Malware Analysis Report

2024-11-16 12:57

Sample ID 240807-tp1kkatgke
Target 150k+DE+@Silverbullet_combo+(3).txt
SHA256 5e7ffff71a1940df82817be6d7f8024e68ab8cc1ffaf138aa0c6adfee0e556fe
Tags
bootkit defense_evasion discovery evasion exploit persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5e7ffff71a1940df82817be6d7f8024e68ab8cc1ffaf138aa0c6adfee0e556fe

Threat Level: Known bad

The file 150k+DE+@Silverbullet_combo+(3).txt was found to be: Known bad.

Malicious Activity Summary

bootkit defense_evasion discovery evasion exploit persistence privilege_escalation trojan

UAC bypass

Modifies WinLogon for persistence

Possible privilege escalation attempt

Downloads MZ/PE file

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Executes dropped EXE

Modifies file permissions

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in System32 directory

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Modifies Control Panel

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

NTFS ADS

Checks processor information in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-07 16:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-07 16:14

Reported

2024-08-07 16:42

Platform

win11-20240802-en

Max time kernel

1441s

Max time network

1585s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\150k+DE+@Silverbullet_combo+(3).txt

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "satan" C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "satan" C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "0" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET9399.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SET9399.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll.tmp2 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\favicon.ico C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\Temp\plg.wav C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\Temp\crossHD_small.ico C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
File created C:\Program Files (x86)\BonziBuddy432\Uninstall.ini C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\menu.bat C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\chose.bat C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File created C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\Temp\stretch.wav C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\SSubTmr6.dll C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\Temp\static_color.wav C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\lhsp\help\SET9396.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET89A6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET89B8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET9398.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET89A6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET89A5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SET89BB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET89A4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET89B9.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET89BA.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET9395.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\SET89A2.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET89A2.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SET89BC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET89CC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET8991.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SET89BC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET9395.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET89A7.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET89A4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SET89BB.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SET9398.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\SET89A3.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET9384.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\tv\SET9384.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET89B8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SET89B9.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\SET9397.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET8991.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET89A5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET89A7.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET89BA.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET89A3.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET89CC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\help\SET9396.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\fonts\SET9397.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701nl.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\BonziBuddy432.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\grpconv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\msagent\AgentSvr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Mouse C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Mouse\SwapMouseButtons = "1" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\Downloads\Andromeda-Software-LTD.V4.5\Andromeda.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD6-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD7-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\ = "DSSOptionEvents" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6}\ = "_clsStoryReader" C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{972DE6B5-8B09-11D2-B652-A1FD6CC34260}\1.0\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ActiveSkin.ocx" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ = "IAgentCommandEx" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriods C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSCOMCTL.OCX, 1916" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\TypeLib\Version = "1.1" C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComTransitions.1\ = "ComTransitions Class" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F581B2D6-E4C3-40BF-8A1E-F68CDFD8FEEC}\ = "clsRegistration" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\VersionIndependentProgID\ = "MSComctlLib.TabStrip" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD9-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\2 C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD33B25E-E99D-40C3-B5C5-7F5C3F130777}\TypeLib\Version = "1.0" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{29D9184E-BF09-4F13-B356-22841635C733}\1.0\FLAGS C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE2-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32 C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCharacters" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\TypeLib\Version = "1.1" C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F66-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32 C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}\ = "IComTransitions" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSYearCtrl.1\CLSID C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F55ED2E0-6E13-11CE-918C-0000C0554C0A}\TypeLib C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ = "IAgent" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{29D9184E-BF09-4F13-B356-22841635C733}\1.0\FLAGS\ = "2" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl\ = "Microsoft ProgressBar Control, version 6.0" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSINET.OCX" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0A45DB48-BD0D-11D2-8D14-00104B9E072A}\2.0\FLAGS\ = "2" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CLSID C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\FLAGS\ = "2" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FE4-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\MiscStatus\1\ = "229777" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\MiscStatus\ = "0" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CFC9BA3-FE87-11D2-9DCF-ED29FAFE371D} C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4F7AE600-0142-11D3-9DCF-89BE4EFB591E}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2F5A7562-BDC3-41F8-8122-4A54D2C3C50C}\ProxyStubClsid32 C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\TypeLib\ = "{29D9184E-BF09-4F13-B356-22841635C733}" C:\Users\Admin\Downloads\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame\CLSID C:\Users\Admin\Downloads\BonziBuddy432.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Petya2-master.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Andromeda-Software-LTD.V4.5.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 694085.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\sigma_all_rules.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 446478.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701nl.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\CLUTT6.6.6---BY-CYBER-SOLDIER-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 462264.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zO4B6986B6\README.md:Zone.Identifier C:\Program Files\7-Zip\7zFM.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 667670.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\BonziBuddy432.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\Winword.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701nl.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701nl.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701nl.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2216 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2216 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop = "1" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching = "1" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\150k+DE+@Silverbullet_combo+(3).txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81c343cb8,0x7ff81c343cc8,0x7ff81c343cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6012 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8112 /prefetch:2

C:\Windows\System32\SpatialAudioLicenseSrv.exe

C:\Windows\System32\SpatialAudioLicenseSrv.exe SpatialAudioLicenseServerInteractiveUser -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15974242879625761599,1306729703523606706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81c343cb8,0x7ff81c343cc8,0x7ff81c343cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Petya2-master\Petya.sln"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Petya2-master\Petya.sln

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53e43693-98a8-47df-9186-4b3bb5963e11} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {788e2c63-d474-4e70-a997-bfbcd7ead128} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3256 -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 3280 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ba24686-a2ef-4cbf-902b-c9f2a9636fbe} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3568 -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3432 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdd3b25a-e8b8-4db3-b5db-57b553b772ee} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4612 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4700 -prefMapHandle 4696 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6308cf71-b6eb-4c88-a29b-cf1939e317d8} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5388 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83f645c5-04b5-4f08-8735-e362ac567eb1} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 5620 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d2ae47-f1ce-476d-8a84-4c424aee7f78} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 5 -isForBrowser -prefsHandle 5768 -prefMapHandle 5776 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c685c3-a31b-4291-9ca3-0980cec8b858} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" tab

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5820 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\Winword.exe

"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_CLUTT6.6.6---BY-CYBER-SOLDIER-main.zip\CLUTT6.6.6---BY-CYBER-SOLDIER-main\README.md"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\Andromeda-Software-LTD.V4.5\Andromeda.exe

"C:\Users\Admin\Downloads\Andromeda-Software-LTD.V4.5\Andromeda.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701nl.exe

"C:\Users\Admin\Downloads\winrar-x64-701nl.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8004 /prefetch:8

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\fa26860ab55f4b5fb8616b0bbcfaeeb9 /t 2076 /p 5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\Winword.exe

"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\7zO4B6986B6\README.md"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\Winword.exe

"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_CLUTT6.6.6---BY-CYBER-SOLDIER-main.zip\CLUTT6.6.6---BY-CYBER-SOLDIER-main\README.md"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\Winword.exe

"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_CLUTT6.6.6---BY-CYBER-SOLDIER-main.zip\CLUTT6.6.6---BY-CYBER-SOLDIER-main\README.md"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81c343cb8,0x7ff81c343cc8,0x7ff81c343cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F" && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && takeown /f C:\Windows\System32\Boot && icacls C:\Windows\System32\Boot /grant "%username%:F" && exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Boot

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Boot /grant "Admin:F"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4B69F9E9\Clutt6.6.6.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F" && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && takeown /f C:\Windows\System32\Boot && icacls C:\Windows\System32\Boot /grant "%username%:F" && exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Boot

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Boot /grant "Admin:F"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8

C:\Users\Admin\AppData\Local\Temp\7zO4B63C7A9\Clutt6.6.6.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4B63C7A9\Clutt6.6.6.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff81c343cb8,0x7ff81c343cc8,0x7ff81c343cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7364 /prefetch:8

C:\Users\Admin\Downloads\BonziBuddy432.exe

"C:\Users\Admin\Downloads\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff81c343cb8,0x7ff81c343cc8,0x7ff81c343cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15366232987460739620,16779688805173166329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81c343cb8,0x7ff81c343cc8,0x7ff81c343cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:8

C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe

"C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,5611003796892128665,5008142635372980904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
GB 23.73.138.131:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 23.73.138.57:443 www.bing.com tcp
GB 23.73.138.57:443 www.bing.com tcp
GB 23.73.138.75:443 th.bing.com tcp
GB 23.73.138.75:443 th.bing.com tcp
NL 20.190.160.20:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
NL 142.251.39.110:443 www.youtube.com tcp
NL 142.251.39.110:443 www.youtube.com tcp
NL 142.251.39.110:443 www.youtube.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
NL 142.250.179.142:443 www.youtube.com tcp
NL 142.251.36.54:443 i.ytimg.com udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 173.194.57.198:443 rr1---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.198:443 rr1---sn-q4fl6n6d.googlevideo.com tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 173.194.57.198:443 rr1---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.198:443 rr1---sn-q4fl6n6d.googlevideo.com tcp
NL 216.58.208.110:443 www.youtube.com tcp
US 173.194.57.198:443 rr1---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.198:443 rr1---sn-q4fl6n6d.googlevideo.com tcp
NL 216.58.208.110:443 www.youtube.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.142:443 www.youtube.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
GB 74.125.175.7:443 rr2---sn-aigzrnss.googlevideo.com tcp
GB 74.125.175.7:443 rr2---sn-aigzrnss.googlevideo.com udp
NL 142.251.36.1:443 yt3.ggpht.com udp
GB 173.194.129.200:443 rr3---sn-aigzrn7s.googlevideo.com udp
NL 142.251.39.97:443 lh4.googleusercontent.com tcp
US 150.171.28.10:443 tse2.mm.bing.net tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
NL 142.251.39.110:443 www.youtube.com udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 216.58.214.14:443 play.google.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 104.21.58.127:443 esacoustics.com tcp
US 104.21.58.127:443 esacoustics.com tcp
GB 2.18.190.145:443 aefd.nelreports.net tcp
GB 79.127.237.132:443 www.onlinemictest.com tcp
GB 79.127.237.132:443 www.onlinemictest.com tcp
GB 18.164.68.7:443 ads.adthrive.com tcp
GB 18.164.68.7:443 ads.adthrive.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
DE 87.230.98.78:443 b.delivery.consentmanager.net tcp
GB 89.187.167.38:443 cdn.consentmanager.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
GB 216.137.44.32:443 c.aps.amazon-adsystem.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 18.165.242.95:443 cdn.jwplayer.com tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
GB 54.192.137.125:443 launchpad-wrapper.privacymanager.io tcp
US 104.18.20.97:443 cdn.confiant-integrations.net tcp
GB 18.165.242.8:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 95.242.165.18.in-addr.arpa udp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 108.156.46.25:443 launchpad.privacymanager.io tcp
GB 18.244.179.114:443 geo.privacymanager.io tcp
US 8.8.8.8:53 logger.adthrive.com udp
US 15.197.193.217:443 match.adsrvr.org tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 142.250.179.193:443 2b61e5bae1fea2149d499daecd70740a.safeframe.googlesyndication.com tcp
IE 54.194.254.146:443 id.crwdcntrl.net tcp
GB 18.244.114.16:443 logger.adthrive.com tcp
GB 18.244.114.16:443 logger.adthrive.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 exchange.postrelease.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 hb.undertone.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
DE 95.101.149.35:443 a.teads.tv tcp
DE 95.101.149.35:443 a.teads.tv tcp
DE 95.101.149.35:443 a.teads.tv tcp
DE 95.101.149.35:443 a.teads.tv tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 18.192.52.52:443 krk2.kargo.com tcp
DE 18.192.52.52:443 krk2.kargo.com tcp
DE 18.192.52.52:443 krk2.kargo.com tcp
DE 18.192.52.52:443 krk2.kargo.com tcp
US 52.223.6.21:443 direct.adsrvr.org tcp
US 52.223.6.21:443 direct.adsrvr.org tcp
US 52.223.6.21:443 direct.adsrvr.org tcp
US 52.223.6.21:443 direct.adsrvr.org tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 142.250.179.196:443 www.google.com udp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
IE 18.200.164.220:443 g2.gumgum.com tcp
IE 18.200.164.220:443 g2.gumgum.com tcp
IE 18.200.164.220:443 g2.gumgum.com tcp
FR 18.164.52.87:443 hb.undertone.com tcp
IE 63.32.144.199:443 exchange.postrelease.com tcp
IE 63.32.144.199:443 exchange.postrelease.com tcp
IE 63.32.144.199:443 exchange.postrelease.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 2.18.190.80:80 apps.identrust.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 35.149.101.95.in-addr.arpa udp
US 8.8.8.8:53 21.6.223.52.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 52.52.192.18.in-addr.arpa udp
US 8.8.8.8:53 87.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 199.144.32.63.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 220.164.200.18.in-addr.arpa udp
US 8.8.8.8:53 246.160.158.35.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 35.227.252.103:443 rtb.openx.net udp
US 35.244.159.8:443 u.openx.net tcp
US 35.244.159.8:443 u.openx.net udp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
IE 52.30.156.59:443 ads.yieldmo.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.251.39.102:443 s0.2mdn.net tcp
IE 54.171.193.127:443 protected-by.clarium.io tcp
IE 54.171.193.127:443 protected-by.clarium.io tcp
DK 37.157.6.233:443 c1.adform.net tcp
NL 142.251.39.102:443 s0.2mdn.net udp
NL 142.251.36.34:443 googleads4.g.doubleclick.net tcp
NL 142.251.36.34:443 googleads4.g.doubleclick.net tcp
IE 52.208.214.77:443 fw.adsafeprotected.com tcp
NL 142.251.36.34:443 googleads4.g.doubleclick.net udp
GB 99.86.105.122:443 d17ebhrlbr4s4.cloudfront.net tcp
GB 52.84.90.96:443 static.adsafeprotected.com tcp
GB 52.84.90.96:443 static.adsafeprotected.com tcp
US 3.226.214.192:443 dt.adsafeprotected.com tcp
US 3.226.214.192:443 dt.adsafeprotected.com tcp
US 3.226.214.192:443 dt.adsafeprotected.com tcp
US 3.226.214.192:443 dt.adsafeprotected.com tcp
US 3.226.214.192:443 dt.adsafeprotected.com tcp
GB 104.86.110.112:443 tcp
GB 104.86.110.112:443 tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
GB 23.73.138.122:443 r.bing.com tcp
NL 142.251.36.2:443 ade.googlesyndication.com tcp
NL 142.251.36.2:443 ade.googlesyndication.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
IE 52.95.126.160:443 aax-eu.amazon-adsystem.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
GB 23.73.138.123:443 r.bing.com tcp
DE 23.197.4.230:443 cxcs.microsoft.net tcp
GB 2.18.190.145:443 aefd.nelreports.net udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 35.158.160.246:443 btlr.sharethrough.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads4.g.doubleclick.net udp
IE 52.51.140.64:443 fw.adsafeprotected.com tcp
NL 142.251.39.102:443 s0.2mdn.net udp
US 104.21.95.69:443 youareanidiot.cc tcp
US 104.21.95.69:443 youareanidiot.cc tcp
GB 23.73.138.131:443 r.bing.com tcp
GB 23.73.138.131:443 r.bing.com tcp
GB 23.73.138.123:443 r.bing.com tcp
GB 23.73.138.123:443 r.bing.com tcp
GB 23.73.138.123:443 r.bing.com tcp
GB 23.73.138.123:443 r.bing.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 13.224.222.64:443 sdk.privacy-center.org tcp
NL 142.250.179.196:443 www.google.com udp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
US 151.101.129.91:443 assets.sftcdn.net tcp
NL 142.250.179.196:443 www.google.com tcp
US 151.101.193.91:443 assets.sftcdn.net udp
NL 142.250.179.142:443 syndicatedsearch.goog tcp
US 172.64.154.167:443 www2.bing.com tcp
US 151.101.129.91:443 assets.sftcdn.net udp
US 172.64.154.167:443 www2.bing.com tcp
GB 18.172.148.233:443 www.datadoghq-browser-agent.com tcp
US 104.22.74.216:443 btloader.com tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.7.141:443 cdn.btmessage.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
NL 139.45.197.227:443 notix.io tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
N/A 127.0.0.1:53110 tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
N/A 127.0.0.1:53117 tcp
GB 184.28.176.58:443 th.bing.com tcp
GB 184.28.176.104:443 th.bing.com tcp
US 8.8.8.8:53 104.176.28.184.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 184.28.176.72:443 th.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 150.171.28.10:443 tse3.mm.bing.net tcp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 tse2.mm.bing.net udp
US 150.171.28.10:443 tse2.mm.bing.net tcp
US 150.171.28.10:443 tse2.mm.bing.net tcp
NL 142.251.36.54:443 i.ytimg.com udp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 216.58.214.14:443 play.google.com udp
NL 216.58.214.14:443 play.google.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.56:443 www.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.40:443 www.bing.com tcp
GB 184.28.176.40:443 www.bing.com tcp
US 8.8.8.8:53 56.176.28.184.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
GB 20.26.156.216:443 codeload.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
NL 216.58.208.110:443 www.youtube.com udp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.27:443 th.bing.com tcp
GB 184.28.176.10:443 www.bing.com tcp
US 8.8.8.8:53 27.176.28.184.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
GB 2.18.190.140:443 aefd.nelreports.net udp
GB 2.18.190.140:443 aefd.nelreports.net tcp
GB 184.28.176.27:443 th.bing.com tcp
GB 184.28.176.10:443 www.bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 151.101.193.91:443 di-images.sftcdn.net udp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 151.101.1.91:443 di-images.sftcdn.net tcp
US 151.101.1.91:443 di-images.sftcdn.net tcp
US 151.101.1.91:443 di-images.sftcdn.net tcp
US 151.101.1.91:443 di-images.sftcdn.net tcp
US 204.79.197.237:443 bat.bing.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 13.224.222.112:443 sdk.privacy-center.org tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 151.101.1.91:443 di-images.sftcdn.net udp
US 104.22.75.216:443 btloader.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
NL 142.251.36.59:443 storage.googleapis.com tcp
US 151.101.129.91:443 di-images.sftcdn.net tcp
US 151.101.129.91:443 di-images.sftcdn.net tcp
US 151.101.129.91:443 di-images.sftcdn.net tcp
US 151.101.129.91:443 di-images.sftcdn.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
GB 20.26.156.215:443 github.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 104.86.110.112:443 tcp
GB 104.86.110.112:443 tcp
US 20.189.173.26:443 browser.pipe.aria.microsoft.com tcp
GB 2.16.167.184:443 metadata.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
GB 2.18.190.133:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 233.17.178.52.in-addr.arpa udp
IE 52.109.76.243:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 243.76.109.52.in-addr.arpa udp
GB 104.86.110.112:443 tcp
GB 104.86.110.112:443 tcp
US 20.189.173.26:443 browser.pipe.aria.microsoft.com tcp
GB 23.200.147.112:443 ow1.res.office365.com tcp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
US 13.107.253.64:443 fp-afd.azureedge.net tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 184.28.176.81:443 www.bing.com tcp
GB 184.28.176.81:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.104:443 th.bing.com tcp
GB 184.28.176.58:443 th.bing.com tcp
GB 184.28.176.58:443 th.bing.com tcp
GB 184.28.176.104:443 th.bing.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.27:443 www.bing.com tcp
GB 184.28.176.16:443 r.bing.com tcp
GB 20.26.156.215:443 github.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 172.64.154.167:443 www2.bing.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:443 bonzibuddy.tk tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 228fefc98d7fb5b4e27c6abab1de7207
SHA1 ada493791316e154a906ec2c83c412adf3a7061a
SHA256 448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2
SHA512 fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

