Malware Analysis Report

2024-12-07 16:18

Sample ID 241113-zsgvhsykb1
Target http://google.com
Tags
defense_evasion discovery macro macro_on_action
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://google.com was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery macro macro_on_action

Suspicious use of NtCreateProcessExOtherParentProcess

Downloads MZ/PE file

Office macro that triggers on suspicious action

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Modifies registry class

Checks processor information in registry

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy WMI provider

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 20:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 20:58

Reported

2024-11-13 21:18

Platform

win10ltsc2021-20241023-en

Max time kernel

1190s

Max time network

1197s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess

Description Indicator Process Target
PID 1188 created 4488 N/A C:\Windows\system32\taskmgr.exe C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
PID 1188 created 4488 N/A C:\Windows\system32\taskmgr.exe C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

Downloads MZ/PE file

Office macro that triggers on suspicious action

macro macro_on_action
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\97bee074-86b8-4dfa-8770-8b323018d5b4.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241113205904.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\{78C02C3E-73C7-4AB6-A23B-325ECA0182CC}\8tr.exe:Zone.Identifier C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WinNuke.98 (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SpySheriff.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Windows\syswow64\MsiExec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\{78C02C3E-73C7-4AB6-A23B-325ECA0182CC}\8tr.exe:Zone.Identifier C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 256408.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4456 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcba2246f8,0x7ffcba224708,0x7ffcba224718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff629b35460,0x7ff629b35470,0x7ff629b35480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffcba2246f8,0x7ffcba224708,0x7ffcba224718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ec 0x248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1432 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1F9D7D4955340B70C3AFBACCF853583B C

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\e2eab00c2a5342e68c27e5b30eab79e1 /t 2368 /p 4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4488 /prefetch:8

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1104 /prefetch:8

C:\Users\Admin\Downloads\WinNuke.98 (1).exe

"C:\Users\Admin\Downloads\WinNuke.98 (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7004 /prefetch:8

C:\Users\Admin\Downloads\SpySheriff.exe

"C:\Users\Admin\Downloads\SpySheriff.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcba2246f8,0x7ffcba224708,0x7ffcba224718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:80 google.com tcp
GB 142.250.178.14:80 google.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:80 www.google.com tcp
GB 216.58.201.100:80 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
GB 88.221.135.40:443 www.bing.com tcp
GB 88.221.135.40:443 www.bing.com tcp
GB 88.221.135.40:443 www.bing.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 40.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.192:443 th.bing.com tcp
GB 88.221.135.16:443 r.bing.com tcp
GB 88.221.135.16:443 r.bing.com tcp
GB 95.101.143.192:443 th.bing.com tcp
US 8.8.8.8:53 192.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 16.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.73:443 login.microsoftonline.com tcp
IE 40.126.31.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 204.79.197.237:443 www2.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 myjob.page udp
GB 142.93.33.168:443 myjob.page tcp
GB 142.93.33.168:443 myjob.page tcp
GB 142.93.33.168:443 myjob.page tcp
GB 142.93.33.168:443 myjob.page tcp
GB 142.93.33.168:443 myjob.page tcp
GB 142.93.33.168:443 myjob.page tcp
US 8.8.8.8:53 168.33.93.142.in-addr.arpa udp
US 8.8.8.8:53 www.dundeecity.gov.uk udp
GB 193.63.62.31:443 www.dundeecity.gov.uk tcp
GB 193.63.62.31:443 www.dundeecity.gov.uk tcp
US 8.8.8.8:53 31.62.63.193.in-addr.arpa udp
US 8.8.8.8:53 66.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 sabnzbd.org udp
US 104.26.3.117:443 sabnzbd.org tcp
US 104.26.3.117:443 sabnzbd.org tcp
US 8.8.8.8:53 117.3.26.104.in-addr.arpa udp
GB 95.101.143.192:443 th.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.184:443 r.bing.com tcp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 184.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 www.babylon-software.com udp
US 174.138.88.129:443 www.babylon-software.com tcp
US 174.138.88.129:443 www.babylon-software.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.88.138.174.in-addr.arpa udp
US 8.8.8.8:53 edge.marker.io udp
US 104.26.14.104:443 edge.marker.io tcp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 api.marker.io udp
US 104.26.15.104:443 api.marker.io tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 104.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 174.138.88.129:443 www.babylon-software.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 174.138.88.129:443 www.babylon-software.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 129.68.109.52.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
GB 92.123.26.217:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 217.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 143.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 odc.officeapps.live.com udp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
IE 52.109.76.144:443 odc.officeapps.live.com tcp
US 8.8.8.8:53 144.76.109.52.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
GB 95.101.143.201:443 www.bing.com tcp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 146.252.19.2.in-addr.arpa udp
CA 69.50.175.178:80 tcp
GB 95.101.143.183:443 www.bing.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c29339188732b78d10f11d3fb23063cb
SHA1 2db38f26fbc92417888251d9e31be37c9380136f
SHA256 0a61fa9e17b9ae7812cdeda5e890b22b14e53fa14a90db334f721252a9c874c2
SHA512 77f1f5f78e73f4fc01151e7e2a553dc4ed9bf35dd3a9565501f698be373640f153c6d7fc83450b9d2f29aeaa72387dd627d56f287a46635c2da07c60bc3d6e2c

