Analysis Overview
Threat Level: Likely malicious
The file https://github.com/orangegrouptech/Biohazards-from-orangegrouptech was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
ASPack v2.12-2.42
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 13:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 13:23
Reported
2024-08-07 13:32
Platform
win10v2004-20240802-en
Max time kernel
506s
Max time network
505s
Command Line
Signatures
Downloads MZ/PE file
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Popup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\nitrogen.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Popup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\nitrogen.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000007e2e8d63d7e4da0127a9a08cdfe4da011f4b3354cde8da0114000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 703043.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 629597.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 877603.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 35795.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 763032.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 938241.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\nitrogen.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\nitrogen.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/orangegrouptech/Biohazards-from-orangegrouptech
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff20ae46f8,0x7fff20ae4708,0x7fff20ae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x404
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,16880448299766528035,5482958418931085616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1272 /prefetch:8
C:\Users\Admin\Downloads\Popup.exe
"C:\Users\Admin\Downloads\Popup.exe"
C:\Users\Admin\Downloads\nitrogen.exe
"C:\Users\Admin\Downloads\nitrogen.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 95.100.98.80:443 | www.bing.com | tcp |
| IE | 95.100.98.80:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 80.98.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:80 | discord.com | tcp |
| US | 162.159.136.232:80 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.133.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 104.19.229.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 104.19.230.21:443 | api.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 162.159.135.232:443 | status.discord.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.discordapp.net | udp |
| US | 162.159.130.232:443 | media.discordapp.net | tcp |
| US | 8.8.8.8:53 | 232.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | tcp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| US | 8.8.8.8:53 | 219.168.217.172.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 213.80.50.20.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 172.217.168.219:443 | discord-attachments-uploads-prd.storage.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2dc1a9f2f3f8c3cfe51bb29b078166c5 |
| SHA1 | eaf3c3dad3c8dc6f18dc3e055b415da78b704402 |
| SHA256 | dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa |
| SHA512 | 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25 |
\??\pipe\LOCAL\crashpad_5016_BZRSICPDFLMRPPXQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e4f80e7950cbd3bb11257d2000cb885e |
| SHA1 | 10ac643904d539042d8f7aa4a312b13ec2106035 |
