Malware Analysis Report

2024-11-15 06:02

Sample ID 240924-yajeys1eln
Target https://mega.nz/file/0zcHiZCI#0EaOlcOfcgQyXTT4Y0B2GGhRiZimZgbjfH30mBV-PH8
Tags
rhadamanthys discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/0zcHiZCI#0EaOlcOfcgQyXTT4Y0B2GGhRiZimZgbjfH30mBV-PH8 was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Suspicious use of SetThreadContext

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-24 19:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-24 19:34

Reported

2024-09-24 20:05

Platform

win10v2004-20240802-en

Max time kernel

1799s

Max time network

1737s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5004 created 2608 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\system32\sihost.exe

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5136 set thread context of 5004 N/A C:\Users\Admin\Downloads\Setup\Setup\NewSetup.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Setup\Setup\NewSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{776688F8-2461-478C-88E4-17A09E6BF369} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4060 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4060 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/0zcHiZCI#0EaOlcOfcgQyXTT4Y0B2GGhRiZimZgbjfH30mBV-PH8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3ef46f8,0x7ffba3ef4708,0x7ffba3ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4756 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x304 0x498

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7828 /prefetch:2

C:\Users\Admin\Downloads\Setup\Setup\NewSetup.exe

"C:\Users\Admin\Downloads\Setup\Setup\NewSetup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5004 -ip 5004

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 632

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5004 -ip 5004

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 640

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 14.125.203.66.in-addr.arpa udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gfs240n113.userstorage.mega.co.nz udp
SE 69.30.89.23:443 gfs240n113.userstorage.mega.co.nz tcp
SE 69.30.89.23:443 gfs240n113.userstorage.mega.co.nz tcp
SE 69.30.89.23:443 gfs240n113.userstorage.mega.co.nz tcp
SE 69.30.89.23:443 gfs240n113.userstorage.mega.co.nz tcp
US 8.8.8.8:53 23.89.30.69.in-addr.arpa udp
SE 69.30.89.23:443 gfs240n113.userstorage.mega.co.nz tcp
SE 69.30.89.23:443 gfs240n113.userstorage.mega.co.nz tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
GB 92.123.128.141:443 www.bing.com tcp
US 8.8.8.8:53 141.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 176.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 playvalorant.com udp
GB 3.9.51.5:443 playvalorant.com tcp
GB 3.9.51.5:443 playvalorant.com tcp
US 8.8.8.8:53 validation.identrust.com udp
US 8.8.8.8:53 5.51.9.3.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 104.18.4.5:80 validation.identrust.com tcp
US 8.8.8.8:53 cmp.osano.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 5.4.18.104.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
CZ 65.9.95.26:443 cmp.osano.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
CZ 65.9.95.96:80 crt.rootg2.amazontrust.com tcp
CZ 65.9.95.26:443 cmp.osano.com tcp
US 8.8.8.8:53 lolstatic-a.akamaihd.net udp
US 8.8.8.8:53 cmsassets.rgpub.io udp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net tcp
GB 2.20.12.104:443 cmsassets.rgpub.io tcp
US 8.8.8.8:53 26.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 96.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 13.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 87.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 104.12.20.2.in-addr.arpa udp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net udp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net tcp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net tcp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net tcp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net tcp
US 8.8.8.8:53 cdn.rgpub.io udp
GB 2.20.12.104:443 cmsassets.rgpub.io udp
GB 2.20.12.84:443 cdn.rgpub.io tcp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net udp
GB 2.20.12.84:443 cdn.rgpub.io tcp
US 8.8.8.8:53 xsso.playvalorant.com udp
GB 2.20.12.84:443 cdn.rgpub.io tcp
US 172.64.149.96:443 xsso.playvalorant.com tcp
GB 2.20.12.84:443 cdn.rgpub.io tcp
US 8.8.8.8:53 valorant.secure.dyn.riotcdn.net udp
GB 2.20.12.99:443 valorant.secure.dyn.riotcdn.net tcp
GB 2.20.12.99:443 valorant.secure.dyn.riotcdn.net tcp
US 8.8.8.8:53 auth.riotgames.com udp
US 104.16.120.50:443 auth.riotgames.com tcp
US 8.8.8.8:53 84.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 96.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 99.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 50.120.16.104.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 web-sdk-cdn.singular.net udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 consent.api.osano.com udp
GB 2.23.92.160:443 web-sdk-cdn.singular.net tcp
CZ 65.9.95.122:443 consent.api.osano.com tcp
CZ 65.9.97.224:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 sdk-api-v1.singular.net udp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
GB 2.23.92.154:443 sdk-api-v1.singular.net tcp
US 3.233.158.24:443 browser-intake-datadoghq.com tcp
US 3.233.158.24:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 160.92.23.2.in-addr.arpa udp
US 8.8.8.8:53 122.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 224.97.9.65.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.92.23.2.in-addr.arpa udp
US 8.8.8.8:53 24.158.233.3.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 3.233.158.24:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
GB 2.20.12.87:443 lolstatic-a.akamaihd.net udp
GB 2.20.12.104:443 cmsassets.rgpub.io udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 playvalorant.com udp
US 8.8.8.8:53 lolstatic-a.akamaihd.net udp
US 8.8.8.8:53 cmp.osano.com udp
GB 2.20.12.76:443 lolstatic-a.akamaihd.net udp
US 8.8.8.8:53 76.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 xsso.playvalorant.com udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
GB 92.123.128.146:443 www.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
US 3.233.158.25:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.135:443 th.bing.com tcp
GB 92.123.128.164:443 r.bing.com tcp
GB 92.123.128.164:443 r.bing.com tcp
GB 92.123.128.135:443 th.bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 25.158.233.3.in-addr.arpa udp
US 8.8.8.8:53 135.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 riotgames.com udp
GB 104.103.250.196:80 riotgames.com tcp
GB 104.103.250.196:80 riotgames.com tcp
US 8.8.8.8:53 www.riotgames.com udp
GB 23.194.8.4:80 www.riotgames.com tcp
GB 23.194.8.4:443 www.riotgames.com tcp
US 8.8.8.8:53 196.250.103.104.in-addr.arpa udp
GB 23.194.8.4:443 www.riotgames.com tcp
GB 23.194.8.4:443 www.riotgames.com tcp
GB 23.194.8.4:443 www.riotgames.com tcp
GB 23.194.8.4:443 www.riotgames.com tcp
GB 23.194.8.4:443 www.riotgames.com tcp
US 8.8.8.8:53 cdn.rgpub.io udp
US 8.8.8.8:53 cdn.ravenjs.com udp
US 151.101.130.217:443 cdn.ravenjs.com tcp
GB 2.19.117.104:443 udp
US 8.8.8.8:53 cmp.osano.com udp
US 8.8.8.8:53 auth.riotgames.com udp
US 8.8.8.8:53 fast.fonts.net udp
US 104.16.40.28:443 fast.fonts.net tcp
US 8.8.8.8:53 28.40.16.104.in-addr.arpa udp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 151.101.66.133:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.104:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
US 3.233.158.25:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 146.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
US 3.233.158.25:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
US 3.233.158.25:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
US 3.233.158.26:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 26.158.233.3.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
US 3.233.158.25:443 browser-intake-datadoghq.com tcp
US 8.8.8.8:53 browser-intake-datadoghq.com udp
US 3.233.158.26:443 browser-intake-datadoghq.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_4060_AHKXMGKPSGWOHLDJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 56aa35db1de0ebc15c2cd000906a4197
SHA1 d57c3f2dc4de14be3be7dfac9af34d2e9865910d
SHA256 9075da27999d3cae157a8ffcaf71ab8ea233d563bb19a18230c1000a86b69dc0
SHA512 8acb38a3310786085b95b39da629bb51f31e79d02b8b3c2e54dfe6a6120be22e4cb26c2d92b43f54071f9f368621baa8b75b3734e5f6ebcd7cfd5a5fc6763f92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b918275aad56c508bce1f37043df5ad
SHA1 2d15f35000b42bd4491a6f8978d0403578be8211
SHA256 b77e1a3db4e7d7d1cc6a40ffb6b1a72f9c530cb0bd93c8b199f853bad475168a
SHA512 4a99b6d126ae534699a92af842eb0ce46511053b4b1406ea5c735af34ea3d5a864c54282aa8a135000afc9740751524460dabd4ebcb8ca8263c25cefdbcc0d1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74ace52a7acf5b875f84f2058c300049
SHA1 78e3d20507c0f224282f8e2839c6c540686271de
SHA256 1c239d0c1592740e07141ecc8ead68479718ab16b1fef4ccc3cfacbecaa481a4
SHA512 1ee8e10755c4c689972f9ab5d241aff66d27439e80acf71f5092e8b646d459c9860137f7e73b81f116c31760cb7828c4eac8f950ae090752ff95ec28cd9822c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e17609ad9f91a3e940c044d828471bdb
SHA1 e1eb5202ecd5d19bb5da60a78a031bcf7bc5fd75
SHA256 09b51329aa026f9d562b58525a222aca070c81a46bf7e962bca855b0c458b5a0
SHA512 20731c767f944ce87c52f4e9403fbf6541ef4edb598cc1baa65126ce2af019e5fe94ca40830607ab3545ffac4a6c51dbd183a02a107bf4d8b50bd3777bff60e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a4fa2d14bce11ec1734f3ba67fa12ef6
SHA1 cfa7bc6113bde0ba202643878a46f2b7844c2be1
SHA256 734188fde7da6cd60bfeacc92c16e44c8de49a67370a7d4ed6605ce3b2442f3e
SHA512 8f53ae0981e1c87c36ef31713b3c5f1d473b9d675c20956dc7889f2b7234b78e2303d7ed325ff1321e18471c128313e74fd45a68d412e215754ebef0da2fda09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f05a154303a38d49387d4d5ff09a108
SHA1 3a0a4a2b1189df150dd6871b0497f1310b420648
SHA256 f234e5e7ed813f198a8e922f214a463aeb6c0c2c308296ac5ef66ac65c6a6e35
SHA512 82b94f2408f0c1aad737c7048e12fb7b36976bb8e43a38abfce18d03bb37f6e55601ac18a32a4656729e4cf7bc00336df13284a620c7a6a62645fa9d903d6428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d745.TMP