\??\pipe\LOCAL\crashpad_4456_GUJSUJPSDJSPCKCP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ccff51f965f8f4176e4ad112c34c86a7
SHA1 eab249ca0f58ed7a8afbca30bdae123136463cd8
SHA256 3eb00cf1bd645d308d0385a95a30737679be58dcc5433bc66216aac762d9da33
SHA512 8c68f146152045c2a78c9e52198b8180b261edf61a8c28364728eafb1cba1df0fa29906e5ede69b3c1e0b67cfcbeb7fde65b8d2edbc397c9a4b99ecfe8dea2dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 86aa28ffd286b08415aa197216684874
SHA1 d99924976c73e3220108817ad6bc1d8b1795ca2d
SHA256 a6dc4bc6ade3039e57b538f2620b91602199f1908b23c4a2beb3fd3aa721579d
SHA512 a51fbd1af778d32f2f95a9a863a59f42a7eb804dbb8ce85459297959eea21fbfe9625d74c3f91ad65016031d4b3e26eeb748c1c59e09ac68778fc670d408d0fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc593aa73aafdc9298f35bdb2a370d51
SHA1 576953e739810cebcf401a76f92c8a0352f352f3
SHA256 81807d86b6fbb3806df399adedb081a9799297aee2bf0bfc984020e20fa86b82
SHA512 14c7997d35a85bbe0f8e0d1ee831b0783e59549ca0a9b4c6123d56975f005ace00d0c4aca8cd48220538ac5c34da84cf0188e4e0ea173acdb76746af5202a446

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4d6358aa6991b0cf87f898df6706aef7
SHA1 ce28f073e675cf4a29a77496209305b49133cea4
SHA256 186a6eec19382354360f844299873a17f88aa68d32c089ed4f2de13abc519b06
SHA512 4767adfe09ac896c1ed6c57c30d6aa7ca2eda48695a3db71cb7004101a8bfb33b2fdf648b5e4b7d643ebfa208115fdb3dcee325e5c212b6f243458aad8093d0d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 537fb154dbebb429bfde9067b52bda18
SHA1 1dfa5060ececd541ada4af65a1efdd6c398bd6a2
SHA256 21dd626ac299266695d84c4a5316fc647b34a1defdf64a3814bb9f04b7ffb3af
SHA512 4758fdba1217089d5876889c939b298bf4bd0f2a8c09b2536409c8501354be20369cff99e02c19d0ee0013b5b9c2808c2a8a67db72a5f4fe45c3de5be90d5403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a1744d77f54458e1af2c9fe2f37bdc54
SHA1 46478bf741d0bf71a24b2dbc025e8b42262c2445
SHA256 d8e571c8f669e8345736e3f5de138ee08da74f1ce9ff57e20afddb2cd4e66997
SHA512 d5cc0e96e2ebaad5533607846e9e4eaeb8338ccf97ee93819a88e55932655d2ab06966702613bda879e75008f750b9c3d9b2677e48c7af660f0c9c048905c31d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12fbfbaf0bbe694752ac1e9fd60165d6
SHA1 378fbc9fd49bd8766d2e7914abe8d51dd6bb0fbd
SHA256 f22051d7de31de2fb2b7c0e7731425aaac50c8a4fbb08b56cfad0cdc39f6cd65
SHA512 c765d418823a04657439840c19c576d924a64d1846fcfb982b1191894ab81ace31b5b94e9d0145b15086471941dcf5a17b2c34fef6e0e13a4c1032338084b0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b37b931e31ddbe5a99dd416faeb5f01e
SHA1 63795e592638be3280778717ed2bdacf061b61b2
SHA256 43d005dbe526af991a14c084aa8779716322584041c14a69b9b7db7b636eb0b7
SHA512 f0c0fa5f5bdfd1a98d5c6a43b0cb8a28be989ee88f58cdaa73d4ec3fd35fc1b300ed65ffc8156b712d2afc7ff21038aba8a4612ec1cc4bd1276a7fc9a2496bd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 474f871c7320aefdd62bb033f722efb7
SHA1 0d9f1dffff39e1763ff83ac96a45b3b7f59f35a8
SHA256 a772f33271a35e7bc58ff73501c58439554bc2d71a543b414011c79f5440b92a
SHA512 eff6fc7743cda0cb1ee8a696310275e58665d0ec4a8e1ff685cf7568430db8dddef9ccc4e18cba858b41fa9926250d7a363ebec5fd2b1baaf1a702178d043537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 61c85dec75e7d594ee34801399bbfb0b
SHA1 bb47cea5ad6f0fb10e086539c23b8a8f4b1525a0
SHA256 a6da098777ca84af61dd9e7e8dfee31c10ae222953caa5c52c78fd95bf0c0000
SHA512 ebfde00cd74dcfa905d2b4df91286e77a3c8f50eecc3135b41c05097fef77578ef5c14f2fe5c9a24e87bf4378150c3059ff235d8ce054a1d4a480eb20036de45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fced4b6b32b92e26a942bb142f0c444f
SHA1 0bc5e12c68bb712dfc8a0f0997471df64c7ddb44
SHA256 237dfe555b61c1c584f011acbd70747a7464fa07b49748a76f1d9d00db5619dc
SHA512 a175c83d950daec2ab018bbd385991ae74bfd88959aaa5be032555cd6ba0495dfd88c1bc7d028cfa1cb073f8499edf03f8deeab8c0c5278c55e5d28318f45e00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b4b5d40a9edfdb8bc4811b5d8a4f150
SHA1 374234a23aa51b9d0cf8c3f3e38e4c35e3c8b477
SHA256 7eb6ea2d25a9a5792aa85b4dffae9d189e85cd9ab5987d8d15758ec3785d813b
SHA512 eb0c5f3454f56a0109f3efe4365ec18c1a2a7675ec145b411b540620e2e6ea0e2b056b5d6ad0be0086deb735a979f60fdd1d722012e063723b034a27fe4dbfa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

