Malware Analysis Report

2024-11-13 16:32

Sample ID 241108-qmlf3stakg
Target https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file
Tags
meduza collection discovery phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file was found to be: Known bad.

Malicious Activity Summary

meduza collection discovery phishing stealer

Meduza family

Meduza

Meduza Stealer payload

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Looks up external IP address via web service

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

Browser Information Discovery

System Network Configuration Discovery: Internet Connection Discovery

outlook_win_path

outlook_office_path

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 13:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 13:22

Reported

2024-11-08 13:26

Platform

win10v2004-20241007-en

Max time kernel

200s

Max time network

200s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file

Signatures

Meduza

stealer meduza

Meduza Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Meduza family

meduza

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Browser Information Discovery

discovery

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\System32\cmd.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1048 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1048 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86db546f8,0x7ff86db54708,0x7ff86db54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\ReadMe.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5796 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Windows\system32\PING.EXE

ping 1.1.1.1 -n 1 -w 3000

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Windows\system32\PING.EXE

ping 1.1.1.1 -n 1 -w 3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1167602930670182172,3612373381951535798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.151.117:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 117.151.17.104.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.22.74.216:443 btloader.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
FR 18.244.28.11:443 cdn.amplitude.com tcp
US 8.8.8.8:53 translate.google.com udp
GB 216.58.201.110:443 translate.google.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.18.159.164:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.26.2.173:443 www.mediafiredls.com tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 go.ezodn.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 52.41.237.133:443 api.amplitude.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.3:443 www.google.co.uk tcp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 api.btloader.com udp
BE 66.102.1.155:443 stats.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 11.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 164.159.18.104.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 bshr.ezodn.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 130.211.23.194:443 api.btloader.com udp
FR 3.165.113.64:443 tags.crwdcntrl.net tcp
IE 52.16.238.77:443 bcp.crwdcntrl.net tcp
IE 52.30.238.153:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
GB 216.58.201.110:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 133.237.41.52.in-addr.arpa udp
US 8.8.8.8:53 64.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 153.238.30.52.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 77.238.16.52.in-addr.arpa udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 static.criteo.net udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
DE 162.19.138.116:443 id5-sync.com tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 c3.a-mo.net udp
N/A 224.0.0.251:5353 udp
NL 79.127.227.46:443 c3.a-mo.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 34.120.107.143:443 oajs.openx.net tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 hb.minutemedia-prebid.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 dnacdn.net udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
IE 52.17.36.150:443 hb.minutemedia-prebid.com tcp
IE 34.241.172.35:443 ap.lijit.com tcp
FR 163.5.194.32:443 prebid.a-mo.net tcp
FR 18.244.28.121:443 hb.yellowblue.io tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 34.120.107.143:443 oajs.openx.net udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 8.8.8.8:53 dd0ba55d342730de4b6ab586507f1173.safeframe.googlesyndication.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
GB 216.58.213.1:443 dd0ba55d342730de4b6ab586507f1173.safeframe.googlesyndication.com tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 32.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 35.172.241.34.in-addr.arpa udp
US 8.8.8.8:53 121.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 150.36.17.52.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.116:443 gem.gbc.criteo.com tcp
FR 185.235.86.213:443 ag.gbc.criteo.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
FR 99.86.91.124:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 116.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 213.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 124.91.86.99.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 download2262.mediafire.com udp
US 199.91.155.3:443 download2262.mediafire.com tcp
US 199.91.155.3:443 download2262.mediafire.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 3.155.91.199.in-addr.arpa udp
US 104.19.208.227:80 otnolatrnup.com tcp
US 104.19.208.227:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 54.230.10.77:443 woreppercomming.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 www.chancial.com udp
US 8.8.8.8:53 227.208.19.104.in-addr.arpa udp
US 8.8.8.8:53 77.10.230.54.in-addr.arpa udp
US 104.21.79.34:443 www.chancial.com tcp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 www.opera.com udp
DE 3.73.194.163:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 216.58.201.110:443 www.googleoptimize.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 34.79.21.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 163.194.73.3.in-addr.arpa udp
US 8.8.8.8:53 15.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
DE 3.73.194.163:443 www.opera.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.201.100:443 www.google.com udp
GB 142.250.187.195:443 www.google.co.uk udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 109.107.181.162:15666 tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 162.181.107.109.in-addr.arpa udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.187.195:443 www.google.co.uk udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 172.217.16.230:443 s0.2mdn.net tcp
GB 172.217.16.230:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.180.2:443 googleads4.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 73.239.69.13.in-addr.arpa udp
DE 109.107.181.162:15666 tcp
US 104.26.12.205:443 api.ipify.org tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.2:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 172.217.16.230:443 s0.2mdn.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_1048_TEETSEODSWMRIXOV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7d1013b488d73c587c3c5509a6473ce
SHA1 415a04e10677d902bef701043f83e3fcb67a211c
SHA256 f592e4708755fa5f43ac28e313276b4c4ffdf38db29317abf3d2ffdd50db441a
SHA512 155877c241612b566d56cd22e7fa5a99029878d4a1b331da1bf1b43a78f4141aa3e9eeaa7cb8fb4bdcb30fe652a9984b9a45213c515801e851ea7d2942be206f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36dcec4591b98d65020c8bc72114b85b
SHA1 04f1b33a63f161e4538bb05c39295df995b1e0fb
SHA256 7a69344de669bc619bd47a18aa718e809d9ecd7ca9f420eb618527d661b0e7bc
SHA512 29271ef7ff9ad98dfc13287a56964060445ff47d1178c766f198f1bd60f317660e39d94e9f9fe4a1d44d2845a393d64158cd3223d943a89dbc1f07b0941d3cbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57a909e4b01912a0deecc155aca9f24c
SHA1 079768b8a3d5c5c556f46acb752d5e5b23c6de12
SHA256 fdd927c87eda3fa8bf0cdeb7ee35ed0c20a94f3baf68206253e6db40d30cdb0c
SHA512 783bf26cc484a0cf82f793f79e9e1cc16bfb3eb9d6f4cdaa1958a275dd599db9f9e3d56991bc1283264636997339c1071f7b0fbbceaa97089c2411568eefa5bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 020901584812b9e35310a53c165f30ad
SHA1 a097b24b69317f3c3bade5af35d4a045839536aa
SHA256 916efede7fba1e5860b0461f0a6b5b42d16cc3cf823d101288ca57e9f9890da0
SHA512 f152523b496af3b3673c77d58f2542f45112c95dd7ab9b6033b08423fc0a4bb943f0afb6dad80034a41e6f3a056c80b4aa368977d2064fcdcbdced5e5c8ff2b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 45869c35b2cbc2b86fc8828a9c0f2aed
SHA1 194acce265906594cf10311696c82839796d26b4
SHA256 4508f7c08caf799fab81103d0ed6eadff82a5ba17c277df8932ad61c19830c95
SHA512 b71495b9b2168b8fb9e94c3bf3680d4f255076c5f854230397dafa24490c485d1e5b7228fa31c802f0a79825c8c29b1b0a82dacaddfad7643828f6324051b297