\??\pipe\LOCAL\crashpad_2216_TWHZEJMNQRPCHEYY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 026e0c65239e15ba609a874aeac2dc33
SHA1 a75e1622bc647ab73ab3bb2809872c2730dcf2df
SHA256 593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292
SHA512 9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3cdec8e2732ad0e9a0f2ce3a1ca9d74d
SHA1 1db52413b67c10180480c839c698948b8b5acb4c
SHA256 037fc010409c22c38e2eaefce5c1d8f6f927f640665376663995f87fb0d25ece
SHA512 60f033e03f1441bd3a9afaa024c95b84b1013a8985242e5e88b3e654aa78175140f2646632bd9166127f8c72735eead7b8b798a73225ee40a739cfe5967306e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d84a7f0562afb46ccb33ad20326e5a5c
SHA1 84daabcdb4dbfe20387ba70d8476e43a8db56bc0
SHA256 197af298f51b09b139bb46ff17015ed94e919357c51f5fe5eaaaa0b7136ad68b
SHA512 05e786c60336485eccf8b059441803de638c45185c901c8621b08cbdcff595fd9473eda5cf8c637df0d84449c88538a35a965988f62af4bb7422c05ba6369b7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35c16c25b6f480c8c495c831ce1796b6
SHA1 d42c4e63542e9270ce81bc7af8ef498aecfc3543
SHA256 c4be73aa8ff998a658629a8fe35aa60c2fcbcb0f986297cb3279cb1b53c28485
SHA512 953a8266dd449ed76474f16ee8a8953233032eb59fb440a56e1507ac0fbc4aaacac1768252fe5f7b615dbc1df30d8769fcc4764b282c203b0cf44b0268267f19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 dcf42fc7c8989829cd90daaf7653dc14
SHA1 6b2ebe2e31a9dfc8b7656c5e903a61fa743c96a7
SHA256 1663e89cb579b26a30271c29e9342bacd80783ce1239361a24f79d24de271969
SHA512 36c791d5f5e5af50e413d000d4caf8b6dd515bb6fba96c6c8c8c3eda54c08bacb940bdb9b9a6b1f205cf144cc894d71ca25b011af899a7244e645427af97f8de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 1d9097f6fd8365c7ed19f621246587eb
SHA1 937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256 a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 027a77a637cb439865b2008d68867e99
SHA1 ba448ff5be0d69dbe0889237693371f4f0a2425e
SHA256 6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd
SHA512 66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3a992e85d6919ab587ac125cb7dd4262
SHA1 e774aa43628349108914aab4fa29df343b80daa8
SHA256 5aa22e894340bcdd7db302f26e37babe5bb184bb053f28936ad26f474be54532
SHA512 d823e267b75c2aa7b71f6a31b660dce1943228e140c24308d9015068384dfbeedb5564a8b7d954a94f1145f4188c01c687dcd1143c62dd49d018d12d16626b4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ce550d8f79daaa50e4b89daf6d6f1dfe
SHA1 ba8ff04c5124326e9bb93b9646b16c8684409fa8
SHA256 1edb1f932d989173f0cc67654da805b4000956d154e784bd82bb8df88da6e447
SHA512 d6fb71e521018bce7f301c65545e3e6fc2654d1eb8f3afe75e3ab33f5e3c797783a5d94f0639620d16d13c1ef4fc81fe480aab9bf89ed97abcd5fa87a09b2c63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 01dcbec81d2cb8840b6792862afca438
SHA1 9f99fd6cd0c48c9ac27f179fd3abfaad1536fd08
SHA256 6ec12ad5a2466ed6a2f6123a18047e815cd27f538b781f745f9086b47bb68542
SHA512 341585144bae98b6abacd67755cb911fa72418bf8dd557190d8149777aa1e85e5511c555770d065c15bc535157c52dbb6a0b6943687b1c169212df66fb342283

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 904c51db38a37a472848937a25ce5129
SHA1 c6986d772169968f8866bae478400dbf3d853e3b
SHA256 23b5c67aceec6d8c37cdce72c34fee8e99a35a387bb11a236561e563905145c0
SHA512 91de5b2370990a7d63858ce1f38ab80e5973b5853423e7d03e1e9fcdcb43bb6108f7d8991bc2e50eabda5d9ffa4cd4b8c00849c4d66e35cf6d2057c89107e55f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ff59ebc1-24f0-4d51-b207-adbe1e466f66\index-dir\the-real-index

MD5 7c4db2f560843c7a191ae9debc51037e
SHA1 c0ba93283fdc674fd086cbc36f68a3fcc46faa6d
SHA256 1044a808a0a4bcee9223c45a001cbd96cb90e7607a7707b5d74150a0d9879986
SHA512 95f815a82a218395a3425039d6860cb70fc1416ab39b9f2e12a8e60bbb886143be3760cc35770218fccb5b99d2691a491ee8f61ec7811c1a0f786c2014eb6a2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ff59ebc1-24f0-4d51-b207-adbe1e466f66\index-dir\the-real-index~RFe57d6f7.TMP

MD5 a3e2b418fe59f9d03e226c04c700f008
SHA1 dad5309fdd560fe1d61f0918af1dffeba81da259
SHA256 e2be49195a430b7f811e0c5e37fb6dc37a9ed5726d176799ee15194aa0fbb563
SHA512 2af7828097e11867c8ce7311fe5bc4513787aad6471977d91c094520af8ca1cd51b366d7a27fa1f64478e2ab0e8dc9caea72a7d56eb4d259ece0bb6e89e6d0b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 60c2edd3f25797073e82280320a7f8db
SHA1 01828739ca2e0ecc544bd840def47d71e8fa1860
SHA256 027d2e7d6d80cf8f6363a1ad04d149b71b1164c9d3871c87455d669444f9da1b
SHA512 5679be52cf654f920535bb1e369b80ce867c92a90707fa5e7098588032590fdce329f61881c1f2c250de003ce1dbca77e51e85cebfd8059587b923383026b6e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f19b3965398c7f5a3bf90a53d40b4815
SHA1 feb4e0975094f904c5747dce2421f0251b937264
SHA256 856a44d95fbb155264f3c6641df8f9877de91359f0a84f4d3aa86ad67afeac1c
SHA512 12cf52c48ae0cf7b3dcc8d962f542f6cd5ee30320e3f03eb6f29a38636768365992cec4a7a1ac766e05149a7eeb3a630d324782337cc60c95f5d28fb91a5da92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d1b7caf-3663-429b-9627-22e7b8c19d17\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f7475de650fcfca3f39ec166a854418f
SHA1 f1e7c2aa136cd34a67122daf3b03d7d217195e0d
SHA256 ea214926fe538ddd05abb417700a02073fb9fee32ee4ec55571afe732018fb5d
SHA512 4bbea276318a41ec36b3167b8ce7f2a031452702ccf3453f3c03593286b75f0672beb19f8e95ad3349a0b43782aa85ada1584f4a89cadabaf0b47c3d412ae392

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 aebe57422e9de65bde7cc46f4c717e3f
SHA1 30196d2984fd3b1205bc0210d45f5ab3d76871f7
SHA256 1c13f46d9f059ec811a2db7481b27e5a84af7d2d4fdf81e85c58f5fd7743537e
SHA512 f7df7d9b6026b8a987df64771c8569ac366cde7f2b8f63e4e0db6fc13213fc1f248c391c2da1ba8f9bbcd41d40a99a65c0312e346086bed4b3b30dd0232d86af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 11baba444fe6e52672b5c99c6a0d1f6f
SHA1 b8569340b6daea652ef46fa995900e66f819ad6a
SHA256 7ea0876f833cdd63dfd82723a277dea317b1a0e6172ad97b1df0f754a4c229fa
SHA512 975b280abdd1826c44a75c5cd315b75df151485bcc0cbad25fe12be842b5ac9bd99bffac0050a3610af0398e2662b8298fe1557c1bfc356bd7b9ea0c73b9b9c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 6fc9442f866c703ef95d3f94f8724e07
SHA1 274b02589d7959b0d8980d9cf156ef0283b92cb9
SHA256 9366424be6711ecdbe31e004dc9d352d59f1d0211aa91019114182d3ae084201
SHA512 551a9aa98a580749e06a80112e8d2dba0bce430b037e2039ace04dd8e60ccf9d3ae8908af0f38224f517c8975e8162dc34d905cd245423d2ae56905d35f5e8e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ac20cb784b6b4e269130eb2a76678f5
SHA1 d94e8bda4aba7a6c760b5591607f4ba0c6f4548c
SHA256 ebc1db27e5d6e3dba04a8f77aa8a9dd6a0beac667e7d83ba72fe662161e8d64b
SHA512 75bbb498f2990730bd4452ec6bedc55026d4a8c36c125159c5183a9c86bfead286ca9625185e710a1138601e970c2f7478be5364a86554a1875f72c1bfba057f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef32.TMP

MD5 b27d41ba62b39d153ec528e5d63fe548
SHA1 f513dfb95ca7df08cdfe6df9cfdee247db7bcb6d
SHA256 906c1068e223d3d39b80e8778413bc4c459de552f7aa255f0879c48a0da1cefc
SHA512 7356a6c7a9133186c9e3253deeab204ac57fa48d2e596478a6eafe3ece71708fdc34f8de2001055f8b70e2b63ac2443500ce34e79dddd20cf41723273ca1b1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 159b1e8a39acbe62feb1b33b95481464
SHA1 4f272ce831e3cf02850351232e0a10332572b6e4
SHA256 5f2f9a08b34e36f9ab1880d1e6284f59ca0002db71f36bfd861711960a11df59
SHA512 14e7a8021b4c0a40b6ee5ac86147d4c1b3ba5bc629f48cca0f4b55d02be566f109a3857863ac4daa66392913317797bc48d0d2bf971ee2c16e969ec61acd92b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5788c36d-f66d-4016-9e44-e33c3799b5ac\88ca3e4c41541168_0

MD5 3a49ae8b9069ba09ede950814dfe11cc
SHA1 96bfd32b957d7bb6c3ed008bbee00b2564409a47
SHA256 c4d35ba6aa58638b0d0eb1f73d3073b47807ba8e0d3e10821685686d145dc74a
SHA512 4917f4b97164a806a634b66de33ccb5be865e46428491be13dbb046c542b1bdc42adcdc6c02e41b9091f4ab1fab9900f953fbfe8034eb8bc9fa7f7fb49bc4889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58294d.TMP

MD5 ba89c92019fce329cba75aa216634c72
SHA1 9f0310d65b87bbb9f83e72cd5c642caccbfc3028
SHA256 fba2232edc0bdaf0cfc4d61217f031a83c4fe2d2d7f55bcf1789a0eae912bb19
SHA512 0916cfb8d6c9924806959cf623797edf463e2b15d8236bc3c13dba0a06d28d68b5577712b419ab1aec4c3eec20eae30ff8f62968c99ce59e369a34633e9aa450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5d18d4e61a7de604a142cc96908f079e
SHA1 d60b27ca93904836de4f8714a30e6d49622d8834
SHA256 e011b0c0f99d516f26b9f795f6c808dfd0fd942d25fb6e2107d440e75caa4e16
SHA512 195194d6713ce8abd4581dc3432bf1605b0c8e2912dce5ea493c5bc858282ded68678377a5501fbbe8e36186703dc8cfe5984e6425c780d16bf9f2e1fbafa049

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5788c36d-f66d-4016-9e44-e33c3799b5ac\index-dir\the-real-index~RFe583023.TMP

MD5 bf12cb9375219e85718ddc9f5ce4a65a
SHA1 51113f08647e6ddcfb9a7f204d3e76e6e98079b6
SHA256 eb9538d8457893827a3d82454a81c856aee1aa3ac544e006ef8162c00b9aeaf7
SHA512 3f9c91e107200908826207a9bba796b0c9a998357ec1ab23ef3a209e038a51ef9b97056efabbf9d45ef0efd6e5f9c366a3ea1f4a28603b62b475c6fcfecb284f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5788c36d-f66d-4016-9e44-e33c3799b5ac\index-dir\the-real-index

MD5 c9eb3d4a1e2f9b27bd58bc2cbff668e0
SHA1 0ce8f84ebb31437568cab62745b22c06171d800b
SHA256 c2372cef69775435aed0f0c88ef7572f8e189ce370bdf527fdd0191df1194f8e
SHA512 0f76cf9ede3d234b3da9e99c3eb5cc0b4c48436f1927358e02950ed289b8ba8eaeb903aed2183837e73ec9dcb92e5822c3d6de3e36b8a520e2df622b91c36239

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f7fe0b8f355c5e1cc4e915240d0eebb
SHA1 1003b9dbda1ded043c1a71c324ab1bd13f5b362f
SHA256 c42e606b60e95fa4e64b64611635369f59ab0174e30d32dd1cf8c7122ec0cd4e
SHA512 2060ad99b893f754cabb0821be8677b04a34d1ba4dd31abc62c0d8529312f663537dddbd6fff24aa2f957bf11267a3088f5891df0b6f8985369440eb70fcdb4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d44cfb5b9d995134f5b34c3f3999ad87
SHA1 09a6ad5e7441609942144d8763c2ba65edb3906f
SHA256 f6f7680bf7c223fca8055e56d77f400cd879085bfc0dea9f1bc597fce30a06c8
SHA512 f1e234d06c5bad3e83d337d72306f5e95be28bda07ec92a1c01220f0160a3f979b38d35c0ba4295b90b23a5ecb4f3f4ace00167ebcd790432abe120ec5c907bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3b18ee63-781d-4c61-9adb-e4e000a7eac9\index-dir\the-real-index

MD5 2572a7cc6ecb0707bce827d62819615f
SHA1 97c8bfd61f4fc5f9a88035ca20cea798f8065385
SHA256 64d4a4b83eb75bb725d0085ba0336e0e1958f05875c234752887e606a42d1f0f
SHA512 a6983edbb315f8dd0a1793780456a419989ba632a4b7fc5bdd57c0b537438d3439a3f909955f69c7569cd040bb8f542864be08c12c3356be504892bda01041f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3b18ee63-781d-4c61-9adb-e4e000a7eac9\index-dir\the-real-index~RFe584d02.TMP

MD5 5a56d3562d1f0f66bca51f56be7784a6
SHA1 f6cdbfac25c70d140a8e512c2318a12678ee9298
SHA256 311b971bedeb4049d85f279921b3f8bf78c6f3cf2f54fd20de859b679738c32c
SHA512 694a9b7438de3182feb7f0333dcbc41b6c9a4e8e274251037f6af0996eaffc9b5097d84e3f24a1b3d6e2fdeb8231170386c27af026b54acbee4b45e7151b569d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b328f4354caa76596f3c70d43738cefa
SHA1 fa86017c4cadfec230229cfd56b4e3c36a9177bc
SHA256 6cf09a5770ce3e7610f5f07652590ff6eae8a11e33a9ba625c2f2dd69dd9c530
SHA512 744a968d79acebb53b10691dd304299d071a1552ad01b25da278d897a237bf2be630b8a643d4926827a2d4b6e328141df71fba6708fda890238996de3bd09ca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 209af4da7e0c3b2a6471a968ba1fc992
SHA1 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256 ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA512 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 cf604c923aae437f0acb62820b25d0fd
SHA1 84db753fe8494a397246ccd18b3bb47a6830bc98
SHA256 e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4
SHA512 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 09ac9c9a95dde9d928585489b55a7a53
SHA1 a0930234469184cebbc08e399bc4d7ad9003b2a0
SHA256 a2b2e70072c91efc39fce757a94ccb51cb7de56c2e2accc7501947ef0509a612
SHA512 0b6d68f9b28439a56bd0fdbd391f8107023117e985a7087dee483e7dcb998897db2e7ec4cdbd551f6546ec648c2c1b8a4345562f9640bcad14fbedaf2730551a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\25067286-1c45-483d-b319-157bb0d41232.tmp

MD5 fb84f485e389e736be3dff9fa1dbc31b
SHA1 7c89ef7b544d40ddb09a75319d53fc31937f63e0
SHA256 5c22ebbf968d6da044ae7d9d09e028acf8730cd30d980f7146756d0bc287b107
SHA512 4a49dfeb0c787e58800dc47a69fbb804073a5ff8b93c882a2f19d2f4a86f24b9275b00f389bfbe414b637c641e7da075c49047f0690b6fcd56578055b26dec60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 bea3365243668f5266e74e9836ec26d1
SHA1 b6c80380c2b41209dd118b67d7c7e6ffe07c37cd
SHA256 4d4090bd433689e8e324c92877ae234482a554b7d6695415ad7ced65a0553e01
SHA512 66f79e41e887aab93de0711c86111f8c41b8b0cec49ea4a9c7bd34071a555fed146ff7cb989db11571b634505bbcd14c35d567b47f4e1aaf177653d852080638

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 fd1f79856510e1cddd8141f1d82aff4f
SHA1 659aa5c13b63adfb1480856cf8da6acd4fa624f4
SHA256 d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4
SHA512 7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

MD5 e28bef616cb360329b8090ce08fb08c8
SHA1 238bb9401cb8e00306b4cebb42641dd87003e40d
SHA256 35ecb2b52d81b75c460f0a391cd904afa2864e9e008ac464269a39172dd37317
SHA512 4c05bc41ac672c90fc779990e842eff4b62aea197e9a39d6c489565caaaaddfe1d1f04a91982ff132d6dcd5bcf0db395a277db054f744771a28c30f6b35e6d37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b551e82f0a92c506d8d7a68ee607e18b
SHA1 a290de040a1252e84f7a434421052ceb1e8059de
SHA256 50df618c3d90b126047162f8931805f819d859b933bafc283443a513e2944351
SHA512 409ce2d6af8681df70f7acadd612c3464e0b4a63fc01c2d9d468def2711339a4c604960d3164be90276d2feabc39639d419cda4841927774c77a2b598d8162ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f75a9cd8b167ff819a6793e12b46de68
SHA1 b03cc8b5f86320e51be130169370a25af02c2e68
SHA256 70a7dba068b00c708ff892e0741be330beb0687a471cc382905e16ba8ae20462
SHA512 a29622b7361783eae356373a5762ae19198839e5001048ef9d8f38218bed8fb5a50d55b4f09b9207e8ab166fb9d4e1d194d19a8421416c54872953eadc676017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\121bf6e4-e8d4-42cd-82e0-95018caa4c18.tmp

MD5 732a95aff15e76e7e3ebe0635db52b12
SHA1 3b6a6cb1b7ce6377839916147b2ad5db58559644
SHA256 eae552a8b5eaf445b22d0063ad84fd8a436368d3473cce26ec99159954a0b0f8
SHA512 cf14f6c4e9e58b90e7d103fdd08ebccd3ba385b6e55a4e3bfb690f9572edc9b3e0a646f4740df6c8f7723548964d01d44f33d75210983f02278e0831684fc038

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dd020ac41add11e621975416cd1cb7e0
SHA1 7715e2b6c1736eb8bfae50a70881fa09f9278605
SHA256 3c1b5c9a9b7069a857ea0c501e1ddda6355a8d3018b3214d1408c6e6a19db54d
SHA512 a5d10f0713fc7db283c6f283be320f208a75e17e7255c1cf29acb7bd7abde2319e3be1617e2214a16df9c4c97f7f0c0c0e5205c96ba0d0c98ca56e60492d4707

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e7dfa8929cbc232efbf88d52731ba7f3
SHA1 1ba25faebc12fafda997f5b6c7b44dc9498cff2b
SHA256 d224950f4512d71e2def398861c019a9b429f516fd7b97ad6f4999889b57cdce
SHA512 4b46f25d7084b4235df07535830e575f11032a83d543299997d0a575bf98113fdbdef29c5c48b0154427ee22c1809a8b32196aadad210560f84de22d29f59759

