224e5dc58f6b06d7f7a212557d0d57f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f072f68b734a18cb2cf194422054518 |
| SHA1 | 506350e5534b8e05d10a2b8f2e2e3e53fcf722ca |
| SHA256 | 6b3686758c399a3f80f9787e43c524c43a45c8b4a241020c5bbe86ed11e58ef6 |
| SHA512 | cdf16a2640eabe4071bd0813374c00430cb0f4ed71546b55178d3964cf51bca65c12cb1e472da21022ba7f4b37c272302d420fb98eaebb29da7127a6e52371e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7f032fb40fb2fcbdf80cd926af475b06 |
| SHA1 | d1b478e32edf8710cbf10e81508e17bc4ae45ac0 |
| SHA256 | 7c500b2067ba80b85f0a56f3313314860fe48a889f02712e4d7f5aee6b319fe6 |
| SHA512 | 5deec421aee94afaac64dd5cac4618a2ae0e246a5856769df7fe533f39c78140050699e5f2cd321e2a85d1dc59bdc7b5e81950635754ab8d4b71571b9019bb53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0284834889b9f1ea167b0a82500776d5 |
| SHA1 | 692ea8c6e7714904f262e0367d6b89f2b2c953b1 |
| SHA256 | 002e77701dd020b5b3f1f373859426f90de6a267ffdf4498966ffc8803ae293e |
| SHA512 | 30629274fd1970eca5451c3c9d2e011eb0e4567a3209d33138a2f84eec113c53747bdbfbc913838b10eae8e4f2d4f25d1545c5e6e0bfe9b9be05373ac8e9ad65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e14ebdf2451c3076eaab7c496304c1d8 |
| SHA1 | a0e0c1cfa26f6ad2d30036bc5179c7c549d62843 |
| SHA256 | 6ed5c2dc1a2dbbffe3105bb1f8fb0bc9b36c5570b668d487cf793976c8587353 |
| SHA512 | 39a5eccdbc3f717771258f350e20e95532334c73c20399c167ade4bc080de6620f0c42c3888ca269040203782972bc050892f4fa1e799cccdce7d3034f28c5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dbde2746c9e06b348310ec606d038d2c |
| SHA1 | 349ff9db299320b58bde5c6f1d019f3081797760 |
| SHA256 | ba64982ae279b5777d8e0a2e9e9e4d762b787fa0363179d4089276dee4cac6e0 |
| SHA512 | 957f175072333d7595acd08a6fbc6574fa36076e9abeaf103ed50154585f445b22f6f7eb7516556375681759ac8c20c027cd777d957df101b39e8815983b6cc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 575ae975aadd5e2573d799947c40e650 |
| SHA1 | 3910c42f4f4f3612703b387cc2246c13b69737f1 |
| SHA256 | 8dea5d6045e32993ac51db3e3e525183b143342f935486922dc4e42c2c640336 |
| SHA512 | cd235a887a7c215b72551b568a47b9352f4cf2d9eec2e74545e0dd8f137565e511d8249da3976821baff6b171c2413c51a680c23608a27d5a27ad54949abf3d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b6a75911fe83085f123d5721abeb101 |
| SHA1 | 68d905c81d85424f2bea30a00126ba1c78235073 |
| SHA256 | 5c22c292d6d6c1776984bac1445eb35309d4b1a372be156ce0f3e06c2e27843d |
| SHA512 | 9960a7d1c04d6c5acbd85f01f31aa4bb744a066bc17786c1ba08341b23f969602f3df8fb73c5e4c3396e5225c6117c35e03e05db760a71f5775501fdc19cfc1d |
C:\Users\Admin\Downloads\Unconfirmed 545694.crdownload
| MD5 | d93ccdb32969190c249e047afc1c1ef3 |
| SHA1 | 49fe807b5805f687246c5f116385392de026c2cc |
| SHA256 | c6fd8ed711733ee59a747ebca9bcfc10edf4cf58e3bc2906420de8255ea14d7f |
| SHA512 | 1b9dc062b246504dbf1ecd554afc52623916aee4eff48882336d5c329a65fdc967950cf6b03c21a5f7a9f9a862f68fd82175f49b67723a4e5047453766e5fbb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e90c4d7eb64fe85affc50cc55221ef14 |
| SHA1 | c990890f4bb8b902c05d354165d0326a53b67a31 |