MD5 0d08b17227100510f229aff972777449
SHA1 3da5331698932ceb58a1a8052047923fd22cf113
SHA256 39d367601de9424f765287550800794f96b97470621a629a39026977f5cc46bb
SHA512 0f8898b5940c57b648776dca5f16cfcf741f3144b452309be537fe75c2249a7dfd7fad7da14c25a2820f82b59b53851c6fef18f997084d411374b861a8b85c97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 e5c0848bec1c488b12fe59118f5154b4
SHA1 6fd5569f8b40ce3b2d1d72f188a445ebef2c6fc6
SHA256 93f7cf5f232f61f219cca4822f49c0ce8dbcdbe6d354f3803447a190b219a62c
SHA512 11b819f6a01b965186f5995448d39b50f218ef76b72b54da79b8e2316e4f07ed36903911e17444db696780cb026a9026fb6200e114d098d279d85a34637e9da3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e0b4742e0ef769e8046d1df756af0c7f
SHA1 2b911902e379e7a9649eb788a7c15e48f6c54765
SHA256 c0f9e7a59c7b4d2463564495a9cf8cb6b84c42804e3b82d5eff47bffd4482e20
SHA512 cd69c377595d4e1a9c686719833f12e335a430a6b38bcee48691226640c8ab119c273aaf22f4f01be3f5c30e6652a68d9ba400b4968d81fa2295700f569efd5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f211.TMP

