Malware Analysis Report

2024-11-13 16:31

Sample ID 241109-nxfbpswqek
Target https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software
Tags
meduza collection discovery persistence phishing privilege_escalation stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software was found to be: Known bad.

Malicious Activity Summary

meduza collection discovery persistence phishing privilege_escalation stealer

Meduza Stealer payload

Meduza family

Meduza

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Drops file in System32 directory

Suspicious use of SetThreadContext

Browser Information Discovery

System Network Configuration Discovery: Internet Connection Discovery

Event Triggered Execution: Netsh Helper DLL

Gathers network information

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Enumerates system info in registry

Modifies registry class

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

outlook_win_path

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

outlook_office_path

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 11:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 11:46

Reported

2024-11-09 11:56

Platform

win10v2004-20241007-en

Max time kernel

570s

Max time network

601s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software

Signatures

Meduza

stealer meduza

Meduza Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Meduza family

meduza

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\SRU\SRU.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\SRU\SRU.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\SRU\SRUtmp.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\SRU\SRUDB.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\NDF\{DE394C64-86E4-4C40-949B-9793F6844AD1}-temp-11092024-1153.etl C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050598569-1597076380-177084960-1000_UserData.bin C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\SRU\SRUDB.dat C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\NDF\{DE394C64-86E4-4C40-949B-9793F6844AD1}-temp-11092024-1153.etl C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99b641b1-a396-43db-878f-0a458b1fd8a7}\snapshot.etl C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99b641b1-a396-43db-878f-0a458b1fd8a7}\snapshot.etl C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-4050598569-1597076380-177084960-1000_StartupInfo3.xml C:\Windows\System32\svchost.exe N/A

Browser Information Discovery

discovery

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A
N/A N/A C:\Windows\System32\sdiagnhost.exe N/A
N/A N/A C:\Windows\System32\sdiagnhost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A
N/A N/A C:\Windows\System32\svchost.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1068 wrote to memory of 4680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 4680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1068 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff996cd46f8,0x7ff996cd4708,0x7ff996cd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4200 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Windows\system32\PING.EXE

ping 1.1.1.1 -n 1 -w 3000

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\ReadMe.txt

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"

C:\Windows\system32\PING.EXE

ping 1.1.1.1 -n 1 -w 3000

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Software v1.24 loader\lib\HikariCP-java6.jar"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Software v1.24 loader\lib\HikariCP-java6.jar"

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"

C:\Windows\system32\PING.EXE

ping 1.1.1.1 -n 1 -w 3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0e6efae6h0358h46a6h91c0h52edf79dced4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff996cd46f8,0x7ff996cd4708,0x7ff996cd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17618507612175817369,6885199037232831087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17618507612175817369,6885199037232831087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\README.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1

C:\Windows\system32\msdt.exe

-modal "262818" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF20C4.tmp" -ep "NetworkDiagnosticsWeb"