MD5 6a3a60a3f78299444aacaa89710a64b6
SHA1 2a052bf5cf54f980475085eef459d94c3ce5ef55
SHA256 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f
SHA512 c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

MD5 3a05eaea94307f8c57bac69c3df64e59
SHA1 9b852b902b72b9d5f7b9158e306e1a2c5f6112c8
SHA256 a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e
SHA512 6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

MD5 e9c502db957cdb977e7f5745b34c32e6
SHA1 dbd72b0d3f46fa35a9fe2527c25271aec08e3933
SHA256 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4
SHA512 b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

MD5 52e2839549e67ce774547c9f07740500
SHA1 b172e16d7756483df0ca0a8d4f7640dd5d557201
SHA256 f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32
SHA512 d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

MD5 6698422bea0359f6d385a4d059c47301
SHA1 b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA256 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512 d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

MD5 f222079e71469c4d129b335b7c91355e
SHA1 0056c3003874efef229a5875742559c8c59887dc
SHA256 e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512 e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 2cc271040a5c863623dba1e5b397c6f4
SHA1 a14046e0ce2ab88a649e44fdff4fe88f665c13b3
SHA256 bc3625e17ac414364b6075b94356ad4b8d4617d8ac5faed1d26130c1fa41c4c7
SHA512 62e32b175860cedd6406c62c3ccdfcf94e727ee336696ea91aa464585c4f2fa02a7263005c566d694635eb53d6ad4efcf884debea9b7ab5280f55c6ecaf31763

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376005146112673

MD5 56036c3f9d9e7e2ca10533b712504a7e
SHA1 08c5af24e62d0e945cde639ede5afad84cd0681a
SHA256 e2d0276f7c0a1167b523b54ccfdbee1c947638216f04e4c0ea00d3be6238c243
SHA512 48072edf0e638a9b173945ecb4ee2e043ec376dfc7e49485ba42eabd21c19f4a645f47fa95b7bce1a392ed8b9b4fa2b3be5ce0fdb79dee4ffdc5c74f1a21459d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 b8318ad54842ee5d6f3e6837095895cf
SHA1 f8c7425863d6b595c2cf43e50c212949c261d2b0
SHA256 a207f4341d88cd2da0fb32797ae3f420b5bc1d06db9707a9e60d8ceed3b7743a
SHA512 b3059348490857059ec94b44e916771832bd74a07d9ecddd5fa199242d5af18d14794ceeff2028e8a0d30416f237c0ea0791f141ed35788b8732718b0cb36934

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 4155b4ea20312f016ae3df10487f1b79
SHA1 9128ff5e03401332a546624e47e7eff9e6fabb21
SHA256 18ef89c79704ef03aeadee86b492136993d0cfbc191a40ac07ff0bac68ccfecc
SHA512 410be5d975dd68e4878c7f1ace73ea402a2897f361cae4ea4e597b3776f3decb23c1001649e23c6e1bce4c6399fcda4090d76f2e39c252434d154504d8f6192d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 d7d128e5b0359a49634f10103debdcdb
SHA1 144450ace11bfe18b52ac5dcd946afae6d33d015
SHA256 b2f330c201327e3a26111bda65cb3eb5397dbae6747cb59a26cc36ff5c618e00
SHA512 c5772752f0e7a15d0cc1a4426810f56e29123e179ad978d19ab840eec0444f3c9a1a831d156caac7fc1c35d4fdc08324e91c63472ff9532f72766d19092ed372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 927cf01d79ea15c23440fbf4ceeafda5
SHA1 c2c1e32b5b0af1340383d179c5503d6f4b4166e0
SHA256 b5c73c45e82a97afb3eba61e534c21fc81f85411da3f23f620f4abf82c828644
SHA512 e9ca07f3512c5bbebfaeebec7f0655bd4b2c2a76d5189d23593609dc314957b628504276bbe825e4ae80190bf88e7fa9b2b4301b0bbf543ce210f593880aaf98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 1d112b2b43ccdc20984e06e19e443618
SHA1 c887ec2c5077680c8b68389e633de7a489b30646
SHA256 b9edbd6c3f18974310623c5caa8d4b9e33cc81b2f85f544e4d233cacf517cdbc
SHA512 d126f5c43307b86b5a52e4669b4c638360b86bd8699d31cbaad4b8d2d79a1757a130e652e5b8f894b0b1a2d2bf190a1fa9e1282d2cafa0db5e48f312fc8e934b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 355c4cc243982e6c582a37a41dc2fb4a
SHA1 645981eb8b5c72cb27e61319401240894d482b3c
SHA256 920bc8e04a0457bb0eb953b3d836f7f9f47493afce24470ce8c3d8634a8a0c22
SHA512 0e219d3af827c197bb5e6ecf9dc3b69abe8c701ef4076df930d53aed83a39c0b3ebffd0bc52c2ec882ce8c8fa25a8e8202ed04b352ed6050498b78aa7f98d622

