Malware Analysis Report

2024-11-30 14:00

Sample ID 240809-sp1pwsscjr
Target https://github.com/Endermanch/MalwareDatabase
Tags
wannacry bootkit defense_evasion discovery execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Endermanch/MalwareDatabase was found to be: Known bad.

Malicious Activity Summary

wannacry bootkit defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Wannacry

Deletes shadow copies

Downloads MZ/PE file

Reads user/profile data of web browsers

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Drops startup file

Writes to the Master Boot Record (MBR)

Adds Run key to start application

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Runs regedit.exe

Views/modifies file attributes

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious behavior: GetForegroundWindowSpam

Modifies registry key

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-09 15:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-09 15:18

Reported

2024-08-09 15:28

Platform

win10v2004-20240802-en

Max time kernel

585s

Max time network

585s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDCE3E.tmp C:\Users\Admin\Desktop\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDCE54.tmp C:\Users\Admin\Desktop\WannaCry.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\taskse.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oefimrcpcbg941 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\WannaCry.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\@[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{7A478B07-B13E-4303-965A-9B828517FF59} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{386E96E2-42B5-4310-8F50-E2E16967BE0B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2424 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Users\Admin\Desktop\WannaCry.EXE

"C:\Users\Admin\Desktop\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 283191723216873.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Desktop\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Desktop\@[email protected]

@[email protected] vs

C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1528 -ip 1528

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 248

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1528 -ip 1528

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 248

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4bc 0x4b8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3444 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x94,0x98,0x9c,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
GB 184.28.176.82:443 www.bing.com tcp
US 8.8.8.8:53 82.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.42:443 th.bing.com tcp
GB 184.28.176.42:443 th.bing.com tcp
GB 184.28.176.16:443 th.bing.com tcp
GB 184.28.176.16:443 th.bing.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 42.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 16.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:53822 tcp
NL 192.87.28.28:9001 tcp
NL 194.109.206.212:443 tcp
FR 178.32.143.167:9002 tcp
US 8.8.8.8:53 28.28.87.192.in-addr.arpa udp
US 8.8.8.8:53 167.143.32.178.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.39.100:80 google.co.ck tcp
GB 184.28.176.16:443 www.bing.com tcp
GB 184.28.176.16:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.42:443 r.bing.com tcp
GB 184.28.176.42:443 r.bing.com tcp
GB 184.28.176.16:443 th.bing.com tcp
GB 184.28.176.16:443 th.bing.com tcp
GB 184.28.176.42:443 r.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 med.etoro.com udp
GB 23.206.73.117:443 med.etoro.com tcp
GB 23.206.73.117:443 med.etoro.com tcp
US 8.8.8.8:53 www.etoro.com udp
US 104.18.9.228:443 www.etoro.com tcp
US 104.18.9.228:443 www.etoro.com udp
US 8.8.8.8:53 marketing.etorostatic.com udp
US 8.8.8.8:53 cdn.optimizely.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 cdn.mxpnl.com udp
GB 2.22.99.132:443 marketing.etorostatic.com tcp
GB 2.22.99.132:443 marketing.etorostatic.com tcp
GB 2.22.99.132:443 marketing.etorostatic.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 104.18.66.57:443 cdn.optimizely.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 117.73.206.23.in-addr.arpa udp
US 8.8.8.8:53 228.9.18.104.in-addr.arpa udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 acsbapp.com udp
US 8.8.8.8:53 cdn.fonts.net udp
US 8.8.8.8:53 a20380768775.cdn.optimizely.com udp
EG 108.159.120.94:443 widget.trustpilot.com tcp
US 104.22.1.204:443 acsbapp.com tcp
NL 142.250.179.174:443 www.googleoptimize.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.16.40.28:443 cdn.fonts.net tcp
IE 108.159.120.117:443 static.hotjar.com tcp
US 104.18.29.127:443 geolocation.onetrust.com tcp
GB 2.22.99.132:443 marketing.etorostatic.com tcp
US 8.8.8.8:53 cdn.acsbapp.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 c0.adalyser.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.22.1.204:443 cdn.acsbapp.com tcp
US 13.107.21.237:443 bat.bing.com tcp
FR 199.232.168.157:443 static.ads-twitter.com tcp
IT 157.240.231.1:443 connect.facebook.net tcp
US 151.101.193.44:443 cdn.taboola.com tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
GB 2.18.109.60:443 amplify.outbrain.com tcp
US 8.8.8.8:53 script.hotjar.com udp
IE 54.155.65.141:443 c0.adalyser.com tcp
EG 108.159.120.16:443 script.hotjar.com tcp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 132.99.22.2.in-addr.arpa udp
US 8.8.8.8:53 57.66.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 204.1.22.104.in-addr.arpa udp
US 8.8.8.8:53 28.40.16.104.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 127.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 94.120.159.108.in-addr.arpa udp
US 8.8.8.8:53 117.120.159.108.in-addr.arpa udp
US 8.8.8.8:53 102.120.159.108.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 etorologsapi.etoro.com udp
IE 20.54.24.199:443 etorologsapi.etoro.com tcp
US 8.8.8.8:53 onelinksmartscript.appsflyer.com udp
US 8.8.8.8:53 9944765.fls.doubleclick.net udp
FR 108.159.120.54:443 onelinksmartscript.appsflyer.com tcp
NL 172.217.168.198:443 9944765.fls.doubleclick.net tcp
NL 172.217.168.198:443 9944765.fls.doubleclick.net tcp
US 8.8.8.8:53 logx.optimizely.com udp
US 34.49.241.189:443 logx.optimizely.com tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
NL 172.217.168.198:443 9944765.fls.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
IT 157.240.231.1:443 connect.facebook.net udp
NL 172.217.168.195:443 www.google.co.uk tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 wave.outbrain.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 157.168.232.199.in-addr.arpa udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 60.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.231.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.65.155.54.in-addr.arpa udp
US 8.8.8.8:53 16.120.159.108.in-addr.arpa udp
US 8.8.8.8:53 199.24.54.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.159.108.in-addr.arpa udp
US 8.8.8.8:53 198.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 189.241.49.34.in-addr.arpa udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
GB 2.18.109.60:443 wave.outbrain.com tcp
US 50.31.142.63:443 tr.outbrain.com tcp
US 50.31.142.63:443 tr.outbrain.com tcp
PL 93.184.221.165:443 t.co tcp
US 104.244.42.3:443 analytics.twitter.com tcp
US 34.49.241.189:443 logx.optimizely.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 www.facebook.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
IT 157.240.231.35:443 www.facebook.com tcp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 63.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 165.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 3.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 35.231.240.157.in-addr.arpa udp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 trc-events.taboola.com udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 wp-nav-pro.com udp
US 54.81.18.140:443 wp-nav-pro.com tcp
US 35.186.235.23:443 cdn.mxpnl.com tcp
US 8.8.8.8:53 140.18.81.54.in-addr.arpa udp
US 8.8.8.8:53 23.235.186.35.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
NL 172.217.168.195:443 www.google.co.uk udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 162.247.243.29:443 bam.nr-data.net tcp
US 162.247.243.29:443 bam.nr-data.net tcp
GB 184.28.176.16:443 www.bing.com udp
GB 184.28.176.42:443 r.bing.com udp
GB 184.28.176.42:443 r.bing.com udp
GB 184.28.176.16:443 www.bing.com udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 13.107.21.237:443 bat.bing.com tcp
US 104.18.29.127:443 privacyportal-de.onetrust.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.41:443 aefd.nelreports.net tcp
US 8.8.8.8:53 41.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
NL 142.251.39.100:80 google.co.ck tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
N/A 127.0.0.1:9050 tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
GB 184.28.176.16:443 www.bing.com udp
GB 184.28.176.16:443 www.bing.com tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 motherboard.vice.com udp
US 151.101.66.133:80 motherboard.vice.com tcp
US 151.101.66.133:80 motherboard.vice.com tcp
US 151.101.66.133:443 motherboard.vice.com tcp
US 8.8.8.8:53 www.vice.com udp
US 192.0.66.177:443 www.vice.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 htlbid.com udp
EG 108.159.102.69:443 htlbid.com tcp
EG 108.159.102.69:443 htlbid.com tcp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 177.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 embeds.beehiiv.com udp
US 104.18.69.40:443 embeds.beehiiv.com tcp
US 8.8.8.8:53 cdn.parsely.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 s.skimresources.com udp
DE 108.159.105.49:443 cdn.parsely.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 151.101.1.91:443 s.skimresources.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 scdn.cxense.com udp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
US 8.8.8.8:53 silo50.p7cloud.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
US 104.18.21.97:443 cdn.confiant-integrations.net tcp
GB 2.22.134.73:443 scdn.cxense.com tcp
EG 108.159.102.15:443 launchpad-wrapper.privacymanager.io tcp
EG 108.159.125.123:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 40.69.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 r.skimresources.com udp
US 8.8.8.8:53 49.105.159.108.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 73.134.22.2.in-addr.arpa udp
US 8.8.8.8:53 api.parsely.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 t.skimresources.com udp
US 8.8.8.8:53 69.102.159.108.in-addr.arpa udp
US 8.8.8.8:53 p1.parsely.com udp
US 8.8.8.8:53 p.skimresources.com udp
US 35.201.67.47:443 t.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 54.85.250.121:443 api.parsely.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 35.190.59.101:443 r.skimresources.com tcp
IE 52.17.99.225:443 p1.parsely.com tcp
US 104.18.21.97:443 cdn.confiant-integrations.net udp
US 8.8.8.8:53 launchpad.privacymanager.io udp
US 8.8.8.8:53 api.cxense.com udp
GB 108.156.46.25:443 launchpad.privacymanager.io tcp
DE 167.235.124.24:443 api.cxense.com tcp
US 35.201.67.47:443 t.skimresources.com udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
IE 108.159.120.113:443 yield-manager.browsiprod.com tcp
US 8.8.8.8:53 geo.privacymanager.io udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
DE 13.32.99.35:443 geo.privacymanager.io tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 2.18.190.81:80 apps.identrust.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 tag.bounceexchange.com udp
US 34.120.253.250:443 tag.bounceexchange.com tcp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 104.18.95.41:443 challenges.cloudflare.com udp
EG 108.159.102.81:443 cdn.browsiprod.com tcp
US 8.8.8.8:53 rp.liadm.com udp
US 8.8.8.8:53 pd.cdnwidget.com udp
US 8.8.8.8:53 api.bounceexchange.com udp
US 8.8.8.8:53 assets.bounceexchange.com udp
US 54.90.63.124:443 rp.liadm.com tcp
US 34.98.72.95:443 assets.bounceexchange.com tcp
US 8.8.8.8:53 data.cdnbasket.net udp
US 34.111.8.32:443 api.bounceexchange.com tcp
US 8.8.8.8:53 events.bouncex.net udp
US 8.8.8.8:53 15.102.159.108.in-addr.arpa udp
US 8.8.8.8:53 123.125.159.108.in-addr.arpa udp
US 8.8.8.8:53 47.67.201.35.in-addr.arpa udp
US 8.8.8.8:53 160.91.190.35.in-addr.arpa udp
US 8.8.8.8:53 101.59.190.35.in-addr.arpa udp
US 8.8.8.8:53 225.99.17.52.in-addr.arpa udp
US 8.8.8.8:53 25.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 121.250.85.54.in-addr.arpa udp
US 8.8.8.8:53 24.124.235.167.in-addr.arpa udp
US 8.8.8.8:53 113.120.159.108.in-addr.arpa udp
US 8.8.8.8:53 35.99.32.13.in-addr.arpa udp
US 8.8.8.8:53 41.95.18.104.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 250.253.120.34.in-addr.arpa udp
US 34.149.130.207:443 pd.cdnwidget.com tcp
US 8.8.8.8:53 ids.cdnwidget.com udp
US 8.8.8.8:53 page.cdnbasket.net udp
US 8.8.8.8:53 view.cdnbasket.net udp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 3.5.22.213:443 ams-pageview-public.s3.amazonaws.com tcp
US 34.98.72.95:443 assets.bounceexchange.com udp
US 8.8.8.8:53 events.browsiprod.com udp
US 52.89.61.245:443 events.browsiprod.com tcp
US 34.120.234.209:443 data.cdnbasket.net tcp
US 35.244.178.91:443 page.cdnbasket.net tcp
US 35.201.89.175:443 view.cdnbasket.net tcp
US 52.89.61.245:443 events.browsiprod.com tcp
EG 108.159.102.81:443 cdn.browsiprod.com tcp
US 52.89.61.245:443 events.browsiprod.com tcp
US 8.8.8.8:53 81.102.159.108.in-addr.arpa udp
US 8.8.8.8:53 95.72.98.34.in-addr.arpa udp
US 8.8.8.8:53 207.130.149.34.in-addr.arpa udp
US 8.8.8.8:53 32.8.111.34.in-addr.arpa udp
US 8.8.8.8:53 124.63.90.54.in-addr.arpa udp
US 8.8.8.8:53 213.22.5.3.in-addr.arpa udp
US 8.8.8.8:53 ai.browsiprod.com udp
US 8.8.8.8:53 209.234.120.34.in-addr.arpa udp
US 8.8.8.8:53 91.178.244.35.in-addr.arpa udp
US 8.8.8.8:53 175.89.201.35.in-addr.arpa udp
US 8.8.8.8:53 245.61.89.52.in-addr.arpa udp
EG 108.159.102.64:443 ai.browsiprod.com tcp
US 8.8.8.8:53 64.102.159.108.in-addr.arpa udp
US 8.8.8.8:53 e.cdnwidget.com udp
US 34.102.193.48:443 e.cdnwidget.com tcp
US 34.111.8.32:443 events.bouncex.net tcp
US 8.8.8.8:53 48.193.102.34.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
NL 142.251.39.100:80 google.co.ck tcp
NL 142.251.39.100:80 google.co.ck tcp
IE 52.17.99.225:443 p1.parsely.com tcp
US 52.89.61.245:443 events.browsiprod.com tcp
US 8.8.8.8:53 comcluster.cxense.com udp
DE 167.235.124.60:443 comcluster.cxense.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 60.124.235.167.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.co.ck udp
NL 142.251.39.100:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 34.102.193.48:443 e.cdnwidget.com udp
US 34.160.20.10:443 ids.cdnwidget.com tcp
US 8.8.8.8:53 10.20.160.34.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 softonic.com udp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.129.91:443 www.softonic.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
DE 3.161.82.43:443 sdk.privacy-center.org tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net udp
US 151.101.65.91:443 images.sftcdn.net udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 43.82.161.3.in-addr.arpa udp
DE 3.161.82.43:443 sdk.privacy-center.org udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 motherboard.vice.com udp
US 8.8.8.8:53 www.vice.com udp
US 192.0.66.177:443 www.vice.com tcp
US 8.8.8.8:53 s.skimresources.com udp
US 8.8.8.8:53 cdn.parsely.com udp
US 8.8.8.8:53 silo50.p7cloud.net udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 35.190.59.101:443 r.skimresources.com udp
US 8.8.8.8:53 p1.parsely.com udp
US 35.201.67.47:443 t.skimresources.com udp
US 35.190.91.160:443 p.skimresources.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 api.parsely.com udp
DE 167.235.124.24:443 api.cxense.com tcp
IE 63.34.81.234:443 p1.parsely.com tcp
US 3.92.170.229:443 api.parsely.com tcp
US 8.8.8.8:53 events.browsiprod.com udp
US 34.210.49.7:443 events.browsiprod.com tcp
US 8.8.8.8:53 234.81.34.63.in-addr.arpa udp
US 8.8.8.8:53 229.170.92.3.in-addr.arpa udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 rp.liadm.com udp
US 54.243.122.230:443 rp.liadm.com tcp
US 34.120.253.250:443 tag.bounceexchange.com udp
US 104.18.95.41:443 challenges.cloudflare.com udp
US 34.149.130.207:443 pd.cdnwidget.com tcp
US 34.111.8.32:443 events.bouncex.net tcp
US 8.8.8.8:53 events.bouncex.net udp
US 34.120.234.209:443 data.cdnbasket.net tcp
US 35.244.178.91:443 page.cdnbasket.net tcp
US 35.201.89.175:443 view.cdnbasket.net tcp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
US 52.217.166.241:443 ams-pageview-public.s3.amazonaws.com tcp
US 8.8.8.8:53 7.49.210.34.in-addr.arpa udp
US 8.8.8.8:53 230.122.243.54.in-addr.arpa udp
US 8.8.8.8:53 241.166.217.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_2424_XJUIYXARBCQSXYOJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4eaf094-5e8d-4677-93e4-73c4307a78e8.tmp