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f83b.TMP

MD5 8def4a5ba7681c0a428950258226f47c
SHA1 15aa5017ebcaaabc8ece2f0552d4c2564a553510
SHA256 aaa655d343f840ad784b0686f73db183f6d3e6a6af83358e2113cf04684e3344
SHA512 b7c08af0f62debf8d9a80be28f9a052af39a528a00a460029cb8e2509929f1538dda5d8b147b28e30dbe4863b7bfe4344092cef2e0df257d52a278ac49ea6cf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 652f8049bab6befbfbfc5f4d604291c6
SHA1 6f2c402e1f843b90ee3293bbaa28e60496b0f91c
SHA256 11b1d47afadd6c5667d745f43530927010961abf5d33ebdc8745cfad6c64b13b
SHA512 8796f09252ea63c5e61756841183674f65c12a8fa04ca296a4b273486e8238498a5f5028dee4d50c4c8f10db6172be2358cf31029e44e96dbf6bda15b0a410df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 87b8362259f6ce8d0318a2135974c44c
SHA1 ec207cc0cfd2c7b66c2fac0d51b748110487f554
SHA256 10dc630c403244b17503879e19fffbb91da44b07b942ea177929d879b36d835c
SHA512 199aa00ada75e1690822e842725cd89bcf54eb77ea26e9040a28f8afecd668143e3500e06f87f33e38d237df584acd39d2ce1767e10de88b7436946fab6f7771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5827a7.TMP