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun

C:\Windows\system32\ipconfig.exe

"C:\Windows\system32\ipconfig.exe" /all

C:\Windows\system32\ROUTE.EXE

"C:\Windows\system32\ROUTE.EXE" print

C:\Windows\system32\makecab.exe

"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\ReadMe.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.151.117:443 www.mediafire.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 117.151.17.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 3.165.232.112:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 translate.google.com udp
GB 216.58.201.110:443 translate.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 112.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 88.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 44.240.101.157:443 api.amplitude.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.200.42:443 translate.googleapis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.178.3:443 www.google.co.uk tcp
BE 66.102.1.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.101.240.44.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
GB 216.58.201.110:443 translate.google.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.19.208.227:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.208.19.104.in-addr.arpa udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 3.165.232.127:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
IE 3.162.140.85:80 crt.rootg2.amazontrust.com tcp
IE 18.202.187.23:443 bcp.crwdcntrl.net tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
IE 54.170.33.189:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 127.232.165.3.in-addr.arpa udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 85.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 189.33.170.54.in-addr.arpa udp
US 8.8.8.8:53 23.187.202.18.in-addr.arpa udp
FR 13.37.187.223:443 g.ezoic.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 de81cb7e6ddb1b9300ac6f1cb6f7f0ae.safeframe.googlesyndication.com udp
US 8.8.8.8:53 id.a-mx.com udp
GB 216.58.213.1:443 de81cb7e6ddb1b9300ac6f1cb6f7f0ae.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 api.rlcdn.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 216.58.204.66:443 ep1.adtrafficquality.google tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
GB 18.165.154.87:443 cdn.prod.uidapi.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 c3.a-mo.net udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 dnacdn.net udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.135.53:443 oajs.openx.net tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 87.154.165.18.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 142.250.180.4:443 www.google.com udp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
FR 163.5.194.34:443 prebid.a-mo.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 52.50.99.59:443 ap.lijit.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 13.224.68.7:443 hb.yellowblue.io tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 34.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 148.207.120.3.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 7.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 59.99.50.52.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
FR 185.235.86.80:443 ag.gbc.criteo.com tcp
FR 185.235.86.99:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 download2334.mediafire.com udp
US 199.91.155.75:443 download2334.mediafire.com tcp
US 199.91.155.75:443 download2334.mediafire.com tcp
US 8.8.8.8:53 80.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 99.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 75.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 104.18.159.164:80 otnolatrnup.com tcp
US 104.18.159.164:80 otnolatrnup.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
US 8.8.8.8:53 164.159.18.104.in-addr.arpa udp
IE 13.224.68.44:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 54.230.10.67:443 woreppercomming.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 172.67.141.135:443 www.chancial.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 35.156.1.158:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
CH 23.50.98.41:443 cdn-production-opera-website.operacdn.com tcp
CH 23.50.98.41:443 cdn-production-opera-website.operacdn.com tcp
CH 23.50.98.41:443 cdn-production-opera-website.operacdn.com tcp
CH 23.50.98.41:443 cdn-production-opera-website.operacdn.com tcp
CH 23.50.98.41:443 cdn-production-opera-website.operacdn.com tcp
CH 23.50.98.41:443 cdn-production-opera-website.operacdn.com tcp
GB 216.58.201.110:443 www.googleoptimize.com tcp
US 8.8.8.8:53 44.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 67.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 135.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 158.1.156.35.in-addr.arpa udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 41.98.50.23.in-addr.arpa udp
GB 216.58.204.66:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.178.3:443 www.google.co.uk udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 3.72.6.211:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.178.3:443 www.google.co.uk udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 211.6.72.3.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
DE 109.107.181.162:15666 tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 162.181.107.109.in-addr.arpa udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
DE 109.107.181.162:15666 tcp
US 104.26.12.205:443 api.ipify.org tcp
DE 3.72.6.211:443 btlr.sharethrough.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 89.67.192.18.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
DE 109.107.181.162:15666 tcp
US 104.26.12.205:443 api.ipify.org tcp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
US 95.100.195.156:443 www.bing.com tcp
US 8.8.8.8:53 195.195.62.23.in-addr.arpa udp
US 8.8.8.8:53 156.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 230.93.153.18.in-addr.arpa udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 95.100.195.145:443 www.bing.com tcp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 145.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 150.93.78.3.in-addr.arpa udp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 coolservlets.com tcp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 coolservlets.com udp
US 8.8.8.8:53 www.coolservlets.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_1068_PTMTGXFZRBXIHRLQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 173c865cb5b95cf4e818c0a65bb425ca
SHA1 94b74687ce3cc8591b68b7fb9404c70b17849d79
SHA256 c8d21d60183984a0cb6426770cb362c147a76b60540e80d5dffca2de2b66fbf2
SHA512 3423081d00bb9cce564a6a43dbdffdb6828b3e944654f4122a51e24e5552c55c55b8db25e6714b83ebd80ae601b5147991e6e27ef6e27b782a79b862adbb39db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f03a238e66f0c181cf2289e853b181fd
SHA1 d5a94040d91c52e718272e46a3b219ad3ca40b20
SHA256 2ac4d0ee3338f9b7430afb6daf4e4dcefaf2f57c92c03201bb3e956c21042f21
SHA512 556c66fd652ae44a03603c108ae90e1e383febe1d6ed11f738c6f15e4a63635f198bc95744e8b428603ba877786807c5ffc85567bdb285c6b3494c0ea51cfcce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc1980035f9c50a4b9b81198066811ff
SHA1 053b6681de10bf672abe6515acb733eefca7139f
SHA256 28913217155ad5c3dca5bf206509c8979dd33947ffd73225c8930cf72aa7181b
SHA512 ec8c1927be77a86b37beece682c546cc127622f6673a8c72c8807a14c3bf0e4940b2ccfba8276a671d96c7f6d12f85f7501c785ad19ddb94574ce8d766ce71ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d79d123a31a766e2805c113646990e5a
SHA1 42f1e4b75dbd2471602f49ba6917e8d707247acb
SHA256 a3bfb4cd490e5858811b6cb79afae816ea8b73a4b73d5b69b77ca01cbbd41334
SHA512 5fa9fb69ed3db9a46fd884c624431c3f602708ee3f414937b9230605d14a7cfc2fb765528c0b761dd0c4ebab908b118d021840040d434df96e589d588b57d6fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d97.TMP

MD5 ce75da49e523f855e1c093979375aabf
SHA1 0e64ebb6b782c418e0d9977ac4675577c38158a1
SHA256 7e9181af02727654e6af7e64b1eb42c24e3d62f9626e4a1ad2b8dd27ad808790
SHA512 98e8a8daf63254937d61eb6f8ec79b03aaa04c210f600af4a23453bce07162c76bd308b2b943553e8ceb24f7cf95764e86d3e9b263f1ac813208c05f910c7249