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 c5c052db2b412e31fab08edf449e126f
SHA1 0a665720ac4109222ae211f124aea9771b2111f3
SHA256 bf5fad83da92cf8d383d503c05c777cd50b934d4c94788823d74fc9d7dae4a79
SHA512 6100e6d640ab07682c498aeda52bd6b71e895e54114657dac74fa3bc17db39c7ce120a555f52de71e724dcbb21ea2fb4cc1dcfaa27009142c600cca15b5cdd90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b1a7ae7b82aebd39798780c8c0834c0c
SHA1 37954ff31de5aaf67ab34af4551ae38c5a563c56
SHA256 c3d7dba29f437045b89b882336ec31a0e137fadbb895517100d7f4d8dd0a994e
SHA512 6ede1f32ae6f475ec7f7162a013982649f8faf7f29d9befe639094edc8a5be79d328989d57044c42f7d36d5d4394ce9d49f02baceacf4c8517853a041428d28d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

MD5 fae48bd50bec2ac062139da21562c7a8
SHA1 85ce5d7f243dcff22fc37286afd5eba82ba0eab6
SHA256 66acae23c5d0846cb6f5b12fd59ff7bcd73f02a9e4109c1c86fe2432776e8139
SHA512 b980ad364d10d090d710b24d04fa7e48a7e1823ffef8be335493c3d73b88eb1484f1fa611343a9753d42ba56bd6c51e37c96aa84e28a379af2c898538f2c3b17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 7e2c0017eceb59c72a94a4fdbd7d4510
SHA1 f8acb99c5d661cfc6253914fcf979411918f9835
SHA256 cdf53d9a8cdc53c6b7dc3bac033951396266f8fd657546c4610f52d0d151b0fb
SHA512 e70bd28503a89730a3617c2791f680482810577a51a07afb58e360f2b3a8fb8334f8a9f251534d6c63d29dc7e8e224391a1c9973d1803515f4adcf572e18ce1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 41c2bbcae865451a2a667268aa0d850e
SHA1 1b63800563640d42292801b62a6a4e14550357a6
SHA256 602692b21b221ae2c135ba9d47c49c2b8012c67589e51439b0a219af93a17146
SHA512 3b1f89c4ad1e59aaefdf97ba2a0a10cb09cd6b5160fb4fa96efb0b2bfb28074f2b8f810d2eb9c631b83f7c9f41b2ac26c23878894761245361a161aacbbc1850

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 7ff9ae78016f2aaefea7340d74907fb5
SHA1 7cc774036dfab14abf67c25228cab244775e7b4b
SHA256 a58ff5df24173ac180d53fa7614d2ac5f4556f8e9615449e5a136fffa856d0cb
SHA512 4dd604ad87bc2704b71fb87f94b09c250735e84d447f197558f022bdba129286a532c756139578aed5c13c6cfe63dd2483faf5c0485728eb7b07cc0f8acf652f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 48b62ab34d9ffe8eb8e5232dfb2f1c24
SHA1 e98048ff61e5897bb127c93bbead5e8f45cc50c5
SHA256 2d26769ed9d723aecbded9becbe10440e612777d00014b0e4152a7df3fc88800
SHA512 e41888af9ca132070beaa7a4ad619221c3399ee4b59c4a16f258504892a0e032028d9e903b72573362501157d83d1d24a46d9f90778c01675d0685ca7821e64f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 b6ec3073cacce745a8b45669b3950b24
SHA1 f6e58fdef85e4e27e036128e25e7a4a6d933f68e
SHA256 427792f7200f608904f0832871e00621e08cdf139569d43235117e8b0b2acc8e
SHA512 322405ed9eb3d21c389bb124d63e2ef44818a6434a20342b752aeecc0cf92292617c63cce4fd7845fefc64871d6be31acea7eeb5e73d2ba1491854988f9373d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\index

MD5 0a280f0d216519efd43f3de42eb58208
SHA1 696b40466c5982ce820c233acf0379f5c376b211
SHA256 3e8ed34044555bf8e14d05745a9c6881d0b4c74b64f70ccacc0e968f03579c4e
SHA512 eed488d241a964f8907f8a512c2e1a320533b959e646b4e42930f9446fcc0d95610e6f08ed56f758d1fc7ee033909c7848d168c16f2f66116634ef59573b9875