MD5 26cbedd545a27b15df22611e6bb4c014
SHA1 05dddba58c051e41dd61466e2a0b82e37ae764c1
SHA256 98684c1cb6017a85268b509e35d376a207e9ab6fdbe608a4fa2c688c2e66b12e
SHA512 04e0c2729b3d2cfd89238e7ae0dcf6718ae30ea125e896de7f82c621ae9798ea4919561c7a8c052d55877d663c2ad6c9093a5700f813ba38a5f0b3f8068e2a0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0f740a77d3c00a5021a1e2f169fdbd5e
SHA1 2d60e5925cf2af83cc4cde999decfe798fb94d83
SHA256 95e22dac9afb0f58723bcbdb74b16dd13f0a34110d1d50df72f9dd2cfe61f048
SHA512 4dbb6a9164ec5a40ef20d13ef4ec348955be9da777e5e5bb4af009adc6ff1f4df8cd052122e924765e993707fbee299b9d1619016b51e73a547fcd0868ad08b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\653584e5-6b1c-4723-9ded-04ab35c0706a.tmp

MD5 fefbdfeaa402f470dad7609cb64c2391
SHA1 f958c1804b5a710fdfddbea738b65fb5747e0a34
SHA256 08006230fbd2dd7c2b1fd8ed02756f562f86fb37d45bfca8bcb7217c356e37c0
SHA512 f346e5a48b57c4bca4e4b19f306933ff57a27e0439e0ef3d035eab62a69dbacaf13e08599a2fb1c6c802e0462402ad63a82e71f911004976ba4c50ca0d86b8ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c2e75d82391d2eecbf51c428874f0914
SHA1 14eef2d3e0f942d63de1deda029e8530e87593db
SHA256 6178d230ea1cbc8ecb7e4f6269376f5bc258afb9980a94bb41b35fd218ba7221
SHA512 5a022ec8d6f834ed5fd959b0d6e371591535614903065bc4249b20f246982cf750d39aadf095ff1cadb0b84b00c8a15fb5fc00ad146ea9f074ae1379557bbc9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aba5b2a9d587006a77e68f727e7698b9
SHA1 68fbef711adc321987a95d7a7f6f5024d171522d
SHA256 ee075308e27a7df1b80688ee3aa3faea0edec071e84a3cea1200b0f201ab4355
SHA512 aea0e443dee603f5e7306f4c19c5b66dd630bce0063dfe09b612702221b654c420ab7a174208c71ad31d19725b749c60072c1ef5b279dc3bc5cbae02388de021

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 73385d54f9e6a7774597799e231ce444
SHA1 9c2ca7a1a2dfce0b8aefdf68a790435803ad81a8
SHA256 9fa8cf9a8c030f2ec155e7ba5fe35f547f1c46986d69bce1ea0075fb5071d889
SHA512 f07deb32094aa64cc18586fe07a3f56c22be72cfba85128d54dc379022a9add94a0174af93067323411720e1a46f9e27c4009f9a79c70f03ba47504dc10c0c41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 82c2c73f5292b9c2af913d642eb8a538
SHA1 f29a20b5a336a9b80ed7eb78586d5c95d1668132
SHA256 3d992adfdcf6c33a72cc2408647d448bb4453818b4314707653f330a1b356716
SHA512 e884fd7ba82f7e7a603b5dabc317ff3bd88c6dc6b08ca5f7ebd689eed63ef0d37f5eb394804adf7e6dd6eb77003952d43160dd63491151ed730b5b9f750953f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40e72bd7d04ec98d86f69ff58a037e8e
SHA1 04b681470e0d6132e16d9904759d40d2a2fac4c4
SHA256 12eeb056846a624f43fc827fd38b826ce33a983892bafea46010893a4f7577f1
SHA512 8d9f470da1c7dda422f342f4a7bb5a43a35b5883158200a1853eba57c8553faf7bec8940ace061fa10198fd643e9c7c0d6af9a094e734e066facb2f794b300a5