| SHA256 | 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124 |
| SHA512 | 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5fb4140ab7e3f29c7693832b9ada5b84 |
| SHA1 | 1ecdc9d6b213d3595ad49f8c8009ef107e86f5df |
| SHA256 | d39e522316942f3862f4db6da36d8ecbe1fbea885ce52d3617aade37977fad1f |
| SHA512 | 0d4f5377a9c64a4be6319272846ad46b45959b52285ef36a57171ea1fc08a20400e290b0b402a36e0e2bdec004ab924bd534b6d58bd21dab19b558ef7b1e1337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c3c5301c8dcd17f2945f209de142a467 |
| SHA1 | 92249fa1508a605a9b63472011a2d62f90f71800 |
| SHA256 | b8858a4371039b6c29d914f831cae6852a695e08e937aad0fc5bb590440ab784 |
| SHA512 | 077a0b3d55e85844f3fd829bcbdf66a7e4ca3b1206756fa3a18f4795ba84c1ecec13b310bd776d431773b23ed5c4dadc2ce2604e1344d7463d0f26864b3d219a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5039910c130172f44298666361af2571 |
| SHA1 | 5e47a6ecd4fdfd317ce3b0e639a9da2a84e159d0 |
| SHA256 | 7e8912095db1f3fb0837cb269947483e98dee66d65cde39fcc8e0fdf39274fa4 |
| SHA512 | b6bd73148ec3170d385349de63f4276d0190b8ba0ba021ebaa0a7cb95035333f178faef85b85667ee73897c4ae982de116aa2d5d8ae8c0c1aa16dfe174810da8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48cd1db8d34e44892c3a943a4915743c |
| SHA1 | 8b5f91126943a2886e2147e0fa0f24715bb4d767 |
| SHA256 | e89ede4c40f2bcd7263eeb6237ffb781c15d5dedfa0192f98e40c3465507c7d3 |
| SHA512 | a6d3064b4297959737926cdfa4a938e233c20b8027eb2842b45c9fa64d32b01edb1da7a4fbbf5537440a6b1fc6aeae5c104b091d0862d2978aa18fe28c9f2d72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f2eee4c2-73d2-4656-b736-b4a6e40ff8f4.tmp
| MD5 | 650150597a9f6550346709026b23e4f2 |
| SHA1 | 82e6688b0d0cf46ce10b2dc1f2c502fe1d5f057e |
| SHA256 | b93c17a17ed938cfeafde7872d203da93dbfd0f6ff68d532717411e3c4f200fe |
| SHA512 | fbc03c6817027f00c9d4a175c6e7b25699761b5059721620c8bc49c51f948f545a1ffe52a8d10065133edc826cebb8ad3f298da81ad5b80e66aeee63212dec91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e87eb166ebdd2c69b8c444617710a990 |
| SHA1 | d4698bf388ef0ecfef1d571866bdc53d15d0762a |
| SHA256 | 66a5863860fe577c9788afea922825834bf5f93ab72733350af85cc0f38448b5 |
| SHA512 | 917a03cb0c63f97aafd8ebfe5aca3af810aeb2108bf26837d74df68ea91f0b3890daed25672f0f82a4d3d732e878eb8e6049a18dfd4cbcd838fd44b2cc6511e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5824f8.TMP
| MD5 | a3359ba9115b30095ece5ba22ee93968 |
| SHA1 | 6e78404dbf45bf241f6c44e467be4a74555a5c1f |
| SHA256 | 13ffa7bf4a41d445ac5a3d0cbdbc894bfe293d49fa59e4b0eb85f3158e4bd497 |
| SHA512 | 10346d2e015cd341a9846a39c34eb81267cbd61dd3a33eb03afa55950aa7ab7ab17e5857cebc6274cf9dd70e3efcbacb961fd7b3f6a85329ef903e1c56124050 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f3a787066a0d10ef2e19e352bca1b06a |
| SHA1 | ac99ff5f4ffab8ba204ad96d9b40617aa254cf5d |
| SHA256 | 13ccab3b54ec3ce524bb458e067729c7892557cfb8b5e1c9e65811c43bc2bdcf |
| SHA512 | 03e1437d31599e91a06164e1a03867ddf6b4349f902f2ea0a4d7a15a9bb893b09728e7f6afa2da7458451deba9c9d1e48baad53a7e44ab4e3ec3f0a933a00ae6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 44b07e4ad908d2619ed4510bfc3dae3f |
| SHA1 | 0c2aa84b91c5a2e2196e4cbb7492f06993be0853 |
| SHA256 | 381e45ddafe840d19f5015f2d57a9096ce400f99bcda5ca8fc974107e276de4d |
| SHA512 | 887746914ce882d4e491c0100e7e461cc539ba0ec6112235ee01162d74c8d5638020635823921bcb841ce1e46c5902c301f61c89ed59daa6e19e534b44e27876 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a504fee0ad77bf7f03580ffa3eb33b1 |