MD5 4391c0698c3ebb53e2c1ccf24ebc765c
SHA1 6d1676a8198229bb29a5c9abad0cd575daedab5f
SHA256 dfa9e5ad28cf3406027914b829b046cffb143c3f5b844a226b22438b01703443
SHA512 62514cb88ee57c8bfdd762c0dded269ce61f7ea66c61d294937921ff09aca148164bdf84a75e6c01672a3e0d19a9bd6c63ca4a572540a5fac1c5a3cd10062bbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 950cdaa585599a4e5bba5e3027b609f8
SHA1 26944a5b41c33916b6aa6f47036d7a8ddb0da08e
SHA256 c860a6e5b75668ac412d69fa7b63e1aa5ef9cc69d8e488b18195975dbc85ea44
SHA512 2f82fa4ae2a10c418dbe42327b8dd93d9bff77719b1adb458713f51c3b205a2522ac89e0aab61938ab29e8e0d7e357d20efec1fb8e2f8bc15c65be0f1384a7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 75847ba886fca627a34623f08c47c5e6
SHA1 cbf5534a9b0e09b1744efc71dfcdded10b4a32d4
SHA256 2c636968af455da7cd23a1c21fb8f326792aef0232682c1262d0e82b9716ce6a
SHA512 b0225216a72c371cd1576d8f56fcaa532d69366a10e9ad197b546f34e5a0b0188da92428746fa10a8c8a72f8350f06a42845a9657f90dec30717e8c3ae8d5159

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4c669fca25d7e85e552103b3a3abd7c2
SHA1 d9c3156872d8f1322845bee5812c825c64cde0f7
SHA256 2d6dc37652fb7574c6b8dee0b382f08ae7af0436af70b2a198402bb5c39d82ad
SHA512 cc28158f6dd4aadfced6cdedd870a58cbc30528c5980149cd4bcaecf6d032f45d6ef6e3575330e245c529505ff859195aec4fd12f19aa1e91646104e68d6b091

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b88b32a93db3fba33db0e49a0304f2c
SHA1 ec54999e7f54721e8a5f984f824daac3524ffae8
SHA256 c86b0c5bbd750400b93a08734a870b7e143cdf1ed2347661e83d6dedb339d377
SHA512 57dd32a4162e2060b1d7f4842128490c2b81d2d12db57115eaffaa487e539ba3173ce4365045ff02163ad55d2d0784d3d6f3e811d9f1a210460ade1b11f0f96d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 52e38a68c05fe254f215c8215a7d6a2f
SHA1 00f64d78de2374c3c246b87da2a92626ea71f44a
SHA256 bde3bdf4a0eef56f3c96123f5641a3d4805ec28693874ef68047c11113653857
SHA512 03ffbac5e58901e04cc54b8617e71e59f42db13755190ffc53a4cc50cefe8a74109f675244e3642df5c61278fd6afe075d1adcec50e3ec5b98a29df8cf7b871a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 5aeb3890e1a5f612cefcc9928d3557f3
SHA1 a3876b96d829ed13d07ff784682a85027644287b
SHA256 13f0c33cfdfde899749d95fa7d3c427bb94b9ebfd5362c8eb2446c466d63afdd
SHA512 b67642538ebc7c01f03226c67db9687698cec19079cacd5493aab833e1a08496f31293178b1cca62a27aadf01ccfd4a971078a28d83dc4dbf3c41b828b342f25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 7afad668e927299e10a33c553bfdc03b
SHA1 2354613c23fa2a2a2c688b08bf7ac81d89a46067
SHA256 c7d40c1539d75d1a5db9c067bc929b094ed1779299969b9c4c56d2d24cb0ab53
SHA512 227941bc6c230d34fbfb7fd4c569f9c72ecc4272633788aaa199233fcf767099c48eabd833bfe51b6db1dee98e94b8748250791ba054af6976b92475614e816e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 47080027520da0dd5e563f2f1c58f918
SHA1 61ba9f6814d4527ea3ca8226f1acdcab4e1dae8e
SHA256 f7fbc91998267a0a54f8689f12237b4d8940d8f7179075e850ded31ba269887a
SHA512 21de873d98cd8d675c96db5e3928964b16aa8c06866b9f4d0d1890d837f72fffc4878f1057b11dba7ee789b4c9760113936c71cd73f98f74b7ec5128e3d818ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 7e6d312b8424250a62a95c1c6c8de950
SHA1 2d6ef022da92fcfa7c1b0274e822060d953deda8
SHA256 1ff2d0e2a8b953be6322433753f31a25773c742e413cbcee45efea127798d9c5
SHA512 fd5ba1eaefe120ec102b982aa0ac1d387ffbafee910225dbb3ca8dd21f444ebe31767362f7f9b041c42d0040c32ec19db5f9fadd3950b9c207e5d712b7ebf982