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 12ae53d237ebc4ceb10a76dc71824661
SHA1 b173a7acc35d9ca37cdee9230ccd9f6854adcc5d
SHA256 fdc08795c2998412d3a282c87343ef45e5abe7d7cec458638baf1baaf9e41326
SHA512 cc1a88745ec61eda050290b2c1b614c55b8037c0c4aa80cf3fca775b8c1a7f8ea39f74d60f283961852e8c113885a0c459c188d269c03946a4a8cece8dd2fc56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ea7a1214c987cea62ba8af32efc91da
SHA1 b1dfca75507d12c9a202c08170d2e08e35c95bc9
SHA256 eb1a6bae1e368479fd983f35282f6f24cab440b8b05fdada4ce156568333869e
SHA512 994ec32a28b051c5fe966203d034e29b3172c2675849b6f24ad282249a75a7d9784735c971e6ae9b3e481f6e7a2307b98f4dc6475c576dade1a988ac90ef40fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 756f5e031460316658b2a920a27aace5
SHA1 f3f840661f03863aac8ccfb262a400e880e7da10
SHA256 fd493c3811afebe3047ae4d5f6424496bc40446a3f997eb7cef8371d38067491
SHA512 a79c20e1e949ad79da63c60bf773240b83f076a2d48954ad2834e57ced30161360e8557f7a4a4a84485338973e9d887533994a6c9b9946718e83a1d904e3d9ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 f79882e12fe87d482fe216d30ef3c93a
SHA1 e3031f2d694529705d8634b397815cd907fec24d
SHA256 c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61
SHA512 075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f590c8227b547c6dc609b591445241a
SHA1 7cf7eb3358a0dc667a22f23025335a3354a546c5
SHA256 2c68f5463d67cc04c0ba65d486b2f573a6d54f497f831c3925a2ce0a0db30f7e
SHA512 4298602753770f8e8c1c4f1f9197bab8800220d46ea0df4bf4ec56c739aee1a952ebe67eaa106deac0bcfe3822621e030c0f1ba849e8f379b4589636ee6090bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 923ff56fd5f2b6265f24ce83d893c831
SHA1 bb994d5b73205e4c2c75b2471c658c12c02eb3a1
SHA256 e31f216130f0d6ef92e05a37347eb82bf9c0675e9553d3a5b3a63e763c6d3843
SHA512 9c8bb5e36d6b68eb6068a054b5b8509a2b8d5b277d619ba635415b618481e5d560187f4c5b061add16bb23472cdfc28e9c2170841dd9fba7187aeef2135620b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ea431a4932a61bc5a66bc9bac8c9b87
SHA1 a189bfa10185d7af641bc9008e21c6bb566405df
SHA256 eab822385ec5b5e8eb7e0cc594931c58273c104ea8cfe9d110b602ec2e731c21
SHA512 484a68d5b4f93a71d1541b15f7d46f3288c897f4c67996c09712a094a9ba339e19c8bee94a8ceb629e1a081e0e667de99371e8b352770849d99c9dd2f14d67c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2a6924a2c07eddfa26a1a2875e3ac6f7
SHA1 a2bdd51690326568eca00ba15939d1a98b49068d
SHA256 e1a3a342cfde551e50e37e15483bf7064472fb86f2d9f5366171c629473d79c7
SHA512 5c56ff5ac7eafab0bd13ee62a77f1b600bffed7cdff7a296e632bdda129de56ab2ed32cc475170ca8ee8cf1e1a865738d383698a77b0d75c92d004afcfb1a439

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3739bbb057a9780bdab986b4e629a1d2
SHA1 1ae44eafa028863a8b7c4ff6b709be0b3252e603
SHA256 6086400ce28d58183805348539c94320ec78dda45e2d1828bf7a7f0df2a44a3a
SHA512 da2ffb6b6b7b6825e7ff8a8bb88139c9c07a6c590c8d811d35675d2c57e0aa46850420d2355b47068261e4d131c30ed3a81bf35c0ea13508a231fca25d88a778

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 92dde571ae996f045caf0c18bada0a83
SHA1 92a6582a7f058453de686b15a9912f1934288a70
SHA256 3f2d91c1505ca6e2eef2a3d5463b64fd5bc018540edd6880a765379b53462e51
SHA512 91179c7dda1e9097757179f7cea5b4da3cbda073bdb8d168be48e5c8bf1c1dc41124ab68b1d9583f8646aac140a2fd5bec443a2342527d1d12a1307e31b0a9e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f4b2118ec663abc395de0cf8855d17f
SHA1 ccab0fc218a34ba972befe090066eb0380e346b1
SHA256 883ea7a9cf503ffb6dbed841368815fbaf6e12c82924cd74dbd507589d14e018
SHA512 b95fcc10e8008aab53c4a767afb1738dd06c455df3a5dc491136e67b7e01a73e33ad83f9cd87aebffca8b21b9216b08d042ba18ff07fbb50b98e692c248dec38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea1304041d7ae3733deedd5901074457
SHA1 0b4104e0beda78a182adc894c29c564fefcb05e9
SHA256 f4c42a4b974cb6f2881b384fc977f6f97ad6d78556270934d513da0691a8540f
SHA512 4a932c8a4a45adbbc4aa4ab87626a95a775b89dab65d910e1240330fe8faea7fbc40fcb4e9b6b0b81618e123e541a1c2bda96b23e80b35b2c972983021be3a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ef3b041c35c8200f9f7b4551b48caa5
SHA1 7c9014880c6607d7fffe721b6786b6198e567043
SHA256 aaabd36c0d0704c5561ef632293a59084c2eb999018d464b300e6e13fc7a9718
SHA512 3b5729d344e5beb73b01f5c661a312c69faedbdfdc266fc7b15d7f90357f026315d412bf8a936b2f8b64a5302bbf8c4133bd0150818358a503644238790b9534

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d4107ff19d8700ad62f581e3e6f5220
SHA1 131a63828259f2ec286aed3d6902337dbb5ed293
SHA256 9ea1f05e9d6c5cea540c13dad249bf30a5ac19085cc6b458dce80e63ff836657
SHA512 d6e2b80c8f67211cdc67e710db2833752ef49d7931df15cd1f4bec597b5da59c1fd8db46113ad91350e7c494db7540fca7772395a04a01d4a54e299da00115c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d5754cb30d7cdc29d05efbfef51d9071
SHA1 d9fc281a44ec888b5823d5cf2c755d2594cb5b16
SHA256 3e3836d4f13a91a4b530576b33bcaee1ded85dffe1d68b1e58a2d2f079e58581
SHA512 c9b3c4b99c0b63e7586442e292f7c89a5d3e4745ab100b953ca5f6e1f398bb8ec2c069c39e0a72b5d4aed4c70d2cd4dc4a1b0ce1b47965115a5abf0b48b182ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3da838ccc710d72f16abe788e4d7ade9
SHA1 a4b67206078863f7a4ac6eb7da62fa55d2ae9ecc
SHA256 0b0ebca3d00655b1c43ffc3c004b3463547801d7839e3dc57cca64622329e2a5
SHA512 79dc74850e153e0bae5ae7c91f5814cfbe231fdfc408e82e311b11c34f9a3b22501e8912973ce1fdc95264f9d0bcc36d936dc2770f6b372969ff9dc87c62c0f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ace8891be2fb1b7_0