| SHA1 | 2fe5c2cb6902e40a6f6295d5cead6f2e0f62b127 |
| SHA256 | c1a4459e8b2c0da4304ba38339af08beef2a8fabd7937ba7c75ee54ebac734ec |
| SHA512 | 35a7f190432556be95c3851567927396be6178bb3850487a57eda0c927fbfc12041f5d64b936e34d31634500d0fe232cb47a034b002ea324976b038f73c8696f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c07321ae20cd9eed3d535b0aab2dd570 |
| SHA1 | 1806826c0643367a8d9a814183c4397b8f690610 |
| SHA256 | 355fa96102b536319cd47b0d53ef43b10785d40b169bc3fa53da4931ee5d2245 |
| SHA512 | 12ce59d9df5569d3d3c2e31f7ba5bafa021817b857982a9b499aeb14664378cb467a32255231f5920a05ec89c8b689251583365652a6b0b52965d9d11952bb3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15fc3bb8e8f1a5928cc81a7d0f6d6d18 |
| SHA1 | 789927380a5eb8d391f08c6685cc8dca819e2e55 |
| SHA256 | 8dd02b20d122cda80aa374ca5f73b06a5aa925e643f488b637918387c710f6d1 |
| SHA512 | 53b510af70b526337d4214224eb00ca098a4fd38fcb3ccee1b9e935e84d107f30e6f992e20c12518ecf5d31cfc2d23f25d053101e10704dec158db577de84c81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a636b5ae8d3b72efdfec0b51db05d19e |
| SHA1 | cf81bcbe37d4e256faa5f4879621b0f6c4481de6 |
| SHA256 | 3e48b83642854cacc0107827d7256f7ad17a7ac0d4a9a3e0ba5197c72a239da3 |
| SHA512 | 349d7dd79c30a24b240cc240f24dab813e09b065d0338a5e8f045cdca52da38bb26e6cfccd76bc9f7567388365a602091ea20d715129cb59f29fa0e53890cd8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f7b02285db0e34ded56b47ff06601374 |
| SHA1 | 3c0c6b6cd70b2cc3feeef6897a49389f7b3c6a7e |
| SHA256 | df3259bedf884934b0300a0ef23c6292c199ddc0f10a8f6f8d2d65e751638e1a |
| SHA512 | fd3e36eb33c1dd9c1e35c816d52a1c39e7cd687cff72e884730389ba8a2eb7073145db9f74556826e163a56608113e41be3cafe67101b8bfa2ef498efe359a47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a86d2368b248f83dc25446f9eded461 |
| SHA1 | d9c0b0294a6b25332a0ee85a8c10c02b526dfed4 |
| SHA256 | 0de100c51eba4c0bd32b59dd9bc2619d5d6b474df5beb8408581b32429bdea27 |
| SHA512 | baacf7e22287018807924f15ec1898361234544ff9500fa66c18454a386fce5527de98fcfe7345ee1485b96f207f57f8648bfd6c7305352fdced6a285547e238 |
C:\Users\Admin\Downloads\Unconfirmed 35795.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 99dd17dd54c646534fd6492f6fc6033f |
| SHA1 | 9eed69853ce0cb0238ca34b8b93a3d25310e5e17 |
| SHA256 | 24f8b082986b780f469ceb55afecb88c483fc39ac4ac273e331fc2cdf80094e1 |
| SHA512 | 77495d33133d8b1f41b3d408d56befbf587ce43282e11e47e6b621afb402158a19bd8be2d01df0b35ae28cc27be2f2376324b2d53acbe6f795503bd5ef757237 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 2537f17c86bfb15fe2b46d389882f37b |
| SHA1 | 3dfebd30001b375d015a0133d7d1425390a15a4e |
| SHA256 | e788acf1cf0acc6aadaf2c01442e96d4356eed0df097be9a1ff2ce61c8987b7f |
| SHA512 | 521bb7d3d0d98416aa085202349e87a76554a3dba46355b35849f471f67e7b1ed412287b9ac52fef4de87f9f42c3d735d231f189d47ece622dd6ebdb8813874b |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df25b48879c1c98d6f4d387809400a14 |
| SHA1 | 2f5b4ca90244fa9587a9504896a06c28dbacd1b8 |
| SHA256 | 8f8957c2c84d9289d6216eb71c950ceb11e59d7e85888f4be1df4807631959cc |
| SHA512 | e6746e57ee50a77b974f6a93d7578e9820900ffb952caf590fd55d4900d16ce121918c675cb11d3adeafa96c44dbbec1533eeaeee889539550f4ed6256d57614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4702248388e8a1d04b942d003c9f9b5 |