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3891d06e3e04d030a1cbd54f84ad31bd
SHA1 8db30985737b4e000461fb56d8f6e8618a621270
SHA256 99a550756570cbcdd76bc98551f1a5c45346b29189c23cbf439cea83a2299c76
SHA512 d49863ef795276ff3e8352bd67d84879da427426223e181191987a8c57353b6227ed5e6994d0a3d6bc74aba8069a5d30ff8068ab6ca6ed420728d70da8adfd54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bdfee7217fa0cb3cc7e7d96e22f0c3ab
SHA1 d1421142d84e51202b7f6a9f8ebc6169ec6ad7a2
SHA256 aea48c62cb7c2d554badb259019da71e96c39cabe2cbe6db86d68c00e73922eb
SHA512 8dc34b62e5429c3bca44a4ec4e699b574a3e39228fca5482cabad1405b5cbd0e1727d0c4295edc124c6cec3bb1aaad424f989ad3548f66b527f2441514417ddf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 21a619a35374a0efbcb35fd439b6c400
SHA1 61fd40a86d6d303cf0061c2209c693ffac41a76a
SHA256 8cddba35b8f0c58f77a946c920870c5b5e1191d2b8d70b10a92fa63924fdb6ce
SHA512 7259667bafdc7ed081246d401eaec9c909729e9ee6f79b4223386bc08f5795ae89899856a5371f10275bcf7c32dfba7f1251390015ef7eacb1ccf84511157a13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

MD5 6931123c52bee278b00ee54ae99f0ead
SHA1 6907e9544cd8b24f602d0a623cfe32fe9426f81f
SHA256 c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935
SHA512 40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

MD5 b39069244283d0630db35bfe0af50515
SHA1 0f448e4c3a3e5c61c0d8bb434250f289379a1daa
SHA256 6e484fabf582df6de3f99d0c363909a6d404cc29bdd8cc76f393a978ea49e0a2
SHA512 2c70d5a82aade4014dcfa03ae0b83cd17b50fd2e995fd27c463980dbc57775da16865d47c8b533dd87baea735e011aab6f3969873e5bd305647ae1586f2bcdce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8fb748a988bb31de0d29101a2cd56592
SHA1 349c093f5a7ee40c4d5d6722b718acec7ea043da
SHA256 63f214d4a08ab2ae07cc0e054908b808a01e62fe1a3a62da07996feb082f0d33
SHA512 e3442d60f5c7177c1e7dd545e33c0c0e88f341f08fdb9003c2c23bbe42b8be6892c0ea2f0984fc789645d1abe59a54f728983cfd698b2b38c77ccf05d8e75d29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2abfd731cd4a1f87375b067fcbd14d45
SHA1 79d366ff74f68c24149227b092f892bdc8bf9612
SHA256 17d20e1fbbd0d7972e85208e084076b0456ed54ac7d8e22703eaf9b97bbbc455
SHA512 949b7a4aea6d010d39e1354cf6ea7671cbe2f7fe8e4a42f16fed4fe049158badbf9aff568e68f226d8fda9a5a5153b735597fdf7cba349915b10a50784ea8157

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 401ec10a27c43c59286811b1c188ff6a
SHA1 2ff57c3316d21926dddb97adcf1d6ed8df1c9315
SHA256 e118c660983b231c52bd9f067208eb2c62a81d9fe10663b55ab31d66aef33278
SHA512 593e48936485a7a1d7c41436fe0b0f0dddcb638dd9fed4b911346785d0a2af91cb57d2f43c421ad9679a5f07e825cae9f89e0b3c41ad671e2df1ee640b965863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

MD5 230ab95d87a717be265134072eb17c25
SHA1 71a3d3dd6f952057ba0c6025d39c9792ff606828
SHA256 3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068
SHA512 9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

MD5 845e1a3d0f8b316c2336250dc14628d0
SHA1 71fee07b3e73d3ef8f7f13012f6afa33497b7c85
SHA256 3652f51272e5dbe7fd76034923c754699ca0ad9b51f15045ebebe1e07eab8e4f
SHA512 612f8bb733828a8a6be340583976aea7d24654070039f772f227d3996c096739c1a41d5460df7c3a20d8bab12839e921fb756eac7063491f9c39b620da7969b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e476d5cec603837dd982a27fe8c657d
SHA1 d55eb4e4abd8c412fe81e74a56a975380b4541c6
SHA256 b8b212ad262a934661b386d790541991acea89a74b1f38752a58875bc82b477b
SHA512 6847fd94efc99ed2a1808d5804c886487699a3f0bbc0b1080ee108ce740d355ada633c5a3a87d983a9226564c40c1758e4d66fefde47bfeb21ffeb7f793b7ca1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 10d87ece87fa9e8ba1541ad1f79543ba
SHA1 120440ce22e64e6e480d9990823bd12afa9ccfda
SHA256 d3985b68a446694fafa3861d28e8eed3a1294d7145177a8cc4152e9ba289797d
SHA512 8e198dd3386e4f23b6656d921c2274a85c0bcdd4bd61f20420443570517978da8f074f7b967229d7feafb962890d089144234cebb011e6e326a2800de7e91d85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

MD5 9901c48297a339c554e405b4fefe7407
SHA1 5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e
SHA256 9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2
SHA512 b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 20e583322d13dd1c7e508461bb7d044a
SHA1 f0fa880abde756995d97e9dc4770a891a7a32a18
SHA256 883d2659fe050ce4745abe73f0e70cb0b267e5f5703ca963a71dafe59022eee2
SHA512 5c0e6d3259bb7e9740e758e0091d7ac8956c3de8862ca3b188701f4964c5a8437010e2cb6865cb7bc8e9180ae6283c87dc4ea611a1af938f427b25bb86116687

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4bca6217ea1bcf435ce42f393a5c639
SHA1 816ea68d859dd97a971dc4fac3e15d5f5eff505e
SHA256 82ebe5c9c8ff00a0a1f77c4eab85bee71d27bccb74a6acc23f6fb59bfed180f4
SHA512 ed290866a0bfee2c5e83dc8700be07e24b10f5efe8e05d8134fec8d00bd8bed6660a134c5b594c0299ec8d2937b2635413e4893eb16e7d8067b4568e29bab4f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 379bcd9515a04b5e51a6963af2742d1a
SHA1 09b7f646ef42a964c603b6f149d0d1207897030c
SHA256 7d4ed7ec0a7ad3fcbd9c552775a34f6ef354a1a6e7728e460e169f81b454eba4
SHA512 3763090dc979f4af4d214ad4ae22117f2e74f0ffca029b67598cfbc253eba52d10c5d53b04ce61f6f8b677f19843d742609139b013bbf6f0258cb84c0b8bb0ce

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d3d5094ffd966a03651fdbe9fec15bd1
SHA1 ee51f121502a55349efcb732991af3e8e1d1d795
SHA256 9032ac80b01b79d5c1b004b2b8d445246efc82a81ca4911d3a9f0a56fa4b5ae4
SHA512 1d94e06a293031495db0d6f0ed4633a0cf0d7746b69e48dc7417f6f1ea1b0d8dae4bdaf0c8c73a01c0b5999be06aecac7f85bb9c0754e499a648ca26ed9ef61c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e63f1671489b13435952150114641679
SHA1 1218eadbf4e13875a27580eedb86e5c7366ccdb4
SHA256 d1a7aed49deefc8d9d1e5bfd908e4c7623c1b057ff199b60fd42aef7b67301ee
SHA512 5df3b164a0d4a745a1b45182d4743d4dfd551e355841a777b4faa2f4c81a53384b3278c4a1e58a413f961ff95f564cb022412b50e53041f73e257dcbb1c158e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e5cc819f95ec6bc52e8542f285672db
SHA1 c226086fc30ffbabd38b630df94ad2f4efe61e0a
SHA256 2908bf434078c86ae03a9705a0c76bc5f7a95e4e9e3ed536424077089e08f8e6
SHA512 a7c8e3dbdb5b38ac55aea844ce9db66e1e7d3562b57c9272ae2da3a16ceb83464eb5ab3ce0b6a5b69f0debc981ba87b6fb8622cdbc540e7fc0ca628b2ff5a33e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ba8a14e49b6d957fba9ad7fb41ce6bc4
SHA1 f1201376ea5dfb336dc85380f670b9fbcdc35cff
SHA256 c57a03a55dbc154c41ea481e8dd403ac98bf3dd6c6659bda9a0d65ce2ee6fd1f
SHA512 1dda12a60c5af8c87f8b368841c30917c951fba98c368ee7e9b0f4911ef0d488bcbc785b8335cb0db1f816c274ac572ddd048e421e4892c3667a84843145b5f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc2cece2905234423f1779702d49528f
SHA1 eb7fa7bc084a40cb35e16e840782ce05f2abe49d
SHA256 da13cb86bdb56e5887ffebc1ef034d2e056457f466ce7003e7fe4de6890d2819
SHA512 6555d77f4b6f7c41a26faf726b98c51a3be2139502a932d7e58b94278a99684513a24b7578176a369e6e8411e478899cde14c89f79ccf3a77ae7256d49d90aca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 1282ba59b219e55e1aa9bc059b416880
SHA1 dcaa236a6a8828193080305b8d82eccd6809a3cc
SHA256 c13a1e6d9bc5136ce6186c3925d0eca438efb696997b6a2b6e39d089f6c6e30d
SHA512 7d698f5a6ef1103e46f4de67d5c7e54309e0ec9e2de96339fb785adc5be141694144e7381f53e62edc84b5c760f43a7e93d335e44f5bf2b93b81621043eaf926

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 8175952d2722016599801db7524863c7
SHA1 2a2816091a7c2ccf2f4c70f3748c5b0f2c3f72f4
SHA256 889095daf91dc1f2b210c8375dac3319edc3639833fea521372d4b6883a27003
SHA512 d0173508797963c383c988a1984b18c4d2356a9b8647f4f94c845fbc2bff2e405e67f655d12b57215158312d4fa9e4f7d10bd9e204429367d4ddc75633a728bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 94f268e8a114a3c0f65791deb2461d33
SHA1 24e8f2c74f47c88d452669854673138789197331
SHA256 71467acee116150fbbd74f965e4f752596b3d5e3365f8cb36f855b4920a25b03
SHA512 495a995c93655d550c6e70c6cd73c16eb8abae088de2c2d1f6dc3d0b1339b5a93744fea9aafa456c2f458763e8f98ca177e9b50941f7ad1d152d8e68681fe9f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 922ac5cdb4bccfb75cea3666c8d11dae
SHA1 82572dcfbd5178cdd5be483848563beba7046b1b
SHA256 092fbefe4a5236e76c2e91d9175bb8464f79d537265ba79d7ad13bbaa14126dc
SHA512 46cba86976f5e39434e4f33f426f3a56d54b46dd8b267a85b3061c6da9cbf6a03eb0c9d18fe917ae01eb25ebac607766623ac0141a9fe7a3313c65a76010510e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac70f88c44b273dad7fdb30aff1af55a
SHA1 55e7fc1a30d2786de681cfc3eaceb53f97ee469d
SHA256 499596c8294a3753b3c2741bf2095c343aa479b44fff0309d1e25e47d33c42cd
SHA512 3b57bbeafbd56ee80c11c7facea8af2eb084937c4629d449bc0c6c5f0f30e7e7f2f66da32782e45d4c8ec8b206b7c8772d4b60d591a7a0703cae0ce39ce6ea6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Media History

MD5 e6d10f1f373a1691783cccdca25cbe5b
SHA1 37598b11535bd0e00198a19c36240f2fafdee938
SHA256 dceea7851c2aa5688bf71c02570318c7e629d7e3d5f92d3ac5a43efdd39c4fc8
SHA512 31a8995c23d70ff13cd78b315842abb7d9ac4c17fbfc872dd88c6b85dde814f744bc65fe158a13563ca5957d638a6ef672250dfac33b0700731aa0c4027d9a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 69929ec1384baadfb44e7b6b1b5dd7a7
SHA1 2684e513ee2c0d4a305ebe7dc6916ada1ca90edd
SHA256 47298ffa2850f79518aba940d873789e0606e9f7de3ec93b287d8b82abefe57a
SHA512 11ecdccfa6e4edbbec328ac46a6085956580d2d3153f1fe1429eda0b07b3131e9db9e78a93faa2da66edd677d60268d85a5ad37e0ea0b15ef2ed541943d8d504

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 c88b805bdf97e807351e1a0f5045a4f8
SHA1 be8bc04396452bffae6ad3b6fbdea80725e4ae11
SHA256 8973208f1ff2f6b980826cc790a2b3c25ac939804e6e840e56b795c863f17510
SHA512 4dba5d883bb075f47951416921f4f3056f3d61bc8d4e6747389550fa73468da7a803d97eb9ed4905ee76edcac855931a72458b6f83a8612c3ee13ca19ea8a824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 3a77d2475007dbbcdfc6d71e8e1208c2
SHA1 47a1b4dc009c0d1e036e72f3316d351fcf9b9b7c
SHA256 b20f9c8df196a58ca6bc8ab0ac0e68418b40b3cd6dc7663dcec9aa089ca8d3ad
SHA512 39dbb4384068955990c7bf6087d4a31b4d4254d8d0e5ed8a26c06e584f93922fe2a7b2b55b3f8bb8f6d450a9f70cae84a29c2eee2926a72316f1ab060ae37a2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 d718f6f578149f5df22798e9117d725e
SHA1 f4c691699c29ac27cfa56aaf95ef95d83278683c
SHA256 9ad92327ffae3c667bc737003974f973b908f916b512209da42e883605f57c8f
SHA512 5803838e296a8e83f07cf40a1e68b92e050a315a2d745f72cbb3e03f4cfe73eead89ede3e40db5974cbe3fc8cdacc04da755d1c66c84977b2cdf92e5b9158180

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d51ee71615a45bfb8efc2363ec9dece
SHA1 8477a6f94ab6cc44c4e6e2df603f2e1b6e884b30
SHA256 b54aa6689133a57d02317149b81ccdaf42b6e6583b0ff1570e59996b2d0b87e0
SHA512 b088aa3ae401ccebc3a9de9ef47fe8e3069e93308f3165fc3d85ab188045ee000b5f23a74155915c60aa7c75a89acccf4421258ec7f4fa6c5cd813c8e08742d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d6f875004a2a02b2a8e11432f8544a3
SHA1 ecb58856c57cd93b6228a9eb3bfba596a7a21793
SHA256 7fccfefd9630c700c022b334387b96f4c3a4902bcc303c3890d8eb1d6bf3a932
SHA512 6f2417bb726aa5738d92aaea33671e947948b8c7196d4698655fb1ceba13877e0543196b395bed61e35f9ef9257f531e39690ab697ff93742a6595288ea9acb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 728fd394689b6e4147965b5807908d2e
SHA1 24fc54487f45e6cd8443c566ff0b494d5fd3f0d7
SHA256 78b6a15b0656c09042619fe87eb3796ca2550e4d0f4e01941c93eab6edafdcce
SHA512 97f2118193671535ff3e7fb3763487e861686824bcf1020c9df0d69f99433c1e55f37e1b154bf0a95aaead7274c01eb494e5a952de1f837465c49a2854a7dbd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3cae32aabbece4975ef7840153fb3ebf
SHA1 189f582eec1a43cfb8e3d7675f2da1d1234ebdb3
SHA256 1ffb0df071800e8f8dbbe320ccf2af7b2a0b3a63154d6bfc96a231e823117f25
SHA512 a7fc2954868f3addfa9050757f9cae3c580797a082f68207b662beab2640088bfcfaf3783d6f552b4bbdbee3145512a6336927b8b270807d89f4f48e2027d766

C:\Users\Admin\Downloads\Petya2-master.zip

MD5 99190e3a6848755c06ea966b7fe60695
SHA1 16b2d6d2a515da07c700cf34255482f973971522
SHA256 b9c352e7cef7e3725b405ee7cc47dfca83562c221af75574d7bd3155f3a455b4
SHA512 d81f748e76bd46d7a29332bd4b6b7bc91e96edd7a711faa1e819ac9d7cc93506b278dcca67ea97726abd5d45fafe1ccbe7a0809bb39445bf006dbf12a937f08c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f89d7ea04b9825c73d835cd2a4a28e17
SHA1 3658d495f39d29a36ce45e5b749c3c72e90ce571
SHA256 46882e80d73f87fe1744d0163117988649ff8300995a7185d9774908f9daf04c
SHA512 609d8e64043e9d2371f49b253bca94b4e5c808c687bb566fc3203f98fb72bdee131b7fbbad9fc2a8550cdef56c520840f2d23faf55c3e0588c378be791890602

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aab4479a005e24c8b7db1a981b91c6a9
SHA1 cbf6f422ff226cc0be835dee16fd86eb9459a95f
SHA256 cafee2c08585a397e73d0126dc5f5637d4847a99335af1a6179b7ea42b3e986d
SHA512 cdc0c4e6dbac64fbd67d00c07baf7d8f3d2a156d7b9ef1a7e63c99fdd4b4cf48f4e7e40c27d80a72e73fde800ea39f9f9799c8e13551b59a4cde1ce0a1ff7c52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 470c8b5cc3ec151096425ba301b407fa
SHA1 5459417fb6c1084509ece35b52990d65a9441865
SHA256 0ae1e1656be4d9f4dd5372dcd7032ce83279d488841e5004cbff0df4dbf09f54
SHA512 0cac66ee8930c9cc87f44ca75ab20b9ad4821fae14bbfe3e5be12465824b50ebd920cf6fd96b1d82047edca0b9d6bd60d32e6c544e2a84e484fbea2ed0387c92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1bd12f43bd53f0fd9931fd1e90e572ba
SHA1 deaa14311cc910487c38e232b8b1545fa0459ec2
SHA256 c8ba51ad4b98107528887a968a76c4dd58d418d19fe628b61657a85826cdf72d
SHA512 83d67c41a25c34866b12d320f826821077b60fbcb7891aebe91782a629a3ee69863bdc42fb300875c557b663e6fd5da85056a73bf3873fe15f2d60791397b4cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

MD5 e275ef70659adbf85254d25c9f6f590f
SHA1 7e48b5e82210c8c7112a65f644689749f09c9903
SHA256 63d723d0fd9c5c1eda94fba8343ffd9897a4747ddadc23e8f7492d2acf875b71
SHA512 33c12592aea93a957eced3404bec64dd4907bc54682917a0d3bbe8304e8190f0fe1ff8868237d5093f5e674162a2cc89c6e5337083d6ce6371fb7a809fc98ecf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\382444bc-d2d2-407f-b5e9-ba5c9321a58b

MD5 0930934ace3fa812a6096e186e6f11a9
SHA1 c26388706f2f64fcf520971f2c5ddaa0d44053c9
SHA256 e6afb0ea0cadc8ffafa90fbd4899a495f516f1369b321644aad64c78e4a5b79b
SHA512 b750542e37233eaebb1c9826f80d07608dfdfaaa90049c1a4bb0bc1cf4bae81ef7d924ae152b9118260b98548aa36573f620447bad166eaaec7f85a4d58f2202

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\36afab81-3128-4283-996a-69f0a968fb66

MD5 aee0630a7ded28d80913833770e45bea
SHA1 ded7a19f7478ea70882886a98ded6a2268e655b3
SHA256 d81a9e373cdabee8c83ddd12dce091f47ad447381393de7b8c8c96144e0e5d59
SHA512 aff181fc4eb2250d9cf44fe9fdc6ccb68c735b40a181cbdaabc787a97e94dfc1352e5e1170e08640852eebd2d9eb8101ee768a40ff83b4c6a875763f87f1e4cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\02f8fcb1-7bfd-480e-af4b-465c47dd3be3

MD5 4c259ac05e80db15e4fc8f3e3b4fd148
SHA1 798fb3b2ba2866adddd5d5a1321006730a072de4
SHA256 d885ece0b355212ce09b148c8f63ab4c3dc8a999fa3193ab24ad59d57a7abb10
SHA512 cc0a9dddf00b9b4100aafcc76279644766942d6ef712a83dc6e756fb9ed7cceb1b1a336b5a7e012f809f19981d8bf94db69904e95745e202596c7f0aa30bb48f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\activity-stream.discovery_stream.json.tmp