MD5 fe98c5c35832f831515bf74b719af34f
SHA1 c408043992168042093f44ee57a00759b1e59fa5
SHA256 925c02cd4510e5a2cc8a909c754fcfefc12fc049fd180675be49afeb7678ae7b
SHA512 b73ba273ab4dcebd6d26b9da9b5ea0cff656c2515f8d80ceb290b133417e9ee935fa018ad5c852ed60585772a0bf69b34204a8fc3f8e71350c78c482c105d307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 860d3586a817ea60d1aa76f1a5c68429
SHA1 b54a83173b03270666164787a9d9f976e25a65d0
SHA256 4b94f0c98a93bb2e4822da47032e279b64fc10a7c8bab5faee256f7d8a1177a8
SHA512 fb5332053ce38226a4796795536732a75c0197835622056bbcd7e87503c563208b70645e33e2af25edde2c68f113ade5f46e21773c9f4172dddc030b285dd62b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fec93854-63c0-4b2f-92f2-eac73689e19d.tmp

MD5 16e9b9fccf496907f218282b2e26537d
SHA1 7d5a33ebb23046e06556f03951cb4387d0b28245
SHA256 3d16bce063ddd9eac27dcd437f94d5448390cb6e10ba456bf1995d653938b06f
SHA512 364dba83b6967ef2bf5e6a0e4aecb6af147dd949f27fb23e783408e41e83ce91e69b1854748b51228aa6cbfe4eed10a9bed9978196c3b9f53ff6b965ac78298e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580858.TMP

MD5 2a345663b859d39e01c34f684782e0e2
SHA1 1bbea85456483dc2a0e8def992841fb38c22ee81
SHA256 82acd09e92919ecccc308b7c7416619280b07db4d1647c33a7a42a80a7b4b545
SHA512 06ef12042f28400bec8b643165e61bac621368ee3a7714db06c6243bb1f5679239bb44346842ea1ef8e8f4d86f91956b87800c34606e943979bfa486bbef595a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 45c06b4fa73b6c2b68063e7b53a1499f
SHA1 b660e019522434198229ff544acaf9f276b05349
SHA256 6c47e5929c912bf7f5ce7dc7bd1bf5749a34542af456d64c81fc9eba44fe9bda
SHA512 54f15d2cab3dbb0adcfd88f627f5c4fc4b3dd2a4734423d444b33e7c32e4a7cac544a28cd306f5dc99ab0c0d5a7047647c0b9d00042e5edf956f258b23c89760

