Analysis Overview
Threat Level: Likely malicious
The file https://github.com/vespyIol/Vespy-Grabber-V2.0 was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
UPX packed file
Detects Pyinstaller
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies registry key
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Kills process with taskkill
Modifies registry class
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:34
Reported
2024-11-07 15:37
Platform
win10v2004-20241007-en
Max time kernel
212s
Max time network
212s
Command Line
Signatures
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vespygrabber.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FakeCHKDSK (1)\FakeCHKDSK-Destructive.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 18953.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 538002.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\sdiagnhost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/vespyIol/Vespy-Grabber-V2.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\vespygrabber (1).exe" ContextMenu
C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW5EF4.xml /skip TRUE
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xgbtjumr\xgbtjumr.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES627E.tmp" "c:\Users\Admin\AppData\Local\Temp\xgbtjumr\CSC6B4972A2C2D8470E893F4B5016206EE9.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\epv4bw5b\epv4bw5b.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6368.tmp" "c:\Users\Admin\AppData\Local\Temp\epv4bw5b\CSC2076AB85213349A49D80D243BBD5313D.TMP"
C:\Users\Admin\Downloads\vespygrabber (1).exe
"C:\Users\Admin\Downloads\vespygrabber (1).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Users\Admin\Downloads\vespygrabber.exe
"C:\Users\Admin\Downloads\vespygrabber.exe"
C:\Users\Admin\Downloads\vespygrabber.exe
"C:\Users\Admin\Downloads\vespygrabber.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3016 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,5600342518837609697,6261874580977860915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
C:\Users\Admin\Downloads\FakeCHKDSK (1)\FakeCHKDSK-Destructive.exe
"C:\Users\Admin\Downloads\FakeCHKDSK (1)\FakeCHKDSK-Destructive.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\71C6.tmp\FakeCHKDSK.cmd""
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | devtools.azureedge.net | udp |
| GB | 2.22.249.41:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 41.249.22.2.in-addr.arpa | udp |
| US | 13.107.246.65:443 | devtools.azureedge.net | tcp |
| US | 13.107.246.65:443 | devtools.azureedge.net | tcp |
| US | 8.8.8.8:53 | 65.246.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.22.249.29:443 | r.bing.com | tcp |
| GB | 2.22.249.29:443 | r.bing.com | tcp |
| GB | 2.22.249.64:443 | th.bing.com | tcp |
| GB | 2.22.249.64:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 29.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_4636_RVMSIKMIENAULJKX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4843615d93b89e76ceca5ecc8b8f7410 |
| SHA1 | 1cbb7ce90dd8bebc53bd219c0d9240933173aeac |
| SHA256 | d7ff5bcd7017959587d208c96da2425d3382fb417012415ff72ef157fc4eb744 |