memory/2912-526-0x0000000140000000-0x000000014013E000-memory.dmp

memory/2912-527-0x0000000140000000-0x000000014013E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a550e45c774bdb68ec426a32ad6614f
SHA1 f22486fcf3c8af56114b59fa66ea451cc71c928d
SHA256 5594c6e34d2c48b870cc25cc827d55f41dbdf36a99d90eecdfa9a61b2f3c326c
SHA512 c4c72055eea0850bd8088fd8de4d28ed9a5d89ae2849a4f480d3aa4c56e63e1649b6165fe5a21e48f528d51274ce59f198dff36c6a385f0012396a0f42ed80d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 c98eb618071d6c942fdf0fbfbdbbfa25
SHA1 4c5baeaa21334e65cee7a3a06c294a41fe4cf231
SHA256 f2402c95ac1a94bc57b94aa501d63ff05d52f154236f528719244f15019c95af
SHA512 984b06b9f6fed0877d957af4b7fcf3ec1fcebe1b5d1103d5294f8704bdc377ffa6393b5df09cf564f18d512cf418aed827a97485a947e13fa16a88d49d8986df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 b4bb17312e0b5b7fbf5c849ce6757e8b
SHA1 2953ec7f62141788656b3a0d6de5dd016845150f
SHA256 a9417851ffe6f1911c773466ab93d34e8153e5b6649c6d729c3a8d386b610c2c
SHA512 d52dd0c9287653527663d3ec20e6590cfb3eeac1c0a445803216fcbcb5904d55e563a8aa17c6a11809a3f52cc0835b44af0c1ba272d8529d348103de3cac1811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 0b39978f820c5e52201ed96bf0a93bfb
SHA1 96dbc0bb751e5230487e17fd7ebc07b0df361094
SHA256 2402b04e7b77650b2bab870602fe5ea6067bf0a62bd47ed42a2bb37c25a3b303
SHA512 7e452d994e0cbccebf01552c84c7b5fe5d34ed5f62e73e8594b1a475adbefdffebceec606597c9962be2fb2d9b9fc9ade204eccbb903fa075450b1f4efa12fde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 30b4c72a19ff340837c08fbecc0d805b
SHA1 d3a63fdf5b2fd0cb3b3d13e32a36e6d4dec28b2a
SHA256 4ef1e33ca595388d02de0fd843375db706da61ad3cef82c0b2c10bb02067f3f3
SHA512 673335127cb5b4f902609769b8d6a238f5c133baabeb1456ff16dfa286f14ea6e51ff5f4469eb55c1afd92e3df3855d92b669a6b880604b108e97b9f136da948

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 74b3aff73f5e1e65d5388b700d6204c7
SHA1 2c85c5368680791afbf462782156e638fdabe67a
SHA256 65e2990f9fd35842f92dabb9063e3a5a7444d19bb3be64736db8ce8191831c2f
SHA512 74905d07dc719f26b1c0d11fdc52d6c145740d95295e238973d4a142c1a0a123d6fd93a254f043c46202ba879094e3a706cbb8c0a744b3ed51ef1dbc38d56f9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

MD5 6ceb73c590344b8bc4a89cbc258b6d20
SHA1 fb229c3160396e6a4ce41a17b98c4c38cd684214
SHA256 6fe7fa31099be2d2535b549b438c48dc695a0983845ad3a6e9886055444c4eab
SHA512 31f2298291e83b00829458a3d64458c19f0accff3dd28626c717e3d00b7e35d5beed210eff918c49f4107dabb05578d4f2bc06096b1b687aabc4f8ec6da958c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3938ceff67088949_0

MD5 ca5802d8b2ab18867f1440abb77539e4
SHA1 cdddd24c018c2a92d2f2be84abae4baff3d86e00
SHA256 2c1e36531061534caa5e25b843771e69978cc18e1536507214503a7aad74b128
SHA512 3803e9a76308d3ba64d04537bd80df8fb57a12cd5697f2eceefbb372a1ebc85abb8b4f8264b9099781657ed26457de72d9a36c971745b23ac11584b91c18845f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

MD5 0cd92719220d2d9c8a2be23f0c799cee
SHA1 3544e6b9fd32c17137a6f199cedc30c900d600e9
SHA256 1e318f928539b2c1da4a5e221c9760f49e4c430f086e0db6de96b58fa9da4db5
SHA512 24f09376fd6bdd76bfe317915f1f2711b19ca9c5624eb679c6125292d4895b4d2f8caf59e1cc388cbeb390958e1310f5a1de976de7957abdb70a3115f62411bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

MD5 d951649cfe667851664e095bf80d8b27
SHA1 db7db5e79ba97c3638c6a29147c807bdffd070e7
SHA256 6e052406be67a64cc7c1d2c2c78a2c507cf9e84f6ce34a3c21ad750a84302989
SHA512 763490be17af450426a1cd5e67995bd3a1e2c4aaee1d65c5daee287be305be1176996597779b2810699495ec9ddc1f9cb79c133d423151e69837af9acf3fe8ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

MD5 ab63284444e0b2f84a8e745e1a10e3cd
SHA1 adf18fda86b8afcae2b6630b9e178816f729afbd
SHA256 a0c479aba856e2196560909a968e68e221f8cb203483d4c44d76d40f27ad3b40
SHA512 4895609948849547b06f3b71e1c3bb02415e33922e9e9a51a2f200b5a778f311d3729ccd9da78ba050241606e828b02ebcd458f3fc59057b3cdb3b98fac5722e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa2b2d2ec266008d_0