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 074d700cf6064e7e3e292a289a5d7b3c
SHA1 f3747945124d1276bad203ac5c00361d7e22e478
SHA256 86ba16cd25b47c4cb965c29abdf72eb895e00cd1072472c7df5730b9fb61ec57
SHA512 2527cd695393331ffd5627dbaf12492ddf988a286f4fb04b57cfd1a93741309e4506f7eb64e87c564d9b9f1e97f8e94a08046f00ded25b2b288d651f29f1443d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40fb7e77a6fe6be1fe635157613c9867
SHA1 1dfd24e3e1768b33c47de8e73589409a331ef793
SHA256 4114d11758488350859ac1bb72913a38dba68740202f7ec613e6fc9db52e01d8
SHA512 1c0ed5eb16e4465eb8f112be5216f877ca1844cba49968af60457abf6009ef340659c36c232d3918f29dbe9c76c34ffb81f5bd8c345426f89ff244eb95462935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42e01c7a3d19913bcccb2b6df0a4261c
SHA1 646ebc8adbb2b0a3f4768468288196196c7d0e96
SHA256 f479455898fcaadf5424fc58373e3fee63b03c597c74a59a1be674581d72280a
SHA512 cc1f66197ac57dda4bea5c95f26c9e1240147cdfd319d2327aa7d8a57dce459761b99c4272c08e33310bfc796e1fb10f09def21eb5319e5369de42fe745842ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b698a4fe505d8cbbc2fa5034abd3c823
SHA1 22894d03d1c5965e3ffffc520aa2b75d6bbc994d
SHA256 f6b2b3817dc6a8b3e54a4c55bd5c13956eb8edb3ebc56bb424854c06ca810fd4
SHA512 feb1ca63385a8b8e005fb94f2de4bf70c2720415ac86711076c9fb7a61790baa8c495d9b5b9babf6ca3e23e8e1997400643423d64ce4dcae6d03e1e8d8566501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d33e82e7eeec71d9c404dd79f93799d4
SHA1 ba4492f0ee518b4a0aca8a8676890598c2bc6390
SHA256 433d25eff47cbfffa28055365e8d3aadcfb8d8e615b4909df2cf5bcb42e95f16
SHA512 16b80d39be9a45c4fe77f080b0d3065383019f003e4f99f093e9fc2986d4310417c0acb12ed753caae6b4a8829d7d16a22102b1c4c35ec6ea10ab82ed0fea8e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 1d9097f6fd8365c7ed19f621246587eb
SHA1 937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256 a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 00d4cc262b70dd3d386111ff78fb0812
SHA1 628d4dcee1e82d04ab3969c29e256cef10101407
SHA256 956916ddd6bb5ebde0f5df3605a524d1624ea335cdc6bd5bf26681d3a5ac5239
SHA512 12f3cf77c4ee58eb00b08ced394d35e35237da4bc9ca62b1408c6dca4350068aa94d3a0e98132aa0e6cbcbdb7dee9c2b9c5399ba7c4780442200ad37a4c2b1a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 3f06d90f781a40e2014b2b3a97c48b41
SHA1 660682729eda776fef2b49c1e4be9860a032bed2
SHA256 c051c48247b58ba107b7ded31e6a3913c8e0c890e547047080132f4ad81545e2
SHA512 ebaca5aa11d984601460b0def00e974411397a00efa251b221145eab261a8180c8e35347693e1ec3a1528b8dc206259593f21fc1618fa79840f588286c7e6224

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 8e6a5fe9d33d3c185d1759e247d1a745
SHA1 13c7aa2cf2f5ce3e82523b5b2c3ed14200467004
SHA256 81f01176a056c932e1fb9d8917fb793704d1ee671d524957675cd703e1544b08
SHA512 054f88d17b91282375268fbdb6187a6e1a2ca962ce04c839161f9a81b08e8d6017b19d3145afc70e48ec54eabf23f053eff79bfb4da8e93ebd734e8149bf867e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01d51b8f5cfbd430998c1d028e6915af
SHA1 6409398280c49e6b6edb119e4663fccbdc9dd12f
SHA256 9282a6172a9a9999dcb6176570812fc31d413a2180b926d4785f9546e74c4c31
SHA512 d9ad14bf8856580f3510d1ffd567205142f6b97a24f4710e7505fd540cbaf0bc318296fa7d4aa44e539b1509a386f8f225d063d7679a3f8a46663b4324e2747b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05c1af1fb549113f70c43a7547484d6c
SHA1 ad781cc9a469dfd6a6d88bff696446df0325725e
SHA256 6c1523490a89500c77f02e4f268fdfa4e05700b7c3a692b44be808688f2d873d
SHA512 a33d62503a99653b4e1807a13f559f9affcafb0bc2b3ba06ffd45d396f25662d64c988b2b549840ad1b1573bf6eaf1c6371062d555a68fa7422acce1c35386ed

C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload

MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9767147a4a26865d2f8abf63c170c8bc
SHA1 b081f423192b80cf47cfdf16f571227a88a0da92
SHA256 86cde2d88d69eeb080d6a9cf402994a0b2f1b4a8ee0d13af26b6f031d2ff36f0
SHA512 6a02bb0dd91c517a8e83108ce0af5a58e54d14ebb9684e278a22b3b648cf37a3d19b90b8262d9dd316849c040f260ded6bf8e058d4fef60ccf9fe315ef31b387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 167e5536acb626a5f3f9241ad381177b
SHA1 5f941b98fe56375193f9e5ccad29d7b3d8833df4
SHA256 75b6447edcc018e24a588f5aed3a1365a5887c6c3540ae63c4d60a08b865e1b6
SHA512 bbba2447b7d647a589e0846d20391b12187dcb5dbde44b019d84b0de18cb2a38b796de09e53f619ee1b808e2bcae09873b154fbec3811a6aeee21423cdff12cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5697fcb2ec5f3bb5b0b157d91118e74
SHA1 497a552f5dda42dbed2d01ad1324df0f5fff09f4
SHA256 f139d60a2ab0f6e2044aeec943578f7af1885f458a2897556f0967b9c5557623
SHA512 01ac09410a1fc002ae50385100830b72f37d078153b7014b9318bb259fe48c371ea3733ea28337db73624ae95c53c5a5201a64026212a69bf74ba07b37bbd0a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9485afbffca621334330da44f0526fb5
SHA1 8a667edecc18473c58416b60a80346082d74f20c
SHA256 3b0c26c6ec293b8a224d0f5901742a346dfdadcf9d4217981d32148ecaf63767
SHA512 fde2652d970b18e4afa87662ef557efb7292fe1e62ad4dd58781844458cdb4d91032beca3f2b1d44cadcae481e0e0fe5f9e6ea0ae4785eada4332ba2f8ccf82a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a726548ffc8ef8bbacd773c9847881ed
SHA1 28d1942cf5fa2659d8beb331b81e2b41c56b37b0
SHA256 05720ffaa240619c80e59f449ca2b91c50898096d4197b41f4879c471fd3942f
SHA512 dcc476b48f444568ea2cea039c5b430225ef010c28d7b6c4ef5983cc1ab513754ca1accca5ad57f94b26eb5d1582be8926df8497dbcd229db1d708169cc5282f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c7571cbcc1448aa5246016ad0feba7b4
SHA1 36490fa23f20b45bdd8cda5f72facf47583ebb10
SHA256 8dd3ff85971dffecaac0e59a8bbb61259e9df57ccaa51ea8c316cdaaa91eedb8
SHA512 c17b5de201915e4909e3207d3ded218310e714057ec6c98e0f93fb7b75de7366bab85081cb8d8827df0123509fac176e3d201ac36db7cf25edfa649dc95d766f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 3e2d02e2bb79df1b595108b225670c6b
SHA1 5c715be833a5fd8a244719a38cf9c09434001a39
SHA256 1234340cdc130ca1b9c51dec0935cf6e761d8cb275f0030772585bb144d5aee3
SHA512 04dfa3694ddc7fc496ba35370bfff7e051f2f01c06c3d43833e6758fad5323c826b6d5221621596f4b4cd642d25f9e48e3834f02e719d1756cf3c63c5690b094

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 c514e24b5386247ea67936b8790c3b51
SHA1 dad85d1dc010e6bcac8db84992cd9f1db6ab05a2
SHA256 68e5b72ea6259bd25916eb9e07984047d2cda94f8b0013314efc1e46073f6ad9
SHA512 d61a17e50b00e1ee6b43af7ea922310940cef2d7595fa7f6e42a84686ec51f997062317554e24142c9acb3f5e208c8c220ac8611b79264f506d22a9516d47761