MD5 c86e296894f2ef164fea7c27754d67f9
SHA1 33cd8ecab2a79122d947282501be8ed2f98985a1
SHA256 767ced63df396ea3a3203e21a13f1daf08cd1ed2fb78edc6ebe7dcdd82a046bd
SHA512 ef8abeee6a6884252292378093d62e1ed296453761e58b94e50aa8de7f0148bb97cfb402d171706e75ceaf577ff33d974e831029f8fa8323af39e7ad0b5148ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs.js

MD5 0a43b2ce0a2a69ad947fb65c295ca5b6
SHA1 7e122067f705a17fe22002d8963deaf6884b1cbc
SHA256 d8a371abc6c3a3118338fd126be22b46f00cbfb59c1e3b049eb25fc88a5339c4
SHA512 ba054c5e884be6930d780bb8371de2dc958b65a4681a915de455435859c9cca6eff03d86417f11f0d82699f26970d49685291d07b7f14fac1e0a152711027729

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

MD5 809b7d2e7ea21a2adc6da7cc72317400
SHA1 a1117ee959ad9d18e65bb7f0e619214c7b6f7db5
SHA256 380f0cfc13034d27e4df985152ed6892eff10f4f2863b5c83c76a66cd29b69af
SHA512 cfb9e4340a016a698609dced2451a68adbcc807bf82215a170e925bb6ee820ed22e256d00556f82107292b32f52286ffe12be1dd7dc934ac4fc2e9c726dfde83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs.js

MD5 b88811c781f74d2cd72c91c6fdde03c8
SHA1 cbfe0a31b45914d6da715f69f5db900a32beb09d
SHA256 40ca6c25fd747142e4263d40b5999252348e5ae94816a07373a52ba61d5c4a72
SHA512 c7e702b480d7b76e146f520aa438f939b5254bd8678e8273680c39a5078da5d3f2108dd89d684d455289297276073d35678eecd97d2d775147e9e405581ce8c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionCheckpoints.json.tmp

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aee6a21cbd6f1cf16ab21dfbd44feb25
SHA1 f60db259861a38be32fd7d62444f8d37af71bac5
SHA256 4fb6e5580a4052ada52fdb6288642e579eec0f52ef2da4bae872ea996156d13b
SHA512 e5043dbe297217e64cbfb7c985797871b8977c91e3b46e78ebe003c993c4bb0233b9f644fe6ff12e4a89fe98952b5bc8238224a016e422750722804c1b13c55f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4c34390a4aa51546c8635c09f8524f11
SHA1 911552bf501950832c704afcb7ce824b7a1a37d8
SHA256 7b07521ed3d247dcde17f83b127e535519ffbf34128884f71c8860dc464576aa
SHA512 dded537c7bf7835405c67c71e258d4f5ddd05443b5d5567ee09a0d4637d05d93fd35498757abce6b8e182d9897a089630bc87e2846f779457f3521793e9c2bfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6ca13c87c3052e10b4c01426781920f2
SHA1 5453ae734cfe8d8eb45d02149f91804f80aa8e3d
SHA256 ec86cca1966fee138f6601e3aa54266e37a48e7c37a8845f67a8673ee177c163
SHA512 b2de5f8cf0022c77c472eaf70cd6dbf4b471e2822aeccdfc603bbc9885708464ec59b5c423f6e7df21c9b9ebca1ba867aed54e49e42b6fc03f4ec503fce57fde

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9478fd87411dee8dac5eab8732784b56
SHA1 32f2d70325a0f7774ae8e0e11618957aec4cdfc9
SHA256 d29f2b9e278ed722ae3b6b0e226a1b79782da4da8c55249fbc7332383aeebf17
SHA512 0950dd409fc883d6d825c26255dd349753455e4a63af735beffcac4f7026b2c17b4390640a185f6e14e716665023d6294a8188865a94cbe0ef4d077ffba98059

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6436f7986b5d58cd1099698ed6693fb6
SHA1 062b07ba4d334c6f1a581dd147006953e7fb9c9c
SHA256 630b9ef75e51d1ef20f56f42b4199843f5b67920dbefdecb6d2ad00e8f8a71dd
SHA512 284e1ad92dfaa94a7e04344e48140df6fb0f43a77c02229e88c43051c3c86421b97ff069a73ca3d38828f1cf2e0394f888dcaead188efe407df850016c3c4dd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

MD5 4d8e40e68e050d4aefa8e1cfb93d6332
SHA1 00fac0d1c198cd430a5f41e33e6f8ce678e2936f
SHA256 850f68c7c396440f4f26e752a1a5d712cbbe918c169eb1e6ea1fd559ddf584e7
SHA512 8bd0d94c410c7514423603586639a1cb3693176675a5b6d872c79ecf5b67f694ca7f5448341c47c0a9daf19c9d08398a911c194cc8a7b4b01b0d51f475756007

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4561b36401535d8625cf2c388940278f
SHA1 35dca54aef5e97b1166ceb6e7c108e97cf3b74e9
SHA256 5b64c38b53668f40497e62465f14a6d9e1aa7fb811f8babda8259ad935197c5a
SHA512 81b8a85bb32c156083ac28ebc157c572fa661d709abcef9da5c5c25a0de58bad25f2f77703e0aec203e0b91389f885211f14888c53b44ec14bbb78e43103e8f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

MD5 1df8e57c4ae6a0c89441418d5d37913c
SHA1 e54f8d6d390d987e86febde4c565a3dd317407a9
SHA256 599ab5465f2e3ba027595a4dbf2f0def54701f29f866afedc57e44765d231b9c
SHA512 e7c5b5742cc122269c92443ab5a4fefb5a15475693969fa673918775010d3ad701c0c91ee2396bca7759e10774d0893e6f0bf52e5b00ce1f94fd6a108d27d353

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

MD5 14c460a1feda08e672355847ea03d569
SHA1 f1e46ac6abd71ebbcdd798455483c560a1980091
SHA256 d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f
SHA512 cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

MD5 e947e95a0fd8df1e8c8eb7cae1f96f09
SHA1 22f36705b4a47f05fae77201e936a5c65cb05bfa
SHA256 14fd0b00467eea3d8b863e4aceb343135fa64e8a3b4098d58765199a9d2062a1
SHA512 24b9a4b0b5ffd6ae11ea6cc76d88da96cd0579254dcd463e1bc5ddd99d9850773ae861594ad053d4d07882d4970267aa3789940a4eba63c0543588cd9b293dd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

MD5 cfff8fc00d16fc868cf319409948c243
SHA1 b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA256 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA512 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

MD5 da4c2d9295fbab7844d4f29079dbb8d5
SHA1 2e214261c9f3394badf103af57a2b9bd6f89a68c
SHA256 b2f523dc352a436652fdfa66e899f589653015929b1add2da64eeb9650a7febd
SHA512 83a66de2c3593c960f5e7567f8c315f983245334f63bda67c7490570753bce7e865a1f752d15a5b6f795fb4cc4aa2a122ce6bcfb86bf3e116f00df7a558a92c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

MD5 919d13ecf08e3da7e9f337e7b60d6dec
SHA1 3d9bd4aa100f69cf46ad175259edd6ce9864830c
SHA256 9d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0
SHA512 98d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

MD5 f5b631335f170065edf1b148e10b34d4
SHA1 ca34f82af577fec763ed38f0436d20f1cf766f62
SHA256 99be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846
SHA512 c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

MD5 2e23d6e099f830cf0b14356b3c3443ce
SHA1 027db4ff48118566db039d6b5f574a8ac73002bc
SHA256 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

MD5 a6d2a865e9f16ea305950181afef4fcf
SHA1 082145d33593f3a47d29c552276c88cf51beae8e
SHA256 2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2
SHA512 6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4

MD5 109a8cceba33695698297e575e56bfad
SHA1 2b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053
SHA256 dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d
SHA512 6d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

MD5 bd96190c3723c6828cc6601ee39d46d4
SHA1 8ec0068e12d9f113b01d6077cf634f19079cbf53
SHA256 ed8fd1c5a4f0e11544b694ca505105c2a8fb4b643b41bae87b2b4f1ba14f8d1f
SHA512 7c649fdad52f9fe2bf76af6249b3d7de40ccdde73618c5b929fb16fe32e51873f7a73734e64b54e918a31d42d6430128c8801787e4ff5ee89fd9265ba9875dbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 35f59a680160bf43550b4ea07917e1f3
SHA1 a4d88c609d5999f05cbe437c244c4c12c64d4dff
SHA256 ce19e572e3f7066add379e13a74870dc3706ff5ca8f26eb66e08d568ff01203e
SHA512 8b07ef7352fa633c99b34f10f1748bd540a9ecff72af220ab588b11151262443f264af736c27c94366564e152abe84fb54eefe3f40a4a4e449f5223a73e7a1ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e1971b0-589f-4d6b-a6b7-cc12a7374617.tmp

MD5 eb3345ab070741689fbf2abaf9b61087
SHA1 b765268d698f997044605fbb6f697cdc13db7287
SHA256 fcd9f21bd535a49e8aa30b03b03a7027acaa61db0c6df650d4daa2ce19b90418
SHA512 054f09e249f2a57aeb2e0a49a5c4c572db4a6265876cedce05aec1e80d2a4ff2dfbb0ba58a6fb11b56ac6a0317192c72c6551d6af525d029f2f21443dee8c60f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8e2eda8c7926aad80ea9a6d14ea3dc5
SHA1 37b9ac6cada51dbb4688a19a84ddb7e12ea5a1d2
SHA256 248822fc93757d8d149ab0ef0ec1852ade7383a592b37a849d2034ce1333c733
SHA512 17d330b79cdadd295be65c656741e4e65b07a349f8643b107fd9e247a9e6923c0223e0be345440a2d48483e7857645c1d8cb05cdff7d3193302b392e7fd51f36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4d30c08f88aaccb1e27e6d8598fdcdc7
SHA1 c75ab007589380d623849a1930400eb02e225fe5
SHA256 fb100205e042be3cb4734677f132f62c8ef603665251ff0776f5bd9070c336e4
SHA512 27cddc4a080ac6cf69dcdeeeb46d51a2b7b22f8271eaba81c9f02b551cf6bf43b83a9d9fc7692b0612ecc1297e23c9a8adb6c8610f1b18436657797958ec973b

C:\Users\Admin\Downloads\sigma_all_rules.zip

MD5 a3bd9b060660521e3b014fda53ed51d1
SHA1 56115075dbd20f9d95da2480cfca866894c8e32b
SHA256 58675243ed52a4778757245408aa0201cce39294838f4d70eacada386cac5a3c
SHA512 42833afbb88d309f82e4aaccd7cf5345bbe4cba77be30990b41560b23ec57cddffea4e5d9edf7055bac720952545f6d30e5815521238a819df7822602256edde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53c1cb60773d4352bf2bc325a2fc3061
SHA1 2931ff2951c9bf447ce9b3c7a39fa5cfba8e1511
SHA256 0a6b330ac200cc4b07ad7d6a2538cfe03fbbfa78732c6778fe091eebccd250ff
SHA512 1b807a69f40b6fd9b7e002fa69a6ecfc7e71d398a5b70ffc1e9ec84b8a17f4a5b4f761b1c29b64d952fc23fbe8c107ed69951b150633de8977fcf5270a82fb96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5e0f1430b09b71bc0e20aac42dadb0d
SHA1 75fb9e0a9546418c3115c95b4f23e1ec3db37d11
SHA256 0a19dc1bb5de96c609bc03d935a3e8dfc612beed2eacb46e7e329d475381414f
SHA512 a6f3821bfc655a35cce6d5fc2d913e3fdee5db3dce84497da90d78f47f3a76146b144995ffc639532946df780d0b4df38c4fe569e853feebff6f6de0dea79164

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cfa43fb3e68248b515dffa891836ae51
SHA1 560d5acf1ed9acad1960d68f6c9259b239e5e123
SHA256 8658acff3a8264cb88ddfdac7c0ef0ea3d11e957fcc04fc321cb00c352b8d5ec
SHA512 92269719d60495c2c8f78ab2b96750af3f3a063750b5c5b411aeb997fa74d7b51ad5e29675b91ceef89f6bcc1a23e630e6bb5c25d824f8643436f68d2b628011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 25438dbcfe652e17ab8ec49320a5bf82
SHA1 e0e2b1b4f522399acf876d0abe23e1b87c51640d
SHA256 24f292a3f21a9014c1344f32429c25aedee9e037dfbb1fabc5d8e6dc99344fe5
SHA512 bdd3f9f1b8f14493adda5a385cc249ae5c65440c1fcb5b899793a4c7585418f7479e663745ceed7a5fd8de506690a29b7824f4733bd8ca3ce85c651b90853bfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

MD5 07251834d336b4e155e0f0163df4334c
SHA1 f1d5aaf2c0e9fe5cddc3e6cb2c6b13354ce985bf
SHA256 3c1831bae696fb512591670db48ade50e4dd74a77280915516741e483b9fc902
SHA512 cc6c411c6ec9038e994fd265893cb7a374c06410887ad21c6b83f9df85ca51e164c49bd389aa050687ec07d1ea05f6112f94bded47af0ddf57f5ccb5560780f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07a9b091ea007ec554af9a3dc7776c7a
SHA1 95f04147442dde203aac6802da38021a8043aba5
SHA256 79784aef06d5ea54fc5d4ca4b9849480f937b49b38756a87371dc66b85a951e1
SHA512 9d3f8e2ae0c8e22a0f0d2c38a196f77008bc63eaf9ae16044b34ed54b5d1e97eb879feaa1f5eb10a52750b967619bc59b7386523d5f7d70186ce0c5a2a2c6399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e202d3a7fc3566b4283dd6c7421995d4
SHA1 6ec583bf61427ff6eda88ccb722e42281b4ce889
SHA256 f76496e0cf8cb1123d98a65e60b7e770bab295881a855ed4e5f7b6b6dc35f94d
SHA512 31177ae8009e6a9304d6ff7d560ec16af4a30bc2ab402ada29b17f1f7b4d1c8cd16ee8497a18d6fac7bf2b7a73011de67152f207a9abe40133227f171ab7445f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f8f70699c9e68bed355a4ba4de7923c
SHA1 db4b1c44601c5d02912c2178dffb3a6bdae97ce3
SHA256 a1c6bca06069ada5ea5fe904dbf6cba280ebdb08b5b63cc96624638686659b7e
SHA512 1ce1e4e6630126bf6d008464978ccd3e5715f1822ad35115fef77d4505c52ed3eea85362e0a8b3b6da2ca38ab8991db9a9acf7ea0afc7b67a6405c32452824f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2917467600665dcded946cacb807b0f3
SHA1 c7353d4050f983112c0a5a6de009ce9cb85a74fe
SHA256 18397cac7f30d47dcc7371bc1205243792487322404178590610a95f7ede75f9
SHA512 cd80b4166ccbfae95d0e0b00043e0cd882a027ae74c9f672465aa8108afc7399bcbeaf855b3fe36658c37d5a5ca3468d636d71bae7f9216191c6eb90bc959406

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8bc17748e50c85dae19e9c6c977220e
SHA1 c4d02be651ae7763602c05e7e42f7e54b1ebf7a9
SHA256 ed5a8fd959ead5d31d873c7381ce85916f7537a78ece3da5debd19d401dab259
SHA512 457c60ce9accea4f87bb9f7224bf33e2fde607e9ba783d80e6c1a918ba7a12fcfcde03a1d916f0ad2d8e99dbd2a8739d7cb55b3225996a6303e1a5a747064889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f37259cc568e562403525048095622f3
SHA1 cf762f04808da077351944801c321151a70a312a
SHA256 cbc52ab99b39da9a021e9b85d0ce67ce76658eb44a81bd44c7efafd9723a3eab
SHA512 aa1e8d21b6077651c169b24b88dd9194eaf2e2ca46f0b36400be0a53f265f28cb260371d30e169cef87cb08a5d49c0258d58bb8cd3070e4f839ffd76d1849fb1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 848f2b0d94f7d0e4a69504daea2c4959
SHA1 d5c7fc10a1f055ed1e35e41a7ac5367fcfb960de
SHA256 ab817b832161a3ed6cf3e38e3cfbb30a153f569179e48481a9adb0f96d0c57ac
SHA512 8afdc4ba766880ee8b2dbaf0fef9f48e0fdc6df14c906eb7d1c5a714e8eaa392f1f0f44c32528e3276a88cd430392e2eb25ba1c2f3187a8e1cc281347dc433b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 191c54076e4242796c515dcd1b2e30ad
SHA1 0d14bc6772acdc23100eee59e15b939bbfb1b6c3
SHA256 f66ea811583676b7a83d3e99e6009c69ed553fe6a464bc71a2f92ffd28275860
SHA512 b7846d213ae71b9cac63c85da2e264024a9675e774c93560c945e13f0caaf9a9cc233c41f986a3cb79caf95daa278f6169c7a6b02e8ef4840420378d093e4980

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c6ce594dea1a481d7fcda083d6b8ece9
SHA1 0ba5dbc3a2449c90bf5d683e000f5ec98c416572
SHA256 df72d0dc41114ee9985c1467a5ad8ca5ea76b3f42c13144bbfd1da7edca36bc1
SHA512 c2566fd834a3cec98d677cd0d11a5eae02aeca7a0eefe88fb40329f32f7511fc63e29be787d4a9e95cdb45656f28f0e7c5ac4881784c8841e024db686a29a86e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 347b05d7ea29d1678d859271dafc50c6
SHA1 0736c16cdf7c0b42296a921833b31263bec69e19
SHA256 b06c437a323871406bf16bd8090522cdcd12eb9ca9491b14e11f5ac633efb20e
SHA512 c9c792480ac989908e3719f9d620614b67a9af7a98a647f19b4b69abb48aef776d079665f043058fff90f042c1babaf51d4ad20413e1342bbfadda41a81a2273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1dd9425c8f71d1f99edca9c04bfc30da
SHA1 a64ad0f4972aae575c1585a98932130d41788c5c
SHA256 1d0eb20bab40cfc29de595d36b01a35ca0b71bfbebfb9173e5eb59e87c5ad2e8
SHA512 3db41ae8d6dc6d8c92e6b02b01ab4416a1fee42fbb77fe430a62167fbe2eb5bf4a35d40b5a1e6bb7349ecfe94555a6bacd9cb39aa783f82a35a422c864281da6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 19738578ab779d496b82766d3d1f2635
SHA1 3c400a6b78741bb18e90624e04481f46b8953e22
SHA256 79222cd4e09b60ec73a8f7edba3df6f3224a340867abb810add3bf1541b39d98
SHA512 bc619414576f00b62923e2d7dafc180176340b09eea40eee6c58a801da5621b4c25887b89566e26ae1359cd4a29eb5c389fef5b76ac4931933d88e210b2ac77e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7d5b74230bc4dce64f9f43f67ba66954
SHA1 9f237bccb01a67dc70728336f3c09b9bbb3d833e
SHA256 d73c5ae0009114c7494fa2838ee88358f96d19f6ae7c150179171af2538253a4
SHA512 e4681e1d1a7b931b077ad4f846217e627b854e2eb41b04ee0bdabc81bf827179a48b0c0951a2909bbd5cfdcd2c7dca580e70618ed30916f7d83b583b1d653aff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bace48aa0909ebc68933f06de601b6d8
SHA1 cac103857152a0c2b339283339b64e5d657fefde
SHA256 62945a6cacda13dbf3102de92d8e2c8e093f53822987912e950385a3cd26af9a
SHA512 1a9a4a724177cd29533ccdff7ca1bfff049687ac26b9fa8c90207fcf763ff1a30e37ff7d229a5e767e18cb5ce49301b2091c2f7f0b5a56f0893e8558f363b5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5788ede2b3b2bbc_0