| SHA512 | f2430fb4f058f38a79e25856b65f2900fa6e0a92111a3ae2e33cdb1090b9e25294bfe57184dcb696a7dbe5d72bab8a5dbd2a0c7692c8564f8c9f8cac597b6a60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2545d58358d08c0348b238b457dd9ebc |
| SHA1 | 0759b0b78705100122cc32e5b073a8812e1f6407 |
| SHA256 | d19346f24f54c08abcea69b682fa529df8f95d6d983399f070aeeef102221c7e |
| SHA512 | c78a087427b5b5115198f8e5c31285a18ed4f70ab674cb7d113b380ae87ae8935c0fed62a59a54aa424e99f13c8d8030e36bd45c06d5c0e987e5bc41f68ffb4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 110e7c687e4cff3b0ce1b9f5f2f0358a |
| SHA1 | 52871733d93b3caa1c860d5c6de057ba8d4c969a |
| SHA256 | 63254f71f5244a090f79503af7f2c89002693cd0d073ee61939effe4d4c99198 |
| SHA512 | d75051e2e7397aa26fa337b00bec0e27994d1d65108db497c8850b4bbc21412171f277453b18d23c9e83520b3b4d345b7b4c6af11e8793aa7a97ab1f32c88f04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dba4e8dcbf3dc2733eb5f476b8d96fe9 |
| SHA1 | 42a6a371c71561b8916aa4e6c940094bfde688e0 |
| SHA256 | c3c771f6e6cafe94a4679bbf94580df4866bcc45f67b30668487037de49cface |
| SHA512 | 300522ece059b9098516ca0893ce0a8b9eafea2eef296d081fc158372db3ca59be88c50a772cbffa012004992e1bb9c72c0c3a0cd233c35a95c9420c38135102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e2fd.TMP
| MD5 | 9bb0c7dd72588b2cca175a0c79dc9aa2 |
| SHA1 | e545ed13dbc6fda3deb2b77ed67b1350836bc1ec |
| SHA256 | 9aa133bf978751d2df9524d96653a534b547a9a77742fbf362b2678f104d4759 |
| SHA512 | a056d030cdb021270763322ad38a683bc032dfe6e6492a51b8c6ea11de2ffa935a37cc2c836c11022e4b0843a66fe3153a88f46c804b8a9782aeae2ead70965a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 087418a4b50f3d6a511ed81a6fa8db22 |
| SHA1 | 2dd16c2ef466bfa96070a98f0bb882e4ef645d4e |
| SHA256 | 5bbe593d581183cb047c3a734839e7c73f2cb7af15d9b628bd6ab9ca1d6992dd |
| SHA512 | efa02c0df806bb5c43bcdcf32f65f33a902d2910e7210fd3a666c59f96216011a558d15735c9aabd696380406939c2d8c6d47d085373bbea06a35c459c00ceea |
C:\Users\Admin\Downloads\cdd87798-0cad-4c43-be0c-1faefa538feb.tmp
| MD5 | 45e6300cafa467c10f7f5205c45247c8 |
| SHA1 | cac0896e03f6482450a0dbf2dd71bd0ba204bbcc |
| SHA256 | 446de6f5cac7d0ee2f809f23665d634598ee4f2958da6c5108659e411a02cae8 |
| SHA512 | e13f9ca10e8bcbd8b98e0c809011800ef995cbf60906a85822ef3c95a35bf3b49e5c09712bb7d899a2f8efb41d9b5af81d565019cec91afdbd6e1f9c16494d50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 688a6d9bc67e1354c5477a8108c6294f |
| SHA1 | cc06130c133e282ba9bb0e695261f4a045ebeb2b |
| SHA256 | d8db283c260f5f29b6264c381f857b3806e0ddfb9fb7823101dc49cda3deba21 |
| SHA512 | e45b3f1877c2f8fd9e62b04d45f45acbc1eeb77c6bfc406b39b593221739771b784a4c4e9faf1f8b0536c3ac2912c5f6a7bac8c228ebaf7f170f7e9fa780d9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2b2d382bd01c5e86c84cad4bc33be8c |
| SHA1 | 0f7f098633f524112eac13d571ac5f8ee5d0cd76 |
| SHA256 | e15d9d109b591b8c99245d67684f0886fc845f478d8b2193b105581b8d71c38d |
| SHA512 | 8043eccfc895204ec1d05858dbefccfa64c86f6fb7f9210130be769acef7801afe17907a8d037f2ee82e7fd4c4850701b2a703d89cda1ee1d64adf89f0f05241 |
C:\Users\Admin\AppData\Local\Temp\PCW5EF4.xml
| MD5 | 23b978589196ff1ccedfc9d0fe7afea0 |
| SHA1 | 9a8a5844189dcbf4494b5e6ddb605fc1d1ab89a0 |