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 ac510c553e037c04129a8671df7620e8
SHA1 a1643b467bb5627e7fa45131a1e96ec856b18011
SHA256 2421a0abe682b5da6ec0b86b36927b839b8bdd9a8e5a22dea46d89a80c1df081
SHA512 5343f46f0adbe41d77a9597865c7b4926eb1df8d0092a843e2a345e08f9b12b8f562fef8adf869f9545a48130a4b8f0b35f4075e0422cc912a7902665fc64190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 fcdcbbdd0df87fc4b4504ca91692b153
SHA1 5e5e97744f12d1a2d5a8b42ad3d320be4eff74a9
SHA256 d732e6b7df65a485f62ee3b29988dc95a30b3efe57f45fcac206e95ddc8b6d7d
SHA512 23f78376dd3263b81220572e2514f9bbcaa3350e5d7bac2e47f15fec4bd0b59a89c1d216106acaedfd6fbad656de791a8ee44465dbadde9c370fc7ba6b1969e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 ee46eb623f25a08d61877fc83e071f6a
SHA1 52c81e283c429e7261c7c1669da0eeb7965d41e5
SHA256 20202f0e56946106101cf2e5d65d8a7414dec4f6ea2e3381876e717354de76ec
SHA512 df1e0a9df68eb260fb42ce0e3747c050a3cbe0e1503e1dd210e1014fea9d0ebdf83a2c9ce97d8573de0ea3f66c8304c16d36c8c9b223e6fcf1fcfd1023a75d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 4e4d08185c05ac430a97c3428737e50e
SHA1 70f90983c1d041b530c55126767ade1509eed3ec
SHA256 54a2b44ea77627a25232d770879417b90d5efb0c8f5ac8f2b67ebd80bdc26bbf
SHA512 417768c427abf3dbbc3145256f55642e4ce6981c635608804ed890f2c20ea5afb0ed74406116e74ab5988ee2a1eb2fbe220a9c85cc451400918b0d32198e01ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 9a7c70340c70c0c564956af620efc03d
SHA1 1d02cbe822b73f1be8a99c0ecaaa2055c3b73128
SHA256 be847055ea25af94da19ac412242575ca86ac2a0bcb190f36c5e5345825c0748
SHA512 0b31e98ccefe106d0f17073be06f7f371df3233d3ba06d7b541ed32bcb611cc37873275e635f12abbd3b2fb0de8042d0b3ea66d47194413994f77b2b71eca983

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f5b4f37c5ebdd8fa0b77c14d30c57ff3
SHA1 42ab0c2131effb0c1b76eee01e71b647508c650c
SHA256 719e0ebcbb613acfb14302b8c0feab7ca53658c1acbff1f3016728ea9d0ddde5
SHA512 77641012093a70c1edd74c9169dfc1e8253d04e731a966c7712a36926fbdde729353655d100a7786e1c35e89d3a9fd18b7f589d4f56cd502df97743df0f5be0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367690342313809

MD5 626815adbd0de00b1526cf8c7e366ab7
SHA1 d8bc12c5fe078ef186c65981147d477f088905af
SHA256 64e5c13a8d4fb586e31c0059d3db67884a732ed8dfbdb3f386cf45cee15889a7
SHA512 d781975dde77394ebbbb29b7c89f4b67eae774b054947cbdf9a3b20fd3c2ca5a5fea6a62eed05288887585663b47d0df488195ee863f9093d2743310ee2f6769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 83e6d0bf4f148f075eaedcccd4ce57e3
SHA1 2e0977f229e314490f5761c622f6cb04a3409e32
SHA256 81a1bf635bc913773e162e3367caeb6aa17ad91b211aee06ccc1aaeb6abb8d18
SHA512 21132a003b85fb4741ef3a9a03f4b0079c1c7761df32e680635ae63c1e3d6b8dd2ac7a75853299fa706c4fb0590d60b0fee50c3b17b3eba62df4a859f192da28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 2b51f6c62270e8ec578962b3d0fb9df3
SHA1 a6f37901bd404ba23bdd5e95ebe6f8dee4814717
SHA256 27fb58704a04bf223e6a9ea6b4b17651d00fd03c3ae58b938ecd5b713fb4c6f6
SHA512 67cdce2208c0b446a3196bb61a32007ca3c6a4944e900cb9fa5a5d881140a36fa1dda6fae72fe60f9dde6c31aa332a5ed0a6d7d0d75192827928783430d402cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 d8980a1476e48ee02c7f4fd9d16d3649
SHA1 c5957f3573cd88d08e5ae1a864e380f4202188bd
SHA256 4c8c85986a1c3f9b2db7ccaccadc9797368e5476fb88edc53fba2e0d5bba7264
SHA512 69abd3bedd9b00574a7c53d2e75fb4dd84d6627debb06cacf82e13b51a7cef589e2f44aba57c827456eb24d8c0680c7e601c5ada173c61615dfdec8c81780892

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 fe7bef998d4873b5a57e8bdcfafafaaa
SHA1 dcd7bc7da6650c4c01ceea0cff1e1edbe4378d86
SHA256 b46bb2a36ca2a62013e45fe86d2ccc79cb9c83dd7437746078d065f069455633
SHA512 b45d9ee74135f7f862a3e55ae5c34f0ede3e94216fa780887f2a64e2f42dc0f79226f4550e9aacc1b8bccf25a68adaed41eff1c4365cb57f141623c0f7ecc077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 8a7099522f9c09dbdbc974b48f9ed2bb
SHA1 680bd94a9d20a6f4526b5b54425f7d66401eea33
SHA256 79db0aacf2a399201c4fbb0d6b26b7e192ee07f8fa1dfb43282f07ecb5a245b7
SHA512 f936b70f0e2d0b225622bc165b4388d493510c1eb776814a11ac6be32e31f1e09a67c1db0fde273953ba868ae676806982553a5501ce70735b0c170cee397b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 fb1fb1aa49d956fb2cd2822072b2514e
SHA1 cdf1266ce78fb9a8670dffaacd295dacc5c3ed7e
SHA256 aeb5f195cfd114ae349cafac1854011cc055184b2d6e43c64b4ed016870b7e7e
SHA512 48cf39aa6ba310bb7945ab57691524ac7238f7f7b2ae1fff4c68226862600d52b22db8d342a52259051421e6b6726cff90f74f383d164f33cae80197b48baf14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 839def0464ec9d1c66aaf8c6df31a972
SHA1 4d73dcbf95396161736e44d7914028b6173754d7
SHA256 98a1d8b570dbd3fc63966bb001aeed146c4b01cbec2446144f2955ce5d470bdc
SHA512 fac1c1b3ece8268d797adb7003249b03469d0e5ad831982077763397dd620512ea16625bc175c3b491132296184b0b23e28be5d0200f578bd21d1bab2f4f58c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000007.ldb

MD5 6fdc1f2e221e49d5310c0cacade157d3
SHA1 e0c51ba4569a850e3f16c6ca6cf7069a9665315f
SHA256 41dd63762a7bef41583b41a24d799be039427083ff7af6e9a1ee176b552a89bd
SHA512 b674347b8a8fa33cb5eb774849a51110473a3adef78b1d76df076677f1f7a14775780f2367e645272695ea9d16742084bb51f79f741163c5a3a595db05b98e8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

MD5 64d4b191e2559b80ba200657ab9c1bdf
SHA1 394b3c1ae87b45b7f1c7cbd03c3a3885692f42d0
SHA256 16ce3a53b693376f40f5bd58dfb7bb6b0eec8175ba7b3b608068307309037b2f
SHA512 db8b6992ff5f08cdcb042594edb4eee71f1c52cb39db0a4ccd33eb3a49578aa0667556dc604c7ddf2f72c9228c3681a552a4583024c8a128dded9a8912a838e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 2a1b57b0d81d156e50608ba390594ad4
SHA1 5399a98d2262625c0ce1840fad8d4bb11a629a61
SHA256 4fd7e57c235338d8b5063c4e17b8911b7e3b5f0c08bd70168d5f56c1d06f182e
SHA512 f1a577824a389979968842bbddb1ce1669371f3ff1ef16b86a4fee9a269f0b00cbfb94053aa55ac60287a23d9a2c0df053b0221e17f752a7fce45dc717130464

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 2a3f3e0f4d87b63f70bf2d3adbd1683a
SHA1 f86e1f6d969258bf46eb9d57ce6e48d804f28ba5
SHA256 d4b9710e8de719174630a186a8d485a441df94eea73a009b7bef5a0c42faa9f7
SHA512 8dfc69c89ea3b5a6b73f8fdceba2185a79f85b216cb2e2d48c8fe20a20a01bc783e4cf5a94b74f22725bb594092f3a889515c4b2dffab4ea59b1623893e0c87d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 2eb3681d80debab2310dbd47315cf27f
SHA1 543038d3c97318138953875371326a50d8a18286
SHA256 4760b23ae748f46f89a8a054e9e31656aa7bdc9bbeda94f2c5ff201578d581b7
SHA512 71cc2224d7955f4982762d335a27504f2826d066e8700eef5ea391adf2dc9d8019ba3ba4db5ff826b6efe51a8af55f3a59a4918c4c7c1e4eb86557120bb91e51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 114da86f0e752725ec4402bccae35443
SHA1 8f0e968d8affc73eea0b3132ae5cf2b56a1b6e37
SHA256 56e023128f893831ab6ed3105a0f7e73a147b874bf5b53ed193d88f9e463f6e0
SHA512 1b8b6e5ab015ac86aa28400e466af7737d60ddf9376bb0bbf98c8b2a1924deda4b8c40ca4c84af1dea9145597b3e54501225949550255072c6aead87c38b1dc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 b7ebe87db97ec4025b5efd4e861e5c63
SHA1 e2c8dfd1a0be30d2089d4fa92db9d27ea9e66952
SHA256 ccc4b7d2b1f8c42e518ffc461755803e22eb4e4a2c37ee306cf5b574bdd636bd
SHA512 1f3e86acbd5dbca5a53ed82cb6a837a315cc767eab79b961cc0641353ff16d2e8abd6ab0d374d75aa3c1ea6c82b74c3b580e976c900d801460f1cf4fedb38f94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000006.log