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 3c795ce971eac4171a243f56a51621e5
SHA1 778e00b7042358ca7d0523892933e400d3543bbb
SHA256 5713ef3b7dcb7ce30fbe7d22eafda017a57da9dad25bca4c0bc04993afdc1244
SHA512 7954d2323503c14df2636562e7292e0edc744515a21cfb7a1275b03ff0b90ac026bb857c1ba9b6af6b55b0a446dc32ab1185fa2cf102de037c72460cd83db25e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 f8fa0953c7252e62843ca9e002bf719b
SHA1 d8dc525d3b8655e061f5f38926f59cd928d5b38e
SHA256 e2526fe84d2acc97823832df82b17cd4a114cbee2c2be50304b1549baf884b8f
SHA512 6defea43900dd925a17412d67e9dbe8ebc3e3fd57c95243d7799c8e510a4b4a9ae6e30285531baf98910cc6a9786215fe068231643c40b71de93f0678280f3e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 a55c0688d765a6f6a92f8b06dbd29822
SHA1 baa1dc096d0aed1a8a58206e4bae07996b2b892a
SHA256 23c14e8b8ab4c08a6b7214dc077692a9fecf6132a60ab01d5d52a868f1ed3589
SHA512 c1f433073d16c3f8ce20a5376bc2c23343bbc9d0cad680fa0e47d936d5a3942c9381f9273d847335874a022512a4f4a25de1d44cea1cc49d1cce951c62bda0b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 645dd701b817837ec5ee1a8e7df02c71
SHA1 afa08b59771f8054d4c0874e734d2d6c3d98b551
SHA256 d184f59402ae9b05de4bd8cfa60c1a89a6fdcbe382899486e8db84e75e376932
SHA512 f5d061c38f7aee04604270e294d6ddc49797eca4938b0ad304b5c9b45f59633e7bd9b5d78b06406b803897403572c9b0be4bce11bfee12934b462aa3191b3b18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 4418bd1dbea205cff348482533bb9070
SHA1 e842bb6fbea2c099c57f839f0e729dbb926003b9
SHA256 1d5bd403953287433c1c28681d3664a51f4c034b2b879ae8b2e5273977e924ab
SHA512 b4369cbcc55323641722114a1eebafb8140fa1819e88c864a08f64f6c8e83517af2b323f4db3d1fc36514572585e0beafeb71460379797e868128419a4b77815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 b4baa7f66aa0b4372e2572b04df16618
SHA1 1350ad624b8aeaa1ad12a3ab8bf27f5869fa04cc
SHA256 af66730143f938fe19786e37da18d49827ff9a4b44275bf764689b82c8ebdc58
SHA512 8de423c037bdb39d060378d2b0b97ebde4d8a8610c6d1991c79f3bcc23e89f8b512632269ddb26761115f521fed6da982671c967e21f4210ef6b09ee98626b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 875ce85899f42e9ec6eb746e12941a36
SHA1 3dea50b88956403abfe2d825f0b11a477aeacb0b
SHA256 be47b0de34a09bb926b752ab9162f31a6a26e8bba6501914e529414f01bb6644
SHA512 735296642c7cd1687d87c8e5e8397a5d4fb28f4ebf06c66cd19fcc25afc706e6ec14bc663595c0cb34d44ca565daa9abb2a5a41a6a6f89fc4249a0704357e586

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 962e668fa8244d91b72a0f3ee5a7e142
SHA1 5795546978310ac7746f5bcf973380154bbc2868
SHA256 850a20559cb200003b7d6cc520e8c8580da1275e938a2ec565bb8ba51556aa96
SHA512 e3b50261dd59b76885d9e0ebe27dc4a2cfdee3145381fec42cfcd0ff04327df93a9074768d95e7a329d820e297771c6aa891e55b2e628eb59da9d8edeffc03ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 c711ca2b628926b9e2ce16fbc97cc176
SHA1 55b80c157eb21b7cf5f434998928a9c0db8a0579
SHA256 b01838efd9948f89ba1bf4baad82e6e0f81ac6bc5cfbfbaf09fa41b3f7b8ba8a
SHA512 09aa3303fbe7235bc963b7ecf9893ce371e0cce351216d90ff854707f9466996c08433dae0780ffb0378296d4fc8e24477dc12f12dfc30c2b9e134e814d7a8af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 d7a11128a0b0f2dbe6b957bb678592a5
SHA1 3482e902081e3736f833a78781d9450acfc3e742
SHA256 55a0138d9a655bc7c8e7449a218f5d434a80d1987781bde35f2380faa7ae3a70
SHA512 d42691261a7b3fe74af2b4b0e60e77dc59e41193ea582de644ca5cf91a9645c6458f55eed6792ff45c2c4b8ec84be7b643e587eed2707d1e8d77df96b3b0bec1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 27565030df2115123ddb2ece0094b645
SHA1 ebf93442de2d95a95aed4ccbeab1d2539d0d36f9
SHA256 e9f67539f90ad21409e79e8efb1fe57a472b76e8b88db82762a59c00cf8bdcbe
SHA512 4dd7a44c139d69d8e4816048b6ef1b939e5b76074a4d1cf5c921df1cdf56e25ad1e38f56424573b25fbbdafe7deb93dceb7e7d289348e3dfd2a4eda56e6f905a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3ae3514de61a6bb921ab0d2d3c3e0e05
SHA1 8205a196b3d2d5632b986b06888d318a662110c5
SHA256 a4154f863124ee02bbc16b3aa8e689d741cbcaad3dd8a2bc7d358c895f2c7353
SHA512 edbb227b97c22fe508d8717caea327593f335502460ed5274df47f9d456d2d8bb673d0b7b0178ff4bcceae7f4222ba763c8db9651e49c369a5d333f36bc9a9f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 760bcc93333b6af3800503030dc46fa0
SHA1 04315aaaf38046a528ce788df7019a1c2bd1ee6c
SHA256 4c43686909a4bed301e6c53ba6043376b827a89625f875f895f4e1259f215611
SHA512 23a4cf95193e04560ab21f8fd5f7fb61a99395fb0a6db50dc8aba6f9e4ae588a1c8c3dd2141dee10a50c15c19eb170c7c8386ccbdfaec422c6e68a95fd0be28b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 173bc49286a747489c14ebd324e54e1b
SHA1 777ae5d57613a5cd040d165bad144872fd231084
SHA256 68106c8dd874c92bbe9b89b6f4e6cd9693a36cde707abbd8a1c770f38c62996e
SHA512 c1b45186ca423789f92ddc49a8692d89681e5c9d61b686197b0fb7d4526f74ad23902f89e519f3467c407e8e76ec1315aa335bd2abb54ad5d99583039372c48b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 ec446cff69585f5d58baa0e39d6ac404
SHA1 b53e2810271914ab48f6bf578cefcc5809d26aa3
SHA256 760a7b263154ac879f8b87f8b0fdb2679ae79f1546b5d5d68c41ec2e81b9989d
SHA512 f4695ea0dcc31aff7713d621988389d09730a1e632a91462294d772ffec1d6c90f15f5ab2f60ccde59af4a1fa617c95250119a35f47c94969b263b1d21c355a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 8c90891dfa79fcd1471cd787eaf61d75
SHA1 360f76ac6658b4a5b4dbd7e7be4e10b50ee3ef43
SHA256 12d877bac435a562f2fc08a202e9dc64dbce6ee63c562c1faac12b025cae7cc4
SHA512 2dbd43f28f093e87c2d8a71ded92cadae8fc7f52d3996f38dc1f98f8e472ef298976392771643ee8b4a90d9b56e5efd455a9fa95d273cfa7a18331b85e076d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 48f17d2130a7feb18c968d0a80efdb4f
SHA1 e7fa9d8192f1abea70ac9470fc24f805721882cd
SHA256 c77e7c9768b399deaf34ee37c047fa00da10feabd3ef60714a957fc1c7a6703e
SHA512 fe8f816dc93f0b8a2f944f85be83508b372c989e3dee2e11ed2d3df09c7173b909b56a15d1ca19730d9fb4af33d1a93b11db8147ba70102d3d0453629c36920d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3bdde5b74189f4b9_0