| SHA1 | db3cd5d309c65e4b490c716c15ed303322eefd6b |
| SHA256 | 171a78d05570e582387e5cfec932218f2600ca9c5701046537cdbfd13916b889 |
| SHA512 | b8516d19ffe35992746cde8231ac31993f9e67b62561db7eba37aa863a197e216db622ae09dbf96239685c94f9d353b54615dbc1b58626b7167d09dedfc5b5ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f6138ea3b59eb7c4d209b1f418e5d4b5 |
| SHA1 | 5199fdf971b375bf68bb211c2fbeb03f93262289 |
| SHA256 | 29c195d719acb76f71fb62df47beaa16ba41787d12e1eedbff3c865663defd43 |
| SHA512 | ccbe40bcbb2648a706e017d069f2e9b974b538792f90caed3481f4dc98732a56762aca32d5a4fcb78dda4435709152aea619b75bc8453c791bd4c169b818b826 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e23ea0060eff570ebc99144917852c8e |
| SHA1 | 81e5b72244833123e79d2d435dc085150330a6e0 |
| SHA256 | 77edf72806b06f2318bc59a6dc8ddcbf5c856de3daaca7028faa86ad8224223e |
| SHA512 | 28cd79e6793c377c1c58b57fa2545a5b8e54db5186ae5134664fe17884c348f05fd301473a52466f4dbbce1a9cac6031f22ec6080adffa2ae85abb02bc1c4f5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eaef4a9a2c6cc32c2aa7b85ab3c1decd |
| SHA1 | 70dd6f13cb9cfb6a8e00cdd8def2567d46ff4214 |
| SHA256 | 852cd04708fcbb4a90d81c7ccdd811ea5a917f91e5bbf47957e974bfa0a1f897 |
| SHA512 | 36054e73b4d7c0ff12fbf2afb150a5f6644b10135f7dff09fe5dffe46014dd0b8821bb6f36117104c931f158b6f2b292cff925b1401fa0cbd54e5a3fb84a9323 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3c1f5f90fe0d79ba0614b957c4767538 |
| SHA1 | 855ce8aa0ff369b1139c608cef9df63142470abb |
| SHA256 | 749b6f9176672004136d0ea30847d1e94c2b706827d33b2ae690b1d0759f05e0 |
| SHA512 | e8b8b953a3e6c305d79a39bcdf0bf86a49e7288ec72165dfbcb96bddabe8c7e20ec7ce61b8ce890d0d128bf5b069972936725ba62d4f68ae5544eaf2e4bbca53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a37c7e53f78a93a28adc330f24e457c |
| SHA1 | 10159f366d17b342e20ce6b1a9cc8fbc5e54f293 |
| SHA256 | 1fb43ee8981c7a99fb42dd1e852ad98a7197052073f587d0ce4a85ce4769cef8 |
| SHA512 | 0b15ca8ec675c9dc5a6293b953929439c08d44e56b435033e3f28b7e44a1bca6a2e74e16020b10163bbceff631c608c59280839176a1a1e1edfa15077530e867 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | 8be2b49b110041bfb5771bcdb643da8d |
| SHA1 | 8200a979e3d71cd211efdf3e501ec28e9aae2dca |
| SHA256 | 1cebf6dab91935547839a4ec1710a8dae76b70c8d2e11598a8f474ab6d7e4247 |
| SHA512 | c3e3724f40a5c3f6d7738f7ed7500f9959ef84dd070c440d45c68836010be1d210ea1d5356a1167963cd734234e1bddcc743832e19d47729d6a3e4ba6567bfd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69f0569d9121b1b1fd2539ebb45ffb22 |
| SHA1 | bbc011f1111f3916160dc9a6ebcc0eb9429a8d08 |
| SHA256 | db0c5067c4dc9f64ac43f27074d08bea71e0f0220518b2c334ec6c9123021517 |
| SHA512 | 25d046c60f8e631804e71b35460aacb3be3fa8101ce8e25312fd4bb37483ba3763914e9d8dc38736b437310a95cad8b224f02e15b7b56638829241bf7a16bc8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f586ecb178d5672ebe05dc1e8540a9c7 |
| SHA1 | be2c6f68c17b7b76821b4a80c35227ff10522f80 |
| SHA256 | ed540011b9fff32dbf9bb62cb7264443f7a2c0d3f9d1a1d39d30a043ac6f9098 |
| SHA512 | 1709db35ff237d4d09a23e8c13854126ba2ea07d335fc04fb14d111a3cd9ad3808bb410a6fa796c021f84e6745e37d04f3a63f3f5cbc4af5469f44c29f52fc58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da87ed433902cf99e90fd7cacddb1eee |
| SHA1 | 12a4638aa6a6ccc41087cb2456b781ead4c2fb14 |
| SHA256 | 400361a9eed78f756f73b28952c56933bf81799ae05a38c3279b2a5aeb01bd35 |