MD5 3448919143fb934e2d9a46069484643a
SHA1 d0eae616fe25917795924297c83b6a6e64c0156e
SHA256 b96eeecf756edf282e57178182de7032363b095b16206f9252eb508a76269b53
SHA512 ce6319ce3baa03a9917487e827c0b19e579885a9152fab7c5efd0511bb6477a6fd5abbbc2d87cdc10e2135e1d0dd0a78da6a7ca090378a9f3289578d6ebd4c2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 09b4fc4c9d7d6c0d9366fcd7de92eb59
SHA1 845e1e56790f4db401aeb8950d6faf91161cd520
SHA256 0be345c63327b6dcd49b63273216207131888a13cce509ea254c738e6e84ba32
SHA512 1ccd34cc47bc5b83cb24631b32013b44b1e72eb4b4677eccae63b30f5ed1d8bac3925c2e14b0223ddeac36ee9d945ae823ef1c4468140b6a1e744830d7190aec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 b3b6bbacef136a4186c5c60598e45ead
SHA1 6798bd669721754360cac65702141973252097fd
SHA256 73c5a89b6bec4d4b9a77faaed8e278991a33f4402b6a1990f6fc5db3eb6296e8
SHA512 e78c55638dd36f7394ad19230e74acab9e9c00ecc0b5c71e623fc8fd5d624b556a06318d9264ae842a4d57c91f42d1642c410293ccec8303493b824194d9f142

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 2d4cd38f6bd0045b399ef602bffbb448
SHA1 6d28863bed5951980ad801ef6242f99f120628a9
SHA256 d05273f199bc473153d887fb07cef76e9453dcf9a79901530ab08879b0eb015d
SHA512 92c6b7343b8ddf9898d2f00a8f15be78f21ba7c9bd4c95cd08191a631a534798cfe2cb4db43d21401f494fc3271e95313e5b0c50a7b3787905d6d3e0ebc71db3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ffae3b1ae141282c586665b7230b9dbf
SHA1 21bc85f106a2dfe433d4863687f786f6aca8ddce
SHA256 9991120688ca2791632347874cc3b31b7cbbd400076d216004ca584d06d0d820
SHA512 95baf6095a70ac4cd492f1397a15c62b30254ad66671b7f1330718bbc2496fb9ca092e9e997787e8699c0e1fa4983852fbe022aff8c6bb76149a093e952da24a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 236b8bb31e520c725126fbab8b1a8291
SHA1 5db2500db72dd4da437c1ac6dc514917ba9ff015
SHA256 a098cdc7bd7129ff9cc2800b0856c7d3219084b2505708368c49c22e5c370abd
SHA512 69176bc3fe5a6e638617b762646eb559d8b0bd75eeaf993cf6aa6e9b19903528a515b0c42c0350e4ba5641f26523b29635f88f6ee9d99ba3e96667587acddf7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4191516bb9dd5fe819eb6df7b9b8d21f
SHA1 6b86dd91ba52422d50f8914c281ad603b07c571e
SHA256 e9ac96bb226597a18229af18d781ddb98a940a7f4767d0dba1ae38ffb8e067d8
SHA512 65a031a3901e5ce24fafb3647adfb3c35c9e0044dfb522786da07a68489adfed467cb5429a2a55fac5a63f6ee248039e140f8a165b858d382e51615a610d4df4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cbc5ada5d1aed538b672f7a0bdc5c07a
SHA1 0a4c4e3a0f693f1542f3511f6db8484b3cd85622
SHA256 364466e5ab92a4992699839c582e0df3e138fbb696c7b99af024902b5dbb062e
SHA512 99dd038edbe7d4e5ecd6b8deb0bcaedb608c55515b7ef9b3ab3733793f2eb5b1e0d347c35a3916a6fad843f8f7770d0e963fca0992bbfc6e053c81d639900315

C:\Users\Admin\Desktop\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/824-1200-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Documents\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Desktop\@[email protected]

MD5 7e6b6da7c61fcb66f3f30166871def5b
SHA1 00f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA256 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512 e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

C:\ProgramData\Microsoft\AppV\Setup\@[email protected]

MD5 7413b45735801b9688a426b954144567
SHA1 287926e4df92fd70c56ddc1cfdf5740017af81cf
SHA256 102578929605bafc29cb002ba9e4b3244b31182e62c032214ac198db6f253b81
SHA512 efc24d50f7d9d4d2bca13ea2253e5ab4a9facaebffd667011c774868be2246ce79ebbf5c0541681e18d500ca5137c5140373481d3340aba8c37cf868efcc500c

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Desktop\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/3056-2665-0x0000000073920000-0x0000000073B3C000-memory.dmp

memory/3056-2668-0x00000000006E0000-0x00000000009DE000-memory.dmp

memory/3056-2667-0x0000000073BF0000-0x0000000073C12000-memory.dmp

memory/3056-2666-0x0000000073B40000-0x0000000073BC2000-memory.dmp

memory/3056-2664-0x0000000073C20000-0x0000000073CA2000-memory.dmp

memory/3056-2685-0x0000000073920000-0x0000000073B3C000-memory.dmp

memory/3056-2686-0x00000000738A0000-0x0000000073917000-memory.dmp

memory/3056-2684-0x0000000073B40000-0x0000000073BC2000-memory.dmp

memory/3056-2683-0x0000000073BD0000-0x0000000073BEC000-memory.dmp

memory/3056-2682-0x0000000073BF0000-0x0000000073C12000-memory.dmp

memory/3056-2680-0x00000000006E0000-0x00000000009DE000-memory.dmp

memory/3056-2681-0x0000000073C20000-0x0000000073CA2000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a29fd1ddc8d3cb0d2a4bb897d863a5b4
SHA1 e7a2fdfd0be839c3e145e8e8575fa8b6fdb85880
SHA256 a18b2fd6294629121db173d60e709b3ff24eeae96f6ce33beba76383df8c45be
SHA512 56de5450b013a90a9d2f6d792d392800d503d8b34acd4d5ab1063758d427996fee6a27844cfc05917d59a3f06f9c7256be5a3bae0b136824ccd155090f4d105e

memory/3056-2705-0x00000000006E0000-0x00000000009DE000-memory.dmp

memory/3056-2710-0x0000000073920000-0x0000000073B3C000-memory.dmp

memory/3056-2723-0x0000000073920000-0x0000000073B3C000-memory.dmp

memory/3056-2718-0x00000000006E0000-0x00000000009DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\817a208c-fb40-4f02-8ea6-64e0dcbee749.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 de6bfb97f7053f2a9bccb4db99681bac
SHA1 1610ddcb911d76d024bd72d5f1eccae76b775fe8
SHA256 cc772ba8bbdd7f0b913a5d3a154a6725c4f092589eff63508376e3f20196f46d
SHA512 c627fdcf29a6d73af775103fcc50e8481c4bb2f08b021551c707bc1947f22c6aed7974f56592a6dae1383ba9ec5d27e2f9a681f33abad8648145322cc7cc30a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fb45a7b43b06abe9e3108eed12e719a
SHA1 00dfbc37e06bc19ac06e98326317d4a37ee07bed
SHA256 61d6aa18355493a5c549a80c14aaf857d6e93663aa7aa72ab185476e95ccc2e5
SHA512 f288ce7bcf8825651e0dee137b7251e21ca5506bd3606b62e5d0d64e75edcc6c198a262148eba57addbd19d9c98563bc3a1c1e3695841d522ddb309ad5b65258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/3056-2777-0x00000000006E0000-0x00000000009DE000-memory.dmp

memory/3056-2782-0x0000000073920000-0x0000000073B3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 003466de8c326495308b8cd26460a759
SHA1 ee475e6cd00e23575050deb2a497d5c6abd4c057
SHA256 7f33b8bd6131d7d466f752aae27077216e49f1c86955da3b924341b2ab064494
SHA512 652200134079ec287cd9c156ab2706fd447b86494a3d43963cd034d1cd238199f0b91edfa7af55e669d0c9b430667ed988507129694e4f69ff290495e0817608

memory/3056-2798-0x00000000006E0000-0x00000000009DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ab8d011f66d98e1f13706acdd79b572
SHA1 06956fa5d061ccab56b52c74a78e6dbaabb8d852
SHA256 bc302c8f134a47d96d8dd9061c37c81e5899d3f3e881658b356d9db33225910f
SHA512 489b4bf8235425d9aa225275ff40b6ade5e7139ff1c9055f2b20f7dbb6ad0a999d2fa36b9823a404b04980ec568b45a946deae2e9845a2d89c6a58fdd9add8e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5abb81.TMP

MD5 f7c08b3561015878cf728971405743eb
SHA1 1c8f37969e6bb3ee68d35b6cccf5b85056b84a3a
SHA256 9b8f878da14be9fd8a850ef6cbf904b597c92a986aca4ad7a408b1656f1b067d
SHA512 c55eeab349f11a4beabef8fbd1b34453708ebe1abe33d16c4e9c655c5f60e307fea9f4d7957e673365075f9519ff14642975cefc80df148d1f274a76c0353c88

memory/3056-2874-0x00000000006E0000-0x00000000009DE000-memory.dmp

memory/3056-2879-0x0000000073920000-0x0000000073B3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7dcf0476d7140b175a4957fb8743edb1
SHA1 7141a5a457b42754ba78d2d4e404bfcbeb3440f1
SHA256 3ae2ad869695ec42a854551c78e7cb7739723248555a4000b1aebac49cfb3ecc
SHA512 44db79e6c729fd37b42aabc123b495545a536a5f65ccd61222e32437dd050d873a6448f82094a6a199cf5167ee480b7340b3fa4a7478a8a5dc54bed7481a2836