MD5 f56eae4f0aa56b3b329d7eb473c02c75
SHA1 38860112b5cb1189d767ad5b234e8f4a587151fd
SHA256 e381502168d39e5b1f12d0deb5d5510f74ab94d9dda538b9ddd81c66f6cab703
SHA512 a0445a1c3763d08575a6dcd77141e78769729db581315a0f17922fec2a4094ce63d02b80b6f8b4d8b416b62923b3df86e6cd6fe8e6c2444c716ee744556d8ae0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7686d75a640dbc27_0

MD5 17e06f660daba053581ebde64f18a08b
SHA1 50ad5f342a6292e93b6c97984dc1945b0cbf3160
SHA256 3cbdb2c1cf5907cc8bf60782a921146d3e2673ae4df56016212ba2ac9cbc2dc3
SHA512 daeaed1b18c2578296b8c75475a85385f7e90d925f4a0f331f63ae69d23dc83b77eb61d5e8fef74a0422310c521cd94e6637ceed078cfce9fdc1b3831830a705

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac781a6ba48ceaa2_0

MD5 32a921374b46dfeca21d838acda709f3
SHA1 6b69369982a3e1fe157d2eec66e93ee7ed617f5a
SHA256 3a9085c96df676aeead0e48a347e296ba5393d487dbde4d6cccf8bab85410d22
SHA512 c86a5cdb0785f5863ed78c61d8f01dbebcaf19598033d843e42e0a70bc571b596dcab928d5b6f50dd9f8c95aba380d916dc97fd95602afc2f67564a8e073e8c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c9c5982f27be5cd8_0

MD5 8dce20f95ec8881bf71a7cb1ae68ad43
SHA1 cb0cf92c04a728ef1a2d6e738509dd7e17ebf088
SHA256 2a4e108305328a82c124b5233d16f2a32d7659e8b6abc2689194debbce2c6563
SHA512 c13b364fa938a20ab582ef6e52d268c70d6d713a9215c98210a3cc6a03bdfff03aa1eac8fb5d15dd2b342700088924de549f00e52b6fcaad57d5c1ed69c34be2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8175f318bbe986d1_0

MD5 99c79c577ba5da4082f350bfb353fc58
SHA1 38fa5458bfe1cf180307fbec02395017fd8ef109
SHA256 3dc77cdc617172cc421f7619e25a580e7fbd1463f8a7ca5caeb59d4b9f4c817b
SHA512 d82a715a850a59758a316ca8044728c689b971950a644c70c7716f2b3f631ad4a42c0ab3636f63dc7815b941855eba54332c51f0e866c2f2964a88633af4b8f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54969d7f7153cb43_0

MD5 d767c0df2338c2e6fc953ddf71ef7b8b
SHA1 c48dd53eb91ddf0ed9914135001717290bd19aef
SHA256 18fa43f0ec0d60169a1c89c304e1e2f77fdfa721ebf4f9e0c2ceb4e72138c008
SHA512 4d7415c382c914da3391c6b04b286748ca4c736680dc51b84a40a1f9952fe7b31f1da6507d7a675f783c6d1cc3354ac1d8ca4c285a9380e190d35b39506d30c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0357369729b7fd49_0

MD5 1616a85d7277b1b40b3098a736acf73b
SHA1 8e93f270e5995f31cbb93c2d8c1cd7c6f75fe465
SHA256 9b7bdcaf21b07415d3c4b9910f40eef1cdab64df7ac4f4b4764e20aab27abf9b
SHA512 007d093fdb286d3ec47eae532f5ac0444e1a057cf071b9daa2c304b1fcea831261d37759c60bafe867cbd778fd5b62216b1a86bb3b9d6cae86525d9fa9bff230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e864c483ddac5f3_0

MD5 340627af1f9d7ee6c5feadccfaf6d124
SHA1 644b4924a53d649375b870716563d127b7a62872
SHA256 040c6f117b4042d0e8e861237e7fef9de0594f7aac9fec1ac1e77abe36b2b78e
SHA512 a178fbd4bc2c6bdcbd3202064b43ab9099130be8db06e2f20792ccdc113441a5815b3dbbdae208e90001dfc03fb3261ac4b8ea8bbeb92a45ead6ef7dcc45f219

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9d209829e564ca92_0

MD5 bebc098fa5dafc2e7ed9cb91634121b1
SHA1 9bd480e7a3c9a8d7f949061b127dc5d18e54e1c9
SHA256 bc379629b57c586e56f2264d1a7ffe719a8d63522ad05da6df9ee176f80fc621
SHA512 596f843a01f667ee8e9c8493c2ee1bd962075f70b1409382b564409a8db2f1b6f9b9849f1d0ca83680c3b4876373adbd8e7c39222e4a2cf29fa3cde076029fe7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e47c0b04ac9b8f8_0

MD5 26e2443c9ed751b43204b5f03dd8b6ee
SHA1 62359be440fec30bd183d6818bb364c083beb3af
SHA256 8ff2dbc226fdffecde4bdb97b39c016c8670c7861e79fd726a9039053d9758b0
SHA512 e1f3550e49651911c45f9ddf234ab9bcc87301ab13491758aa35d7d17d7a23bcf26f3a039f13ae8e52399e9c4ccf0ed6be9c176e82cacf28a5465c8598372815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69daf5f633ad5701_0