MD5 d854ca0b52d0590b8eed0bb59fe80ebd
SHA1 d2fefb89ac268481eb63da203ab3d579a2fe019f
SHA256 9aa72542e1c87461062518e17ea67381d7948258a2f78ee6dc4913e6dd949487
SHA512 727985d4a864e4bbd3b712b174a01912602e66abf654f5b27b5cb114726c2a2126cc22254c120afba7ea46b6d61428e6fefb79a38d2a94b3762a507de8eb46f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f1220d60438aea8_0

MD5 ffd203f90fe1249b982cece89115ccbc
SHA1 7fd81cd2b9431ac61879547d1ef41052ef232bc7
SHA256 ccd61b8e903f60b24795904038fe1ec664f1bc664bc778cb474376ea39b20a22
SHA512 39cec4726725ec993f9d43c9c32a964edac7ae29b7488cb18e5391dd9c5f26acc18fb7ecb0ff20692f31231099ceaacbe5260dec2a427fd85083614263eab635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efe7600a785cf1d0_0

MD5 ac7660d9686adf24402ca349aaedacae
SHA1 be720e24b72938005843bb488ca64ad4347263ee
SHA256 103564bced9ec4958c9fb6e39265fbbe8c15cbbad03abdc89e477ded266a9ea7
SHA512 c5c42ffb2cdf41ad9f4543d1d651a7154a7a23d844cac54aeb9b80a4829c99b4583a95ee9e6181dec2cdfb72aac044531aa65b181bf53a27a83a9b89a02dffb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a63cef5674855ec_0

MD5 0361cfdb91cc6704d433d43c4d933c98
SHA1 28c6f04d0ed9d1500166753805d1d71d463e53cc
SHA256 9b0b8a14abeb8f3f5c094cd20a2e8e0fd23530b2fdef7f7f1cec0c5c2b40c55d
SHA512 95431c0b1fd80306f2148b020e89705e5bfcf185fa10323a7598e3e16ac4f28351162b52c64a750cdce512658269a72e95f7282e34ac4d90b7e59c5ae69ed2d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba7773c5b11c73d9_0

MD5 f53940776a8a20bf54f083a2e2bf8010
SHA1 5249210763da979abc39d342a5bdd170a697a872
SHA256 f4b1862cce14efb7d05746ecbbe2438157ece7bd83c5982bc2d36c7d3ab7f766
SHA512 728a969186c2105a0c4f66ed87dc7a91d5bdb232cad0d945969d9e819194fd606f58755247f9844dfce8d356654d283a47f6372fb05d0ff09a36950a9ba9e744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37ca16582bfd954b_0

MD5 bf32ecc555b66caa03d0014e0e04b071
SHA1 bf22b62b8f3938c2adbfec7c60c61f3f3af8db7e
SHA256 9089bb357b34f124fbf3b70b2199d2f54878ad2c2cb56ff22958f148ad8dc6e4
SHA512 e1ec6330551953a4cd43d2ae401eb6db823a85f9e89a10a14e7ecae5a95f23cac3203e8d77735ad67ac6df4888216fe46fbdaf80eb951537204fdf7b8ed9cf8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd7d45d8a26ccec3_0

MD5 0199eae09c69830f46ac5e175fd3d2a3
SHA1 e96faecc08608e23a54d945a57ef2e5a73ec4492
SHA256 9bbdd9d7d12da76d390cec0cf3c8e17d2c1f1623580b43a9cbd264d3044c6ae9
SHA512 d343a97d546d38bbc31e0675c43ad851d1b6b73ff1f5cbebb03a55dae1163e1c938613b6092262cc09f0dbc93700f6b54f2950fdca3d0ac68193a5fd787352a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\650048549439cbae_0

MD5 ba6cf1f24252933875e35aac82e488bb
SHA1 421ba5732b9df734549c2224b4f7767d07b45fc5
SHA256 6669077106d8f02292bbc12c484a1c9a1cc4d1f653c4491da54f9cf88083bab0
SHA512 16fb99cfa4d6a0d0d64e17b7dba729f59ed506687083af0eedb9b7167640d34a8983e7b341edc2b8a991df7185881d9400e6374aae3e9b16be0125b4ee209545

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1499430a87e5519d_0

MD5 97cba7b57d47c88d71a6e14b6471b0f5
SHA1 3974c86cedd782501097d059dc67e92d6dd48885
SHA256 2e8ad2bc32a09c3f2f31aaa293ad5b3b4584a906f74139595ea2aecf72a7d862
SHA512 827efc66ba076cdf0149680be1818a7fe443e28e4ad4ae4d5d435aa6ae59e483c1636bb1b9259a72468565fbdbd2307fcf3be4a4344af5511e0447aac1fb18ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae6938c53190427e_0

MD5 1a546bede0c5f79be56989cb864ff51b
SHA1 e12edbe0e31242e972506c8c61864a72b0f74718
SHA256 556efb70e2a2cece861e7ac52a0292812b1e167add7cac9e018cd880185739f4
SHA512 cc7bbf135b3c8ddebf8a174aa1d5c4b0fa794238014bd033e3d22c81a0704d3b4d2f4df3b9408906a085d0cba07656e4de5e8fe69bad5e0d30522e97f063a5c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2e978c01a051d02_0

MD5 8f133d4065ccae4a834eec7929641d71
SHA1 8ee93de8c9e379b161049785c4d375b0d29192fc
SHA256 f689d539a3e88f4a596cb0961cb89a12cbfd68ceb9e9702ab916fe1b35454488
SHA512 3deae692ad1efe023a8a90b39b199ef75d25c3e9ce27d4353f421d31f1be6bfd5262c5a7640ad1527492a4c9f300f0b6085029cf42f5bcd1712d97c16c9be9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa7f53746e5bfb6d_0

MD5 280c085bab78647d5c637d62d40c12ec
SHA1 15fe2520650b32d8da9ed9664dec493aec410e3f
SHA256 1ac0598e45ae0eebf385622fb53347918c893d3ed99292d8ff3890d66795f3bd
SHA512 b4f1cc6fac401d740c36b75c4314dc618706bbac3ef12f1c01544847655f7051a28b9377973987dcd2e34c22e94cb8df803063c178c3e0de754ffe8cc8766e4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f27b37247deb0d3b_0

MD5 f9cffb384f6bf637e37fbd41f3b497f1
SHA1 afba3acd180f19e002dcce304f05e98e4faf190c
SHA256 af03cbe3722c63e36b1bd3e89914fe67a4817036b063117a64ad31e82f57cb24
SHA512 7810c2234e9dd4e258e1f61338b15ebdf4bb02c3a0ec100ad177391f03e3dfc78bb023042b52cb15b459bff2d5eb31321eb90edbf8a8a91a4943294f5b3e333f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84c6039e1399e8ab_0

MD5 e8eb1dd6f2e2e2a754b928e41ab621f6
SHA1 1ff985c51504d4be3bb2a8777f77618ca2076320
SHA256 dc991b70401cdedcc5001f9bcc68907024420adb2730974d10572d6434b26148
SHA512 971aae8c7e8b1a62351e1b0826448d0d5eaba207df5d3c1c000a11fb8746d4eb32b3270535dd73923874303d51c751d5275a3425a2d9bfa5272c288b8520c504

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a02df7c313f59d27_0

MD5 42ef5af6e67da96a3c1cf9fd70327825
SHA1 5f40c85892a2c423a3723b5c7ff9accdc7e4599b
SHA256 c34505e37587c2d30b082d39a63c4fd2fc64beff301f6ae3e4a8e636dfee3530
SHA512 8f798521162e6030f8a74e38235a60b99df22c32c866bf803b55b2014e89b829a198070cb7f27c2bf83c9c7a0c7058959c4936259143b301f0df0a2e213c6cba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a9cda1121219915_0

MD5 05c1acfacfb1a3e447b66e5f0f841b52
SHA1 0844f64ddcd4e842b3c93b8b78e1c6335c3e2cd9
SHA256 406e772379d0f9824558c95579031fd86fb2006285533d6ac99031e7dcf8f1ce
SHA512 6f94e3f1c95c60dd4d0b9e57fe91eef7ecfbf0b67984bedc78437e94ac8786e75e2db0dfd770b0b61dc32e351742761f85c74974acb47710d1e11cd9cd307a93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a0d3ac32f2881fab0dbeae84eacf3b41
SHA1 0324b2eb14dfafc9445d6fbe453f0478444331dd
SHA256 ee7a05e0c3877cba26fd7479a129beddbc18facd8ade0d746265b04edb0ef636
SHA512 b028a612f8c2c6c818125c31beea2c5b9981fcfcf69deb4309efce74391e4e6e64d2aac370b582ab9ceb8a7f0a238c735ae59ba914970c9d5d5550339a226664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c504c7f100c48ff2e035ea11783c57f
SHA1 6a03755ba61cdfe12b98bbc7051bc66cbfdfa8be
SHA256 e3285faced6309ad13f7551679018e2f935c693eb6d9250af732be828b2cdc7b
SHA512 71466d3f3d8ff880fc6cfd47187f19831badb9b8dcad6078af74e0d29d4f99d6b0f022b792e8fe082b6f2d4bd994a1599b739ca44a57a9cc02c602a25bdcc97c

C:\Users\Admin\Downloads\CLUTT6.6.6---BY-CYBER-SOLDIER-main.zip

MD5 a13a08aac9f25d0b7f41b89348fd50e1
SHA1 c91e19d5b31b0baac9b58a15cdad232e8fc10c3f
SHA256 7edc3f16770698c0d9eb302f534560ecc82c0e35cdbb44189cfc06adaaa10641
SHA512 f8af2744f6909c52876ec4a52b82f1624b571d10082fa240f8091c6867919354510f52611eb1dbdd4bf6594eea03f8145208d4618f36342cc5e2a87be2efc223

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5aa3d33d3ac4885c964be54bdcc36d4e
SHA1 1c8855ff6a8cce867132548b3e0f340ca4baabc0
SHA256 071d86e99dfb9e4c1975cfd8bef9a8bfce4b44ff1351c27e820643bf6dd4bd93
SHA512 edf5afeb6087c154d3e427af9178433186fb44ea5f9743fd78c3de56688c716c724ff9356d08123a4663baa99ee2791278e38499cf85070b2f872c745a4b7c76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d6ffdc8ef1771b2014131c4757918377
SHA1 e03fe7be81cd975d9e5e2cbd6b3c816a61c64b75
SHA256 214de40f78732a4b75641aacd322d3a8eb42551de216ca4015b2d71d9527402f
SHA512 cef3075a2f82782172f53ae6f832d0b50e6731039093b65ab49928ae5334ed2e2fe4bd0954115e28b35b583d01ff6b6697b2f01e9ede66a42e2d24fecadf76be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 627b92ccb630f481e0dd8448d78943cd
SHA1 c163634a49b70656613393490bc0fd76ce7298d8
SHA256 ee7c2932612be0dca8605891e87c7d1ff67dc0fce0ed990c78959e17c4cf319a
SHA512 cae4ca368a529f1f94c45e7633b5632faf29cdd2f58e7aff768f4beb18f818fa8331f2f45738e633df047518de01665af4ace919db5d72a4a6866b8da3bbf76a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 559eae125cacf943d84da3cfa3203c05
SHA1 54c3245666c6c8a540302592c682d088f1f9b267
SHA256 07bcc1a4113f48233000e9985effae835ab54c9814ecdbb30f12e2e3e55884d9
SHA512 af00f50664037ca337437c5d308b1ad689f2b041a9b75adae6c48add0397a7d43aa64090a12d6e8e087e3da4247cd50a04fe0b0225059c1605608fef806667f3

memory/2256-4605-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4606-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4607-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4608-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4609-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4610-0x00007FF7E8DD0000-0x00007FF7E8DE0000-memory.dmp

memory/2256-4611-0x00007FF7E8DD0000-0x00007FF7E8DE0000-memory.dmp

memory/2256-4634-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4635-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4637-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

memory/2256-4636-0x00007FF7EB850000-0x00007FF7EB860000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 43745c6cdec584ee5c85d255b0ea1959
SHA1 a73204bcc4d014903c410bd47c839ed772c5482d
SHA256 4a0c2602b491e2947cb921fc85a7de441d42c5e30394b9984ff9017059cc9801
SHA512 f82b3200f1047cfc5462738c14104e575e277af6890492ad6d23f8771280d530166663bf6e9de02b3d8deb2a6100f771f8c90669bbb7fc0d989d736ddc07ce3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\20a0152c-ba72-4089-a59f-ecd49583eec2.tmp

MD5 a36e9e4606a1a5ee16ea8104cf1a5c7b
SHA1 e9fdbd0d5e058441e42da0a9443c10b08b4501a1
SHA256 226522107a0e534d988a5cdff6b410f66d4f26b03ce28ea915041920f7f4047b
SHA512 12ed66f9f12dcbac9bdfa98c5ec58ee6d6abe8327cde11fdde47e838ad0dfc21ae37f48d0bea85d6aa126553e560e2de0433151f6a5d2dd3223850423f931ce7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 78997f3eb14c29847e6ca4951a87847f
SHA1 f2d9102ff97395f360d6213aca86971853cd7c18
SHA256 8a994dc54d77fec2b679d1d8a13b260f3effaffb412a308e65fa15942560d7ba
SHA512 9712da9ac567977d349a2ebd89e9529d4b46b39e76d0a69df1d0746161315e20dfa29f8e2191585cc6f10aceb3bd6692882946b499751ef3c8abc82f76d31e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35bc1c98f9f2489fa4c428f3953af200
SHA1 034743e928de61b6cb04d65c8419ab5b3ded0f65
SHA256 7ac58d05aa985308ea02f1bb2c5ef85c0740a1f1e2f2bb5105f642ba65a885c8
SHA512 24f75ee850ab04835a7694d7e256ca60bf78ec0230fb32293c9c31ca744f0b5258bd9c98b1d214b66e103b0cc7bf8db7e030b0c22b21168f610fc15c561f113d

memory/5328-4731-0x0000016B73540000-0x0000016B74638000-memory.dmp

memory/5328-4732-0x0000016B77200000-0x0000016B775D6000-memory.dmp

memory/5328-4733-0x0000016B77E00000-0x0000016B77E10000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9e89cfb84e2d9565c5c6648e852c79cb
SHA1 7d2378c8bc29cbfaab856d6702c8ee28ed272aed
SHA256 72076f95cd8ea56cc86486f5bc473f2a5f6ef2271020cb6a8997bd1ca1bd9f84
SHA512 ab47b504a30cbc5744a0648e9af6edf32c43e1879298dc019ef753522d37f53a57c054ada2ee343f4fbf3a3353ea7bd7ca9ad8b8ba4fb28b3fdfaf06fed50c90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7572808be49a3e144e26a6d6316c8011
SHA1 190d887af7919f9221b561bd79a7f3e0aa86ccf7
SHA256 b47b2c52741652af8519c67c5c551b6d96e8750f59bf5d4a0eaa77c54834d530
SHA512 e17dedc17a841b921100678ef9bade3cb4a3a9b7c705a8ef8e276a081d27c488447dbc85007d4fc62d70995bcca99c2a4801566933ab5bf9dc1f1bb51058809d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 923f25da15b830f0da28d402fd51ec3a
SHA1 6845d6f73cd73dbaa4991432d42efce8b258442e
SHA256 b2853fb16c45b54379af39ad2f048308673869d649937ee8df49dbbbd7da9b3c
SHA512 c978dba88e6bbc9e0649a123f7585574166b9b83865aa6f9ec6a676d18711c517821c93840a26fb20f1b691e0d9c23cdde5bda5b2935e80d8807a9e0276ade42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 628aa385b78a659693c3d6d1146d8271
SHA1 6b1055e91c88b2f74570d2aca0d4939ae00e2ae9
SHA256 c3de31110b22133c9ab93d0da348703db30120907297b9b367dfc358824baff2
SHA512 8bcb662e0b4ae3694336a102a4d6e3e6c605acdd40920f6c90a1c455e2622dab94f4a56d51f4a44d60d3eaa3a9af39233c2c8f69138e96710b1ab2e0280c2db1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000104

MD5 be689bd00654d520b455b7361d7febf8
SHA1 cb812ba1d0c46a178531a98f489641b74ef65461
SHA256 8c7b2da1b0f8af3bfe0a502540160fbaacbe2d0578d6644c12470c64bdfc9099
SHA512 60904096c0d6a9af11bfd4d8b3a92c5b0dc54a2c01287e80039f39b0327c2f778d5c8562238d6a5d4d3562941b488a5c9d79a73b362df6247f5923d4d988b2a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55f7409444c76984579f1b69ee19bdce
SHA1 7b1ace6ea54f7a12d3edb82bd734fdc46cda7c17
SHA256 7d826084bbc6c735c128b16fe58d7fb1f046b59c1f5a474c506c8696f8d9ccdf
SHA512 7d9dc4ece061a704484539e5988ff5909c439a1eba0ced7862ca986d5416ae8ededdb9d6f208fe2a9ce0631b87ac6a3b6a1b48bd80f3f3128c6c6a7d7b770415

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1b8d7c8464d60208d3e001a34743a6c
SHA1 cb91e5572387fc9580593f475ee63aeaa1780c80
SHA256 504a516805f229a1eea78e0c8b931b2155be7177d0bc1c14da792c6d3fef776e
SHA512 1f7b129b69faf43d4a3bfd87640d752e35c043623a40c3ba2d4778578375201ed73d2cf6430f9b7483a7ddde8a47d71880e88add9daa406beeeca81c797e29c7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 58c965b2ef1e626c5586fe3a3e9012d3
SHA1 f711c4d64e68455dfcb5887908df3f44a543efe3
SHA256 26c63f97502648cd93922fd369859e5aaf2f2e165e57c907ac80fc9f6b26f010
SHA512 b8c7b06d6c519a6f3cf05c192a2cd82733fd208e3e0197ab99f28d0fcbc3dec70ef7dadf9375115294f09774eb22ed57d292deecb0b9eb9e6de082d6d8312085

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 546dacb105d116208c26d469e92596d6
SHA1 9dcb5e5490cc488ef0e1b60f53e271bfef4b2a8d
SHA256 6ca0fddfcaf84210ae4546279a88f6c31bfc579662167d60f95a228861f4e715
SHA512 b082713c20187e0923a0656e6ff3913bb53e967970d8b76d536cf5ffc87ca754c5bc824ca83b00957265c6e3525466f1ce41e585fbbef1b5d2fad35d20f7763a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de9f44e801f6134_0

MD5 36d6925dd2174769e94ee354f9d8be6f
SHA1 f12c5a09a0bd67c9925853a90ccd80bfecc21c4a
SHA256 9390b3135ec62954e2c6c048f48b3634d0e8b909bfa2b3c08b0fe9c4bd6e65b7
SHA512 a5d237f8b89049fb828eb9ee85067c802c94572741343a8228b9740e143b6d0d61b30eeaf0308e261ed41ef7dc21a39dd510c47bb959bfd4b36bb9b5630605f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9a159afbf1607d3_0

MD5 b4cd97a7316a32b9f5de55ccf5c0d580
SHA1 fb78d200859e71a97e2df6d799e0b908cdf992fa
SHA256 8655c28b6a3c5d5a738640e18a67e77a2cec10079448660adfc3ae646e15b323
SHA512 8af6aa098c71d613c2bdae6be991960a2b8e09d97b18156f5e31ab343ce651cb90ed9c6f6072bc0abe07159b422f0cd3d52639444057625743c08d68eaa9e11b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cc3b8047ea58590c66c147ffe086307
SHA1 0984fdf770a53ce83f4c08d972723f03cd963704
SHA256 ebbbda02e58260c429893bbff7d22dc7407d3ba5f823b7c7f334dad8d5166bc4
SHA512 9d9863f58dfae09dda980c588e663fd9de199ea7ffaf2f1d62870d78db98162df13f996706428a915950286a822f21662cc15ee4e0e5ded5d8d490f828b6de6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a4613485854ac4f7bc23ac6bd80206c1
SHA1 6c3b857b6f767d1c90b7051af6cd1fd1698676ed
SHA256 9c877a391484b3c5a116f14d06d837c9a9fee2eaa6f8d7d709da6b2c74fe1d3d
SHA512 c2d542c0236762835a8bbd47194d46d5c2162a56e6552f094f7a42d8c295f99575bd6183ec2df880546d075cae9a130b8334c3e0bc301d92e5e4fd397e927c53