MD5 8bf545a833a0a80b3cccfeb2d4911350
SHA1 f11cda8c22f2ee88150860286d26f1e81c688200
SHA256 c4f286f041f7188683400ff05038cae4b599d3bfedd66724c875fd6776e2f0be
SHA512 4d944af5112ea38882fc42b31c7218bf8077d5bb31b5e82dd324435d0854d1cdb88bbd1490042e494595dace09517b51de7deba2670167f2c6e8fe42d6c701e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd7d1bd103899406_0

MD5 c1acf9df0c7a7a152bfaa0b0ab27f6a7
SHA1 309cc63009934dc0eb2ac518a1d810afdbb122d2
SHA256 c43a591826f6471aefbd2dabc577ceab12146c6190baaf39e4bc76d71c5238ca
SHA512 f4d2e48177ca83a7073eceb135ae27159ef93c6db1b55a944629b7281df80ef121dc300bf37141ee009994f94089fd03f654a29a947704ccc81a0e15d9807bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a6d1963d9316db9_0

MD5 9f435723e492069f5b87b763bebdc7fe
SHA1 962ff7ea99448aef36f633b5b479c0d2c1207903
SHA256 c052502f8449d6c0ef4ecb6efceae73bcc20903d7d4d9053048794dfc2f37987
SHA512 cb80d2677fea09d28c218e3024e4fbd9b2e7ea7b0dcb7d2bba4b0ebf3d4545e8505532fdf58514800fd765dd86f196079ff7a6ef49c23f041db208ca26a004fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9501205598d9a506_0

MD5 15c82a210cb57ed18e90bf93822f45d8
SHA1 8abe20b30324b5eca2ca1886a7023219f25636c7
SHA256 a04b2eb3ec561f327d905c7481d6ffb55e76a00f1f91bb141ead423f036afebd
SHA512 4c34e094a0350e23cd6cf2a7dfe524c536345e52b3efe76c2acd5c088d92b2cfdec2336c96c14088703c9349ba79bc3774dd86d1b52ca220ff7620f418ed9592

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee1ca9dd9ff6a95e_0

MD5 a73807272e4abb1fc3c9a3773480723d
SHA1 5b1b8b45a0acc974de27f88d356554cbcdba4181
SHA256 2b27699fd9281bd71bd5ea9b1d8bd7312842604b20525e00304c5e6eedab0f76
SHA512 0573d01c8b5986685da27aabc61d803a516a0dd3c895767e85dfd2bb6c88b4193af7b2d9da0b31dd7c573878506ccba8fabb4a3b02a0ecacaf2711d29bbfe572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a77328c44022353_0

MD5 b726749a23ca330d867a29498d15dc23
SHA1 47071cd6f58696c402b2ee2409b1ef7fddd48608
SHA256 e172043a9293965a70d456b442c331c70f1c6263b9d3244477c77887ce08af13
SHA512 ab483467edbf62ef749d869c54335357c0dbdc140e245bdd1f03b36282332d0f16e1f9a82c2d621ceea97e25d83bbcf99fdec7a53cf1776328341ed3db135f8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac29195a901ecf92_0

MD5 caf21b302722d08ccce647d14b528993
SHA1 724563af5f55f71c3d4bbc993f8734d2d27c954b
SHA256 1658b47a8e9099cc9b9c70593a171bd866dbedf1d80894b2ddaac364fd471bbf
SHA512 2914a2143dba3e70d13f79e889ecbe0de2cc42594efccc6fd85abe13f360c863795553205843a1e7d95692e01173ea496b804813acf42dcb3915a11df9d81d23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 22a821e3cfc56b676fc5b557b483bd7d
SHA1 a789658637ef4f96ee3e9078b13db8959f03b128
SHA256 5d33cb1d972d36341d2ab371b59d9f67a733ef8b6e374d38c621e463c7e8dcf4
SHA512 51584226c3d01522465ee468c18e54693c6bbef41b8ec993d1123cc5d72d561ceaf5f3180c2fd365118f2773ac856874ff5367bbec2d8c9995536be4ba9c6b1b

memory/5552-664-0x0000000140000000-0x000000014013E000-memory.dmp

memory/5552-665-0x0000000140000000-0x000000014013E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2eb96dd0eb3e86d926753442c2d09303
SHA1 b1af60915c28632ffd9cda5995a5c5448e84c399
SHA256 d83d828f26cba3679013d7dc3422d4ab12ec768db02ae7889a73f5d6e6cdfadd
SHA512 60ec55cb123e19f3ec46f68091927b0ffecc43345ff16a8e15cc019449fe1efd8f6eadea6a157d753d322c0a4cfcc325f90aeea298bc94ee42919b26d644ba2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 9216fccbeae96addd7b1b8c15af46d96
SHA1 24cb627e2662e7212b64d0daa11f462632464b31
SHA256 cf279e33640e6a19a880cd1652275e012f5aa63ecdadedecbc8fdcb2f36b71f0
SHA512 9d44c3b0d243b6044069fddb288c0223d695b07a2cce7550ebdb2ddaae136a3097fd426b9fb1d1cd75e867b4a2981585d7c07d9ab86d464067889cde1d05894b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 24f384ee01c00f87fa2a42288df4a7c6
SHA1 74e7af9ae7d37b02584edb679ed673bb1086f132
SHA256 76373e0b8e1079e0b8f8237037da6fa9a67a341c76ff86817f5597568c07e32c
SHA512 99a13a7a57991565f0b8e8fade07d042dbededbbc24c0e229404870f66bf0a5d9c93d278eb41280af16563f43a0793779f9895a4d6bd5ec8b5c78d1629447b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 1cb107e3e2a02978932507dcebb303ab
SHA1 d229575b8bfc959c0ca4d4700f247b9ac4fad63f
SHA256 eb1e885e77f4abb68f638f78e68bf2c15af1d8bf91a6de9414b147f9118cdc2c
SHA512 ef65e4538e0149cdff7496b41e660a1c2843d0d575fcda0d8194924e57a8570b71acf6840a67119b2d5af6f74b8660b5b638d336ae3ddcfb978d211674206e23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 43dcbc5ce0b072ad0a09803591a02f94
SHA1 eb4d75ffa1dbe57c7e14b7e173e991c84fe4696e
SHA256 eb474b31e0cf2fbff5d59e56dabfa20166b5d0bb603c26f7623f1f0ef1147e79
SHA512 a16e99403fc3d128e9eda63d14c2358f8a79ddf97bea27ac02b6335d1db642e6917a5f9aa9e811843cb2e1f447ee4a71f3773b1ede90f0f822b78af81be4c39d