| SHA256 | 6db078ea2c811aa31b479c59ef634282457dd89c56b44b7d93ed00f26b49d04d |
| SHA512 | e05c4abb5857aa04c24c83815796aaeb7e0649efa3ce8887421cb5b15e91e5c48a9930b122f64432f2fc10a00dbe28036e8213a68e98a0a342cf123cfda8f08c |
C:\Users\Admin\Downloads\Unconfirmed 545694.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7dfe475998f3965b6b0e57a09f4d4f0b |
| SHA1 | 3acdebda6ca35ac314591f217b5c81648fff3d84 |
| SHA256 | 1742ba329d802b3918c0258413299dd66747a2337ab86a54b3f9f2a18021f996 |
| SHA512 | a4db4d9af8bddbf1b8a26ce0fca1c0a3e007475cb180eedb4d0a4297e6f7681c3edaf374d64e9c744d04d647d7171016568d12d543fe60d1f0ff144e559961a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 557f41f2cb2d055235b50d9d0ab7f12a |
| SHA1 | 770fff323bfd78c54cb0a9a4584543e8c40ec4e9 |
| SHA256 | c7d208f405cb37a66d2b7fcee4b9a69a219e3eacc9f99ef842f966eb25eb3e69 |
| SHA512 | c4f9be8dc83fd72b4b328e0e7828387839699d90a862984864b70fb0fd0603f0932e9952b447f0b69e5b0be1d9396c1d321baec577dd9ee809a2300c5f2fe576 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 548d9cfd36ef7cc414d7ab6706256789 |
| SHA1 | 171330fc4446d4fc6283df85cc5bf4669cea89a8 |
| SHA256 | 09edf6fd37610dfb19a58d75d906d7076b9b80063c65190683e2ba2eba8c8d08 |
| SHA512 | 6ff105c6984d3eb06af1e69f0cd9cde6a99aa9bb53a2b7c290c8153cf1128476ba7c451c90bee7be8354a84fc437111c7283f1474e3126cefbc27bb10c1942b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | ed3c7f5755bf251bd20441f4dc65f5bf |
| SHA1 | 3919a57831d103837e0cc158182ac10b903942c5 |
| SHA256 | 55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d |
| SHA512 | c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 1d9097f6fd8365c7ed19f621246587eb |
| SHA1 | 937676f80fd908adc63adb3deb7d0bf4b64ad30e |
| SHA256 | a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf |
| SHA512 | 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | 027a77a637cb439865b2008d68867e99 |
| SHA1 | ba448ff5be0d69dbe0889237693371f4f0a2425e |
| SHA256 | 6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd |
| SHA512 | 66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | afabb45c01580afeb15f7edbddede1e4 |
| SHA1 | c57bb777b342c4ef82222710e263a12254a90669 |
| SHA256 | 7e021de4c01c9839a606155226b4858eeff0eb0c4af9fbf845754f2c24afbce3 |
| SHA512 | 611317edbc2eeadd8b40a734906db9a9254800bf5f63c3ed9909f25988477720cebba6d946995bc5029e1624338a3447f00029db1505047810984c397152d068 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0de562c303ae9da00e6cb9dc0da29341 |
| SHA1 | 9ccfc808e737af52e2b14c65d3b9022041fbd33b |
| SHA256 | b9412660ea93bb9a0618d8bce407974c02dd5770d6188759fdb7a01d57b833e1 |
| SHA512 | 54377b7378d552d33fe05395e3926cae858d260e1cd19d2c65ba8ef375e9341734ad5b0ba43c5bab370d7637006ff888d2b61d2586ed978a7fee1e42434771c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70abb056f7bcd21bc301a74196cd3fee |
| SHA1 | 05e32ca525b9048d9eac12b399f6f2dddfa3c800 |
| SHA256 | 242306253bb2030a34f6068f6206afeb9d4cf96ff5c585bb58ac4c5bce594888 |
| SHA512 | 2bedbd56b39b07b530e3db09f85bc62c22b2a4e019523ed3a282019a2ab1d14cd35dddbb637e7d612a781d9ac051613a23792bf3a630186378e81703d7531745 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | fea96c6b6781bc4293bc0d6ff442cda5 |