| SHA512 | eb77ee650ade4ff92dc3ae32dc3ef123ffac9cb8ea18dc631f595ff8b4953b74d6a1c6a9c1ba69c8d102a8f9ff9a884f62b1a3f2b090dca1e571f1035bd91727 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | da91ce7709d5537c155efc200b0d2e45 |
| SHA1 | 0bf80fe427f89110adc843764e04f4b17a6c1eae |
| SHA256 | fe4cc46ef58abd9347c054e1558a4c7a03dc48e90240e6237c4a9a8e6b32e38a |
| SHA512 | 55b728df58d53161ad45f92158c3f112692f0bf776214449985ffc47cef7ab744e9338735d8b5ce4d670e111dbe953a7de46fb583e75254b631cb8befff1fa73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 46e178eea61961a3ec39db49e4035063 |
| SHA1 | e359fabb1802176d3b16e99ef4630a55755c1bb5 |
| SHA256 | 4b81763013ab4ed5ef32c41984cf6744c551bf521056ea07b21def2dcb38ffa2 |
| SHA512 | 87d138f582322a813f7d7a1871b56da230b7449c29f3343b8618f78738154ab315562c6aa1241ae9539f08cf149129b394621cf2a576f0049772226fa39041b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e4a84623d25e140ead6c7e3cd5037533 |
| SHA1 | 8a1c02653f0e32d49c3cbed4f08f6b9fd960cd8a |
| SHA256 | 66b8939e4f7c5a6a8137dbda2d0700324585d90a14558b5c8524dfac8a671a90 |
| SHA512 | 749fdc39d5b3c475d7f567a8bb8b5b93c9076074d8dee21cc51aa053f386b9ff3231bb4180bf31bd7812f161a84fede2c77dbde28409a2fd9ebacfafed745d23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c75c5430ebb94f3bb9a7429f702effa7 |
| SHA1 | 9b30b81fbd44e54ef428cc89464a48a6d151f573 |
| SHA256 | 476ca1f1e965b6b776dc5c8d2dc5d7b499f9ad046738b9d2fc7fbb5dbf1a2999 |
| SHA512 | 2df4e4883f633ba5b51e8686288a2e23fb36c423d96246146d8ec88ba1afa9efe4a133bef67c5d4d25be2507f3911e851a90e9f1135d2df6407e1f7a4f2c1f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4c64cc09c79cfe6f75be9e81c77805a7 |
| SHA1 | 9cf4f5189162e38dd58845227f85c4b1fd255301 |
| SHA256 | 0a29fa174b00cdd0578ace48e110faea543c3e2abe9d736c341f4f9adb179830 |
| SHA512 | a9aeed1d6c6d82544d24fbab6b9d9bb2e0edcf3aa07c0e2d37788f699628298fb3bef33a8a7e1038b081ac96237971eb22d7a1c2fa19da0f458025ccfb9a6f09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dbba3a702121d97ddb55c7d1450f26a1 |
| SHA1 | 56261911f14ef30fce0c162bd971f4a6bc8509e1 |
| SHA256 | cfad1027e11f2842bb31c052c0c465ca478a5dce6cc56131f6a658a1bb8c6b57 |
| SHA512 | 41d96edd7dc10443d851c2383b65f8eaa4359bf839c7d6481c25c997f41975d38ed5dd241a425bb556e0ccf5c3311b0000bb4036d9ad4079c263bd0f94381f84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 136c984dc7e2a031a48d007e0174090b |
| SHA1 | c551a29948b6771d994b92847fdcc326c2a5d9f9 |
| SHA256 | 1eedbf5ee2db3903e0993aa0a34acf32d3a1033e454cdf1db2d6bb7e4e4f4092 |
| SHA512 | fbb965f50dd6460b0f6bf33aa1edf6c2d51a0bb76962d456c7ca13dbe59c50941ff3c82a733145c78dceea5bae1920a926c1124d2aa523cc022b38a0ae491429 |
C:\Users\Admin\Downloads\Unconfirmed 763032.crdownload
| MD5 | 3ed3fb296a477156bc51aba43d825fc0 |
| SHA1 | 9caa5c658b1a88fee149893d3a00b34a8bb8a1a6 |
| SHA256 | 1898f2cae1e3824cb0f7fd5368171a33aba179e63501e480b4da9ea05ebf0423 |
| SHA512 | dc3d6e409cee4d54f48d1a25912243d07e2f800578c8e0e348ce515a047ecf5fa3089b46284e0956bbced345957a000eecdc082e6f3060971759d70a14c1c97e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d086578f7921382d7ffce52014c9e9d |
| SHA1 | 8f98acfbab46fbcd1ca9029e9f40e4af1bc96e40 |
| SHA256 | f33d33e73651f1675052cea143d2fe7c2b020c49c5a146fe0b569eda6d66bde0 |
| SHA512 | 7072c5ea210d00eea79087a5a5de0f85d7879e4f5527774f716181c7be6a5a43218628def8188d2e0c8bc443b9f1e5ea24de9fb3d47746b839b8aa93e3941ae8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 357fc6f5c825ded1df735653913d30fc |