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a3e408b0d4e38656f64d068e9eee7ec
SHA1 df7155ad6ff7f8ba63b0eac785e4bd31ce8e6f6e
SHA256 3968448de685a0ce8bbaca3dbecfd103171b12bda73af67796374430b80e0ac3
SHA512 0f3019d433afcab1dd0a954771a513bc9fb64f5851d5452c989f28b824769307f95117ba90f70a8a9fae1a863058dec056bf16dd08da7a017e5e388fdacce7fe

memory/3056-2902-0x00000000006E0000-0x00000000009DE000-memory.dmp

memory/3056-2907-0x0000000073920000-0x0000000073B3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 23ccbeb7829959ca1fbaf3bf2596d4fe
SHA1 0641c63c96264044e0ac5a5a45fd161d3af22ee0
SHA256 af13ea0304b45c82065a1c871714286ea8915e3d99a40f8e81007979b018b4af
SHA512 17b58c60e77edff02ecc015f469403a42ba1e3b84c890c1afa2f7dda9b60d9e21ccbb29c96100d0dcdd2cf4ac2edefe70c4be2ce81a0e1591e1e9a17df7ee36e

memory/3056-2934-0x00000000006E0000-0x00000000009DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2149f110c7e511fca7074ea97f8d4980
SHA1 e0f0a3c5c271f8c2aee9dd1fff1ebe17dfe3438c
SHA256 52892da1e678e1f0f948d5154cf5610cca055f625cda0afb10679043e9dcb0c2
SHA512 b029a46e2101999e7cd808f29bc986e2ea92b04ac51de95fc920ec27ed8b4e23ea9f6752e705ecd8fa38ee931a9e4a38d9f22de26a4560f691968dfde355c539

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 950105af3c81fa622057b1813df97ea7
SHA1 e1692e303df33970f27371719e15e9d813c57847
SHA256 518da3c1e78cee30d56cab5ed37b75dbfcc56fdf34483a088c4cc01b6700bef9
SHA512 9197a12af5ac2ca8f4bef8bcbc9ea31a0c57f253b4e5a251a8478d0d54a1f323cee87a7b01f54950d430e0338efeae588ea01b976e3077d0dcffce5a78a7d7cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d184c066a733e01d1644964adf096244
SHA1 2c1d49e0de301ce4a97f2e49713e1e0c027f6235
SHA256 66c5f9c970aa71d1c94d9eead71a1ce41ae3907d9f6434584ff7741d0e400c60
SHA512 688a3c07695d70396938f365a6c1d53bab7b6205af2483ae1c4c0b56149e56754d1bde50f9330f521b0d9099a5d316465b9322d744e40d33182422bb0f8d5988

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4ae4066085b652039ac5c85f5e8347d
SHA1 a1a107c1ab8b6e0e8fbcb48545bc09a5a37011cf
SHA256 b392fd10b2a2c260cdba84b8c8a7f200e037ca9b11cf019382a95338a7a7e376
SHA512 0302fc4a8e22058412ee3fe288275f1f09ac38dc4c188d0b42eba8e50d15409cb3dc6908bc9e9f46f039a1461b6bbb4c5745eed5b15d8e5c1a250c7c3b471044

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e85ee225c32c7856831ea28a1129119e
SHA1 941fc804514ece7038cdeb738af8c5cabd412fd1
SHA256 5c30f5eb8bb530aad8774c9bd8143e7e4902377b8b9c5e95d641e55da524fdb4
SHA512 6fb785667074f1cbea4b74c6c1b007da982ff91117d6a754d682686c59e5497abc8634ed3dae94c8f5ffcaf20528fe805d89edb8d1ee401f50155b1c1e3a2541

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a00f5088782a08be0b9492d6f151f25e
SHA1 47ce69d3e5f6c337e38b7ff2d10f7b5434e5b8a5
SHA256 3c5a5c5e88c918c59215a4e16bc93f4982d612a033c170e790d33586a5cc3674
SHA512 d8c13b3d04bf8e3db6ac6527cc3bb59a0d9bb134d7eb9ef93da650a4357969fa03e099c7fd8a67a0c453b662f8bd1ca1a95818bb0f36cf0d6730aeb6ae8e38e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 02e604f7843389afb730ca36ffb02f57
SHA1 a8d72bbe97f6934bfcbf42d279bbed0dc96120a2
SHA256 efb317934f9e8cc3bfbcd81977199c2a97b22ce3e51f8bccbef475b4c158690b
SHA512 591f1fb1e55f314852daa23d45cd3b46881142e881d7f96307b376eb4192e32df372873b1e89f4fb90090642184892500f4a53c774e00b8e4210751e13429808

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4d17f60f43ffcff2f1a7224227570dc8
SHA1 4afdac536ba987de8d32e63766327845e44c75e5
SHA256 99d224383ea4b8fedc22e2e9b62b2778f1e54c7f1191b939253dad041cf0d6e8
SHA512 4de1aafc21336ee106ea2dc134ee44a1ffd1e1b43f4b01ea9eac3ae2edd1c03c2168428b84a9cc5fdba6dfa75e613eb063ab86aa442526f973ade71495d07d56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0a7c4b57d6ce571e983bccfc58b7ed4
SHA1 174dc84678603a35eff25049a3b6e9aa177402a0
SHA256 c2f8cefaf61a9b30c0fc02376944c6e7ae4a1012996405e217fd214270413696
SHA512 fddb1ae9bfdb28902d81bcfad88a0d2d6dd4f72bec6c0e9446b66b6443cdbce46f80ec96b7f0e40748a3eb187a6c9ca8bbcf48f2e147118c871135e98895d4bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88c34451c2296e6008eb7fd4f1422f2d
SHA1 71fd2499e39898e6db341df85c6f664d6f49bdc3
SHA256 a56e0f11154668f581521ecb4ceeea376c566ab64deb1cffb94f28e82eda3791
SHA512 81d5a8d6d31fc2915f05906571239df41c62ff1083fc5b81a658398de195412efd1e47d1ec6b94dd65363599d9f8b337a5bd01555ecd0345ddeb7f15f8faba56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 785107e5ed4ab408440b3bbc044bcb63
SHA1 b7b7be616f25c469178dcf50b1afa69b14249099
SHA256 ab71fe3cb53dc3578ee8e65f619b33d5ee4983b69895cacb18bf4718e91d57dc
SHA512 dd84c0d5ea5a276ed6d44db152575ef7c76cc5798a94d165193fbbe1d20fb941ebb9a834e98cdbebb35f7de391d06f301abbc668033e49e8d3a4d002c1bb58a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e847c3add8ab16b096563d9cfc577be6
SHA1 43ee2bab18627f989744045a2419a8edb3cb3693
SHA256 b59f19cad1dd9ea0d32b827d4f8957b0da757e20557a10fd757348745c30b555
SHA512 7edf5af311c3396f758939f9be31f100dfab65785439125ffe3043c727a89f97e69276e0f28c99c6f7d4d1bf5ca27a8c8edc80b102196a4085bd6fdb783dc2b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01cb745a65c6581b8ab64c9053036190
SHA1 afcdb409cb351b6583a003ade3dc46dbabb34efa
SHA256 266a6057949bc8f880aeddcdd1a24d8a03b61d5218d37024a81198aae9ff0ff0
SHA512 79bd343efb883fdfa6ce1a65382396a9880ebb9d348a6b01d4b4dcb1290fcdff1d6f6cb4168adb484cd3f13a51ff2729c54ea46928af02e1189dd36115ba467c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b3103623d1b1b545078108bd520bf0f0
SHA1 4c61e5038e8f379bb0ff5c9ac4e237ecd6007fa4
SHA256 cb747d485eacdea6d8374ef9697a5d44c9b8f8601af26f8beaa2d30489327392
SHA512 714d504da7606e684567b43a4bf4831c5485864c51f703d33d40e3e87f60399ef3c7e806d9c60f64d8199765973022be3a60bbf108fb3fc3ed73b020d3cb2278

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 498f5b2d2c49e1929c010f8b522f53db
SHA1 668b72e2b37d1a38d9aacce8f652c4a10f6208fb
SHA256 541f10ac8c2cad6aa8bbb83b47566f5f179fab8915910652d93782718b99ccb3
SHA512 2379ab7d57a7f6cc4fe0b2fa47d3e0edc72aa3a7e3c9606e06e750012db11b2ebcc039d78504c4031cf51cf7f50437c14dcc45e47fe1a19b5e5bba52bda30e78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8e3ffc71f65e763f3f2d94a10bdf6a1
SHA1 27f21983f0a103c654e9f27070000af878b2bbdd
SHA256 aba1aec6fe99e21834bd79f61e2ff22e80bffa04d2bf202b020de39e192763e8
SHA512 8213fafba1c6bb3cf377fd0bdffff9ab7a93c822499f09320f7a350af029acc7d5f740d78631bee4fb81b6c611bb4c4d78647b862107bca8fa8e1289cd772792