| SHA256 | 556d16835b8ea239d0118121fc6592b8771bacc0ac44eaba323f2ae0d62a1c3b |
| SHA512 | ab697f92a885bb0e80da662ef91e868c9f72e0bf40494336c82e4b98a5bfe6cb8aad88404312e6783d9dbce1dbc2e96a1b6f49c492970dd1c335766f13da8f1f |
C:\Windows\Temp\SDIAG_b63580f5-c885-45bd-9e4a-66d585a42962\DiagPackage.dll
| MD5 | 79134a74dd0f019af67d9498192f5652 |
| SHA1 | 90235b521e92e600d189d75f7f733c4bda02c027 |
| SHA256 | 9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e |
| SHA512 | 1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3 |
C:\Windows\Temp\SDIAG_b63580f5-c885-45bd-9e4a-66d585a42962\en-US\DiagPackage.dll.mui
| MD5 | d7309f9b759ccb83b676420b4bde0182 |
| SHA1 | 641ad24a420e2774a75168aaf1e990fca240e348 |
| SHA256 | 51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f |
| SHA512 | 7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v1cwhoje.cjc.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1212-430-0x0000019774C10000-0x0000019774C32000-memory.dmp
C:\Windows\TEMP\SDIAG_b63580f5-c885-45bd-9e4a-66d585a42962\TS_ProgramCompatibilityWizard.ps1
| MD5 | 925f0b68b4de450cabe825365a43a05b |
| SHA1 | b6c57383a9bd732db7234d1bb34fd75d06e1fb72 |
| SHA256 | 5b1be3f6c280acfe041735c2e7c9a245e806fd7f1bf6029489698b0376e85025 |
| SHA512 | 012aadec4ed60b311f2b5374db3a2e409a0708272e6217049643bf33353ab49e4e144d60260b04e3ae29def8a4e1b8ada853a93972f703ca11b827febe7725af |
C:\Windows\TEMP\SDIAG_b63580f5-c885-45bd-9e4a-66d585a42962\en-US\CL_LocalizationData.psd1
| MD5 | 2c81a148f8e851ce008686f96e5bf911 |
| SHA1 | 272289728564c9af2c2bd8974693a099beb354ad |
| SHA256 | 1a2381382671147f56cf137e749cb8a18f176a16793b2266a70154ee27971437 |
| SHA512 | 409c2e953672b0399987ec85c7113c9154bc9d6ca87cf523485d9913bb0bf92a850638c84b8dc07a96b6366d406a094d32dc62dd76417c0d4e4ae86d8fcb8bbb |
\??\c:\Users\Admin\AppData\Local\Temp\xgbtjumr\xgbtjumr.cmdline
| MD5 | 4e0b55671daec84ac5205b7c038bbfd2 |
| SHA1 | 7e98c0060c97682b83d1f61cda6332488ef22447 |
| SHA256 | 68974221a876a1f4f9596c4099fa9818e556074744ba977cf35a9616ce3d3b2e |
| SHA512 | eac5f0c75fadc1839c6a099ff41b5b0ffc89bd6be024315c57bc88b7c936d23cf581c468409b39af165f0997273033071c39f16d02ad5f48735433d629a3848f |
\??\c:\Users\Admin\AppData\Local\Temp\xgbtjumr\xgbtjumr.0.cs
| MD5 | fc2e5c90a6cb21475ea3d4254457d366 |
| SHA1 | 68f9e628a26eb033f1ee5b7e38d440cfd598c85d |
| SHA256 | 58fcc3cfb1e17e21401e2a4b2452a6e5b8a47163008b54fdcdcc8cadff7e5c77 |
| SHA512 | c54b9ce28fa71d7e3629cdd74ac9f23cba873506f1b5825acc2aa407414ed603af4c846dcf388c579f8324e3538e63b26f90421ea9d7fcdd3b277c21bad1a5b6 |
\??\c:\Users\Admin\AppData\Local\Temp\xgbtjumr\CSC6B4972A2C2D8470E893F4B5016206EE9.TMP
| MD5 | 0e3d953e78afb882b4a947bd32a7b52e |
| SHA1 | 19736d562cae201945c6a2dade6611a07190e65b |
| SHA256 | 9f15157c73cbc6a6ab8ac45f02bc2cc315757c63c8e6b22a90faca01fb427ee7 |
| SHA512 | ea2180a84df7d4be98d8e86c2dc65264e3f81cda2045037615150a16fa2cea1eff08edc2580a2a040b0e7c2438d20d454dac2a40db6ef81d49a365a039eb6574 |
C:\Users\Admin\AppData\Local\Temp\RES627E.tmp
| MD5 | 7ba114247bf8ad68a7664f8dafa1458f |
| SHA1 | 58e07cdb2f84a4760d2458dd4e141a3ecd0040a4 |
| SHA256 | 60b6c6050f254d67f569720f36f0223098c85c1cb434bbf99c4b577f7452e2aa |