MD5 910c0d4c95f299c1b2b61869dc930980
SHA1 758f0288152486f91a9622e23b1b57163d77b335
SHA256 5c4a8cae2d207b29d6094866b16db29cbc2c25434a787fcfe06bd6c875bd1a5e
SHA512 7ca242748e996cef7bcdd9ae82465c1fe8a6d520adc3b0b887dbe40a1d9e15eafd56e9f4a3c0dec4f61476e8a46c1c35e236b7340b595d8cac23a32704dcd117

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

MD5 9fe2baf553949f1e51a95bdfb64ab1b6
SHA1 70c080a4a0b2a970e1d78b2062d48ece4e0103de
SHA256 70157a9139e8b91bfaed7c0f1232180605cb8757a72263d6bf17e031b90da550
SHA512 ff5695317b14e01839e694033014cd5ef3eea279e72b30a14c1fab05a3a6689811fbe25908764a5fa7128dea161e0354521e6a2af344d2ee71439b76da9601df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c4430c7c3c92854425ac2e0fdadea86
SHA1 db5ab25f1ecfa981b9d2e612ef83e27273a19e7b
SHA256 061c3a3b451b5a56606e385780bf28817215a0d568eb00060f0a0bd8f2327580
SHA512 969142fd7180c0ad12d39df4e2c5b555fdb0b41057f7d33bc2b87ca95805b5c8079c1da570219db72b609acf2d4eed785f7f50a851fd75c7be9a508e1ddd5381

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 001dc3797808f411076af979f0690f72
SHA1 a9507e3e3bb30cf635619dfb3cc0ab66660e5f5c
SHA256 32ddbc53d075993b8e485c11b1fb2e9b9a1ca9f2112774d69956a8c4e577c8c2
SHA512 ad4e4019827c8e1670c37891a155c20dfeecd8f06b7460494f78ff1222326d532a66491ee0d0101b27a5813fddfe43cfde39c0b01e3acd01ec42f3f92340d169

memory/1484-626-0x0000000140000000-0x000000014013E000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 0b8c363f3bf927b8159593f337abd864
SHA1 cfa20c2fad87ebdfb2b9badf7e6246e1a1bfc679
SHA256 2876ec62df2cf8c044e42585738c3818a219542e4066398bcafab407376a29eb
SHA512 efb49a27e1ae1956844ca74944e693c7489f3fbe2ef84ae3b16c414d7d37f1ecc0c63e2511ac7e02d4dbdc6cc78e27f01d1a3d19c41b11bcf40533e78a5f8db3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 2bb59e1de2f38815431b689166066669
SHA1 f650be8ce2afc32e8be5dc45c91e5f95df3faa86
SHA256 910d906f9b74428b057de12d2bada3ad3f88ea46ecdc2a41169da81a71a41f4e
SHA512 1f256d700a5ea1921e5da26c59415cb635cefbfd99adadb6bb7c20e62ada09ce6279d42d6fffbe07e4a660b8187069f9848791af27963531e3ada2a25aa0f3ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69e7f6e7355f3f5f5995e0e4eba0c08c
SHA1 c1c52ee2f31f959ffb709ab955dcf2c47ba191cd
SHA256 f9263cca33b058be94378ec47aab92eef0b05f1b979c3e0578dc59d2712f6b6f
SHA512 65a7d9af6e7137d10652c624b65315986e147a25a52769bf747147b45a0c3f2b44d304b2cf8d5f3e2749484176e1edfc3bc3290fc1f564d8ea3a73b82d7f4b2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 1274384b5c36e4db9721d4567f92910f
SHA1 f23ad6e7fdda7400279fdee921714617e24cc054
SHA256 e8fa079c70a1cca3c78eea7a506754f56315cb597eb51ed430ecbb1f4f6aa920
SHA512 131a435f7ccb7004e79f9585c5b9f5995bd2bfb88fbd343633e4d72de242e75fbc5ec57f51a2a655c35c9499fb6fb6f608157d2301ade61ed1f749da687af130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 504092b351ace41b9d544539a2187aaf
SHA1 7b1761172be370839d7f857b3baa49d071bffa7a
SHA256 ec74596dda7eca33470a1591b958cf52cd129bc2b5d7a49c7cd84c38b5018c90
SHA512 db1cae615b25ec513fb2fcde190eb73e8d06c90114bf74cb2f4a9ad63703a237624754ad251160a10e6cd4f798abac8c5c9d8f11795e9c6ed1c29196c4c16058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 dee46781c0389eada0ac9faa177539b6
SHA1 d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA256 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 2abd079be1223e68fdd6f520afe8fab7
SHA1 0f52ef825e632aa99b80724e2fc419fe1413ff39
SHA256 fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75
SHA512 41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70