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e160fc4f769818a4de315a07e97f2b12
SHA1 b899f34cd387eded814c899e1593664e253835d6
SHA256 9d49ddc9805e44504eeda6264e00efb824256ed1a4d28e719c0b6fc0c7cd1dff
SHA512 cf5c3930ed6b1a86329bcf9c0d79121525baf66026873bca0272af5cae0400bbe16031a5a37904c153fb8b1d215f1dc34f609e9ac2791e7b41080e53461f6735

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e7a735eae2c1b6a86063647b26a5a3ea
SHA1 37303c29018bf2d102c9fd22d8136c61543c00ce
SHA256 c95c0c7d2a02cd472ecb381ae7c9ff5b6d533c6c3d452db8b425eb0fa701626a
SHA512 8897398bc3a318a15c93d2cb87e33b872b42f6ab1c01ab6387c0cf8df870bb9c3e0806e521b0948147dae6c6fe87e2a80c371e58d4afe3e6816fb6a2b58344d3

C:\Users\Admin\Downloads\Unconfirmed 462264.crdownload

MD5 f1320bd826092e99fcec85cc96a29791
SHA1 c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256 ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512 c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbe4614c900cb9872f155ad71be55711
SHA1 07cb90f1fee9c32645d924577562bd553b140b73
SHA256 8286a0392f431c735c7a55481d418ac84c8f15aa827feedbb94076cbb38d8ffb
SHA512 78fa6f47cd73122221029a5cd62eae0f23a27fb2b1e85e9364b8d9eebe16c0318875f462f02d4689b3c439f1bdd63d54f3dbde3f28b63e677b60a73e97a7e939

C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c9522f2acb67d213cea03e726f84b0e6
SHA1 0bfdb1f1107a129e9360b0afcb1233f1dd4c15cf
SHA256 e1eedc018208434345b5c5c1250b3646966f4cb91c0788b245071f8c336b06cc
SHA512 d947d7a31bbbfd41862b72588d4b86ad9d31b1363e5bdc014a4780729fc5a0a69ac080d726c5a6c6edff2a073b13c8b33b58e543e12dacb39673dc137fef593c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5d47c348868396b447b2289eb8d79b6
SHA1 c134e842dfe358e43cce1bc883f98284f0b844c1
SHA256 42d2274e5ee1089053067b99ccf04d7687a2841a87f0317c5d9a6be0f027da71
SHA512 def3adeac9bfd2643bece135ad5d3d3ad35b481769cc1a4fd7d2a9d86eb2a095773048a4a8698cb8d7c77afe9e81906f89692a22e0d1063429fbe5427a56976c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 691361d08af2024ef4077053fc6c8f86
SHA1 eb06bc0ff0ec55fefd12548a67150de69418bf80
SHA256 de6b2b8f46318a62973ac6e0d0f4dc7d9a443034491ca9dd6843f04094369958
SHA512 0f09928a4f3d2b65bd626e4a363a716c6337180eae87379e555da2f7e417b6fc5c9e87818f8193444e4697c5e9b9f81a9aeb8aad366edeca23b2d0c97e4d59ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c9265d1f7b0792be4160381367610028
SHA1 7a2600bd3bea73904cdcd3ff79887eb5caeec19d
SHA256 71677c72ff8af8d2095c1a14b6824fc4fd601c1efefd9e5ca87ad521d10ae9bd
SHA512 edf398ea8ac58cc8ec5694007b9d014155be6df68addb4603a437d3ea06f5a5b78443e8592af63a83e80c0ace0b963cb60fb105cf6918ebfc9119d76bfc66410

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 49775785ccc7efaf67aa6c5cb43f66cb
SHA1 6258e3cdfe349e7b7954ef17ac83267a6a94b243
SHA256 bfb9fe64fc95ca4e635d60a25c9fb71af9b543b5bbb5d8881335e6d1cfd39ac0
SHA512 14927373a2a92d7718517727f8159716a2c8d4991f4c6791cfb51678683f896113d1b861b458700649881cd4858b827aa200211555435e77eda19f38ddbd5271

C:\Program Files\7-Zip\7-zip.chm

MD5 b79894fbee3c882c3efc71ff3d4a21bb
SHA1 8bb4fa0e32cc892f8be396dbaa35acef7a53e36e
SHA256 2d55ca494a8b6dcc739d84bdd112f5c50d612f8abf409c9fb5f2b5c2c84c37a0
SHA512 b66a75ee3831c56967e2c64f8c9ba434f3cd9e4dc4c4fa79580e5ef81e8595863a477ce487921d46891bffcb31c6d45ea332e441c5c26df9a1ee59c0769f32b6

C:\Program Files\7-Zip\7-zip.dll.tmp2

MD5 8af282b10fd825dc83d827c1d8d23b53
SHA1 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA256 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512 cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

C:\Program Files\7-Zip\7zFM.exe

MD5 79e8ca28aef2f3b1f1484430702b24e1
SHA1 76087153a547ce3f03f5b9de217c9b4b11d12f22
SHA256 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7
SHA512 b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

memory/6944-5635-0x00007FF7E8DD0000-0x00007FF7E8DE0000-memory.dmp

memory/6944-5636-0x00007FF7E8DD0000-0x00007FF7E8DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TCD3D46.tmp\gb.xsl

MD5 51d32ee5bc7ab811041f799652d26e04
SHA1 412193006aa3ef19e0a57e16acf86b830993024a
SHA256 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA512 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0001.docx

MD5 21d982181219ad1e44e97502b0372f26
SHA1 2b8fc724e3afe88e864ef0a657fb617a476290de
SHA256 ffd965f9bba71cfc3e35ad8f4e339de2a19f65dfb9587dadac4b552d0bdb59f1
SHA512 5f9f93bc5d3dde88f7f73f7cd203e61110738ff3a97dd8a795ab9cfaa82b5d89aa6b8b1846d6ac9d4c2f6193ee61b14d6061f291618af9cd0cf43307e64f3483

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0003.docx

MD5 a110ead1bb7fa040fba8c0104f0e10da
SHA1 6e5922398ea58ed1023e1731f5f939a8813c8b27
SHA256 81502991ac2700e56cd174a4b1597058c4d5824a64c7b0d54c7a2e7b85f7ecfc
SHA512 58ab98a9a23a2cc516a2089caf72f1ceb043a380faf5ba122ce340f8ca96347ba4ead722a380345d5b9c8bb339d5488533c37940341655112ff1c18914200512

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json

MD5 6ca4960355e4951c72aa5f6364e459d5
SHA1 2fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA256 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA512 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

MD5 f1b59332b953b3c99b3c95a44249c0d2
SHA1 1b16a2ca32bf8481e18ff8b7365229b598908991
SHA256 138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c
SHA512 3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 fb407283ec3c1a39c9feaca999a989f5
SHA1 c411b26852f8e6aee67b5893712af007af859d9b
SHA256 47a36f8e42882e9db6fa91965cd12535648d110c88c2d8561b45468cf8a37062
SHA512 a63bfd1fca41507d39f5f4a4e4707df89ff4937c938a145d310af1b7e9b69bb442bb99f7cb5d253d2ebc029da74dcf3f89223d5a73cdde2948decfe9915ccea4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000119

MD5 4fd2f59ac773fdd8b0a674377cf4d67f
SHA1 624765911e7607c02ec335d01aa92c98bdf52cf7
SHA256 a2706ca94e4bd56a0e48028dbc4c6b08162dc304a80dba23f8e93a21bf237a55
SHA512 aed5b6e3bd4024d19b57d8384e7c5a1e710d1d5a4019e3e880b5a204fc6aab3f725c409a001a284f48a9fd28da13885d9b40f69475f9195a4ee678e7bcc3473f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2df2c057a5731c19_0

MD5 48dcef10b96243a76580f6606668a389
SHA1 5dcf0deb5e1da3f2f08a4f53c94457c25ddf4b6d
SHA256 d524eb85c0db8ab30b3a5f7c2b6e6ff6d9ae4b4f3bb17248fa5755c8ae0b3741
SHA512 c862aa47c180c0e9f3bb236f2e1ac0e98890c23c5e96de273a711fe38235f326fe4073b194e873a8a1e3505891678e310af41eab021fe05b02f42ed1022c8a96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfa37c3bce11c64f_0

MD5 ca21e226c12dd5365b2056c670b302ec
SHA1 b383b2e421bec3ffc629e79ab0edf1b4445ccda7
SHA256 84dad0211014756c8cdda916099fbbc80219ac9dad2346a9e0f6ad35033f0100
SHA512 277d8a342e58387c87a0bc7309ed3ab21ee958436474aa720b04e31f1855b271fa1ab48628ab34a5ceebdba2d20361a00b6ac9b712120c8a082c4e3a90a88e2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b656fe85bc43465_0

MD5 29c3e99c91fc1bb709e1e761518330c7
SHA1 88b59be2fa3b59732f424a1d862b0b04c0533d8c
SHA256 d9d988818781028125a7976d3cb14c586b36a144db08f0e672d020cc1840f4cb
SHA512 67d78a21c26237f1eea8d2aee32c46c8b01a4a68ba4d44aa93ab061c9378a9272bc6263b554a21126adb37bd46b16bdfeb922c7aa9bd57cca678a5953d592e5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df9da550ea6d3003_0

MD5 f9d3d15d1198e79da0337d4f14aa5871
SHA1 ee0761b0b1ba82e8112a871d4f6c50eb276578ad
SHA256 a7a1cf39207b8f20059d873c39ef01673d1724ae00d5609f94de435d8d26eb5f
SHA512 c4d2ed7b8cfdccd40ef2dc164d4b1f8d672deb34a4ef5832842f987ddb453756903b9966202fe3970d09b6616fc5395eb2d055e7b17664e64bc91ddc42dc9dd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a3beb452e1663a8d_0

MD5 cbd220ac7ece4002775a173b59010b60
SHA1 d9a6a91f85c76ff3ee3d324bab9acd9f7d95d880
SHA256 63edb1f795d74c7eed59805d90f8e88c241fd094fca3341ef8d92160ac0513fb
SHA512 debc602649102d0dcf3f7c6797f7a1cd1838a75c077bcc32f4b09140304c2fe4286c30470fc482e295517ae9ce6745718d797ad8230c3a5d2941333ab43a58be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b08cd0430bfd81b_0

MD5 f7c882324c5b813636e3c76707667d63
SHA1 f1f4df8a6aaed6c003771ab6b57ae04efe3dfdf6
SHA256 db7cd8a3845b8babeea48e5defdda343c5458fde2a4546920d72f6ab57d1ac34
SHA512 6374a50c65c74651c543ac25a4ebbefdaec14d68adaed4be16b6085f3630e34bdba8d707ea67f310dba3f9299e4f78cb74056c6c79a997996f890930edcda6cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56858010a7af1199_0

MD5 d8b1f6f00dff82e1a8aa9fe7e96d2dc0
SHA1 0b4a9e509cf82943d42ef2321b819600caa280d1
SHA256 1a62475f14238fe9b194663a5400cad342e75554eb868aad69d4162284a5afb8
SHA512 5a371b0467904fb2a5277265a34d722de37b02627e99ea51d4397e4fb9885e304e1b4a3781e728bded44e964b2d8a2d63a174c966a2daee5c924cb6bdd217467

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1506d85c637f43a6_0

MD5 881c600c75d4cabf89a0d51d01bd9cdd
SHA1 71d4332cc69484ea7257b39dd5df3dd377fa4804
SHA256 4d66b0d0cec3721ab54585a6c9b19647a18915ec4397d77a7805ee8e6355fa0b
SHA512 3072feb01ac9ca86732eb414d0ff6433f3c51140dd54fc8e3cf71ae0eb67a605f6538b2ec70f041f3937e4fd7d22d0cddfbdf7d481aebbdaa0269f70e7ac7b5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0a158aceb1dea8e_0

MD5 69d09085538e5cff122b500ef566d4f3
SHA1 39e7b3f7ea0aca413a2b3d7b5f1bb9bb7c80e690
SHA256 e3ef28b587a04eff80b942a3df1525a89aba78e6697f5d178c800fad31a5e2c3
SHA512 8316525e597dea283e1e00b01baaf37274bcee0a86e5a99095bbc12f63bba5e2b54af7158772ae2b9d145014a44f6738976a0a484dc48d28e54855382ba7cd51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20dac1bd8ef32ebe_0

MD5 68574a5d454112a385bcf2aedf57bac3
SHA1 887142ce0bb1a8868aa108d48cfed8cff8db2818
SHA256 34f75704c9d860ad1057596bade669fc50bfbfc5f59a002fd2fa918e79632f1d
SHA512 716665305a36b651926e982cd080a01f3d0d05d8ac5735ac186f0e89df0de4d75bc1621e4e726caca0f03b1aa27c72574b4aab73d1a4b31b6ff1ad4952a87537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7fe85d7249e8dc55_0

MD5 50742fa5e68a4880f6c5a53cb1b7d7cc
SHA1 20c5c2a2af1d5743c9f6afc0d3f13b1cb21a3bc7
SHA256 f9b12582e192cd53ef008a51d0668b3553d43a25fbd47706c0a6b55d6d1cb199
SHA512 7d8cabaca4448fb5b6fd1b33caab160510f9870b4196024b8d449f96d74938cd0954caca9203e4181c7236e2812b3db4f4a9db9e2b383dd3cc7a12fe394bfa17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba872977e7eafed0_0

MD5 45cbbd2e69004996260b96d69c352dc5
SHA1 cd1867ba91d337c930e2fba670018a75b8be2e19
SHA256 65dd79975cf901d6232b663c609fd9a30649ce77be8dd0e1a175b5540af9654c
SHA512 f16df0bd4629962ec82cb1de093c5e4574c54fb4df50510afdbae6c6ce828efccfba81bc241dc891649f08ffd7cce2a413845934aaa27c3ef1ece7381a59d02c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65029c17e720c1c5_0

MD5 44e380932db092632754834ca4cebee4
SHA1 b2e7308b50d9e79b72bce06000a93d58b4401c1d
SHA256 82a19e5143bda15c2e1713eda8d2862d559c687d019e74353fac690827fd2fa3
SHA512 9f38cb1a869542415e14f095ccba332b91bae2dd6891d17b67f488d4a3e9616c512bb0c05923b01e3c9d00be644cfeca59a0727b526ff41c3c9de507be42147d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\951674a2601a33d9_0

MD5 7dbf9704035671fb048c902c66b6ad68
SHA1 43b7ec8942c7b29dc8ed73c38f48d3f5d944c130
SHA256 b8d40e3f7d0b29517c8c80dd353f72ffa7b76926c076cdc732313e25332c7ad2
SHA512 7ae7dae0a1329e80b2c2ba527e92ef839ec1756a225132390ad2d7de50fe99a73c71045faacc5ad7648914b91b4f5ba8c1ed00d6c7721dde056203b252d24fe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\552e9cab9e32a74c_0

MD5 7f76e349b696bfc069aaa056bd322bca
SHA1 8ce2e07811ca6f342f035719e7abc7b8b1b1a83d
SHA256 074511d32296eb3d1739abe32e8af8346a19b7e6296f11926d7ba47024a72361
SHA512 04da3525ccbc591595c145b32ddedfa91cb0e88c1860afdc7c5760d7a6c1ec011f4fe7e1d25489a3344f3a04b37135ef3f724770f8dd8a21bf63e3e9bfdc83ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\08367b3179c4da90_0

MD5 2ce92d133560da2f48498e746d1737d7
SHA1 42b74c179acb41488a7978f971cb359777b86c70
SHA256 f2c6411e12e4b6a72a841c1326d6a341a716e2510f0091afc24530b5c9151033
SHA512 f6031aef5e87528bf26d88964cbfcae23a9a2f66d08667e7fe7e580f1ada435a895903d8cf66fe168a7f93172183bdf619a23d8b0f2ab289048f655c659694c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b044bcecece9bfb_0

MD5 3a3f57807909c1704d35cbe04f604941
SHA1 caa49a48cbf368094e2528fc815fcf8aaf5765a9
SHA256 1c7cd53bcd967cb78cff1f359dac72bb660c1ccb2c0b5b8e5071172086d618db
SHA512 4ef83bf1e02065a75f8930af50a86d988289c809c9e9d4f50fb6617a8b4241a1c84b55a4930276be2706524047671c63d2467641d3ad2ebeba4789668bf5266d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90f61163682f5561_0

MD5 df8462717ed9fa344bd68479ed2bd9e1
SHA1 9a66c9c63e138fe9936ec009507738d766af7675
SHA256 9a9cf6e770d6cd0f6caa5550a94fbcf23a0d4d2f872d9d09b55e66088df24096
SHA512 8f7300d6e2fcff89a96823c69a184dcd87d8d041918537d68a130e2377480279961bdd7f145fe6b2f6e9d516be898a533b1691d3bdaa5bdeaad5f696199ea515

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794b4df9888a1693_0

MD5 10093136e414ad4bbdfa62994252090a
SHA1 48312ac7140f224d3612c2f0909c2c0cbf1089ab
SHA256 aa3491b6dbb165a7a1d5d8ddcdf854bdd849c15d5daee9741ed0b0e0cd42b805
SHA512 957a80541d5e95ce187eb3350f6a2d99627543e01588bcd932d48090b3a70f67436c60352878fb5cadce71ea4296ff280a0d351b96feacbec8122c9e00ef32d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57fea5bbba039920_0

MD5 965e365a769322c4fb5f12a895fb2de9
SHA1 3e452081e924a7481ec8380b1abf2f7a8fec246a
SHA256 439987673e114c6663f6a0d16e9c8a2952c0121d6232091aba534b03f6594e12
SHA512 f1b730f23ec6809acf1415d19545e1a4768de627d65d83f7182e263eb2d7cf2814a630a1a9d0c4d949c764e8e209d237d1c46daff5044cf4c79798c5b52ec5fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7e7921c6642f313_0

MD5 8da5a6c1c56e23f02653504c9dadc4d5
SHA1 ecec0ea8113083654b619f68de3c45c1820bf1bd
SHA256 64764a707f015cf9cdb69c24eb035d8ad3cb6c4007adf4af2ce0ade10104d7ce
SHA512 40183d539ea65ddbb5da3e3d90ecbcd4bed36ce51b9875a0ad169673d8ec3c520a3899e442a8bea1051072c27a9a786358521a6f461b88a2f5a00fc056d2b8d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fce2772ba8b623b_0

MD5 389c2002026d4d6a9403dc935216e6db
SHA1 609c6b232bb13fd2992018de06c1f5f238e7715e
SHA256 ff5de31ec9a48b41ddc3e5be49a69fdabd40be8487f2ab9fd46f749c20ec6cec
SHA512 8b027eb61aa4b8cf7fe972d75aac078a410fa7a128f703f33dbd1f719fcd7003929099277b4908d119940dffe967052471f838ca4f6efbc997fed1a170ce53ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e9585b606ccbcd4_0

MD5 71ca9d271277221a26956df09c0b9fb7
SHA1 e7e521e93aa5a2d5e1eb7c358f032a3a66bd5a35
SHA256 1af408ae09ba9be594b568366d1802fa7fcb24ef2fb2eccbcce9f4eced0aad50
SHA512 d9ae70cbffb1039bdddb8bae718cc06aa5e7534472263abb8e5f384038a86ee8a16d3738e727bdff8c96711bd67d483227ec70a6cae6d7253e47eec07c34272b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c0976e826452b12_0