| SHA1 | bd128e56d20b64c9f19450710d05bf5221bfd195 |
| SHA256 | 3c91fc5b876e662d6764c4420ac27342b98eb6dcf75b915f239eb25e80ec8750 |
| SHA512 | d58eafe1ad7d98d1c0ec36359853451c09a2ca41193b47e0a1c8b3727cea6340c746d5b99518955c18d99d6599ea18b43233a9fef400366721dfe7ee623d0746 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b36716b9debda1bdfc81e40f154e9d5 |
| SHA1 | d858c6a3c34806f68e6448a9b526cc069c6195b9 |
| SHA256 | e90a993de72808870c841b5fe48a4d5731ddc0299b19d36a2af631ff7345f12e |
| SHA512 | 12fdf64351b89eb25cfee4fa7cd0d4b24433a058f7c0668e6c75dcca88735f35d3f13038d3a4fe5e7f5d973de3933679d60a85f606ed266026f25a880e31af45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1489d0d39f312dda3039059de95f47d2 |
| SHA1 | 83d5961aa0102253064e3eef40e5b7d8451db2cf |
| SHA256 | 8720fff0501e35e12832e7e2eaa25556f479967b16b9066b1f9c351b2cfffa5f |
| SHA512 | 7f81431c34107631daf9425cfce135a781b4f67a481749033bcc497326ab3d6227f03fa1490aac6b1741a999783fef7f6b9a9b65f0f5dc30df92bc414acf00bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c8dd6dad464b02e83ddf96b42519b96d |
| SHA1 | 95b33a15f51a967f0f2dd576c7424819caf5aa2a |
| SHA256 | b49f6d496bbd165ba2dd5d89e5611e97818c1e716e65b238a88090b64b0b9785 |
| SHA512 | bbd25d7728bfa7188dd1be3c79183e2ba8832301b134e1968f5a296fdb9b10f2415c794aeffe5590eb15a5022c5810855fb3d9058c320ce7e7d9b494e7f4416b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba79fbe352be6476_0
| MD5 | 1898143d40cc7eb74b6f7eb06c615632 |
| SHA1 | d9c431e0db4d42a5b9a1070048cb58eea32a87cb |
| SHA256 | 1c320b7ab6f9d635090460fab1455eba3fbba23355362db6952db28e0c900de6 |
| SHA512 | 31d5e86097daf577b12877135e1bcec3dc7df213f74766077a1b4a7d3c3955fab4c5a77010ea7722b4d8b939e67ac136283b118f24371f49e4a9ec3bdbadf9a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\183879f2abf331b1_0
| MD5 | dd3eb8baa50b2b2fa476801b3d6f8c19 |
| SHA1 | 002b0ad107f882bb00da7d95446aa0c022082112 |
| SHA256 | 4fa492407ee13dd9ed4763083b919d5b1fe8f0fea729e5c1b27140c01a723638 |
| SHA512 | 983c101e5717b4466015a7d394883ca582c6001edf20e1881514cbea6229f1ce96a79943e7598c8fc5fb8b40f973b6043269effd9c2fc274e90af60eb084ebfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a75184828286dc0_0
| MD5 | 1e573791d9f3b7db6f1dfec5aab47127 |
| SHA1 | 1f41ed6e1763f7abee1b25e352d709a85c5799d5 |
| SHA256 | b2dadd77d642e86d180b7fd3c46ed0008e766375c3c984e6a630aabdd49bed13 |
| SHA512 | c45b8d798ed0058ffdcbc44145721a752f51d4e6ab78ff2a70f4367f31f789ed77ffc3af5cab3b96e673ad83d3ff7a891cc2049d5fbbd891af89d9d85e99db4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6a786b66161a356e41a6f9dbacd17869 |
| SHA1 | 35bd4671d3fd22a379396b291a272fa04e829041 |
| SHA256 | 4a5874d4af383832197e34aee7a0628b09c1fc3afd71e7ab962a75990df7fe5c |
| SHA512 | d0fde2418399bb218a2cfe90447b98fa8af3c78f5e2511402dd77f9dbfe0acdc0574ceaf2ae32bf284ad4f4664f279971626cb37101f78a1a9e189ba38fbe02f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8c7dbfd9a3f048b7d8e1af84623c0222 |
| SHA1 | 5e8f5588e1c25bd18a08f8d46d9c591eea3227bb |