| SHA512 | b5320247dde19ef6e1c9fee1fb4de7c14e19afdc4ca7ede674cc7538fd73308d5a0a2ca8f19125e52a849c628a63c872631b141f88d06ef82ffb019bd64ffac7 |
C:\Users\Admin\AppData\Local\Temp\xgbtjumr\xgbtjumr.dll
| MD5 | 713cf8320bc1ca59e66b29b6aa5d2841 |
| SHA1 | 119d7b7235124d699cad28e003da0a5b74348e13 |
| SHA256 | bdc77c784449e0ca0d88c085c16ed211edb09e0689ee429a1a0d84c02aadc1ad |
| SHA512 | 1e5d642a7d0368ee8b39572c62d2a6b4aac03c4c40c8c6ff5ff844313fd5da3b8644e56946633900c74a936406b17eb4d7dfe73a1d71469894d1eac237000fb9 |
memory/1212-446-0x0000019774E50000-0x0000019774E58000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\epv4bw5b\epv4bw5b.cmdline
| MD5 | 463794e5f38c59fa10274837fc70283b |
| SHA1 | 0565a20589bcd220f89b2b9538cabadd19ef1935 |
| SHA256 | 726b0a1a435876bd93597d42de38762bd948f651928b45fdba45998ccb075b8e |
| SHA512 | b8cf0637f33d58bf5779ec7a59fb99555a794e7da619dd273f7f63e695916f63ff0718fa7828e6697092f6d03d37718decc81f6184c2bc74703b5ab88da9afaa |
\??\c:\Users\Admin\AppData\Local\Temp\epv4bw5b\epv4bw5b.0.cs
| MD5 | 3880de647b10555a534f34d5071fe461 |
| SHA1 | 38b108ee6ea0f177b5dd52343e2ed74ca6134ca1 |
| SHA256 | f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e |
| SHA512 | 2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969 |
memory/5916-444-0x000001C4BAB50000-0x000001C4BB611000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\epv4bw5b\CSC2076AB85213349A49D80D243BBD5313D.TMP
| MD5 | 6e097a10d95d8eaad237ca5bee899990 |
| SHA1 | 2a27e6272aa9edc300f7e23f3b5e6b8497d38ddc |
| SHA256 | 1a4e3f33fd7cb6baaa5a1068c9c1ae06367808c776143dd89579076f7d4be8a2 |
| SHA512 | eda5dab7d4515ccf0840e3b920855950e8d062dd2dd0117b0d62011434d4dabeefdabd8f2bbcdcbe46305ccbc1e3b7a9cf5022670b5ab52f3bfd4a321f052ab0 |
C:\Users\Admin\AppData\Local\Temp\RES6368.tmp
| MD5 | ecd81971ebe3beb3a319505638e19d27 |
| SHA1 | b30467f76eaf7a0b73e2d862aabc713ec852d105 |
| SHA256 | c2fa41aae03917bf0ee79ef81cff769314703c646335f31265eee79987346204 |
| SHA512 | 4d2fcd2e40b4fb0b1c450cf577a41723306847ab2bfe5a87a97e3accb26ae193abe07a0c0e6187716dab042f664842db481448d8d1f2812d67c3363440b2b659 |
memory/1212-461-0x0000019774E60000-0x0000019774E68000-memory.dmp
memory/1512-459-0x000001F5F5370000-0x000001F5F5E31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\epv4bw5b\epv4bw5b.dll
| MD5 | ca71cdd85269ec36ffe15fe881087146 |
| SHA1 | 4b16e80b0d342dd839f246d18915dd8cc01295f5 |
| SHA256 | bac97b45f016ee153f73d652e432dfceda626fb6169ace6a3f567ef38f20a806 |
| SHA512 | a5426e1960c58272e98d5884c20086c0c2ac4e38f727b98ffae4855d176120246d1344c7c95cb904d7ed51942e0577f6c127fd3d27fb044b88810b0d0724c747 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024110715.000\PCW.debugreport.xml
| MD5 | 43bff2280d21afc834b40f4d7e282fce |
| SHA1 | e3c4d027d51042f172e7878ba6fc23411fc402c5 |
| SHA256 | fb47212f77c94dc733c61b6e038e35477b138a5595f16897d4ecab52b9cbd0af |
| SHA512 | 8a92be469e56f8301166b66364d40252fa2254554cc4f5cfa326b48458cbc4eec32aa3974f199f71f23933f433997e82b374e446ead6df100401bde0da579a6d |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024110715.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b8fdc8d04b83beb089126efbce00f896 |
| SHA1 | 971ff6e70884b2cdf229be5a0cad066e3bdb085b |
| SHA256 | c3084bc354488bb98cea934da0e3d6a462b574774df7f3b4fe289688acf3ebfe |