MD5 e6953b45247c37d272d8be3191c22e99
SHA1 a2eae5d6605eea8184a5159ed3c82558c3cdb61b
SHA256 b4c98f5734faedb0a8155947d3f7943d65fc9ddd91eb30dc664e6ece5d2e20b5
SHA512 d94c067f44ff507e9b0f2b343bf4f7623594d6b2a21038e71d03c60ba69521923093a063e5df3ea0164a4e2f6bae4dfaf764f5b889992775b393a3ed2c6f03de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8c6898902794e23_0

MD5 fdf12ba4cd8ea4a54532a196d86ae37e
SHA1 fe3f873384b0ffbde7d25b072c6c6b62d9eca491
SHA256 27be89292ce76091c382004b18932d9b76cd12ebb82cc5bc7c55149b31022e40
SHA512 008edef613e4a6db24697ec312fd0fdc5d2a5a8b646cbec59866ee69c8a10bdf615cbf6cb51160b57a2b59c16deb222328f26a1f1c74f2ae61258e410caa8c5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\223785267ad804f5_0

MD5 72f64b70cdc04c23ce347643d9953b7a
SHA1 136f6279baa95f29274287398cce4900385e4bd3
SHA256 adaa65c83ebe3ff4be8dc7815701390c295be7c628c6940817fd220fc2b83896
SHA512 9e70934b04e2c3fcbf2cc8a670cd1468ccceb4189c9f8d459e192d371341a4eb04b8c0326e3c06eecee7e47be1b1fbc267f375d2906a26e26a17b53dfd4fc59e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd8e97b58d81706c_0

MD5 1e30464589633a83623953b36656f672
SHA1 1b65887cf715d877ff4a80e7dd65a6b9ed845bdb
SHA256 48c9eb039e063951131a69bb954dfd6fa990151dd2e43a0325f89b7e1960d69b
SHA512 27c01226ea209a4db2174d0f1729c3ee4be65fd0494ffcf7ad605c1fed84bd4ec24a8d9557f0f92bb6be919b5cc23f87f1305322f29954a25ef9b2238689ef3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf3dde9e4182dd73_0

MD5 338df8ae21ae2471c01dfa581bb73a75
SHA1 4be3588b089b9f7fba705546e8ee6e1a4dc5aced
SHA256 7c14195ea2baae6ee50bd6d524730db82f0a7d15c8c8267e498fb3dfdc75eafa
SHA512 4f39a86b7981607558678a9a16e7073b623b8e7320fc7cd37505df171bf52a23cbbed28f8caa601d32e32424fb9f7e51fc5fc6eb92606364bf1d1810601c535f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\39f1b8ad3a7dfa7b_0

MD5 9dc38c314baa0cdd1af11a957a4d5786
SHA1 12c5bb4bfd52127aade32f16db7a39b1e3fd49b7
SHA256 ce9b771f0ffcd892071d0b82fbbc308deaad466100c3051d2e19c3ea7f650e75
SHA512 cfbedc959865862eee9e1dbfe0de7405726f0b5d33203cc0b2e716063d17ca2898f954fc1165adea87999565e2d8cf248ae5cbe092337689b8574619cc34f917

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e54725c590c3137_0

MD5 08fb5d1dbae996d04eb6587f5d7910e2
SHA1 8ea989b6eaaecc50dac28052dee90b68c2e56abc
SHA256 61933dd663440daa1aa1f8cdad8a22edfe0a7f7eca6a0a0db3079e4fd114010a
SHA512 9226d64338a8cff16a361b8c0632ea5b02ab5f3f0f6e6e0185a16a33633bcae713731407cb4e6cc6493720a6ba17ff2fe5ae31378bf0d5c86a0a9b0145195370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47f1ad57edb8b6bf_0

MD5 2ef66b36d51afbd2dc6ef99f53045832
SHA1 34f1bcfb88af9289e809a8eceb5a4e304699391a
SHA256 2aac8f915fb1117f7acb2f5232d29c5a28660c663f8c0dfb31048f2b695f84e7
SHA512 85c66fa8a9b58de954a11453c1e5821879462cf71ebbdccefbeed9b0022e2511318511a664af20e1609e9b78a53a9c56bd9ef7be7b3cc83eaf5844e85f3c9a62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\202ee61178b3d1b4_0

MD5 baff81507c424f890226e16f4a2dc8b7
SHA1 603991e252814a65e27b1e948ce7c9fcbbd9809a
SHA256 46ea705cf9012c99a3ee333417b6f8cdc4df2bd7a94c881f41bc290db43a7590
SHA512 11de85874f65fa355838c2399dc47a3c5a420ac4cd4ebc182316ebdf27ffdb90ce9771e5ba02bdecade6cfa6afc6f4e501675463c7736acdc8fc131e53a7806c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8648952d5ff5512a_0

MD5 37aae9e13e753dc8765cc1a33aeb8f8b
SHA1 f956e6e9c969288d77c3f9dc01d57f31bccbbbdc
SHA256 0b7a82075ceccd87b4e0a1b6bc71329248c6872a83a5101cd91e45c45055890a
SHA512 501bcc2801e325d82ed9525e366e8ce9466b62cf35f2176d4cbda5521ff609d6e24f1172ad3c630cdf8bd6669bcee1083cc867b0c9324ce023b6de209beaa5a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf4436542c566b96_0

MD5 30e51bb1fbe8d5ceaef02e124735d687
SHA1 b5e51d25bd27b2af42650c404d0206082dec275a
SHA256 79a1759293f1dbaad6c7a55625b64b0251c6c92f87971dd203263d0fa6b68892
SHA512 a41b35bac2f739e117f1f0909c4484744b10c7d40520a100c7437d04eb32a9c4aa59a79bfcde5ba481c19084c6d821c6362d7a5b5e6953cdbfe61731bb832bcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f09fbf9f0dca9c4_0

MD5 58f4f9b741b128f3e2abe76531367b4f
SHA1 b796776422386f204156ceb3a538393f2f23e04b
SHA256 bbcc83de6e06ddd8fb8a4e9c4df107decf5f0db4de81532d228a118922f8a071
SHA512 e2aad0fc0f0e466ee978dcdea4f2ac151cc93486250b27fc500ea5bb1837bc1c275e002af3f95a4e31897a640d6d32429de488eaa9a32898c272eac611b342bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89c00ef3bbb713fa_0

MD5 08bb703e7cc211ee75c8db42824309ed
SHA1 1d81c89eb69ea9791fd292f6fa66ca59745538ff
SHA256 315894a922b765b1d9ad6b07ebd4b71ed1f854c53deb820bc9a39116c91b4ff1
SHA512 abfb365151276f883c70e314ca7cb2807c3ff1f0b59f330c8af38310985ddf66f699772daab6a63fcd9d2aa474e7bec5a55726ea48a8dcf720ad0afa6c248709

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b335498d880125e_0

MD5 bd8d5c806e3802bf29c2e63e98510e62
SHA1 23ed65c223c32b3d28f12a854efb0ad51027378e
SHA256 463258001f97b681a2b13249b968d67e18768c2a9790774bc2ef85f51e45c152
SHA512 2cc383acc07288295c0889dc504dd2db790ac82553ae14c4fa2b090c118b362d6c509b4f8a631c0becc5347fc81daaa574f574fec5243a2a44b3b715328d4aaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7334c72fcccfac5f_0

MD5 bf3e60303e5911f2717ef18e3112aeff
SHA1 2b6b0d6b544712c09874d2de8209de22f26ab63e
SHA256 45c6128753840b021dbcc28614687e9071803e3e393d679c5abdb39a652f5dd4
SHA512 a27425aa3372e037641756a9311073903e5d06de109e3b3974714eecfbeca827cc9375edbfa1bda8d586a8decc5d4893f635b777e865129b8883990d312fa9d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5df19512b232e76d_0

MD5 733347e2cd20de0427a474e1ef5aef04
SHA1 deebcf7c7edfd2b663bd02e040f8668356227f19
SHA256 3541023c2321a68552658ce918fd57e49feebd537086d19826d8d383fd831150
SHA512 3ba56a92a1584080a8b91de213376c1802c11bad32284afe0f6913673a6421aa47ae0d1363342b84c164bdda6674148103f4f0d75bbc657ea31d6136d0745d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f98a9b53209646ee_0

MD5 3ce19b2ac8c28a336a8c8aae61b11d45
SHA1 e75cae191a3d8d31a1eb82b8a91172b87cd99591
SHA256 56af62a8ce0902d4d9da8a9bddc238caf420513ba0441d60edb77c04b27a0130
SHA512 322a9b8d5fe394c4ef2f8808fd527ca5979b32fbd54974e48831db7cc2e27cf5607f99ed64b8ae2c6238c06ec4f8efb3ac4e2807b4bf2c8e283f6fc33a70088e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6870cbb9284d54e2_0

MD5 90f8299a9c22564a0cdd2e76c97e67fd
SHA1 48eaea0ab9741249ebae0aa4d04948c01e43e027
SHA256 16729543b1bcd65b41b9bf4eae098c788cd5f1cfd9156ffbc9a040409067b1ce
SHA512 5a9e65bad39cde43c906ae2be7cc51e95fdea738a0bce62790fc098fcc605dede4a05bd215d98475c25da5113e6c3a44e5ac73160771464cafb2558548fb92b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3af26fdb0a014ec_0

MD5 7eaa15a4d01d2d520ee0e58b64907e4a
SHA1 8c3bda76bb7d52dc0740ac01d963a081eab1928e
SHA256 d58c019fc6e1b37a8ccf3fc03c918c3a3a1566f48776e32329d9d396bcd7557e
SHA512 6a065fd9b5ff84dd22ad644afee94d8a13d461da6cf81391bb12c968cd39f0c1808ed34854afac0848f1fa5217177c077d4a91f500ab9622dc4a72bece48773b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45ef484a783af53f_0

MD5 6d333e0d6eef89ab6836bacc442f4a86
SHA1 a5c39a99a17601b604b518f0c9878041b5574d7f
SHA256 9e083cc7f44d65b39083bf4514276a5071525f56fec75c0dfead74dcb1049805
SHA512 a2840f4f2f5356c7db231cc508aa9a4f55ff34252f826d78dc83e77b7e8d19ec51fe43490f095c88b9e7edadf1f59646d75efe5f7c214f66f23032e3e867ea24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2c3466a716ded51_0

MD5 c30b03f15c3da73370eac7f2aa25fc15
SHA1 7a16d6528c2958eaa696744c7c4a44fc701f2913
SHA256 1d8b01dda0f9a2f7595e70d87ba15c66557e11a378d9d63c6084bb189e1761ca
SHA512 06f4df4725c20837937f7a0e8482a75d691bbcb61a78de4c16b16a63c2d6df8837529a3151c4e47ac826fb8524ff310e215b07092aceb9e0df6faca7cdd4cb29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b590fd7c030c5374_0

MD5 23f68f7975bcb8e7242a87d0949c5a81
SHA1 e6c63971051f1619c0f6b0b90b36bb08d07abf68
SHA256 cf995e737618a231679674c7560ff1a6c40b8689322d36313113b9934c739f29
SHA512 d7961af5a33b1c207e5e74937c962b168350dbc0778ed2dc13d1a71cf88d7d2c0156c2addc7bf80ced82b018aa34f2551d69ea493f9c8c529ef484fc8feaaf0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fad43496817469ba_0

MD5 2d302d529d5fc722a2f1fcc667474a46
SHA1 02a31ea44b7cafc4200fbaef77ea9863e1616b75
SHA256 004332ff6fdb70ff6e563d2a129479556629bd74a1fea9b82cb5e926b33ab24d
SHA512 68a9e8b571c813c23b95b7c57b6c20377f9f13aec94bb2a80cc0f9270bb7f40c30df87bbe85bb55f9ad0d5cf5cb53e6eb3f6ecaf5849cd76c6a9eb0ad82297ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94b6594413ce6562_0

MD5 7f7d0af99e617a07edd6472c3ac9cec4
SHA1 e0a156989dde8d9934b2c80286478680b6c092d5
SHA256 0b3a3dba06463efa4801b42ba0e5c257d6c5f1aabca79e02e3894dcbd58296b4
SHA512 10daa035a00c95038a0a8d78fab4fb14da99b7068037ecc4c977788c24c9845c45a162a2ca66f3bdf569153cd7b6206dd6ca5866e8ad81bb77ca8f0be4e28c1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec520f5230eed29c_0

MD5 1a0011b0d125ae6b4103fd6e0bff33fb
SHA1 000cc0c822c6395e9ecbc8bc9026973deeddeda8
SHA256 7dd0a1ec0fc3da4aa1a96c47082a0a960937c0fecb69ce35a7a43c5216abe4bb
SHA512 1501b49aa3bd2b41f895e93e37f1c238f431181c1034dddf9ea2eadeee23eebba0b40f2cdf99154cf042f6acf19a2b3ef280344837a503c2283806a59940b2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6

MD5 3694eef89d1e034166295504dce63198
SHA1 748339411d0830a68526a9915a1af815909f678a
SHA256 54fef2e48685e18fb889f5f5556350b2594d80afccd8df48866bef894dde6ff5
SHA512 b62b9cfb4fb23e4a238fb474f0093c98ee3b66b0b0a3d519427ea442362817b325a90458397d47bf8bd1bab70a6eda187c6b2ec6fac26bfac2967d8a2f207bbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa61758ad53dced9_0

MD5 31bc4634f957b317144598351e4d4083
SHA1 07fb60da6d12eca21fd276c04e1153968782ab4a
SHA256 920dd918e14c5252d4670c03a8717f0f01ded11472194a48ad030ae4680ce61c
SHA512 8487a9cd5392bf146315cf68a3db7b5930fc35e7ef424bb24339bff2d6bf49a6ecf7a4700983ff7aa4b7eeb619b5156e33e0356f37d53169021270c8aff79fe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a05b0db8f454e7dc_0

MD5 c3d54023519d98f59c26d011fb39dbdc
SHA1 7935df7f9d025618b521fee4dae4815f1b2a2f3d
SHA256 e716f520bf2801e66cb8891c471283fa4dacb20ac5baf16379a0b5d89ec7fb7c
SHA512 694a52404fcda139a465fe37fb0d872a0bd62b5bcb992861fa4848bfffcbe26d447d01a6fd574bdba77876f4b93cd024e3962cd1670045e3333c8bb8a7993c83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\00ddee1bef0b1489_0

MD5 f39d34047ff03f6222ff81efedff33b7
SHA1 a257ef941dd879acb9e4a8e4ad3901ad028148bb
SHA256 3ed52a55a45704cda1ad5e1a6e3fe4bd8aff69de8e0c3b5cb1ebc89ecdf2cc37
SHA512 398a65975a5643f035977ae128020ba9e2142ee8392507cf966fc6c1c8c17bd62820e9e9e8778ad37cd27a43ebdbc0c358a9198a28c2f7245e10922a3c499212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d6ee3be543685b8_0

MD5 95f76abd274b1783e366761b68644d00
SHA1 d52769e4be7e8368e0c470390cefd551a53c0ffe
SHA256 04f69f45e4c9eb682349737352ca97175d17539c03b70f151da6da74cd752940
SHA512 dda455558e8a66f604bc15edb25deb8db5d957198f28bdf7a5dc98f4a11b07f87db14d3e9fb9ac01281fbb444c4a2de0dc550af0b51ce9da8f188042979590dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d9c813a0dcdf108_0

MD5 e350dd45130118075aa626b6317a93cb
SHA1 a60273d9364c8b205bd1eae9a5967758b4e768af
SHA256 746c3103a35e05afb3acdc6f303930152036022a610556f287b79b567e6b4d0d
SHA512 67814b3cea77d9bfa0c2f56aa5f6a9a7878fc68696df0ce8847220fbd7d2a8cf5831ac8ef5399e0482d87ce3ec5cdf1e105dda59a54c7048feec2c657f7287c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

MD5 c23130dbeb580959505d5b1335f533ec
SHA1 ca1f8bb5a43517b6cc5c891dff59980496fef768
SHA256 42de834eacfd455844e031725b18131d3fdc412c2b73d0caf2010470eb9d5ef3
SHA512 8d56688fa5d7eb91b7f9d6a42eb20c9040054bfcd066b73fb13e317ab1dd0b6616abe88d272cb1e452ae53a3d5364aea5c6c9e4dd8689f83c85a6759e1887691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\427075385d94c9da_0

MD5 925b0d32e683389a235e54b8d384dd46
SHA1 75796f14760c6ab1d2567c0ff50ecca085bf8755
SHA256 83c081fd7ecd1cf7f30970b1415dad80670cad82b5a8bd92d96b162cb7610827
SHA512 5e289a8e8159a5af5c82b5c5d82dc8f75f0003d768415b6abb01579cacee3a2da181d19b2fc391d749f214a2e8fe8eac462f0cd2987e121447fa34f6b16d46ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb307b4160083434_0

MD5 b08940f57a98d53b1ce9f87808b821aa
SHA1 38c747a2907292f05df9f3a83a3e8453fb4b17b1
SHA256 1e7ae53714223a77493964c296e362f956f3d7e1911dac50968f1ea989505664
SHA512 75301940c84a67b7949b3bce0647d13afa0b9aa2262ec586c437e05e7f57559f3d77ef7243b9fca135de3e24e94160db7df842569305c2b530428c92f4385732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d1c0c4397d90bbc_0

MD5 122360f1e1f9f6eba505cbb850764cce
SHA1 c77667294d7b86a4ee3e19764da7d1f3201d67c3
SHA256 507ff9541d82dbb794f254e212cc552bc81dd91be5fc0a3e5d883945319470ea
SHA512 3bb70b6528f37f3b9da740bf91dea9fb541d8b421a37d813721d4ee39dce51ba742e666941b8d91db3295fcfb2ddb7f6711216e51bfdf407169e59223396475a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\311f97ecf058f007_0

MD5 f210d42670d354b2bc0c6684a4ae19ab
SHA1 982e8e1736dc1552f4a0cf9278100c884b5ddd7d
SHA256 1fb34b70b24052132ffe2ac122f50f0964a78344503db6d9a9d1aabed0048bbe
SHA512 dcb21fd70006bd1c80a1164035ec553f96195cebaead99985db127654aa8a0ae8b21211d162caa09dc3716152a965afeccecd129edad0390159a44b7adc670df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f8b23cc82f2b2e7_0

MD5 9e60ddf882c219955dd4ec1d3364fa9e
SHA1 a1114717155d8c06d3c220c3f50d1edc4e7157e0
SHA256 60f110a097f5a3a66b6e361d0f5999bf832deed7f110e2331a35ce17da8c283c
SHA512 1448813903611389043225a4dedb640c199962b2f1de331e50f6ba5ae785a73d0b7b09103d10a2a6139ea7228a189719188a90b58bcd69a8b23e770d3642115b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\115807c81f46d2fa_0

MD5 9ea818b14250ef14dc69d5cddb2dc347
SHA1 9a883c1ef7686a4acccacdd5dfc68976d41e696b
SHA256 135f50da2d719500a4a2e4094c3bea76c44c855b45050f98b2dbd7c3960c9968
SHA512 a9038354315cf00fc6dbb786577e2fb31809b2c3b7bd58f372370fb9ffd50a2921d6cf0f9a4e99fcf4bf1972e65ee9e2cdf6f60a46b912710510022fdde3c8cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

MD5 64f3a7171f25f2b379a0cf2b0179656e
SHA1 418fc51b881dc81fe82a9a3ec00deef02d5b333c
SHA256 a3b55c1f4fda888a65a17e23724661921f50afcc06fe1b3d0c43f189576f2380
SHA512 2456f60ab9408174b88aa81af0bcefdd8cf99778367454f16346d40e18a33c796ed7e554c03a987858a4bd94706223382084b008c8f31244020fa40b6f0403e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