memory/5760-678-0x0000000140000000-0x000000014013E000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 fc18148e7552473bcf27ffddf6224eff
SHA1 b00fde63f752fba6609fa8062a4ee9954b35f81f
SHA256 e2052fb9795f491f1c0db173fb7deb7a0e857478ce34f541ee5b8dd06fa86d90
SHA512 eea7fb613676fc8444324b5c6f045f1940bac50bcb761f7c6a9afd59347a9ecf0bf039b5816bfc5c51fb2acb37b39efe5e9e5dcfb6a20b017853727a9b83b02f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 f810cbd7a6a3bd76505189595423c5ac
SHA1 a2dddee28fb6b499a5bdc5e31bd66fd81cd602fd
SHA256 bd9f3e083100cff76872aabc5a3852332170c37e96923881cc246e0d0e4a3416
SHA512 92d0386b06c71d25c285c647039ecb5bf0507786bfa6e561f8698ce2f962817663c405915eda311827972ca41b6a7ae705aaeda6de1ce06ca888d23fc2d95793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 4782f6d9df9713f317f184eac0ddc907
SHA1 0938fcfe87eead9ac17868872636af66c30228d3
SHA256 8f2518173641c2515d1098fd4b7fa6f59bfcdd6193fc20e12bf931a33d06bb45
SHA512 359a376cee044e49f0d44d342d5bd1d39f20adefd6f72b6dd66995e8657964b10d6404fe5395996ef6a41a5ec55474301cba830d42d4448ffdb6e785947cfbfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 138e79ded4c7d0cf47f6284d71a8cc20
SHA1 dc7ff67a99d7a71f7e6f15799967aac60e70be0e
SHA256 f7a7c3a7a95fcff6c43b1d5c845cde2b6a116ea4b9a018d06bbd498ada8e3c7a
SHA512 8370ce5acf5494c21516f97ab49ff82bd7252c8a93f4ce684e732eb4c85c0fc4a3b417542c9f2f1fd24e420ea419b59d3b2bfe87bca2ef64a4d0f29898fcd4a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d47e661791b1d5624b68d6de765e3200
SHA1 db25243f419296821ce0f593a913d04b44ca6332
SHA256 0d84165c6528622a3f9307e0187b6f35f41a2462d4958347d1f178b9c3595190
SHA512 7cd992978c38b53fbf49789b33c26e5ab58bf0c8d12f5c9981a4bcef8a032d53e2d7b5267109cad79d23563524844631dad2ae886ae3f3dcfc65d06b5a989bfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce9d8c57d631a0d661b3761faea32b79
SHA1 daceb8c35bfbf5cb36b08b148064c360adf3026e
SHA256 83e5a05a19d72d2b7c07b164d9cb72bc2ceebf36b80fe1940ac649ef6e5ca4e0
SHA512 70616f6549d3f5443485d977836c561cd2dba110f99f11ce7bde96bb5fd5e52a22ec94b238f9ab0d51a1953cd7d90dcda6d15b070465975bd38430f6574b6faa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c309031a56ecca66eb7b99d3b909c4e5
SHA1 93ad75552a914f7e9931155bbc02d27ff57d5c3a
SHA256 d9f4d1efeb8ad80cca7a15c6bcb614710301e66531644303370cec5e88928263
SHA512 45a11f2319f49b4fbc9abd3c45ead7e8d8876f54bff35925ac28532f043e63d7da15846c5eb9dc2bfe46436a738934b486a685e28887030a764a4aa078d490b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dab61c2630467edbb7e4239017e241a3
SHA1 0342abd94145a8b32e567d9546a1e8f09d1ef972
SHA256 38b66f7ce3b4608898d600b6367f911a4b9c6bdb02b4997cbf4088a939dc4710
SHA512 c2338c9ca6f6913d461948ad367ca1a3cbd18ea670a34b27b4fc3f95a8d0b36ebfeb15c478adce2aba43149205f6adbd06faea4696f36ac3271f2c526bae19b2

memory/1512-778-0x0000000140000000-0x000000014013E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 52fccf8f07c5031b53b8a2f0a1351ba5
SHA1 d794cdac43df0ff0eb54e70f561ec2b46f6a5310
SHA256 9d6ab386da7c77a3decf275dffcba71df2b9f9b1798d92f50c6bcdbfa1de621d
SHA512 a0bd565cdb558becec8aea9b8e901ddf2b050936df978f6b25398d08cf6fa269852a6d7a972bf1a6c8e2d597b55eea731eae98a142be4f2c12e6d7ad28915ede