| SHA512 | f5f0033e6bc47a723773fb221dbb2d5b684209ffc7a8046e708df1f5cade52b05158d2fc09fdb3867ca1922734f64fc5cb3bb7224da24df348085092385a45fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b4279ee6a4c08d168b26321cc821aa4 |
| SHA1 | aacf58678ae6fc80a708dfad86b6fa694e2f784a |
| SHA256 | 7d457cee4d33306d66a11c236dec5a4d51596aa9b7ebaaeffe7268ceead2ae94 |
| SHA512 | a628a8363b6b1f156e193a7f11035aa667f435b49ef0dde5ff32778103e761ab3269f4fa96c86512732c6298585b1123a0a1fb597aff6ff9dc69a71838d015f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 545833f44f2f93acccf1b87e3229bac7 |
| SHA1 | 1843706cd73009e70d0c876e4ec686fa835ffa23 |
| SHA256 | 0b48f6868be4423c81037e55f15635a308e40828ab9b066a5e94aad78f6c0867 |
| SHA512 | 876e1e0948a62c49fe3b328481cbb807913fd4235695cba80b694fffbb4c1e8760b262f21bf8fcd93d4fb348ad16b84fa69578e5738c8878aad678123583237f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e329d96711ac2d0e8d20d20fb2ac145c |
| SHA1 | 2319438849ebffbecd5a9da6dbdcfd095cce4368 |
| SHA256 | 2ba07e141dfa502dcda493688ef05e1a7055ea9003d1067ca8b73eb76a2a5c02 |
| SHA512 | 6310c7cc1d2ecd27f844173b7dee2df84948f2c661d96073ce68c3cca027d2b39aa15711a0401dc899010b2a0b38091100dcb08437b62b6565a0fbe2d649d40c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b8abade2f965bf48d304004befd0fb7f |
| SHA1 | 2dd1a80df0fdf2c86b217a49b7f45d8b875c77f7 |
| SHA256 | 12abed4b4a6078ce3b92ed14b2d2840f32afbb1be131d5249921f566ab70295a |
| SHA512 | 3c9d67ce14955f29a01a506476e822651c71bd2c2a98b29eec13ac4cb0fa196863f0ae06a9d625732a9e9a15e670db15a3de229bc71e65c78cb759b4bb1323c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b08adaee-9b82-47a1-a919-18b6123347df.tmp
| MD5 | ed5f4213c17629776cd75510648fc019 |
| SHA1 | ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9 |
| SHA256 | e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87 |
| SHA512 | 71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | c67ee59476ed03e32d0aeb3abd3b1d95 |
| SHA1 | 8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b |
| SHA256 | 2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3 |
| SHA512 | 421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 908677684413f5278249c1b08127d6a0 |
| SHA1 | df54a142c7eb47537509a54a8519f1c6c82d0965 |
| SHA256 | 49910739da15aef97cf1b1fab8a1c6817991542d296c3fe6619248258626330b |
| SHA512 | d6458614c8cf209da33129d5672f4eee9923bb56e91692c87a0f82a0e00c0ed0c03bad913e3ebfae7dab32f76465e58289e15e579bc5f8af37845ab250301773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 4e786ef6de6d058a7ee21d714b5878f8 |
| SHA1 | a25cf3a4ef2c4208064a295fc00bf84be1557e8d |
| SHA256 | fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57 |
| SHA512 | 79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8aef005dfa39700829d0cfd7da63f20b |
| SHA1 | 905b34f788425e80f6f2b4e00211bc661ce9c06a |
| SHA256 | 6ea0f898d048cf9216021c3370faf352a0fda967c4d22fd055de027088cc9c9b |
| SHA512 | 73d0913e291797a153b7898f783372834c07c3f89a1c0ea8779efc7ccbb2a4c1bc30147b1a405f60c2d7a353e075474ade5dae3eab2619cdd2874dc78cdbc7b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72624938ff971020ff20da6b0a18f235 |
| SHA1 | 0c3ae3bc2845cf7f5680f0ec77544c075a376a0c |