| SHA1 | 8b1e59a0a05393f4a9ea25eee2b68ef9c0ebd81e |
| SHA256 | cddf6007de77ddb3887f035a5a1f45ac660da30c02dcd101ddf20872a21631ce |
| SHA512 | 5e0d2a8ff32f57304ab43857a506f1f87e318c7e33125541d02a817d92e0263dec22cae3df328b9fac0d711481480f2fa579f7133608bad3032c9a6fefd04e18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ab0d6eb178a9cf001cd422424bc1f4f |
| SHA1 | 656dce00ed25420ce78db293d3046ebc8e41e5ab |
| SHA256 | c9d17cc440a95de9a9004a6ffa706903a9c03c1ebc472bd2365373dd10a99b93 |
| SHA512 | e7ecce4cc3eae571c858baaeb9d36b0364bc5cc65edaf5ca2e294db45719c51b662b14537256e76973e047abe82fa680b1062984f779d908a27b622e53f4b309 |
C:\Users\Admin\Downloads\Unconfirmed 938241.crdownload
| MD5 | 6e49c75f701aa059fa6ed5859650b910 |
| SHA1 | ccb7898c509c3a1de96d2010d638f6a719f6f400 |
| SHA256 | f91f02fd27ada64f36f6df59a611fef106ff7734833dea825d0612e73bdfb621 |
| SHA512 | ccd1b581a29de52d2313a97eb3c3b32b223dba1e7a49c83f7774b374bc2d16b13fba9566de6762883f3b64ed8e80327b454e5d32392af2a032c22653fed0fff8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 63caa77bb9505662bc1c9de637edb729 |
| SHA1 | eb2addc859ee5a9dede36d8de1f461c1fce735fe |
| SHA256 | 48a40b159d5840c2e31773975ae91f63b324c7ed77375c715b72630ebd73e4fc |
| SHA512 | 1a9f59656f94a3504daaeb864907349df6795d00495a7885522bf94dd32986382907f9c04939743197bf1d2a7c66645c89eee1bf07393f3ee0a42b0ddeb4d0b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | 251773e31b2da9f92286c0bc45c7e96d |
| SHA1 | 0df2234f38be1cff7fda93e23b008fd0dd222aa3 |
| SHA256 | fd56e216c31a81709ceed001e826192eeb055effa9a51c423efe4bcc19dabe2c |
| SHA512 | 8735599c7122b1771dba9b0f8015126b2314dafafa287738bc84518c36630afb545b8d78032e223f31af507c49f3db281740de93b141d08d3524e0a80e8406bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | f57e515cfef6f279fea24d9392f2435f |
| SHA1 | a5cfa557390c506800e270a19424834edb2b7faa |
| SHA256 | b0bc3e211106c6b731b633d67d6154ad5faf4608bb13c3459090899056236264 |
| SHA512 | d3cc1b493e181a3e8e5f7a07b39e0225c4156b7279b36571bf6306404547a5724ba28176d6192dfe05cfa80d9b04c174e20804e72d21a1497d9d042e7e463932 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d8627f2c34002805e9bae0a03c7b3fd |
| SHA1 | ceb07834c95225666d54bbe8f30cbddc2d45c9b9 |
| SHA256 | efae2c1731eae2e25ebf496fc2554488454027edbc5caf5a20643739d45b013e |
| SHA512 | f8dae3d5e0a2031f3916e69e45bc33a3d126b8112fdb3b497b2576119b72fe9a0e3fa9ab0c94efd8d7335033ea8da4b97b133589b8b464e2e5ccf6e0ec247406 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 18b9ce5ee263029c56d82c9fff5be4ff |
| SHA1 | b63a941c1515216407e025e5657ecff7993d052b |
| SHA256 | 131db92f3754e91b16e2a5ef4075c0e9fa12a28bae1d3105f382f1ef6f876afc |
| SHA512 | 9a986027a236834843a8b47f14fa103573dde4eb1eec7b8b528340ceea44a4b23b74fcb6f48f254003648855cd68b6329ace41955b3fb64ee879ed7b91072888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7f69fbeea99bbd8efc5275de122bf474 |
| SHA1 | 23a7d7ba78a5d1725be1e98f1751a64797759fd4 |
| SHA256 | ade8f8a4426214968f28f0a3514b267a5b12ca0b70755220d42b09fcebd784da |
| SHA512 | 7d90820bbadc5b1909088fc336b6094b9bbb1417a157db13557390f0477ff8af5f9f7c38a00cec8045ef8a606fb8ef4796fa1a5f523f925f841a09033bae32a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aea7a65148930c3005a57d39b29814c0 |
| SHA1 | a8f421c2b31393e3ec23748e073603c330f55740 |
| SHA256 | c78ee94c18d3314bc533ee12b087d5fe993ed99e0de9492c201368f234adb1ec |