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78cc65632e74f69968f26bbcf60f56ea
SHA1 952258f43a1c0dacdb1e2704f0bda04b283a46e1
SHA256 b088ac9ed758ea9fc81f3dbcaa5a103acf0f52839b72782bb8f5f265bcc7aa08
SHA512 2e2bfd85a4d2fe93b1545124312c7c0242c1aefa7359f22ab967495dd7353968f5b31d977308715e713db7c97eed895f7103d4309a3cc3868aff6c5770f87211

memory/524-791-0x0000016B1DB30000-0x0000016B1DB31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc74ce056acc7db7133ee57e8b5f7b43
SHA1 e2f174981bdfde7420df08362dee1a863b7a1431
SHA256 9950083cb81adfe67ef394da0d15a2cdbe1b34ac1dff5ad013db0c2e1449a774
SHA512 ca02d1d9d0d9c16d502ba427ed5d6139e608f0635baecfd64dc838956b8e5acc176b07b895d7da9c883dc89549745d18ca32ea034cb48dd1d3359c3af2e2263a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a4ccc08151cffb06ca2919b7450b427
SHA1 d9c647f61e03cf201fb9bca2d8e7ef24f0593259
SHA256 0187fbf12d2dc3685cc0d42a829e64e43610a44649c7d1b2cfbb806a952319f5
SHA512 d4d7621781a4749a84dd63a30e5e8ea444b8c7143e3e30e8f5e3b70bf2dae3b89a134f927192b4675c09a27c45c554e2fc349da878418b481938d39ad34a3228

memory/1276-821-0x0000024BE4260000-0x0000024BE4261000-memory.dmp

memory/1288-823-0x0000000140000000-0x000000014013E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6bb55b28ca38035fc3a3d1190ec08a72
SHA1 e8705958f6c3b8a01a21cdcfdab4d552f0355756
SHA256 dff04a9630fd310ee9d66b4671b1b83c6cb40bdbc154760ebecb3d89fdeadae7
SHA512 73e0d4b90c3a800147088604248c715d3cb7bf7f27add1cbab7a8c8559a5e12d2fe631d414d8f19948ec3a67d8c66279389829f3dd516b86d351d7f300b65c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4d63cb336632c0a3997a59af7226af6
SHA1 ca01c78b9c6cd5154b29beecc2ca271f139695ca
SHA256 62bb627493bdfd499a1b60c1c76fd9e90f26039956a36b8dab26d4747a70cb7e
SHA512 7167fcbbcd0b59021868b382ea653f001e250eba3fbdbcd8e01363579b835954ccb7cb866ef96894a0d238c68b0f717da9dcb51123c20e9fc14b6c91b31c08fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c6974bcf6eda558ed06e7b37af41f6e5
SHA1 37ea8e0dcca3bc15a0205a82ae6538270ca9bb43
SHA256 a30728377962e289338b7d5cbaf68c6f0c18f4209a331b752de1cdaa15154900
SHA512 ab58a40e6e46169fb3e1b88522eb1be84d9ead9c5de188df20f8e1b140ea0ac2be568a30c76ada48ba13971d4e1b2e860a6b7c92e7e6eb40606f8659cde7da88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6615a71dbb62391b9bb22901f17e2138
SHA1 719455ef7777df2a69921773487aeea98fd8d722
SHA256 bd2554b4028abd2bcc95c26da8c82442a96e55eed0559385d686c8bbafc143c8
SHA512 6e172f9742fdafda567440ca574aa0e2d85d2ffa2a6652c36d9b220b40fb5039e3ee4308075a7a0ef73357d7ea63cd27f9726fc43277f6a8b453aeade4916408

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb4df48d4c6f902a48234263720e948c
SHA1 5cd5bb085e2261db28e6586527f0320251e76627
SHA256 0fddfd25168e54c85db05d5e77d3a457e3d25c86e14b1e53483bd9388c6314ab
SHA512 473be6d9964dc3f5c26cd63475c0ec52164f3788bc33b946fb2ffa46ea45dfc8956db4de1097d4c48d119faa89623085a73065bda72b683dc3fe04eab5afe235