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 16ec43d92bf0be204b8e2ac6c20019e7
SHA1 4f8398a8d26b413159d4c66b1d294dcfa816d716
SHA256 ee6118c46ae48c012d42d0ca20570ecaef44c75843564536da04203e3eea46bc
SHA512 6421b756cc579060dd8b47a126900159a9ddf81f1ab0f94f08d88d61af6ea30684f62a44d9fffd6c4d0a09f5b55b76b69c02447d991d1070283b3f4173c9d951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 c2bd6d72801e72df2412c11f03d22f66
SHA1 62f1b46fca25e45ee64bd62b05b8ab0d41dd36bc
SHA256 5b2c03af0f0dadaaaf9bc0980f1c365e059e3e905a839f48bbc1293eef9b28ae
SHA512 2c30704adf363e84db975d65579e76e0112b27a80a2582a3992195dbd8ffd7c7edacc6b4dfd559e69d987552370856a8edb0575ba28ba8a090378460cbc3df98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 c10cbf5b60ad112db9e9208ac877ff92
SHA1 7c23e20e63e838b7cc12dea81536b876cdffb949
SHA256 69d870142c714875cb4518efc6f8ddd4f83113a2bdbcb24b369ae24112f85fb5
SHA512 26e245320e0cafd18f915b6de68e84c2d3d999179fc307c1af95574dbfc276a2d7d0ec2cdeae01b7c1bb997528f28076b2c85b94d330842ff946ebeb1449dd9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 f1f9fdb3b13dce5207cb1643344a42f5
SHA1 03d403c18fd420f9ddea56c3487a27c26b9247a1
SHA256 4a39bc020c32abfd1020f84fbdcc57a3bc5b4e55bbc6b74a9c9ea5b2805bf9e1
SHA512 025b6a0d59b5b4c3484520fdc27330447e5ed5aaae0a81b53b7b4132dffa18cbedc75104e4692ff2525e5cc563ec706de3eee0755bea4d3a41b16debf552a5ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 56234647b1d38b9b95cf45e75ab114e4
SHA1 8c77edce428e1f9413ab4bc5845817560fe4c478
SHA256 35fd6b56c077885936398cff848a1a1d794d2959f29969a2153a1d091601ebc4
SHA512 fed7497722e6e2e87641de83dfee5e6fee1b6380bc86cf1f9e437a5bedaa090389afaa70ac6ee1e31d1aced94ae472c4d853bb7580c4f0e6bd0ca726642c594f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

MD5 f44dc73f9788d3313e3e25140002587c
SHA1 5aec4edc356bc673cba64ff31148b934a41d44c4
SHA256 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512 e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 8cd792e693b71d49c3ef58284bf22fe3
SHA1 a5f2286f103fc4f9c89456973bfbd0cde3920b81
SHA256 9316ff8bee6ec5c9618cf1094577c6a53c314f38ee6ae85c03ede4a8f708791c
SHA512 aea480f0c6a9ba3982a95df2c66787dc7453d867713e3fcc550ac2bd1bdd09e0f276aded31122a351ecb94391de0bfaf5bd3c70b51b6e18a8aad5807f1036da9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 49693267e0adbcd119f9f5e02adf3a80
SHA1 3ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256 d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512 b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af4d4b294ba797a4fb6179e3453dd4a6
SHA1 504b6d764af268a9221179f44758130cd7733d7c
SHA256 7d40b524ccd1c2fc3b0e4f8d655250e293f878a0b2a82f279c1bee547f68e2ae
SHA512 f6909dfc86ff4342987268d54327a21b1a1ccf11b2916b377e07834af5ad2daf9d0ae7213c3c175d32fb899acc770e985386681ab7223696cabc73f02bb210da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afdd7c0bddbffcced584c752a46f9a45
SHA1 8e13cca9438b954f3789edd96f68b7a6a13a5711
SHA256 112cce0f9ae4d3678f907a801e9ca9179b4c8c58630566fd0ef6ead4fe6e220c
SHA512 43456c76ff0c1fbc7230fa4c6685cc64980aa6ed8c7132cc5555f519c7cbf26c48baca9de6763d24d7fb60594332bbd90e1a12eae46007be14d3bfbd412ae264

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee376ecb31ef62372c34c71f483d31bf
SHA1 8899198b226fda828aaab0baa842bfa8a6b73aeb
SHA256 2326aa67befcc49eef334612cf4df2eef27717146e8b5c5d6302496cc1316317
SHA512 ab3369464ad0323988e9ec05bf0011e66bb3577bf2943b56cda8a527d99740e87c879f38f83058481167635f0b6be8958fdd863cda3bc6d69f3108cf73b2182a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a08b140f030cc814f9e45dbf00d639f3
SHA1 c34406fd5c90d882da87fb1801662c1e73a06afa
SHA256 1d0fb300f2d8071392e5c7d72b57c233a71138ce567c10f311680f0f6fb95e90
SHA512 21eaf372b0b1c8deb32184be069ef3a0733abbf6aa32829d9e1e00a32e811f9b491121672f30bf870caf4d68bf933eee0b135a58ccf6c9457bf539f8a967662b