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cd89589b358746d8ed2866b6e27b02cd
SHA1 bd3a690def44abe60428d76c9fe6e43254587779
SHA256 2baa28a77a7425467f5be626ac26138651a5c414161e44a6dbd28563032ba0c0
SHA512 53ea718b16b244c8e2fdf2dc41818f768120b424489a47776c8901d8d2efdc6f1b45b0934b74b99e60773c7075c48a7b911a750e731efea8dd731eb60d31363e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee92ce84489d99c1463009a93c54c8df
SHA1 439abbed81c9153c229f6bf3684edceb21da4c5c
SHA256 98e4e6394cf310d7d457d4cf6f73a7258bfe8649c7aa52437d13f2f3e784ed07
SHA512 bebe16439ad5e1f4aff3e311e9c853920e50c71b5fc7d4f32cb3e1d8d6c39482568e80d09bd4c17c0006efa251e3668b79d4af35a3b822cb56bdff672ddd47cd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 24cf9be9c34a8fc18d390ce7a3852425
SHA1 4072a2d414b7d0ed7ff60dc26575ddb718bc5478
SHA256 95983ea9f9a5682495d0d06f2e58352b8f75480b1b2b3944c603dd707d29242c
SHA512 cd31dba96d2e62ea41059df69b856ea3b2c9b5a167a2b7c4cd72c6074ba8830e1bb2979c087d037deaa7d611b92f1fd9a36378cb6868fad2cb91313647d68a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9f3e47d278e93bbe54b2422686098686
SHA1 80f42afbd6b087cbe17159b85a4b3e86272407a9
SHA256 9a90b3419118a6162b9a37cd67f94e276a2640080c1c07f1b3e11bc2e78914ba
SHA512 e764005439736db056ef44abc31a5ee45fd069e63cb16acd18eefedb6d5bf03a5617de3c05afd0dc9de437b135e0d53dbe235f822e21e4df8f71c54378794d34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aaaa63cb370b395823d66f11e483583d
SHA1 e78b03f4d1d500f4e6c71a8b56fee90c108829d6
SHA256 c02d6fb82a5f83949547ff6ea974d84d84b5d6c2f8545d82c353681ec7b01352
SHA512 6985fdca3cd1b605b373b8c6b4bef0c410557c2c1ec25a603c40a20e5b6fc090394caf4923eb3e30b54c5c1edc243e56d0c4dd6beac16172ba43222f655884ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29e99b59bfa55575d51bb21d4f0852c2
SHA1 fa87b1782942a14ce4429b4bd0384a2cf37cac58
SHA256 ff26bf08ca15996c39bc5fad1147171a1b688e82330bb55c1e4aaa38487072b4
SHA512 eae02d5dfce34a8cad3d2c14dd0b0539425885228452bfb7e6da72caa2640b80742d4e1ddb5a1c96da497ad52bb57ff5ac7f90d2dcaa0936a072088f5ea3185e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f9536a193dff508b584c2674009141d
SHA1 65cd256a223cc391e0a07f8cdb8f0d2c54161489
SHA256 2949bf57d39753cad5d845d9f3d990f8031fb3631a8c5a94a1e64328028f7773
SHA512 15b5854851b348f5b209af8719c53cf03122455319dccff7872a0c8ab556ed7ccc7eef0896c33790928b7a0fc289813103c9e2c0294164458957f2d6f0c5ae95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9d69ffaa433dad09c2b052aa43326591
SHA1 1ad6eacdd8b7d8d90028fd1014ffb0d78a302f71
SHA256 4b3d41ed31d46fda58ae53a2b93aabc56757cad1f583520f0818d5ba1c136c5c
SHA512 95b9b7a16069d2f513e555f30385e6ac4473facdf1c0df667eb7d811a93327469896c6723ac5568c133862557bde9a4495099f4076c1972be6279d92a12533c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 943b881cb295a917ac5c33a96766468d
SHA1 533b641cba852b3101db30c1140be65e64359ff7
SHA256 41a4e14dbb2c8e0d046a730325d17b220a9ca01d3b56553423acffc5d62f8e6b
SHA512 4bb21f697fb8470ef45f33e5f58bc1f274f86dd0b8932b41221101f52eef83cf33d11c5b886de526848e0cb5b71664c29004637c3188f797f0d8d4dd96e60d44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b2196bcf883b9ab311b9f3656962ea2
SHA1 17e8699d4af6dec123812cd2b463f2ba1fffc721
SHA256 ae3e514eda1a74ee9ae1aacb525ff95ff40a178b8e3b8e83fadbad9344d0899a
SHA512 d03be2a80846752cb4b5a3b77e57fa6a37a83c1da58a867c5b3bf5a9052c7295a58f18ddd537b011b79832d7f323023870404509e7f3b836b27b2049c91d0bfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a912242ce95b01893f8afa12dadc0442
SHA1 5f03325ffdff32d6ce3fe611fe363cc34b0441c6
SHA256 bfe8a9fa53fde263b62d05c2af68a003a2bac3f4e717021903d921bcdce8876c
SHA512 ae4f13a298b96ec121b59f67f9e18eb0f03e85704d0458667be46e3ea16173571fa2b836568d9785873b263ff66b8b622fef357bfc1b3bd4a4308431e89ea2af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 86c2cea5a5b747bc9cf90dd8d5cbeffe
SHA1 7a92c459537eb0812dcb67c8b17689a222bcc34c
SHA256 d8d61d98f1d21fa8cac655ae193b1a7818094c037adfd13f157fe56717aeb9a7
SHA512 50e5e0ee6433c90272aa79fea739c4202a1f82c5b0f993d6b7af565757078a2ea3cf3674986d54cff6abb5220d28171aebb466f21f41e648cecca7dd5e583161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44777568f508267ae0d4229c26ce550a
SHA1 83f837e7b66ca2104b541aec3599d762181ddc69
SHA256 02eeade535d7665fcc1f78764baefc6e3656463855ceed483826aef6900197b9
SHA512 dece6e9c070ff4c6f06a5fae1b32395c43a8a62a3fa3e9a3ac21fe138c06d18a403e2dc2a00f948a8d2e53d510cc722a0fb7a333e93b6daf190f9f41d5e2c228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bc3271f83b545612d30b98e17da52bd0
SHA1 4b00798ac3520f9d5054ae1a6aa67c76d982eaf5
SHA256 1f268320cc3242eac4d2af5e54f03c45a27cc665288eac58f9874e09ff047e74
SHA512 ca7e492eb22a9238eb36dd3dd1d17714a10662a9de9a8d6816476e181ef1c1f2b108417d1c378281961da135908851f75d8a04fc839108eb431f278205ecec80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1b01d055b0347ca2658f331b3caa33a3
SHA1 37d395094c184078d190965f1f70ef2fdec6a82a
SHA256 c3f04256494dc7f0a925b572468610267a8ea3c2b2d0364a993294b2be7f4f18
SHA512 33150d577d8dec83318a03024bc90e8683e60348db2b56f080a8471f09884b6cebb7efb2b2d2a12fbf8cd5d3f5b5990bee3945ab72d2494c35090bef83242205

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bdf02139bae8328034646ff0482002ed
SHA1 7a3386e5aaee13c1afdb1b4b8594511eb576640f
SHA256 2cb5cc189c41789ecf7db19d48cd86db8b4868b7bcf0db880905fc08e336cd56
SHA512 b9b539ce90975ae7e1236310c16985a72b7092777a3b4b12eade77724a2657364f267318e8f49342da16b7770e060f6882a3b4418d7d1ac2f9c2e05b671584f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f664a245-aec0-467a-b4ea-18d232274924.tmp

MD5 44c93b22564adf59121e50c793341654
SHA1 e08fe07b6598a3c89ea6b9caeeab7ed68fc3738c
SHA256 ab82e5968f7f325ee391b3e44cdb22d9a35afa89fb7baf7a6a58c21111044052
SHA512 860783e4b7c963933f284daf5647e866ba544f2c37727a5c1061309fdd0b1a6bb23f2b4352c698fee9fc738b8187020ffa1ef25278e4f5e283bd8d1e35bad47b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 abd2e3fbf6ea8213ecaad0e64fea53f9
SHA1 9b54af8e324428d0d5da715fa3bf317333313389
SHA256 da54834f78c1540f5072c48c6168a12a150d1f9d0b38c33db4e9a4421f420bdc
SHA512 518d9d48135cad15e811f8ed47334916acd3f15aa90c3a0451ab6342ce787e936918e6eb89b7f2d13e78c46e36a25f253b10e6f7c81fa63592dee611d60b0cc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a2124e3e9413e290e93a250dded97e8
SHA1 e9ebbd98f57fbbe1375caff12e3987d08ca8d668
SHA256 e4d1194be1b67975716d76613cc6d75e3b70d5186a6ef44cf39472a9b3070cea
SHA512 9b734c2f374425b3be4fd5af6d6d90ffe40f7e518b6fa84fc9867aa7b19b34d892bd0204ea804a8606a682e5d53ade203a9c1f2724b96b0b5c5e7f8154963813

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4479b5dc76210bddb0aa9cc1fb5ef3ae
SHA1 62720f574c9cf9bf32601c2811090393cec4bc57
SHA256 ba230cfd105eca4295cb4c194d12a0060a3aee0e4eb14f2d66d678aab13cc793
SHA512 ffa75377991797df786c68795ff07dd63121cf3b8692aad2bf79330c96f7f185110296a8e14509714f497dee9152d47904dd1daa428a345902952b30498d6bc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cf73e46b0ff0c7513e755b97255e930e
SHA1 6ded46b8877ff9360539b59566efc85fed8f7af9
SHA256 e866a4029a08d1abe5f1fdbc394d1e5e161acacf812bd9a0b6e418061695b509
SHA512 5fab25a46af8107c026b881974e126a3d0ef3ca41b6e7333cfac337aaadfe04f7606184f883c5493961237ca6d65e097ae09ce67eda1fe30fe3ecb5b3e887129