| SHA256 | 78a39f04b6fac5b8ebe94a47ee9fe06adbd87ebe5ddd24d59a0c4515e6780473 |
| SHA512 | b0a283448a20db6cfbb6021b83ff85e5805a44d8684cb925261670f0181c1c0ba50a2e30b38e65c1eab073bc16a1688831d96714beff0c194c6ff97e0cd2b0b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1856db146ca1ce0ef57516bc972219d1 |
| SHA1 | c5b6795ce0b83764c2226dba24db3eb4bfcbc3f5 |
| SHA256 | 0efd7b9814b05bac5a9ed39e2509dcad3d1ede158ab5311247e0845e73eba863 |
| SHA512 | 0d712559901aa3bb3a1bc30a87f1f0b6cd82d418acc7a7af17db14633af72cff49ec6aba4b54eb96fd8256839405ed206f9edc909ba2c40d66e701e07cea13c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | aa9d4b0371cd9ae330d7b131493f54c5 |
| SHA1 | e83c2b6b6f023a6e00d18f0c9ed6b8ae9bab1459 |
| SHA256 | 1ffe9b8b344a25a19f33e5900aadb00e53b8bf1a22210ab66c7b50bbcbea45a1 |
| SHA512 | 337e27650c4b534683c8589dc4787eb9bcfecae020bcb1a507a1530b1fd7562ba8d185157e8af23b06e80cc70136f51bbc0fc0ac63e581e34e410c6d08d398e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 58780b09634d74ad6d7cbf4fe03ced13 |
| SHA1 | 0a6e1d3c301fbd73b6745b1829563202eba3872f |
| SHA256 | d0014b2fd6e56198439c1da3c852d19f90dc55decaaa07f7f8d706dbd2e841d6 |
| SHA512 | 6bbe9f8d8c7096f713853c507bc74aa5607c087351b45a2aeb9d4e04e06bd362058b7dd5c282a405faa3b92b993710c2c9d9867647021d7f2cea6f3001f267c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | b4531788b760b922549c6455516f6dcb |
| SHA1 | 15c5daf988f05ccb841a118f7c568a259e739455 |
| SHA256 | 003aea421fdf60d15881b872df89314e0414c2ae48ebfe1813d9c2b42e5539c1 |
| SHA512 | 9fa5cc39451c66b315c58bc697675f37cf1e6aa92573c785343c06cd81758a539f1fe3fd9fdee210da80f0909e750f8e10ec5d4fd7f643872a79a95b13097769 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 8a99370cbc67874d68319f5b624173fa |
| SHA1 | 46d9eec29e0fc6d642407e5d9250a2f4dc65e990 |
| SHA256 | d5c8d14b82bdd5b502444d9cfbfe9ebd3e041a819bd5c187a50ca7a6b2c929b3 |
| SHA512 | 813170bfdca29d5f0de41f4f538d6d2955750419998c35bf4aaf55b9e8864ba3ffe41d039463ffc0f7d5793d90d1e7a76b9bb77f68f002d63b4ebf5531d0e921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 551ec1ab5799476429ed57184a6e0502 |
| SHA1 | 7bcf188080787adcbcf62dcdad2ffa9ad38e1301 |
| SHA256 | a26c3b6f6f77a35a297032c0ab11fa2be0a3e3d0091d7d2cf275fd40c84a43c1 |
| SHA512 | c9f59fa7160d68e2eb1cc8453a770423af23c2ea93a779aca1180111705096760aee976db84155973402731b113e7e4266772d32d1efd3fdd674d2ea0e5bf058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | ce98c3b639ff53e62db72824806a2f32 |
| SHA1 | 4ebdf1ac5041a2bbfc736eee17784a24a7b2fdef |
| SHA256 | 84a942b9db6aba18b48f01a3e866b3ebb2b064655dc61969fa0f4d5e70194844 |
| SHA512 | 078c00acf0ec32dcd849d9f65405d3be8b7cffd8b42acffbf7fe6c6ffaf7c75be299cb10bece3768606db21765d2296cfcce334ad94a12b9a46bd65720e7c696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 3e2c62a92a15319ea2b01de479f932a2 |
| SHA1 | bed11591175df0a3b1365fafa8b563f46653e273 |
| SHA256 | 39f38758553545142d8b70caa13e9e2bdc205d2c571252a2f9d58320cc31aa23 |
| SHA512 | 331ad4573974647a3cf5f34678564bbef8fd7541c7bfee141154d130ca7cb3cb610c89b293f6389fab15f035bf27e7744732003e37d43c5a9763db28c5f049f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | c54bd82b99adab5b5ae3ac15c344cd41 |
| SHA1 | 2e8c6336d1986478c64cd08bae05783b96ac62fd |