C:\Users\Admin\Downloads\Unconfirmed 827514.crdownload

MD5 42397910ed49ec52b321e806fc1767e7
SHA1 dd30b1def92053c712262b274cb1d9bc4819a284
SHA256 c9e07f4ca083a99dda2bc9062400f6b54afceba4c6ce355914fef66c9f018dd0
SHA512 f1a5a7ab4bfdbbad0179e1fc4e22cee96854a4de8ae7f367ea34ebcc7c2066233b7fc5c45787cde697f08f15c9533a5328198c6c778bbea6640f456c3c1b12b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3469c8bf93858ad09a6e7d12fd3727e3
SHA1 5d5af67450ef863f2b4d91013be5d507086f2b4e
SHA256 9b15e3ff0f0cce4e170af58113e4c6a5d92830702ae602decc2e4747955f56ef
SHA512 fa8e6b0cb4c10e81334a2161e4ec225f64a0e61442d48006bfcaa7c4dfc41aaf1c2b93beadf3ac7e0cacb77e47035e318a5800397604786e1dd4069684fc70e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 599bd641b106d7654d63eedc39cd6db3
SHA1 3cd1bb07c3677806d7d49a3d998655ba7ddd109f
SHA256 a8b9eca2e97c2d0545bf6653cf3d8b239d690d9c175b3adcb1396b80b518bc2d
SHA512 3982f06303c8968ebc6c791945e8cc8df363a08947fd97bdf08f5ba986dfba9d1d4b7807265963befb906808a9f9a4f870f81f07797c1ed45520937b0375fac2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 630adc4717704681e7d0e8c0dff8ed6e
SHA1 b9f54c26655e65f95f0345ae7f73688ad81d1abc
SHA256 0077cc5293733408eebe21a4b0aa068ee6f4091855a16b392d788b52c7110e4d
SHA512 5fd0200307fd9df59ee68ed416fc7a901670dbb04f027712377a1b859390967fddf1b8bcd20b6207b2d61629155c5b92a72020cc785a8b5959b2541f84f86c0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58be3a.TMP

MD5 7af244d4141ccb0d591883ef87f45840
SHA1 387fd1f966d7bccdf97136eb30870ac377718512
SHA256 be53e745b5405e73a88fc7ad71abf6c4cc0d3cfaf45bf42923f69c9c4b3ef515
SHA512 64a7240160cb7e942550a7ce1e42b1ee153f5af0905f1a7f34b07db48a778e530ec62e0c9677e0b96993c418837b63d60e9456247a5e2ee41d95e805d41a6a5a

C:\Users\Admin\Downloads\50MB.bin

MD5 1699992acbe557095d85941d51e1a36c
SHA1 e0983eea9bebf846ae171da5d85d15d78e73f717
SHA256 f19c6758fcccab7519210fe10d78349a8fdf6b028673e1700c295ddd13e1804d
SHA512 6032bc061afedbe01c7be02f7ac7021226ea2e5848c410904776a75ba29362cb9f4bfe5f50a9e7eb8bc22f4f75a2bd45488dd54b7e47dab3e3fa8770517714f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7165798d26cb8832abae7d8824a0313d
SHA1 8cec1ebd567c460461bd6aa269e3c84a809ffce8
SHA256 8387bdda99ee25438e29dd22ad07641b52dcb35c39d37b461f8917f9ccf459c0
SHA512 89d9b9536bbe3e395f30c6f7343a6bf1d46f0157821a492d699ee7d43645963b6e2acec29acb5610c59f3fea4cc5aa9a9e141909875ab511c67fb67d78276f7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 018cec97771703d7dc374265a122140a
SHA1 969f02613835ee4d1425d18c086070066753352a
SHA256 87ae2718120c5b66e3d0a6bd5af70cc3dc3d726833ec79af071ae8fdfa2dfe56
SHA512 20bc9abf24af1b502a96cc40278e000f35ae1c6d7ade37062c654ff8a43bd528ab725af7b48599e0183001860025a22cdb32f7a88f5e4cb984d50eb673f654c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc804e9b9542c43d4d84acc183bd2a7b
SHA1 bc630145faf1a1dc1a3f65cb35e050b83dc46f69
SHA256 085536d1e8414207d61381430b7871261f9e073531f0ad8cbde9482926a8a84a
SHA512 6ae9b292bf45f30dd23321b65b716eccc2d0f17c3efbc4714e031aff6c0ddc508fbaf0505ac5579d96f762f20d46f494337cbdbe767c08d7bc5a13db88074076