| SHA256 | 671cda62d4cc9caa77f08e51ee5b0794a4a3c7630c9abc21ac1d00e8f427ebef |
| SHA512 | 1fa271c44a7a94edee7e7f24d2d985c5eb3b8fcfe7b8550538b6e759734d5dfb091d95074fd7108f7ea8c9a43e747fc392076bcca7754b01e2cea70cc9e38b83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3fb1539b81958e49cfc7f7429eedb887 |
| SHA1 | b7ab8976d0f193891a18d197b6026a9752488314 |
| SHA256 | 109358ec246cb15b83e2264b352d18957194fd4450180469ecbd3323beb139f7 |
| SHA512 | 45fcbe389ca1fbded3345f8dc311a0f8196108038cab99d8b4e4b2ebf13a5aafafa04237febac5abe5e0940a285bf2c4939d1588563241cc871aad601d66a347 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0046ba7b46b1884ce7458c6c79b048eb |
| SHA1 | 621d0c9958b8b1430afb26c6819f1de16b32157f |
| SHA256 | 1578890a5672329ef1790a1f62b1a81d4d7a5c91edca02b0cb4ade51a9b160ab |
| SHA512 | 807502e9819c96644c5c61696628c56b002c4641d2d441fc407ba25d69be3638b67539e5696c4e9cd5c112b7c5f5aef7d7fd5e2156aad263c095919833b66298 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 664d7196d9f008e218db8d134668a3f7 |
| SHA1 | 7ce7808c35fea8f85e511c16a5511a6745260b08 |
| SHA256 | 572e51bc424331413368dede15c612d660201a4bd33dc1162a0ab77eaa445d72 |
| SHA512 | 9ffb275dddd3005f57fefd625ec134184959c2d0eb1b2a0c1646aeb138f1e54ff2a2dd59056363c78f19cd031477f5027c760a83b5c1e80402ea6164ea70fa4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 279565bce80239c97e5bdc663a8ae36b |
| SHA1 | e17f8792061e1e3311dbc06f8b3db48cbe16c57c |
| SHA256 | 227ad065e797131f4cdd570822251d45b589f67b64cd0186144cdbae264d2618 |
| SHA512 | 44f0850ca84143014c620596b16adb5c0f5d04832aeed6d64000ba1e724c2ca2787210c81559e12c802827d556138dc5b228c9ec8fe5cccbe3d6dce2633b2f4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | cf604c923aae437f0acb62820b25d0fd |
| SHA1 | 84db753fe8494a397246ccd18b3bb47a6830bc98 |
| SHA256 | e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4 |
| SHA512 | 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9383482bab4af23a67e1c06f30ac879c |
| SHA1 | cd7f8ae01a080d6fb781ec03d01e004632304c64 |
| SHA256 | c51613d604a72f08e937365803e789a3a10137962f4f1018689fb2e9b82323bb |
| SHA512 | 864bb9e1b7e49a2b956cd060035171155d0f7e0c235ca3dfd9eb49c95ea589e7c4258dc86b5aba83cab86c28a99cbfc03071bb5d5925c5dde4fb102b3f638b82 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d56bd8835d716b700c87f3b7d795e887 |
| SHA1 | 2ec6d59eada725682d7b662701c3ec59374766fe |
| SHA256 | ab7a18530a01d292adaa310dcb28c0072d0c36db067070b83f90a8474975a69d |
| SHA512 | d887f3a913ea4e46f0d934d2bee1173cb599ac9b07da5659795f52e5cc63435e8935cf45d8f9c2f30e7a834799290994fbb5287a326ebb99ff82dc29f9e48803 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | feffdfa01baebf06db3928f18bac6c5e |
| SHA1 | c60a834e8e019a1895f44c26153167c45108335e |
| SHA256 | 0dcfaf02c569b9234bf0c6823811d2eb9a605153e8ad783ce71445526d6351e2 |
| SHA512 | 1fa7875c5b390d0d9f3931440241ae7ad13ed89c7a898e5d4c170f19cea73344606503dfe8849f4af2091c24b7b2c2484c197264a1d170491dad106b89ce4ce2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3c8580e94a8aaaf525d574540ede7b39 |
| SHA1 | b0bc9d8ebdcf8560bc75977731794961a7ef3e39 |