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 637495d5a662f5c9a0bad222186c9ce2
SHA1 05e627ee5657cee8f0d3f7cbcc1da2c37ff3e685
SHA256 7ffe24788f3dbefec1447df58e49e171283a1c85aa87c37d4df06eff0d0ec71c
SHA512 54d9094a8c7e89483a744bc71ee7d5d9538478ff8e6f9c8f2c09106d35c0897bb89a765aafed3e032ea4cf6eaa654b3f0df5fb87fcf485168267d5b66e35f069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7f09768a27ff18bd909a974400ac145a
SHA1 cc5fe6e22ae6195ed8616c9b8b80c3700a99c286
SHA256 413f74b02952a76f015beaff2776221a31ea03d34e73eb393f5109310d052dba
SHA512 e8c0e2ded39e15f9c6f624b7fcd57ac0245cde5894765ac434d8279f923cece23357b197aed8dd3a2d9f4c6b437b374a8dd39494f001535818cd8a2ff5284be1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5e5f75f77cf932f48bd6e253cdf3075
SHA1 ccdcb688389ee621527f53c767acd37f4c2008d0
SHA256 1bfe6ceb13703cb7b5e07871cd0e52ccb9e14b2e4ce00fc63f24ff2601698dec
SHA512 506ec380ad060aa83aa36d18b33c2ab4fcf1a636cd94bd7ce1eec7ea4f7b1f0e3c5e39cb1bc126275d928205c1ef426ae82c77d67aebeeee24bac4eace206c81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 02ef47d67c198b8f6565c10d51954fe9
SHA1 18b0cff4431b060dd419565378b41a1cdb08bfbb
SHA256 4ef097df39a49163f7d6d9cd7ee8f406d88bc8ed12d69979cb1ede02e7a36eac
SHA512 2387181d34c791897cb72a6fee5b1dfc5f1ac8f6fb572f4eee33b062df6ad5f92fe5a722e1b0fbed541c7f5032aeb1406f963c5ef9e75d00f24175c25d090a70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da7590a6f8336d91e5c5587dfcad8079
SHA1 14357808b18a1c7a0de58771e84549f343e49701
SHA256 7598f6e12239ce26d67a7a62fa990dbcb0295d5d869b296e659206df9cde3067
SHA512 fa3267cc450193dded11524a81ddc792db7514f48b39b8667f731af873f4a3aa9723d731abce8ea48c5ff1c10562fc11cdb2df9022fd6bba14c5e1e0aa8c0f2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c93b2b16c0e20bbe400b884c90cbd891
SHA1 33693650a7afe61761c3930ee29ed421113de5bc
SHA256 5b10eabaaba6636b79ec0bf5d5819d1fea4f4a662215901ca121f486e45a493e
SHA512 1dcd7b604bd77e353821ef99e014920bb4f94052aece47c412511ebd2841dac5ee78605bc78898973aa6850480d61460d449e237b8f6bde9be6fa56b3e13f1bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c6a8d97d6f62dad1adea1f18407c824
SHA1 45d65f80597c44da851e6d1a782ec58229086fc3
SHA256 66c8f9401aca6d74388534a00799bcbd3840fe8ecf008922b620a0c2a7a57dcd
SHA512 20b9a2a5e7788feabe6bd0f9e68604850e728cbb5647884cf108435fef922e0071db127bb97cba22497fdbd9a7f2ed8968f627d5a8367c8c20ab8b7ae2dee20f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 45115ee41e8a3a6d814f5586b929cc28
SHA1 81ede6b8717b42acc44283c9c2fdf82d0a54cad0
SHA256 709b55ea954d36850838f63af51619895a70d8c83e21e3cd6bc0e8afda39d9d5
SHA512 351f350df552aba8d59b7ec0da909508dd5b23e81c3fd7ffe98b731469278a75bc8f68300938767be3eea5c48de59f2252853f7606291915e6612eeaa9e00512

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ffd8340510f83ba36c307fab9cb78fa5
SHA1 c278d458c67c512f865d480d96396b0b1974e4fc
SHA256 cb8478e681c6749b56ce947428148d333a9d7b196cc62bf393585de486865f52
SHA512 2efec0d6ef845ede757e042e8d53dc3ed874b25c929c064404e4634fab02c0459a918fa9b080d63d625928eee10daf00b7db1f180602dfc0f072a03952fe37ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9e5a40666f02da127173fe7f793802c
SHA1 f473459e09216bbdc4840346d544ba9b40e4be95
SHA256 717a660475a36199f717dcc1cb6cdc69e3e9a52d867aa1c8b33752340e07615f
SHA512 2d7a6321de4fbc84761f52321d91adfad8c854458ca1c781d2513e86abda889513295c18d66f21ddd390c2eb0967a9ddf7b9348665c1b033eb2f2385c1c45f96

C:\Users\Admin\AppData\Local\Temp\NDF20C4.tmp

MD5 33a8ab12d71313916bc59d0ad3f64301
SHA1 be919937916f703c67818369be560bdb0b33f886
SHA256 9616b50d73d21ee9f4121de04bf379810d5533a0fcf98e8c8192cf0002558524
SHA512 7acb3549e6fbf8a3f7b2402c2dbe788bbe856cf812411200de9113254a06b7c85e81c7e11c561cb186d83dd8f98b792b29bb29846eab85a8723dbb0383d172ea

C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\en-US\DiagPackage.dll.mui

MD5 44c4385447d4fa46b407fc47c8a467d0
SHA1 41e4e0e83b74943f5c41648f263b832419c05256
SHA256 8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4
SHA512 191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\DiagPackage.dll

MD5 580dc3658fa3fe42c41c99c52a9ce6b0
SHA1 3c4be12c6e3679a6c2267f88363bbd0e6e00cac5
SHA256 5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2
SHA512 68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gxxlromp.x4q.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1020-1451-0x000002C0BD250000-0x000002C0BD272000-memory.dmp

C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\NetworkDiagnosticsTroubleshoot.ps1

MD5 d0cfc204ca3968b891f7ce0dccfb2eda
SHA1 56dad1716554d8dc573d0ea391f808e7857b2206
SHA256 e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a
SHA512 4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\UtilityFunctions.ps1

MD5 c912faa190464ce7dec867464c35a8dc
SHA1 d1c6482dad37720db6bdc594c4757914d1b1dd70
SHA256 3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201
SHA512 5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\UtilitySetConstants.ps1

MD5 0c75ae5e75c3e181d13768909c8240ba
SHA1 288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256 de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA512 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\en-US\LocalizationData.psd1

MD5 380768979618b7097b0476179ec494ed
SHA1 af2a03a17c546e4eeb896b230e4f2a52720545ab
SHA256 0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2
SHA512 b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a46a27ef8735e309889338c120cb1613
SHA1 bb2ecd16deac028b65c55e8c36c87e5828e2f76d
SHA256 ff26157f2ae1dc5fdca08acff0c55ed78a4b2ffdc980146699bb0a2bfb42e88e
SHA512 4d531a836270ba83863d95dbe48fc32e212a2ac6316e79b1dee1605c2497370578caa3227b5935cfa7c72fbc6b269b77a2672956969e6a8d42a2a9d719f30e1f

C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\StartDPSService.ps1

MD5 a660422059d953c6d681b53a6977100e
SHA1 0c95dd05514d062354c0eecc9ae8d437123305bb
SHA256 d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813
SHA512 26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

memory/2316-1479-0x0000028778960000-0x0000028778970000-memory.dmp

memory/2316-1475-0x0000028778920000-0x0000028778930000-memory.dmp

memory/2316-1484-0x000002877E220000-0x000002877E221000-memory.dmp

C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\result\DE394C64-86E4-4C40-949B-9793F6844AD1.Diagnose.Admin.0.etl