MD5 2d6b6bb77a94d8be0825365492c3dc5b
SHA1 90dc170fe90b13dc216a858bb8ae54a18c62f43f
SHA256 6a828478fdfd2d2cef58eaec62f713b67f47124ab3f86ec649036d881eba2b69
SHA512 69caac7da3a61ee8d5c1afed959435190226d46530f5acf03b3d4650cfd5e3fb538c6bcc96d52235be8c614b359b15a9a4bb796be5ef583a80977b8626c85b41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a54583876fc0411ad61e5efd9bdd47d
SHA1 8c6d7b5ba9359065801ce27f74a8964a9160c2dd
SHA256 513ce2c07a5dd358637d87fd5a4e33297626dfd584b2b1b7743307dcf79a943a
SHA512 2fc66b27959e158b544f1530916064bab15a47d48451011e87311acba43d4e3ef65515f66fe5a129fe976d47bd2c4b6593f9ab9b9c1a4a68a4e09cbeb66a3a66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fddb265873b9ec648a5a902c1ca04cc
SHA1 756699c59858ba25c4e426b3189b27ef050a3b47
SHA256 cac804b3a74a696e769ea0398c45fff16c7efa1657870104eb7dd0bfb364b680
SHA512 05a3735190421ae51b1dcee2cda218373804da961d8470bf85d3c53121530dc40cb8b5f9ee7a1debad6a145e6dbee920d43398686004bc93d407126ff49260b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 226a924190ee2aa873f2919d9d43c0a6
SHA1 26a99f0b98419dcf3561adc85a034c268fc6a7e8
SHA256 5e14fb0ca6512e6b46e57e6230a8ff40d2436e3d4f67699f3a61e03c32155302
SHA512 2b64813b288d01a7e6c0f5d5f5dd3cb4a7f89cb612ac247a9a76dbf1e311a9d5f04ceefc8d583975d7f36844e8341335101fc64a41a2325a3cccab00517e000f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 54bf57b596dff734a6b3b3b0af7135f4
SHA1 266cec73b80f17ddd9bfce299b799ebf46c72c39
SHA256 931c68e602f1ad18fa1618833b870a5fdb47ff4cfd8921debe013b800d7962b6
SHA512 4042cf71b383f43ff9dba0099107be71d985dd39f79dc76397054f6ac27571943dbdc5ba6f7d152e3bc38a87431ec2a5a50ac5d0f7b2ad2c5aed8936564170ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6bd18183b368ee15d34327df0b6c310e
SHA1 19e04dac8793c9e69c0a92709e6f4a1cf2788085
SHA256 49b4982609ae0a7780b530129e7e0a328b2775ae605575d63ef3f2e961608d88
SHA512 505e40ea7b611a180354024363734cd63b175d22ad7dbcbcb529b47d7d33b0a3816658f49d14291ed10a1d5d8a18dfd40cbbd08904f3e1dd750e5c15e47dbe10

memory/5136-943-0x0000000000B60000-0x0000000000BD2000-memory.dmp

memory/5004-945-0x0000000000400000-0x000000000047E000-memory.dmp

memory/5004-947-0x0000000000400000-0x000000000047E000-memory.dmp

memory/5004-949-0x0000000000400000-0x000000000047E000-memory.dmp

memory/5004-950-0x00000000040B0000-0x00000000044B0000-memory.dmp

memory/5004-952-0x00007FFBB29D0000-0x00007FFBB2BC5000-memory.dmp

memory/5004-951-0x00000000040B0000-0x00000000044B0000-memory.dmp

memory/5004-954-0x00000000761F0000-0x0000000076405000-memory.dmp

memory/4720-955-0x0000000000BC0000-0x0000000000BC9000-memory.dmp

memory/4720-957-0x0000000002B10000-0x0000000002F10000-memory.dmp

memory/4720-958-0x00007FFBB29D0000-0x00007FFBB2BC5000-memory.dmp

memory/4720-960-0x00000000761F0000-0x0000000076405000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c10415ad7241d7230b0c45374367183a
SHA1 01592e5f6373ba75a5f76df3bd7bac7c39a6f8b6
SHA256 4f8038dae50280d03fea0e430edaa7aaf5c5b448ae3319f3b8dd354f45eccea3
SHA512 caa5ddae54409dba53daf363090821957995a22f37f3aa8776862d70a4e06f125614e0ae3a56d4f9bae32bf7572b4c55bbbc0f9e29d3fedea0d560c2f499b6c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 76d36ae60b1562a021d8b5fea0eeff5b
SHA1 3a4368dbc15f4c2640e01c0ec5605ea79528e24a
SHA256 75d465d2cf2e431f8a7b69bc973fc18ba7094cc7470830cbdd9a7d4590b9ec96
SHA512 cfed9fcd7008268e83c8b8e8f5acb0cbf80c9e49d38e76f3ce95dd9c9880ab8ed98248e9a607229e21d2552eccdfa75e4e8576eea50d6bbae499b3b1617fcab2

memory/4472-988-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-990-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-989-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-1000-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-999-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-998-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-997-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-996-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-995-0x0000020288660000-0x0000020288661000-memory.dmp