| SHA512 | 9012044d931c820581abd6e646a3fe5829517264dec40bb6573a6ea0bc47ed91aa41668b0d945845f584350ec909a41c9d033583e0f09404fc63191ec79fc7f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 870dc9a24db458d9bb4ca21bc35c72be |
| SHA1 | f91a9dfcd751a4b6053e84cf913d165f1b093059 |
| SHA256 | f776be80a5aea3d23454ea630528e02d3dfd59c039e3cb4c580b0beffcff639b |
| SHA512 | 254c568986edfc228741fc1edf607a5a26bc731695aaaa67424e8dbfc50bca6414b6340ab41519668e770db30c7846b823b0fb1a95f30f560b587f5e302e79c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f99b0045b4693da3c0fd47f94dff50e3 |
| SHA1 | ac65900be86abae99a259ec2b206d3d09a87832a |
| SHA256 | 71b451efbd0a0bac4719e41c28cb2b784f84a3f11117ae32fd7e61b7273ebc3e |
| SHA512 | d802f3a9efd91c28d4becebc3a86d7558ec209a18a843105676acf2cbc5a46d5658f43c4d7bb7637792c6915aea0ba00c670064826973bcea5790c01dcd642c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07dfc42df5efc67d9ca785d108d73280 |
| SHA1 | bdb2c5d810b2cc08acbd6f0e6c16ab5f3fd8315f |
| SHA256 | ea30c200963b34c9b26766d5bff6079c02c0748f5c9250cbbc8a60a9ef1fbcb6 |
| SHA512 | aa04a6ba4deb52be0edf474bc239515e8c1b314771f5e12f6a6aea3f116bdccfbf4feced18b9e17b8108b00faaad8388643f8b69016db6e0442507eb61d5ac74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27acde8af8ad9bb2513a040547b35052 |
| SHA1 | fb812dbbd241708ca469ec31ae89f4688da72649 |
| SHA256 | 9fe1aea147f6840af2226b0bf949ce186b989081932b03e83f9f5652fac9b9de |
| SHA512 | 43f89641a33b9a716b7d5267c88b84fed6610b0c195eafd16629b02d1db5e4f090a97380db40780aaded1183724931bfb9f68d6808ceda7696607cfc15816195 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8a428242a3296f6eac08ce130fbc5a2a |
| SHA1 | 2b31d5c193ac9a6e94232b150310737055776d38 |
| SHA256 | b8b98d88d2b54256a0c18ea3a1b4e9b2a06fc4f326f935fa2654ca3e1cc46d86 |
| SHA512 | 6c8cff8ab1525890e0e82a7cfa7b80a0ceb12c1d7bf37bfd2d3b035e01c9f4bdca1f460f3da7de1499ad374d02b4824edd2aa753e02b0f49eccc922957ad8242 |
C:\Users\Admin\Downloads\Unconfirmed 629597.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\Downloads\Melting.exe
| MD5 | 833619a4c9e8c808f092bf477af62618 |
| SHA1 | b4a0efa26f790e991cb17542c8e6aeb5030d1ebf |
| SHA256 | 92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76 |
| SHA512 | 4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 551b8679c9b111ac25c60eb26f007411 |
| SHA1 | ac1520f3c47c9115f6d21310fd10449f30039a6c |
| SHA256 | d1ad474305260ce9c19bc4b03933ece388703aea7c538d1ab369810f3642386f |
| SHA512 | e36aca09537f260a30a43937c21c86c9ca7607af1ec3557dcb9d2cb6e8fc3d44c4380a9d16e22114f912b2c7a47002d330a6a850a4dff87a5888e778f5a2ec8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 851729f8b169bc71434707fe3a110f2b |
| SHA1 | 41afd41b9f2644f07d6017fa6a266e9c0499a5e3 |
| SHA256 | 935fc18d2176d97e1fa7195874dabde3aa8f1b6e2b2329f7cef2ce845855090a |
| SHA512 | 3a94397ddc6f04319786ba5ba6e6422c4b8f3602c9b55d781979d166bc2ab0c4956f9bad63e1206dfb76caa8fc18c13e9f99dfd42a302e983e385e0904a68a33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c6553636e23c969c104b96fec0e7801 |
| SHA1 | f598a3aa3a34bb7bd81aca6d8166c0b62d157a88 |
| SHA256 | 5c673a1157ee32652f0fc06e7bd0983a4c8d563623dcc9e4f03241d327a8aba3 |
| SHA512 | 02ce9ebd14ea69779c0164c6cb5768db8d6347b9e6da7aec78c206478c054edbac545a6142cea13ad3cfc4ef2029523ffbb1a912f143afaee09842ef7a5762d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9a6b4327c86ab670288096149be6c8a |