MD5 35ff8ed6ffd9574b9ac7eef816faf2e0
SHA1 5a0566f6cc7bae58cdcea020814e1e5ed775fd22
SHA256 60b1d07c2f81d67ec65d92351fae2d92abd7f2546ea064884f31c4684f797403
SHA512 a1bbd6e91b1d56802ce8c7c4330c27a2776c934a7ee2dbc8236df9f61a22d8a183e680c41cc7430ed4ffc89c1d63074b1ff11eed1867d35361a8ad7a8fa9c5c9

C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\NetworkConfiguration.ddf

MD5 00848049d4218c485d9e9d7a54aa3b5f
SHA1 d1d5f388221417985c365e8acaec127b971c40d0
SHA256 ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e
SHA512 3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\route.print.txt

MD5 daa4cdb2b111bf64f897c5d983e2ac05
SHA1 14d4191523f2975efa56dfc271c92d4378239891
SHA256 9e3e1150b275f118727ca2897d2a0f1934b4e786066b4e538f9abe9159792962
SHA512 84b2ab9029ce0f0a36167f58eca33e260b3e25e8d0b19ca639bf9ed50949770337f283813782ca259768069abf3e29f438b7f99fca8650354d2f0d5685eb652b

C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\ipconfig.all.txt

MD5 a6681610c87d6541f534d47cdb9b6edd
SHA1 8074179fb0242ed745910216b35e831740daaa3d
SHA256 50df0e3e08fb3a7da02f3b065c6e04522ef325ac7804b41db3350c0e19a9c5c1
SHA512 a93bfe335a7f59652586d7ed3bc8977cedd0ba9a082ba578772589eb214ecc4e95ae29a723fef03a5b0a5a13245d7df6509aaca66598a94f15c44bd31ba3b168

C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\NetworkConfiguration.cab

MD5 c05ff7565bcbb2baaa2b279d7bdd4b02
SHA1 923d2630a48a63cb7b1d1b797c77734510683a1b
SHA256 861e4e47a9a4b36a72f04b3ec68d5aaf2b0ced0433ddac68a77b24916f16834e
SHA512 24daa9a525a5bc8a6b1d5b256e3b25026a1692e6b135ce01552f81c98cf8916929d5f21a3ad969686b736694a2cd71639db9c4ad9dcaefcd9548d2a8341154bd

C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\setup.rpt

MD5 2339a5277880f07857bee166fc7eac82
SHA1 db99549b8469c20a3f356de9856a078e6733d9ac
SHA256 7813cc2b7b37819e7ef3a8843efb46bec01971421cb8116bce3b6a880609b621
SHA512 26a00714eab412b6ab651a9cbdff71697c604baef9f48d071fbe1b914ef9ab98f6b58621bedf1b52fcd02bdd1c1cef19efbc21bcecc88f46381370bf0b0f6986

C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\setup.inf

MD5 9b3b0b30e967521d6aa2166c8970088b
SHA1 6f638d39fe3bc0582671d32ae1d5b6d916db3187
SHA256 96b7e19795ae2a4f6a5c2a7b01b78eed31bb320dd611814ea01443b53f55eaf4
SHA512 6a85dca5581601667888fa03d4395c867036f169aa3b19b675c662fd4fc8462c062f527201aa02e0401ad2ed1525be44a203ee8377f2f88de0fd8ec72906ee51

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\ResultReport.xml

MD5 67701bd58a35dc45cd5e2eb2addd6ceb
SHA1 def42419a2cd0d658fe9317c6744080e51b52f68
SHA256 23466a356a4b1fbf28779bd5e5117ebf4d1c63d23b344e37dda826d4821622bc
SHA512 b86d104561fc8c61ceac1d79fdcc3284c72f0f443b878684e21e01fa859f90596040013155e7e6f3166fb63d0429a52de27343d9b00b10abddca825f1d8c2c5d

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\NetworkDiagnostics.debugreport.xml

MD5 b67dac332ed34a0f896b50dcb1f4f3b3
SHA1 bb760ddd31372e24fffd7f3e1db14d3d948f7db1
SHA256 3ca40f012eab5ee22845f1a47075ba4fc757fea3ef2af33dd74858a8284e3bdb
SHA512 01ba495277269daa7a655afca62bf18cd59d338ff87619fd9bfa126d5556f33e8cbc2796ec73bc234c7033f882bb59f801fb4edcd37d48dbaebc6157f9afeca7

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\results.xsl

MD5 310e1da2344ba6ca96666fb639840ea9
SHA1 e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA256 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA512 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b34fe0d36f6a7aa549547fb6a6168ffa
SHA1 39260253b7c4463a13ed68f36a627be1de97110e
SHA256 3891ba111ce05d9308be9aed4f7e77634ffbb546b49ad66e9ca8691eee8b440a
SHA512 45bf5867aec8f8a2ff7a6b92faf1a6682afa12eb68db11859ae31df15826552ac17cf85c51ca571b4927fb82488f603b86347561d9f52d18d511894cf6758eca

memory/2316-1609-0x000002877E340000-0x000002877E341000-memory.dmp

memory/2316-1610-0x000002877E330000-0x000002877E331000-memory.dmp

memory/2316-1612-0x000002877E230000-0x000002877E231000-memory.dmp

memory/2316-1613-0x000002877E220000-0x000002877E221000-memory.dmp

memory/2316-1615-0x000002877E220000-0x000002877E221000-memory.dmp

memory/2316-1618-0x0000028778D70000-0x0000028778D71000-memory.dmp