memory/4472-994-0x0000020288660000-0x0000020288661000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1b5b6fdf82fcee71b1d64979fe53707b
SHA1 d21d20ba207f74006356131d885040edc951ac5f
SHA256 e0e85b20f103375fc22dd0048c2599229c99449a82481add9e0588817a92e8b3
SHA512 c1ae51c939ea55114d9ebfc6070ca5962e67c7ce01ffbf67acd388a26bbbc3293bdd5219d375c9b230524b7c9968aafa4e90b96e0dd6224516526af228a2cee3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3242cb7d2de78498ff11096318cd6feb
SHA1 c178977c9c57c9b102896eeeec4c77f79f1036d0
SHA256 baa8789ff49af5172350a756b346bec8bb8f482c3ed39507a214731dac4b333a
SHA512 217eb77348a9111605ccdaaab5c7eca30deef2fd8e8b5380342c2e6982de8db1f00485d88fc1f22fb98e5b956a8ad8c85a9bc39d3a0d537d28453b72aacf4c52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ffd44fb96663e64d3b60b7e43099c01
SHA1 a949c6d45d894f6c8c1c672cd3c8a34c16d00f04
SHA256 d3e13625bc740d2925d0b0444cfb442a1dbf32943f8a2f0136ea0a892fe406a7
SHA512 9992277d235e32847d498d8727ab79318a8abc049ed90927ca73eada0e0c3bfdf4322d0e861730449abe9ff76465326dc62ed11deecc0bbf26fe8ed451ab6ef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ff3015c446cab1cbcbfbc048443bcb48
SHA1 6f8412438f880a0fbd433cdd18850c9301195334
SHA256 2ac2bc30cdaa0024c33dc55bd6fc5104809d26396980316decdc7306ec32f4a5
SHA512 3a5d58830a7019b8861dd3009252660a49d615223abdac8c056b4b731059d7a578e35d969ac72d61a4a0a4cfe85d735cc3ea5a42688bb5e54d1f1d7e6dc2a34a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf6390aa6a20915eac1dd21739b3d6a3
SHA1 fe6de9bbf73220b1dc0c889b4a9d8925b7f8fbcb
SHA256 13dbde37213e463663e0ddbe838a35e8a14c912f1c4f735d3f6649d898386934
SHA512 b1c7dc851869c28bb1342702b3c9d60356bf3657c0925ccab2aa2b38f661b15f3e11824751445b257308da024be47673ce65422c271d4898c63743af594fe0f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 3fa3fda65e1e29312e0a0eb8a939d0e8
SHA1 8d98d28790074ad68d2715d0c323e985b9f3240e
SHA256 ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b
SHA512 4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 929b1f88aa0b766609e4ca5b9770dc24
SHA1 c1f16f77e4f4aecc80dadd25ea15ed10936cc901
SHA256 965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074
SHA512 fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad77a003f4b83b5eb5e81e68811fddd3
SHA1 4ab222d793c72a237f5978a5b923b8e0dc86fe1d
SHA256 d03c1d8684ed840a38d5b0bcdae5e2ad0ae0e3fef38eae73b4ad21a48e107314
SHA512 841ade19d9391805b255571a4a7d0c0d3b8a91a2a26f53278efb02546d326a35c1cfe423be72f3794ca27e8108277ca891a42f444894e8743c17e1221a2569a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8967cdd0201f53ebd514b3cb5479576
SHA1 8cfcd8b1256505d879ea0e0d28844dbdf6468881
SHA256 5dc066bae828dc7a5a44094a26c41e5edeb62e9c48df336a67cfb8d035e99211
SHA512 8fac6861fa640546556dd5d7004a18809940c06e3cd7d129689515c27074946169c7e625755fdf67db83f05ffce82eb284a9241adc79bdc5c2cd65e3f5827c08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ff87beefedd9d2c57a72518b3465ae6
SHA1 0c2e5c86b864071b53b877c91b886f3f4c29e841
SHA256 782a67e6eca65084bfb5a418f3e69a53af9e3b0136a0b02c8b6b011a9f8ef8b7
SHA512 5d4e9a201c48be24cc8094ae8d029a6de9c9afab12a96ea1ff4a22e03e5831638af7d0c7399026c8df751d044b5888162e2d17c19b0ea746d42afb9b06b3b0a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 56d006ae9604c6dd7d3b90244c721d5e
SHA1 d7d0361ae28d73b5b804fdb516fe1e6366551fa0
SHA256 9c6c14921f3c9aca9752fc6dfd39a28dee157d4b28b6185bf2b8e98d13fcd63d
SHA512 661c35110ff235ad34988056f1d87ba37e5a126c0a0d0d9efd8c51a896ee135fbbfa421323e2f4d7adde825365f365fc14471b7aeb019f15e2c89079b40bb9ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0404756d35b786d406cf7c818a88600b
SHA1 6805b80010ffd065fea87379f5583153990ae508
SHA256 d33cbb6ffaa9f7524beb57be745822f5dec5adcde2ec433ec3f7e5068220bb71
SHA512 5f7327d18f1f2fc8cd5b71f9b6fbf7b372309ff62bfbef949fdafa59fb5c3fd2ba5ce07431460c815e827f843d823c5428a00f266a43a2ffb2b3941b6aa5e064