| SHA1 | 1d83fbb7f5e5cd148897c841cb2934326408b817 |
| SHA256 | 8b945ec5bc422b3b0d49e9b981f54f0deb6a3759b9d84d7aa38b9ba25f0240aa |
| SHA512 | 0edca242d3e2a5d6367de8a148b49d83c3c6262eeb1343e7ec787367b3e2a314725d515a075671912a58ab5f74980ba39b3d1cb513692088865fbdbb1ded04c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e27fcd9b699a690363cd1bb72cc70379 |
| SHA1 | 92b600a0a21f8e925e1df792178cf380f68f2879 |
| SHA256 | cb008bc1427a9b7abbca0554ed748a750b8c81fdbcc59dad4c2b3f7ffd5a187f |
| SHA512 | 79ab892b64b81cf0eab42c6886ee53888abdc338d96b10aba0c3b8bd2c2e478356148392dc68bf61ce22758662b5e60eb75e55eeb861a08f0d4e3b8497fb90ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 57b0ef36cbe02c2022916df0adb39733 |
| SHA1 | bed2ac7531b20e861756d591f755d76c5f86fbff |
| SHA256 | 9575f8de57a2d005027891797fae26a37fc868f6e2584a7a910538f59ac0a278 |
| SHA512 | dccf1437e4bff96f163a373b42759b8391b58bc500c804e1dadc8259be7186f33aa282d46d1a75a2d028b765cee98d782a2f17072a0f10a25fb7e995b0bf9f5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d8f4bf4bb9f68dac6b3ddc76d5ce634 |
| SHA1 | d284b25d87736500a0b358c3f2af51c3bb35c11c |
| SHA256 | 9f7056de849a29bb4ec7d4d520bf981e4dae2737087dcd04304fd88a140aca9a |
| SHA512 | 703f378eaa12424b70a6f06dd0642333c5edbb6c89d20214fcfe0e4f4ca6b2ff4a6c9c1a48926e3bee3d0669596a8dbb9a3aec04e0fae21a228095a3f22c2f9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
| MD5 | 3ef81c9b29ac588811e7ecd884ef254f |
| SHA1 | f54435c422ee43a84298e7f570d67c2ca76aaeb7 |
| SHA256 | b08ca2ab06a2c16a66270e428f8c4a8423e6c7045c2c98d6a428fadedaafab68 |
| SHA512 | f156007eaa8bd7141cf3836292f7a763d8316ebe6a7a0e782445773296946c151e168549fcb70443013fe894635690747f77986e49f86c31bc657fbab4f13d51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 46ccb72838f7df38b204a9f0d472e10a |
| SHA1 | 153655390705c6c504b17182cd914b5daf9c5abe |
| SHA256 | 1264e269972c7b6304717adc0b245c36f94f0b1d86f948feb20738160d6a0658 |
| SHA512 | df5d5f78c359a46dff59233bfdbb1cccb1ecd8284ca0c5b0e8ccbbcbfbb5cb0ab4c6f0690cd77bc714a52f3d6d6f20821d7f82eb00b2645f632158c39aab4d1c |
C:\Users\Admin\Downloads\Unconfirmed 877603.crdownload
| MD5 | 9c3e9e30d51489a891513e8a14d931e4 |
| SHA1 | 4e5a5898389eef8f464dee04a74f3b5c217b7176 |
| SHA256 | f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8 |
| SHA512 | bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b32c007b429afada2d74ba2f9dc0c07c |
| SHA1 | f719aca526ca222e953832c164aae4b4e433f179 |
| SHA256 | 6d20a86118d4a6b2e005b05dc1bcca182d28b4088e67e3468e50ab7683759b17 |
| SHA512 | 9fb795cb5d72a44dfcdb8769709241bc84474fe5064df0b9dffdb8a6fec1232ea90ca014a7c41b452379e548e8a49a0c97db3241edfba4f9f9944726884b0950 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a3284147596f15ca399da98af17d5aee |
| SHA1 | 2e1a6e9d9fcc7379083ec50c4503c436d7fee033 |
| SHA256 | 9358a2f4b8a3d8a22dff75ee79e99d428575dd9282ca655d144c6110806145fb |
| SHA512 | 36ac6d22d9b22ba89152dd819f3bd394f6beaf4f3b0f56ab3c0c683101d70cc55990857d36d0dc89caf70f4bbf362370e7bc278b2a9102aba1a01b4923d1a667 |
memory/4780-1579-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/2076-1581-0x0000000000210000-0x00000000002CC000-memory.dmp
memory/2076-1582-0x0000000005140000-0x00000000056E4000-memory.dmp
memory/2076-1583-0x0000000004C90000-0x0000000004D22000-memory.dmp
memory/2076-1584-0x0000000004D60000-0x0000000004D6A000-memory.dmp