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593a8e.TMP

MD5 a92ddf4e947355d15c3cae3a6b3fa539
SHA1 172b4e0fddf6791a7abe54e6bf1e4f376816095a
SHA256 7d65436db548ec61129ef077b449be9798435c3c6606a9e4d4fdc71dd56ac62a
SHA512 fe7ed38f283239b9db6949b4cf92946897f4d3a1d3640b75a814bed85983a994f006ed8c0f9c0841f37984e8cdd23458e2d01194392e5ca2de191d2c8e563c92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b6e98f5651315e6328240700863c5f65
SHA1 a7ccada51fb789ad82321d69d43978bdbe6b4aa3
SHA256 35e6e7445da272fe957c125da03ecbaa98a785f71d024b167015541a0f01f551
SHA512 b6afd378a06db6c948e43dd024799063f9ce94ffa1696c5213fe48be08633bb1a4ed29b36c46f0471f37412d740fbaef2a3c14c7e1dcd998a57ce0c05222cf65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2227a244ca78dc817e80e78e42e231d7
SHA1 56caeba318e983c74838795fb3c4d9ac0fb4b336
SHA256 e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24
SHA512 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 55a93dd8c17e1019c87980a74c65cb1b
SHA1 4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d
SHA256 4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009
SHA512 f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 cd74fa4f0944963c0908611fed565d9b
SHA1 c18033d8679d742e2aab1d6c88c28bd8f8a9e10d
SHA256 e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804
SHA512 b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac072892526ebb90a2c37c4f7ce14761
SHA1 e0c90013a492ee5e2111919fba9e551ec2565b79
SHA256 c1065d63d018d9053bcde58545f6b3dd0d2ba366e2277b62d163ccf4fa0da5da
SHA512 240f40e6328fdc1de5e269445b64289faef4ed3cba47c01d253ee1c0cf8359591900c99458aa966d93792a552c0131aed0d8475e7830b3ac3717c018f015e35b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 862088651b6e85877c5ebe06f7587954
SHA1 8999016ecf479033e827ffb1249a58406214420d
SHA256 78618ecf27852c114729e888424dbdb2ce8a5e3b40baed82176d42916939a8f9
SHA512 9916d370da4fa5e6905c61e023a8a16f7a339abcc905151f5b93bd8c3177c4591ad521f76d69dcdc4ebe69d0baf41127a6e901017ec57eaf7504ce77eecbfc55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58199b4d7225afdb2cce938320e1104e
SHA1 fa680719d99e1e6564576a7e6eed4dd7afb61ea2
SHA256 17e6a900504a9d58970feeb62a550a530767550c671a487b30e7f2c23dc83910
SHA512 6e840571b746de413c43c7286c64ddd469fde4aa78e93919576e253a241bab0584f69534319b1945146a955440fbb64b3da7549dc23b2e399aa76e6e0f823c1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0364a52a1f5918f710537cbed2fa468
SHA1 a1edfc34e637d02c97fd0bfc4bb318c3afe265aa
SHA256 052c094d6e6612b6295f71ea8945bfe8b79b3ce816f275688b8644c20266c613
SHA512 4dd1d0e2b9785c25ee76ebeda69a9a6426421801eabe3dcf7918f11d297d80c9c6fc1e0185d0d4aed4ba4473c2a73b071b272afe67b9f40664c87ba825ca7167

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc2e19272942669b06c04c729fe70971
SHA1 d465ee010fab260b047f2010ed4925468445b732
SHA256 345c57d8140432bb8a1977d2d50221f714149f197e01a01be2202b1aaaaeca49
SHA512 1d529bdf7a9142f6383facec62af983b208aa47c63c59f8337df7b0c8d7a588d84608b5d5dee21e651db39a2d97dc4296007434c4803f9c8e7386ff4d4fd2566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f9b30627def0bb442528a44fc589bdde
SHA1 4edabdcf80c698aadc63c643374ec9d6a12ee10c
SHA256 48054ba222510cc403a95c8b050381029307aa667c32dc12ceea362d15f8ae12
SHA512 8031dfd431a6663330642e5fae5361a84173d8e12177226956db27201dbceb5bc679824174a859c3c19cf605abff3a173c9320103dba974a623d48c5e9f49dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d1246de9b0a4bfefb2f53a7258c76912
SHA1 aa216ba3eb4ba1a7a986c0911497736f16c47bff
SHA256 4ca6ca02b1ece9a5847ec5c578e3c87f42e68860292225d3ade96b8cc2756835
SHA512 c684e821a6f519a5a0e6613fe190c01ce409b4efee0b280692db72906328f9436aba972dff067d228198ab1f9993641a1b443c5b075e0af69872e334fd779e2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6971b93e6d15ded250def599eaef8abb
SHA1 374f67f7b2f3340c5e366ff071fd82fe1291b4e9
SHA256 c74015931893fbbbc7aa505bc396d20c571b471b7af8abd8227db93a19c50692
SHA512 d5d17ee8b10927efb1b175c9d397ccff589b09e96d4e29a026f62e070b8252b5aec0bebae6516cf97e243021e09ee10d09e37bbb1eaf5e1cb9f8c457a83b4578

C:\Users\Admin\AppData\Local\Temp\MSID5C2.tmp

MD5 6425466b9a37d03dafcba34f9d01685a
SHA1 2489ed444bce85f1cbcedcdd43e877e7217ae119
SHA256 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d
SHA512 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371

memory/1180-1341-0x0000000003440000-0x0000000003467000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll

MD5 a2d4928c9836812735b3516c6950a9ec
SHA1 01873285eec57b208fa2d4b71d06f176486538c8
SHA256 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8
SHA512 d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87ad2d371e42136f0a73b341f8f77b41
SHA1 96e97d51268eb9864754edf31e74c935a5e1d40c
SHA256 e6fb9bf125765428eef0e4a63b141c2c9c042002dd6bf7806abc231965b34b01
SHA512 d1c8c03265e51e8352ed5854f1c5c005918225ddf756e73ce84bbb29417f984cda219d409e92884f9180fcfdc0d96780fe65372550eef298a3ff940e2c586b32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1158bbee1628a9388e4d6e58ddad379
SHA1 9f82451773303c4f3fc1fc9b2050034cc4f4fd51
SHA256 c929110c01b3c4ed0d0abd4be73b6253a2b66777c86b320217bc0c526ed9fa04
SHA512 22801ce5dc610839d69339a03faf5379f8319116b95d5eea1459b29cfe6c4976f3fc56209374bb60e60b8617e581d6541e99db6a5cd638aff572706b12a3df6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14ef93667c1c9e6fecaf5923fc07ec2b
SHA1 cc327d4f34eb1e9c073e0ac0c69a01e89a44c217
SHA256 25f637443eca4d90d8f98b3ea3140f965dd91b58b5c79b175d3ddd20f42ef076
SHA512 f73058ff5a751066ee035492cace19c2396cf7b699c8d1228562cf1e26b2826b0fa812d93152ee8460974790f983541768777188a3635fc9658a959b9e8eb397