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 202e4c32597769d69f99f8c638be4aae
SHA1 05d40a80f70dfc8590f16196c507e484bb711ce8
SHA256 5da577053a619d689f55db9457d49e182af0189010ff9292398d6cea7aa5f722
SHA512 8a24e6f35f3db1ca290b9d7fe8571ea360fa20062f752262f2f261e6669115209261e0c3afee457dd35e02fe424f75eb7f377e5f1290c32b06f3ed3f50387e38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2da95f3805b9c82e770a56d5fed4dd93
SHA1 a5c53ca5f002714fd086f27140f7b49acfafc666
SHA256 1845cfd97f57d4819453e3db634458d9fe3a5062820a161d720de5b7eb156078
SHA512 0e840ed1a882680f0723f837408e6c92336213de868dcb8ef7145803770d33cdfe9461605fdd308a36bd03b596cf97c41d5f5f69b6334bad332e2110968fa99c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2c13c3996681d66a249ef8b474b64e9b
SHA1 978327abb11ee11a145482be09ae76f6bf1d3c64
SHA256 a695bd07e44e34da0f8d2dc68294afa5ff8cbc275afa1ae759b649b882ff5f7a
SHA512 4fc52c5f1b8d9af8bce4b03fdd6bddb360a49541c4a008ce30c0c3bd073caea65a756d8065598492662226cbadae3c923df00e3780eb6cf016d2ec898b1618f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3eaf75f0a1cfef019a47351c2900e960
SHA1 68a2dfd567b52cc43738b068bd8ca79c3c4bcdf0
SHA256 66aa416735bcd898993fd7f99dcb907c066653c3ad90025b6848d3f8cbcab452
SHA512 67758d85f901d53554358ebbdc529c7982a47f900776c2161a0b44ae33c97caef9682c3ff4a6c261e189a26df09ee6b0188abde6803eb538a92576f3ebaf32ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17c6f1df3c2c1075d96451ea84bb766c
SHA1 8987859d5ca70edcf1dd39480039d549b8d7c602
SHA256 412d12c58da1825b0f53d9b2c8af9da3a2e7432593f86dbe86efc2a4d3db03fd
SHA512 d65f1f37592edbf79211e0382d8ffa3a79b1cb6c3e11ccf8ad5aab492e09bfd7df5c2e092ca220e3e06935023026f5485d893c29ee4e49af3aaf90929e08cb96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2936b77446f401de5cdf3f64e1067599
SHA1 be09ccd3cda71361a1e8b098f32b3757bcdaa05b
SHA256 de054d7e3fad54044bc7ae07c61ee38fd7b47c7c71538402b378fb93d69a568d
SHA512 105f02633b7b11637ded3be73e2d41c54f95240cdb5ee5cb5406a7a75b91fd83ccced1cd62d9e35786f87549d7e283bcfe8fcb477de31c18b5982805ae4c3baa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d033fd4b0180ea24e004408be836eae0
SHA1 80a34cd11db759910aa72c445cd4478aade6b476
SHA256 ae682b45c289d91cb06b37f2dc6c2d53bc2ea4c47086d611aeb6888659e40109
SHA512 398c3f229764e663525794a19eb0ec16a4b3d202bc24a03584ae5a2ae18ec6edbc87afcb7e26c63a091c411d7924c9187789252f7e5b3b6add0d9f7ffe951959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fb6a68e8c8ea268830a04023629548c
SHA1 0ed9502cf08703299d51a8319606d4746e6f7c78
SHA256 94f106b70bb019f46bb2d1acff3879632cb2e920190fb97058ebcac858b2739b
SHA512 58ad5afde8f77d957272282b59f1ed6c60a4a3992535ea3436e3ea2f45607c3eb15353c18c126bcf93e1af41fbbeec151b12e69fc676ba6e175e0ce7f592a04c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e41d4f784f90bcafa139d9df8523c1bf
SHA1 39d03c66a43b0fe2fab7a3a2b0c81467197739da
SHA256 6afdf98b246bba3ad31380edeb0237fd470907e57f2928749dfbb29827165f14
SHA512 1a2701aa93c706e762ec44836f678e3238214641c8377b087b26d8eb3e87e9b2a9bc8ffb194878bb40644bbb811d888ec3e9560c2eec4c2aa3be2c6e5dd85758

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d42cd2ead21bc524fa7d09b7b239b163
SHA1 f4cf9d04d236069c40a6199a1b5b81e5fb26ddd7
SHA256 cd57114e8ef40074f4aad46a61ad1dd9e150e9ac4f28efb4f75970ed97c84c01
SHA512 9800bb794c2385098842f21ef8e4c661f6601a53e579c0d17940236ee7a45226982018093b771927a38444697756974cd84d3a0fb6bb8a74f0c35eafe587a630

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0f5398498e6cfcc60aeb314314d3a55f
SHA1 59c446e398afd7f9e8655c46cb979088fd993b3e
SHA256 8595d18b128eddf0969d37867e151d43ba9458ade3d1483fccfdbdf1216f14d5
SHA512 2a246f39f02d4bc7609b2475a59f3addd4513c1566122733c353291fea8ccf3e78841fc03921974a331c0f744e5c11cc67045f5625aa51d016cbaf5e7288a1fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d87b24997012bc2d5528362bd3a240b3
SHA1 cb2b5fad51440d90161ef9e7e822644ce3c39163
SHA256 25d88a6de00c079d996cf7c50182bce0ad0343b0dfe04cbbd5bc445743023b6d
SHA512 6b6ed75cf1c9ed91e7ff7cacbf65e508e21cc27b1fe45311e994ba5dc0dc80ebefa05fd1f775249017272b87669e9e66d773fe0fe2b631d5cf3ee5149ae40d4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6c37dbecd3c62bc528c42c8b07ec8f6f
SHA1 559ad97dcbd1668e83f80b9c2b2bd7445d4ac1fd
SHA256 628e8edacb1c8190644655de80796f8ac77b2871de7215623dc040dcf24b8edb
SHA512 2228462d23b114f18b92f61010ea6180aeb708b9a6fa00d614e65d9f5edb242831c5c0709168647aa38936e5553184822d3846c845b2144086aca5dafe41f28d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 db185410e237027c4126998abc2adef4
SHA1 e3d0063ade71acc3a283a59fed3f389c7c573fe1
SHA256 ce1d97091479cb10fd3259ac726d430b3b183c07773397a9a42c4938c97f246c
SHA512 f278f63e1a824133f328f3a699730a4af8d22c09117eaa118da9560c82647b870ed09c2e0c2c583106913dd65e87b3572f4adcd67d4180148576f212ff8f86ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ebf0490b75a36feff2b465f42fcfafe
SHA1 0f6f32d05100405a9d7877eac334872ed0b11f37
SHA256 647b46e6b3c32db1551cb1bfb5132a9bd43eb194f801262e98aa7ebb89a51a8b
SHA512 3d995e6144f8f832156e499303edbed73a951ea82841d9700df55200fb18437611437d2e6b56b93a0d6741eb721bcbc0b06136c9b43f12b664b2567dee5dacbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 44f0223394f54fe02eebf9e66740eefc
SHA1 4316e54693eb1d6db31a73641729b27e3e1de055
SHA256 f878e567ae9572be927d2df83bc1204da91c5a8e88f9c447c9f59a71f36d4c9c
SHA512 3ef0bfe7f81055f5e6ca7e536d91664ff930c0e0244b9d30959dd8d6096bd4ed1ffc9357ee541f678981ebea3fd3c9291376297db193b53e49aa4f3f96fb5423