| SHA256 | b5f9b7a8f4b33a53920b67e9b27c25b28b0da9d7f2c6cd2885f68893a8fcf231 |
| SHA512 | 6ec6d936db29b9cc4e88a47c56a6e6986f448837a0f26c174d955c4ec1dd29493966698dc6b0bcf1e7ed62dc64cf52ccf5a00f89bfb5903d2d3d78e0c15963e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2a51a6ca7b880b5a4dce9f878d83b053 |
| SHA1 | fcdef843579394fac996374705238b2f602901aa |
| SHA256 | 12ec4449344f78e6d0fea828794e9d30f3413c27e2f0052c867678c472aef11a |
| SHA512 | 7c7e32b04f7a6c82864907b5ad7f2a742d9c8aef92ac3ad6225126bfffccb33df7a19e0446b1d1484d09aaf350324ce60c24814873074782e98e233a4f8ea7b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15ec91050b9fe3c35e7af2a6e1f08ac3 |
| SHA1 | 9d8ea9eddc37a4314baead69cc36f8a4e1b73848 |
| SHA256 | 0a4235db9c9af1bc1f4c615e3392b5aba5d09a4db0824f02d5e5a12c7c39756a |
| SHA512 | fabc97ccfd12909858396661222665e2d8970926b24334671c41f52cc8a6498f2caea1dee52bb21eb470e8c587d1f4e4567eb5871c20a1878cc6945e98f2e20a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0
| MD5 | f1c4e1c2d8e943b5f2840e0b0ba40605 |
| SHA1 | f4861345bbbc975eb18f3b9a15d21827a2ef924f |
| SHA256 | a790319030be5305cb9b5f6bdafb19c7716497aaddaaf830b84b414dd3e789a5 |
| SHA512 | ecc1d962471c1d73e3451c671b90cb912a10db3d48838f464f6d11f77a33c462389863f032aaa65b0fcf14ce828ce7eb9bd04c352a20a0a1a1e66e9f2f76c5f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | d1fbb2bfab6b414a02f54b94e1cfb721 |
| SHA1 | dda70ea5dff00db12677c6256e82d35e49dd8594 |
| SHA256 | 57513034b9f9719f4e7994c22d9c04bd953cb3ff1cc1be2ac8aadc11dff143c3 |
| SHA512 | b1ae25594a30ff11376de1dbc4a0774e58cba8163e2f0c34851608e04395a7a7fe000ad45fbba2b819c81e6efcac0c56dde40e37f8d2f1ac9848467256c16121 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 21159f43876788cce0bcffa3e76f1226 |
| SHA1 | a7caa8f9ddda547970a33f1b31058310c5997eb8 |
| SHA256 | 83649233bce3fa61f11ddbe7d79a068a1c5bf83d810cb56d6789c0cfdabc8a27 |
| SHA512 | ac6ccd13cc553f5dcfdf375fc58d6fa19af331a1eacc535f332b1b44b779a8660a77450fd8d3eb401ec74c4a866fd5da316ab707b86ebbb9a026913803080030 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | efd3ed4c9564cf15fe71c188f21f71cd |
| SHA1 | 058255a87091267561a8523b6c54222ea79fac17 |
| SHA256 | 2d8c68a2c3cba288af557f3d4def8350185ac0873efe851c551cc0a3e5780c8b |
| SHA512 | 40eca8cee53d58edd3dfa03175fbce966c5dfca006b9fc15e195b68cc52ceea62d6f2521a4c0616c3d15ab61962a9b2980431be923a356b570f9134b7bff36c5 |
C:\Users\Admin\Downloads\BAT.KillMBR (pass infected).zip
| MD5 | dcfa42de4dba2de8d4664ddcf1bdcfeb |
| SHA1 | 624c3757d740f5dfec8f0a536139c0cefb347992 |
| SHA256 | 8d4b5a59dc956e0d208355818f6075ee33dcbe8c74b086af4d71a80f0da1729c |
| SHA512 | b744e24acaaf27f5b42e3b299a112d0d7b7bee1f43b0c7770f1441847e2444d94ee4ba2b42a9b4cd285f6c7408186e9607eb1133ad1e8f1420f705d9b6f8bd64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a753dfc1add2c138e75b8fe8874126f4 |
| SHA1 | 59f7b54ceac26e4fcb6a3c6ab4b485d98bd59142 |
| SHA256 | a9c56d34227c13c5429dbe84a1c8b18e13abe40fb4f91dac5d7b76c027a19e12 |
| SHA512 | 9f0498a894db751031353d03f471e81c3e627b39c1850df343b72e4bbe137637a40ce86db5d3c89b1a952f5a4f00d6cdd32fc459ceeaa42105c84b3b7e9162cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1782942fa1a206a7d75c1b544375192e |