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e17bc73f23d69d8726f5aa4792028b1
SHA1 5e2ab5b3e67f6e9fdc06ddd0ffb07fb774fbd866
SHA256 a42d129ad26b9e871fe6a5fafea5024ccf726068a53d237fa5dffcaa311645a3
SHA512 ee5a2f3586aa4d8a7f6f3d303345ddf514ce1876ea3c324e699fca6e9d90ed908f7297ba570151bb79897dc85fa1e7dfb52e5673b58a2550d3589b482b8977de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e40d744e8fee1e94ed9c3c722b35efb
SHA1 9ce98af55406158eb3dff7ee47ee0199dab082c2
SHA256 862c05fe168c498a41d4baa12c81759cfe911c6cc748bb6fb1466560f47818a4
SHA512 1cbbb3b719d1f317a68c0fd55ae5ae95e40fe4952f6b975eeccc572d9b19d0dad16e57e7ea2306892f15144e8befd0d286973d5e7e5b74cf3e6c6d7c3e18adb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d6c54b07bbf9d0c92a18bfa9e855aa47
SHA1 50cda5dbe2a20c7a399962f305857c8afe03de6d
SHA256 05f413f716ac68a408f0466a3aa6c09e0a7be647a8c441e4e4fd5a003afddec0
SHA512 d7c90e7a155f53a6d938ea16d52b84400df689387168d8d6eaf68b94ca705c2a60481215ac29679d93bf9fb4b428a164a4f665db3bdb2bdeec195b583c5e6b52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7646eae24a3b2447c4623320f7896219
SHA1 0c4eaa832c133ba2f513ba7c951d66797b5cdb6b
SHA256 f94c13aa0dd9d3467ee36558fd193fe5f756ff75cf66c95092347103c50a9458
SHA512 5bd322b5738c8249f4a9c82bb10f75ad73c39de078337189225fe4ac759beb1282891f5a2b776e98a44a1e7089b188103cfa4c5a45d707640e4604f9da296c74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 05654d6f33298ebedfdd5357334b5f9f
SHA1 6d61e9c3b15e3c818abc3c624d1e96364194d160
SHA256 19a30623ff20f2dd6302409cbeb2305b80ead590508c0543c7232e14cd3f310c
SHA512 29b178401271882539628cbc46a04beecdbde67e2e0854eea79da0de64067e04b777b3e2f6673f9f79258b58a1123c760a69768cf08f3ccbbf81efc1159f6ee6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367690773618673

MD5 eb391f30410db998759db92d105c1ded
SHA1 4a55dafc25ca140567479467ba9f6e2a382b67f1
SHA256 dd7cf35b7c19b8af3276a0356667dbf5b3d87b5482e17982bc02f8f8b6c6933c
SHA512 f4bbc31cc1dda461e312b4983fff2c1c1aebe63f25da269290403731ea948f1850d9dbfb8e920fea1c5fba353529454a708602f9035b9f4dac6ad2bbc48f6a4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 8c3bae226fbdb1b45893ddde5c35fe8c
SHA1 a97a5a390d6cc6e9523371c70c060662ff52107b
SHA256 59f227c5de85f70cf471b224f1e8f9fe5ba48e6f722e236126bc6edfcbf600aa
SHA512 3e9feabe76653387a5f55507426acda55b115fc9dd5f70c0e4cd243f95ad58882a8a1f2db580f5440ad822f1e186db45859922beda9a3805d0d75e7b4f927bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 1e458d7ba453d0c5e8a88551efae4da5
SHA1 3bd2433e281697bdded659a623984e72216c95c5
SHA256 a33a60cd6e74673d6b896e894f17d24d07904bbf33be54a1f0b9c139ac698d10
SHA512 df990b810f8b7f38f42de192b3fc14fd1b8a04d49edb63ecd1f67c6b754f83b94a73d15698dbc95ce658a0fd996c523f6c704e454ce26263fb1ecde2aab6e5e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 98e1ebe1d47a5c85ff6845eb5411559c
SHA1 a7bff28ca513eb97450ac611924688871e595a9d
SHA256 5fde89ba9ebc7d9db7da439e9f11918920017ce246b11a07357f4cdc8c517b53
SHA512 6ff48d11aa13b959d9f13d172cc203e8afdfd5f513bb4657ef4798acdbc2ccde7c5bcb43689e88a5eddcde71fa98ed5d69515ec0c971251b85b251403feb0766

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7095fc1263c54dc2075ebfd21ea01e7
SHA1 80c87ec952de4f72731e17ffa306a5caf30642e1
SHA256 68f91a7c8e53b114ca9fd61d7fdc39c51393920eb6f8862d2c5616ce3060141a
SHA512 d5fea0eab77cda272940e83d38d5d7df232ccbca762ff850316860b00677b105cf0beb0dabbbcf6deac412fb58d78e6543270cb8b44d7de2ca490b1bfa094bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 ab6ab31fbc80601ffb8ed2de18f4e3d3
SHA1 983df2e897edf98f32988ea814e1b97adfc01a01
SHA256 eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8
SHA512 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f60edc99a3b5dfb1654266f8f0f4e7c0
SHA1 c77d91c7c703277303e8275b0de3bd354da2d47b
SHA256 5d79a41da957dd503710d95f9237a9e71310a38048b660916deab979789af07d
SHA512 4b559d522fb44019a478011a08ee8e6b75d88068f5a7f72d952bdd669630f21713da295907d455d79a42190e93be62ae09ac04db4c0cfd2679b69441064d231b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72429025b80e33bf8d66b71935ec64a4
SHA1 e800090fc8479baa6d6931049764378cc8b7d139
SHA256 aa7b4ce4378d456d606ffaf947c92f2bfcb327539aad2fcd6c291c9c0b3f843e
SHA512 4ca3fb50392a905a9ca3c059aefecfde5c025e5a17dc1b328bd8590f24dec7aad09f06d3555ad787e06461fef2d34f653ea8d4eada4c98f9dcd6cab54f9ed4ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf604a634c7530768b976104f2f93645
SHA1 47048ccfca0a0b56eb0acbb7069e918d5ec19dea
SHA256 deb7999b294e0aa5d5d948d2c449ec71a129494543dbd3b340da3537383cf12b
SHA512 c989b49272003745f0af720d511ef87d2cd8bf1f7567a7c68b86043c9f62849cb3f27047287e41c2f13f75f3d8ac669adad34587839e9759acaa986f798dcb31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 069bc3b66d80db74fff0a0be3b193181
SHA1 bad5a47fc0e666c890e08b36ae4295a637c62287
SHA256 1f45f4786c077dc611824062955c79663e7be5310a00b94827b8edc15e849507
SHA512 e1fc42baa203b13b5e74308b47bd1303406571a4969e60dc6d699766228c34f41fd57c7145c77a268a18bdf41b94e7b99f2d122fb7afbaecad8d08b2d7182f31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 084c0bb9ec475efdd86bf687cfc2e7ac
SHA1 0f3c789db1da1988f0da66f037d98e00cd9caa49
SHA256 cf0f4e7c3cfaab2cd8330cf2ad1826ee4c4ecc39a0f1681d36af5d7ac07ae0b9
SHA512 0b746f55ccb81bf150ff3f3351b7535d68df655d96c3a352c665c282e2cd8baa906dd7acda17dc6c40dc47e8b329e1e2aa0a033f46b34ddf2bc728a5d3d84389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be1ad8b8882e2c59e04c4947e7d6bdf0
SHA1 6716f94a056c8c36d598b92abe6db7ad21865c2d
SHA256 95e3e2f49976242b88873d0f1bffcfe007e0010a6d4da5a881b13a4e02de6933
SHA512 8ce194cbc2b06694ead9d4db19dcbf1a633b21e1a45560686ce624aa25792dac6c333e5c86abb275a7e620c682dd565b9fa18d21cb16c3798a389e531b921936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71409904bac67cd8797ce5cda4269a17
SHA1 a0af02ffbee1669ac9311fe1e1faf0a521da4b26
SHA256 feaeff3328dc1257ed27e5173198f1eb393e79f28006b5d099dc0ec5c6f5c892
SHA512 3cb45a5210e2e61e12e5d5408a77615fc2ecbb945443483c494bed56f98f11f81dfe646f5c4bcd66caf6b3c56c6efc0b4148691f7a50a341af4f88fa237f07a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c302c39c66fdb10c13103d1b683b4bd
SHA1 30ace08b5ad160c244ea8049cfca7eff6843def7
SHA256 dfce76cb768e10c66e07b1b8b9f3de3dd95b112be6322cdb4173bfec3a9ea37a
SHA512 170e00563e34cee97518391ba5b28f5e2a09383bee7c88a31660a11a8516ef2f86cad3efe09e34e4e9d9bd3dbbc8f845dfa247f38afed398bc929b2fa7a6bf66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52a0b05a8f8ce939c48d070b8e54b358
SHA1 36b89e4b6d3d30727002fa41268bb07d524e0c6b
SHA256 fb7accbcfafa82b2fa975a13d8ff4e983562d7e0698253f2d1b2a00758080929
SHA512 c4cbdbe7948e96bba700234798703e6165fd802de4b2fa68aea2d91d84035a43378a474848a048cbeffffa8c84d6729112d1c413bdf2dcb82a5db82c20b7a50e