MD5 c89800e883a04138ce93358bbd57770e
SHA1 22d0bf5a9d88a5e04e96bcf4f976ab5c945d28ea
SHA256 e606150188d703c52583f05d39f56415a68aeeed47710b88b8fda3304ab1a3db
SHA512 5402db2f3cee5273d07a1a8fbd63cfa180fcd01d0b0ba61d6c915410b55f32efea99273f10ebd240099a995059a51edfa677c244ff251c8d4e59c8cf946afb1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d39eb1c0399af5a59dd771c21684ff9
SHA1 9bcc67ce6d17830baa66ba265eb65b2834cf35e2
SHA256 eb2b203c4522d8862f6bc38d0b4829b3d7ec0a7bb1467a13aef8d2cc50832901
SHA512 2991f2159874c83affad3ff8a093fc0d84168025555d1d31e39e9e044aa01923e703e8aa070b5e2aeb5d1dfa13b563846486ccf0accf4dee3a38c45ed3505f69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b5312a834e259210b7c7b1dbdb073885
SHA1 9a8debb76fa9038a0aac4856d094ceb2c8070047
SHA256 c2321d71eae148fb8b460d3d0beb1aa914312190cf8c2efc474a119de2bf37ab
SHA512 a39ae849c0e2b93e44850b5823d8b4c0fd1fd72fe6549936a2b3a6452c125d959371134b971a579a24341eeb6885f7821957beee1473ce51f0a0bc5ff15b0715

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 85e6207ce25c3fc61408054f6ae5af7e
SHA1 24b1c42d7b2cc5cbb756761f1350bf571905f232
SHA256 b7f62ed8e07c6f4422bf240464d70570027ca54034ef64448ed4ecd68cf4f584
SHA512 f5c9b36872ccd44d5fd10bb81a2fa66687ebd7d4e54cac3736669a1731e3f0ecb54d4e560112b370acf912bdfb4444a7e43a49d442d047c661d8672d4e6a6792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 131804a1de710ce5d7582399c2c32699
SHA1 9a6154ee5b4ed136fa7f20833e68ecbfc7f80c21
SHA256 23180e20da05c8709d92ecf63989c09911957fab415a64b138d572414477f145
SHA512 b0e3636437563fb70797fad455c8277cd00e42932ef51d3b2b7c05db1141c826b11cdd4956c47c27b5e5b659c0417082d5b8e7fa503153dce05f7767f65aef0d

C:\Users\Admin\AppData\Local\Temp\7zO4B6DF4D9\Clutt6.6.6.exe

MD5 ebe2598356ddaa94e3c507a3bf3fbaaf
SHA1 12fbb71303fbad2d1d6b644d67f3d895ed417ea2
SHA256 bce721a6081d418d0e00bce7dfb5a6b957767b0138690f7e5d642181556b8296
SHA512 e541c1e25c081530b7102445d57c70ceaabb3a719ac895b1322305d3b2e0c6d8cd42dbb231285473a48c8221d94cfd3f9aab431a2aaaf551b55b060d83f87552

memory/1636-6426-0x0000000000A80000-0x0000000000F10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d008fd7a8e0fcf31f22decdf944f4312
SHA1 d00ab87b4cd058b4aa28367f98c6fdac5e459b32
SHA256 7142efc4acbaf4dfa0c7ec9f60d4952c1460059243e9f0c5674371112fda5e59
SHA512 a9941a84549d3c56c6cc82a6e625f382b5b6042f7ea45f3b8551c5c9da43a6a58ee736f8132cad92f9c35fd732809816cd8e2ff742f26b194bbb24a913731706

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8294e8d15ee4c8bb84ae51681a98e33f
SHA1 990f46dbb673df8b9d456460e68bccb28965e408
SHA256 a2df6acfcad89f4cea2dd381cc99bd35cd8871d64015fcd0f0af2a8f64a5d07b
SHA512 a45e771c84a62c87f473ce87d6f0c8113a71101283641fca04e6bdfcb9613f2a687321cd39a3a4506cd22bc259e6fb6ed4f2f6254eb6cf1483f0966a21f5ab62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\82ec3b5b-ddc3-4911-9e1e-9066704e0058.tmp

MD5 21f4df4635f9a2d9e8035cf315ba5192
SHA1 d00f54f18d424650aa9ac330588d96722e42bf8a
SHA256 cf886afb161b5fcafa4da3a11244970bc82cbbcc901f36b4d6bed44dc14ec034
SHA512 57feffbc2ac512011a62abaa638016afc943e0b366aed9bb86233ad2db588a1701695ab935d4a0ffad8c47857b9d72c8013451f0cf2b605dbd706c1eff413754

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6015eed05f24f31d5c20644a5cc7fa4d
SHA1 2329dd2c62534ca79a570358e901a0ffd28b95e9
SHA256 9b7e7cc0e9fcfbca29306c80a9401dac6b20acabea731397984999e193148e36
SHA512 11ba6e84fe70d2cfa9383529669864afe8b6c8abfc2c40cdb69d41b698c66efba7c523d763c66faef3756669592517e2ae0f8feced85f10687ab7aa8501a4535

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cbd0cc70ff5a7923a80436031d539546
SHA1 333ad762812a4f0ff28cda6319d23f82141b1756
SHA256 369f2a625d4ff0688c4288961e26e0e7dcd7ba23392278a91a711673d03309d6
SHA512 8069d875f066536d496e54e3eff1ab1b590e0997a5ba5c78cea5ee464471ef541f9fe9759fa337098f3263543cb52684423aaa0b122e55479c5613948678d027

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ac930f2b3d261c0a78d4039b117a7a4
SHA1 f0bcefa9c9fc09e090c8e74d8a1de413e6829361
SHA256 b7129a043c0480d527a55c7e9d74338236aa07f5132eeeed0e1ed1e40997f461
SHA512 15a446fae764413cb3ca13971344010b90db5dca8770c21b860babf019ad02bff967fdb8833cdc70cc563b013fd318172c7200f5f9041885003955fe0ecc4528

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2020b12b484165eaaec2cbe866ce48fd
SHA1 c895e1a3e63eb8e8ae649e9e16402e0f2311d501
SHA256 bb3c486e36718a6230d3e43bfd545412aec7d59975e0f075e14cfde01fa485a7
SHA512 32071f581f8fd44aaabeef5793efdde110f981be464bd936199e175d8eec9fbe2a67f0c85a14f05c92dba9259aa06ab5b60d15dd35378942ea1fe9f33b0829d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 496f47fa7755e059e86f1b6fb3bcbcfa
SHA1 4dc8a413c17037cdbf0d1f8159e594338a5a18e2
SHA256 b20eb9faf7f371f778b1825e42b294670a333c334e0703f41c24a7af605a5327
SHA512 5956b4310a46b1fb303c589e1a35f76bc251c7d6bfe508e5f4d4cd0a2a0faf771fd91fe858a064f510ce19991846725b3a3ce5cf46df555946a2e284e4bab764

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bd

MD5 1662897e1cf26783d7a32488934eeb01
SHA1 da473269cfd46b565da80464998e0d4def891005
SHA256 9fa12cb1c4c37e258884a4efe6100cf70a3fcc609ff3e2b30c9abb96f67a71d6
SHA512 5b7a388ea408784fb45dd26b2bb13a9aaf50d7c567e812217dd63dc00010bf5462a75518fefd9acf1f36db8bff698bddefc5e0fadc0733400ee9d26a9cc0c10f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5475918d8422409d6b010d755e3c046
SHA1 78086dbbf917157de2b293c6061570294dd6da5b
SHA256 60eb60463b15c0338bb1b7b4212a170642dbe55f8e8f94afc7b07b54a5b3579f
SHA512 e04dd3e251f1985839c1605d31213a06a58dcc7ce241d0a1254235a3bc26b135eb5f0d25e9d8827fd6529ae2cb125f6705a9bbf0978c9f72b233532e60c0cf0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 94b6b4ad9ceb16c71d6c5bc800d33e77
SHA1 620c688ff8f799f8d1750e00c5b7379150a1d569
SHA256 28f6511bfc8be3ff8c6a897265490e4d36aaacc171f75b18b7038ed69c454e89
SHA512 79eac2a93c7c8d831f8d449bc799fd0033b4f1f39f9e27e57f9fdf1261ac706152ad50046a38262e53e9102dcdb176b1c68b1e0b1158f59cdb3b14ef5fe6d5ac

C:\Users\Admin\Downloads\Unconfirmed 667670.crdownload

MD5 06d87d4c89c76cb1bcb2f5a5fc4097d1
SHA1 657248f78abfa9015b77c431f2fd8797481478fd
SHA256 f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc
SHA512 12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c1451abb77256b79b0b5bb1681e6eb5
SHA1 79d614d11cea355cbb18a63bb2391ffbcd8d1973
SHA256 f436aa8cbc5d3dde014dc2c3a99fe27bce5fbad26c483703fb65b6c492c39dae
SHA512 2fde379a071f677f0c7d024cf3d343946874f144db445a28b6f91e14ad171a10366f0fe2e401126e8aabe7ba3ee850fc48afe6b62acf5868713657b898506c02

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 8e15b605349e149d4385675afff04ebf
SHA1 f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b
SHA256 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee
SHA512 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 596cb5d019dec2c57cda897287895614
SHA1 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa
SHA256 e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff
SHA512 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 7c8328586cdff4481b7f3d14659150ae
SHA1 b55ffa83c7d4323a08ea5fabf5e1c93666fead5c
SHA256 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc
SHA512 aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 4f398982d0c53a7b4d12ae83d5955cce
SHA1 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc
SHA256 fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2
SHA512 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Windows\msagent\chars\Peedy.acs

MD5 49654a47fadfd39414ddc654da7e3879
SHA1 9248c10cef8b54a1d8665dfc6067253b507b73ad
SHA256 b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5
SHA512 fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 94e0d650dcf3be9ab9ea5f8554bdcb9d
SHA1 21e38207f5dee33152e3a61e64b88d3c5066bf49
SHA256 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e
SHA512 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 b3b7f6b0fb38fc4aa08f0559e42305a2
SHA1 a66542f84ece3b2481c43cd4c08484dc32688eaf
SHA256 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b
SHA512 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 93f3ed21ad49fd54f249d0d536981a88
SHA1 ffca7f3846e538be9c6da1e871724dd935755542
SHA256 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc
SHA512 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 068ace391e3c5399b26cb9edfa9af12f
SHA1 568482d214acf16e2f5522662b7b813679dcd4c7
SHA256 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485
SHA512 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 73feeab1c303db39cbe35672ae049911
SHA1 c14ce70e1b3530811a8c363d246eb43fc77b656c
SHA256 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8
SHA512 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 8a30bd00d45a659e6e393915e5aef701
SHA1 b00c31de44328dd71a70f0c8e123b56934edc755
SHA256 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512 daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 12c2755d14b2e51a4bb5cbdfc22ecb11
SHA1 33f0f5962dbe0e518fe101fa985158d760f01df1
SHA256 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf
SHA512 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 97ffaf46f04982c4bdb8464397ba2a23
SHA1 f32e89d9651fd6e3af4844fd7616a7f263dc5510
SHA256 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1
SHA512 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

memory/2120-7746-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d6413c15096bee9e1be8f06f366e046c
SHA1 99a2fbf23c7b3fb82f072b7636b8297322b542cd
SHA256 0a245ad16fa58d41874441f057f151c2054319871772a3b1e6647417fd064827
SHA512 dcd0ccf556c64adde37241fa36dcd5f1620a93d621acf4c8b46285d90350fff47e0192c395cce738c0c2e868169a6b5004977fc41f2e5fa7ce3e8cb2859aba8f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

memory/2120-7923-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e67bc0ef39f2a2b44e8df0f68f7e77b
SHA1 acbbea9bfe75815a1ce29c1027473c6b804c6235
SHA256 dbdd126000daf3eed95113fb2a9429e27aa267d1d9d26b7a1787fcb724d51bcc
SHA512 b556f33dfe2e9b2660cbbf6a1632cadc66f3a3e3559078324d86448cc2086d14a03f1d029644590e800d04fc21b2fc1bf55100105b9bc51d65e58dd9edd22b92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bcd3cb3405976a6602ec510ad777155f
SHA1 e4a927635a98ebb0670356690366eee40868b5c4
SHA256 5494adeb23b2226e0569ddeb8d5c8f4d93d148bf7bdc13129e73d1b52bfa781f
SHA512 0f16c223fdd7904bd9527306af9d3a1f0418afe7e1f5c15e7911a064e43dd9380d4e039e2f85a3966e517512f0da81ac8c5639ea8bcca5ef58fbed9a0e8b4e02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123

MD5 d04298c66fb6d212a37bda8c95ca3f18
SHA1 c11f60ed11f2e85220bea0517f44e6080694a1c9
SHA256 5c8c3803038c0d4ccc3cb67539c8fcd38019ff907bf88b25c349038cd1b7d2fc
SHA512 6809609d7445a32afa0b84e45661886669e4f5604e0cd782734b1c48ed4296b173a24daba6f6b7b336cb4f0ce3cfb7f5f5ac8960a12b8f06768051ea42dbe371

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0afcbd18f3adbe9796416f60df7b1f08
SHA1 c17cd6fbfbdecbc14ed0d58022d60a4e2d3913e4
SHA256 66ae8236f95d303f67a35d8df082db9987e51a93fcceb93782d36a63c0f41ec4
SHA512 228d658ea2ab6c7ec959481e49f757676300d7db1e726723f74b11d46af7cdb9af539f79068445ce8665d3e0dc1442d7715409f1694b872f9aac98542eecd0d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e3f8685164ce7815349bbf45bdfce00
SHA1 9ac35315b858833b3f0786380c58c08392580469
SHA256 363f3a398443b1bffb058b099313bf339f0543f41d017955ab9ae34a4fb01e20
SHA512 cc7e063952d930c1eea78a420bc3b5c2a0200391de73fca847ce212c3425b4236d956afbad329c9a87cd07956571b32e49727d7e069aec6d7230a764d78e47be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c985e6447a5b0a4aa1acc75c83f866da
SHA1 0e5d5a02b8fb015b5345281a3446d0431f1a0d4d
SHA256 eeed9dcc38b14ce360e3a4d3c8bbf86204b24dc5920f67fafd2d1efdf6487a81
SHA512 b5e7a300e6413de24291010ccea855df8b3ee29e7381935fb1b6f04d91b2541fefd8c9f49c6393962281a61c679207bacaf8dce01aa56f3cf8a0049e15a2956d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d402296869f75317e861e6138d480be
SHA1 215c3968908deeca4befae4d1a58ac77b7f4e856
SHA256 ab4d46d030c9f4090e578478364e29ba8770ea1a050276acc19fed158fc31375
SHA512 153d9a6f820bb3c29537921712b0e76afe20bf771c3a3a21b3ed01ee30a82fbb2ef41ca484f9e509656b3ecf7af3b69f2cee4b2fce21ec6709dda9f5b63d5b02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 993c9a25ead66621275af07f894c3c53
SHA1 57f155348fcfe8dca2fe0f515fd7b5a16a4018cd
SHA256 616acc998db22f25aaa458367183cb650a404ccc0febd26cdbf0804d484929bd
SHA512 6b997ca56408438f24db8723326277fb3142c6034e739c0121e7e4dd169342677c60fad996b7e5ace06f8c71f0003d81e8a7e6b6cdf6d6d34fab0ef082df1617

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7453827d1937ce3150ecd52eb5367a6
SHA1 b406d54df781db63acc466d806c81d241bd62bdd
SHA256 8f3d58b89600ff3f306394c242a3eae89bc155c68516811062f9f8d94683ae82
SHA512 3deaa7ccaa080dac09c2eecc9b7030a10e459a65c883bc0dc7095369bd60c39390179a4acf45d4cbd038558d3079f6de9d1285dab7d44d468205e43153d7e9b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a1f51ff3-7060-4f96-bdee-841f5cea23ba.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7873940dfa69327d6b1b8ed6bf243ae
SHA1 5f550d03699ce3cd587934c106e5b8df5b39eed2
SHA256 3af6395e3292e4d5aa82a30ec2bd28f2b5926e5f8c9064bf7d10453c57a12f1e
SHA512 25b8afbf5439e2f9b1f58385d0ee19bd069122a50b9f26f934f250f67222f018210a8a8d4b8ca17aa907ad9b4c6c0052162fb327b102ef8c61fef5a2485d8d72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6bbacdf9966af5a0d5a5b59b89140dd0
SHA1 c2af87f769ca63c844093a09b6640b4572ae61fc
SHA256 8a9e9df7d1db82dd7dc264e9aaa7411cf9a243afc0afda71c35bdeac3bdfc100
SHA512 0a6dab08c165d18887300e68bd19f42b8c04567a1b5f2177a677b198b791ed6689a4bf9752c0c1e3db367f667e260198f60f200c778949b8d60d811c181f6fba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a1d623091e2514a798e1f2ab752566b2
SHA1 596b16c8a3a744bb297e9f1b0f311005b1cf00de
SHA256 69430e16fb1a5afebd05ffca2469f9c1bb0a762f7183a2bd8425bb9e0b2e3088
SHA512 f1cc9333a280291c55eaada8cdb8ac6d08ec1021693ac2073aa5c74b08ffa732070c9c91de4fcda042318b82fdb53f7ee4eb02449fe8cd0ffe5bb5ab987081ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e2b25c5317c3b4442c4463f9bf153f81
SHA1 a45bdde3acc52e31b5bf7cd76ea5bd167cec33c1
SHA256 ce05af8c8ca9cf506594359739ca9fad79e965a575b6d5e40278bc6681e6b9f1
SHA512 dfdbac38e9a3c8c05f87f8ff67d8500604f6a6528ae098bf9cc3a7f072063168aeaa892fdf6533a502f3000b4ae674abef956b9f97cecc8f61ea25b4874978f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dcbd0b5bccce413d80173e8df8519a9a
SHA1 dd253d7601f38ef06c13025c8c77f40c50a8f2ad
SHA256 bf9fe92211289a37266335e4014941a3187ad49099cc052321501bca4495c953
SHA512 ede514fc68852f60ecb5a742a8d6f8da78232761ee5ad916e5e248fc89cea07b48a966eb8b1a63b211e55db09facb3fa8e93c4983a84523d3d9e5f6ce70ef6d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 93b8f7921f05959b5fa622faaa919926
SHA1 bcce876d851058bb614d3518768f864f080bb774
SHA256 d95474960d274cd940c210aec06a3cca2ab913d41977b3453bcdf1ce45644a06
SHA512 13ab4cba9c269b9d2c65df4458c166d11697b2280b7686c2bffb58019f5d5401fa54ebd57c1e447b4b3bb11cf5575a7824cdff6ea5d5aa45b6d927ade238510c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3bbae5232da4cb3096f145d2f9035791
SHA1 d4c82a45bc0f900a95bc70bc80a361db6e9b133b
SHA256 c1a4281abbb6f83a087ca8b67f9320dd23f54db99e3c4519a45b71bcd721e56f
SHA512 306b7d95c63d7d652807ca9b9e4dcd676c2d1ad3e7f8b399dba0062ea05edb0fa9f2b8732adffb750f6858664b680774ae52735b22c5d14b8d9ec1388a9555a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f7191a8e913b8c3e6dca38c4b0b86241
SHA1 d0609048bf4d81677c020cf617e1614226723313
SHA256 6014422bdc0d368f31478964c463d54f1829cc2ad1ba8c65bf3bea669e16f168
SHA512 fca27ae2cf6c9de60864e2af7deab5605c476b76aa1c9cb9688221f5251a5c13fa601004f229e8032c13810cd94eccfcbdcb40225157545e071b0d579803af7f

memory/5356-8312-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8322-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8323-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8324-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8325-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8326-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8334-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8344-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8345-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8346-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8347-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8348-0x0000000000400000-0x0000000003DF3000-memory.dmp

memory/5356-8349-0x0000000000400000-0x0000000003DF3000-memory.dmp