| SHA1 | 59b7cf441a479b2a72d085da4605b71c66f41ca3 |
| SHA256 | d5106f9c4ccf343ba93d9ca607f86319704c63c4641c27132d8862e61c29db09 |
| SHA512 | 6d57a86224be30bcbd43e7d7b7f37205882f5af846e16a6de005f3aa762ea67d216144dfd64d403d2e85712602d7b9d72ea3020f32f9caba92c1a7f30739e273 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e848500e660bc6cb54bb5dbac9476d7a |
| SHA1 | 1aac1725722db56a9b6df40c9829471c133ceef7 |
| SHA256 | d0ddfca66055506f8d9586cbe464bb29cbee165f7231fe412ca218db605eabd7 |
| SHA512 | d46d5eb9d41eac4af6540fb6de2ab96d43ccc220d975310fc11e6fd9dcd91d7895acb8b2e1ee6d2528cdf422f443a1bd6d1ed9bd3a39cd426933ae65881ce2a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae7f979d7da705f8411668e90c50e33c |
| SHA1 | b381f43cfddd77437039478a45fd299337bb874a |
| SHA256 | bb77934d764e59b0fe65e1714f1c7810dce9ac96528d0262d385048d704b53bd |
| SHA512 | 6625c455035d6a9d99a878c3fab721755412fbcfbb702d895501faf75d5e83364894867df148be04e2fe03d78c362f12f66e676a39716600cec91029fd48e7d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 812fc9f396119e5c909117cc422a7a53 |
| SHA1 | abdf14eef83c30fbe5cdcf21be6cd0c1b92bbaa9 |
| SHA256 | d371dfeb0d17377259ba8626cc0875862a4a76be0a6ab58f2db3432c3c59d1c9 |
| SHA512 | 999be0f8a3af1bd5475fd6a086fbf95084c68c09b56dc1755622eb024f82525e38c3c55e1a24db81c2f10b5ab1ca1e8dd3cd5a12bdbc90ade371b33749b911ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 739f32bfb4477077ff6629881d9e5194 |
| SHA1 | 6ce0b28b6431ab93178756a9a6a144301104af32 |
| SHA256 | 53ff9067c25846b8829684f37244e5b0f1e08619517485a30cd5310727482747 |
| SHA512 | bdfdbf5e92b17a5a190f2cf01cb36433598e16b15bd5dbc81640d2a1dcae76ce95b298e7ce5a148bdf302e8068230afb575e1641bb849975259c358e773138bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f
| MD5 | d17c6e3ee3b9a89885fe30c676a4b0c4 |
| SHA1 | 71390749685418f3f6cda5c224ac199e11f825c1 |
| SHA256 | 27e960b4f7b6215ca6f85d58fe97b530d1ca70b73f4bf87d7c37ed36eb434980 |
| SHA512 | d27006520975089d91c2567a8f25a23c68d604231d79fb1d3234d019eea10fdcc0c82d5f2fd57a7b26ec7b5555939dec8261b32ead6c15bcc43e3630d75a7dcd |
memory/3236-1544-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82e28fbe01b4af417a0045b2cee266dc |
| SHA1 | 935c83eaa5333b48c62447a9ce6bdebfe3747805 |
| SHA256 | 3fe6acf8b5e0ab49e67c6d8e8aad867b1370189526d640acf86a4b130b995955 |
| SHA512 | a8cf1bcde499addef77c08b25dfff3ad4d8749e61255d509a028472cb84adc195fca2855e16d76dbc02ae95a547c273cefed5d1745b6c35e55740ed03f2093f8 |
memory/3236-1564-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b0d5c3d076cc19b0572185ee140b0c8 |
| SHA1 | abeb65d6b8af5c88fdc62aa15a9e78afe52fa2b6 |
| SHA256 | af2a2283107b8eb60f509cb775544a33817512b5b9cfa8cde61ad435bff9d097 |
| SHA512 | 6ad5c3f6be8c4d6c1d51aa7501d701f2eeec6d15cb97fd297dd8de834dcf8dfd0453693b2b8303c5b46cc29513332cb32a6fceb4a169608f5bdba6b11e6efb22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc0d85eed3eadd9c2d529792f08e71e7 |
| SHA1 | 2da3318bc6731f85f0f14f03c17236d6071349b1 |
| SHA256 | bc294c34c6bbc3e57ace0ee19f37a88bd81af0f777db36d9e8ab7b90fedf20c2 |
| SHA512 | 217717bc46939562257794f7e03f456d56827ceb0c193be6b60a88d48ec3b21cbc1c9ee0c05b95b63db3e144494fefaca6fafe8a9cde7402b02e2787404d3e86 |