| SHA256 | e33cd83582e45ac73d54f251cc0fddf0c000745273bdee0e1700e586a015666b |
| SHA512 | 775f4f39beea295dcfd82d73b27aea684328ebba215271df35906563ae323e0667b08a4580381a6910e65306c0e5c8852848158a42e32f6d41f93cee4e7aa1c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 525e44b426cf8e9328953c87f196f009 |
| SHA1 | a827a9ec0e1b03d7c65f24fc45a43ec536d389b4 |
| SHA256 | fd84ed01ccf3492110703135df2ab9f6a44e1c799b1fc60154bfcac6e8343508 |
| SHA512 | 306b933fbd00e4fa7e5fc59a3ab96034b935149ac8b02d0102b5da75cf5a3349058734a60eb4c441ed4ec8d559cd8e3521c99bf028a0bf7d9d2468c37de710e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 199602321b319713a9e2712b9400e71e |
| SHA1 | 40dfec8c32069f4c826c56a8c6f9a58750423d8c |
| SHA256 | 5517c1e1e24411207a47211ee6587e819105a7bfca90d8352241c450ed883872 |
| SHA512 | bd49294584f2d7c691b4e16e26f022ca271516e836f49026bea88947037e2d7404fa1d1696e436609f0400bd7edc3f630de423dd952ccbf2cf7eb441ae1319d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83594d13020497f80d07f1b37dd01148 |
| SHA1 | 282fb9aa718683524e8c610496764867b1b5f786 |
| SHA256 | 4a7f8e825130e39d6fd889939a7382f7418d8f914e1f5f9d7771c29578cf43b6 |
| SHA512 | 3c0cd35e2142a3a036f19d1f46fafb25501b1753bd33e3d479ad4f408b38c4d8b787dbee36ef91d83bf8102b8193cb30fc50ffd3a97b9a90fbd24c6a96d6eae4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f108ae1f8b83a5b874158a6d563015b3 |
| SHA1 | 49b2ce90dcfc8e6ed553ab77c6b22b77ed7e53d4 |
| SHA256 | dd4c5ee94491ec34292d0f893f2b714f0e3059e8afee3fc140e3515774eb00aa |
| SHA512 | bfa692a0af68623627b33e133152ce79b5b39300824fd5bb88498faef92ab97a76cfc59003720522d1138ea15b23d077a952e0f72480d1ec8656d4b30bef8cc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e0a65501633875a77a967ed513571fe |
| SHA1 | d6ac361df33ad6630d342bd51ee28213579942c5 |
| SHA256 | 2951e13c82841115bfb797933904f8b250c28645abca88936e741af1f2afe9b1 |
| SHA512 | 6fc787911d8f194131fe2125310a44640eba4e02ebf467f3cb332e515b0cc3b292e7dfa9c5f534fabc8e7debd441845d24927cdbb10bae226a179f1f6cc7c1e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8943800a28be5a1a20e9b003e91a5699 |
| SHA1 | abb617de29e15c67911a996cb7adc06dac9c4b45 |
| SHA256 | c8469fe413bd1f557a0d0c3cdb6b12274d697a98b092f34357b28ddf7c77531f |
| SHA512 | 20bbc28941ead2d5bcfb216e311f663b948b46feb77ad32042754ea8f96c1722f16a8f3933c60cb4e2c8d37d4b4c42b5a21aba6646c57e185f6f1dfd4a25b25f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 26f752a3e9aeca5dbd2e87cc78530f85 |
| SHA1 | eb69a839ddcd7bdc6f7f457aebeaa9e115eba56b |
| SHA256 | a27fcb2dcbd5f05e5ba9d86be42199e88be2feb8555e46cdbce6af436b750f72 |
| SHA512 | f1e623821891d9ff2b64764d1a5aa0e2b5fb61257dbceb3dc93a83eccf2df683c22b835412f31080fb13890df8f70f47e4db87aff65bff664a353914d906c468 |
C:\Users\Admin\Downloads\WindowsBSOD-x64.exe
| MD5 | 98172f1b9c0b29735adcc41e2351044d |
| SHA1 | 8e17e4613c53ebfc01acced2ed6d79fb75a018fd |
| SHA256 | 127d0f4a3998719c747d2aeae030a39caeafaf304f0cfcbbee8d4358660fad48 |
| SHA512 | 3373d1f551efb3e944cf6692bf3adec45651ab62e5a66765bfdfdeb310e8069dadb6b5d45b6f278900857c052ca6c1892320942943a1a445029e727190859d03 |