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2b5af250ada382c389f58f2a3b437d14
SHA1 dcac32dad7348296a9f558a5eea7761c61fc68b1
SHA256 b5d4849076026161d5f5284acb9ced55e6ca213dd904c595aeb115727bf97cd5
SHA512 78907f084cedc5f75757e22344b1f56f31aaa1cb6520cc621b83468bd7db79e2c4c1a6eedf539e68562a6744ae935e595b42c8ce002c3afa2b2d1727e14e9d9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78f550d885ff8c2ed6a4aff65eed0661
SHA1 06f032a451a72b302f84574c0e49e3d53a3757e9
SHA256 aefb295a5581fe9e4b7e42fd2e6d3fd5a40a896d17195e40d4ce78daa0198ecc
SHA512 0e13ec7321fb476d2ef8167da75b41d6aa4ceb6802e90386c67cd78da673048b41480c664d0d775d92d0054e915760318d92aa2bd39a8087d83c30e986fc4017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7875f5bafce49dcc97d6765e368bd89a
SHA1 d3d1fc0fcf231f096f47689544baee412df99fa5
SHA256 25ad6038857ab06da2b55fb753088de177615c663c995e820b7cc3fc12892e98
SHA512 5f33ce6548d68838584eff70332aa1f16d68a832d77a7122f3d790a9bd24e67c457f17bebf218c347a586779f4be3b925a5fe136c2c9e4575f5955efc168907e

C:\Users\Admin\Downloads\metrofax.doc

MD5 28e855032f83adbd2d8499af6d2d0e22
SHA1 6b590325e2e465d9762fa5d1877846667268558a
SHA256 b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e
SHA512 e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

memory/4488-1522-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/4488-1523-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/4488-1524-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/4488-1525-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/4488-1526-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/4488-1527-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp

memory/4488-1528-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 ab83459eaf1f786be59664e2baad069e
SHA1 938c4cecf0c8ddb611e24aeccabe1a88e9d7c7a0
SHA256 7c9e0adc7af34a22f0a336dd704f70e8f96eb05772f54b6cbfbc2083ea76ab85
SHA512 47f3132a0690b366d59a839d5ed9f948f8571cd3c80d0d7276893e1434f36d457e28627aa505f9858c475b90cbac9db67b839989620289a68197d71d7c5c9b8c

C:\Users\Admin\AppData\Local\Temp\vbhja.rtf

MD5 ec912d694d759028c2704cc63345c935
SHA1 c41bed895f63d97a46b46fc7642aaeeca7e7d863
SHA256 1d30b17891da82e34e696397bf7c33e0dc6b6d08bb03512074e76adaed8d83a4
SHA512 622f6ddfa275620ae2d100073e4393cbb57d98270f9ab1be1bee4b3d969dd663b90c94d402fe9a50a4f93494cc047ad170c1a27d33e0a6144f80ab83c9810871

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\40E9D98E.emf

MD5 0ed5bc16545d23c325d756013579a697
SHA1 dcdde3196414a743177131d7d906cb67315d88e7
SHA256 3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3
SHA512 c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af

memory/5048-1648-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp

memory/5048-1649-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 626babfe0510b45d4f6aaf5c5f189160
SHA1 4cee9b05e3ae47effbe97b20f2560b84ff2a70c7
SHA256 be579993cccbc9ea653ea5fe09b91de992f092d4e9d8ecc1de3fa7ac9181f538
SHA512 79499828a55a2627e636acf3239b3be0a0cdbbc883aebcfbd4e492dee31f965a83b5eb3cdf302849d9dcb8eb36c21c8f3efe268248f0894f8d8bd1d349258874

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 3ecda6d1ea18cf1253df8bf093c49f55
SHA1 9540c1c7c6afc8112e0bf86e87394eb4e5d5a467
SHA256 e20a8b56ab164025a4ec29818556d63644b27ffd00bb0e0d8707dfebc06886e9
SHA512 01ba6374c3067c40e074870fcf28ff437f585c6f25b758d9739631d75265d75e281414086475b979ddbec34e8ca2ffe15f18e8c4fcddcce5fe58f50196ca4602

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 c97bad87ba7ee3e62a850ee063503f03
SHA1 8c676fc60e557dcaa4b4a421a44f3f16630923a3
SHA256 2e297928c31063fbcf534744f5564bb36e800d6b7e4ef9b41ba531c41aca2a70
SHA512 89ded8b86329f8d7745a8fb2d03d3c102941161d17e02679e76e490d0142fedf615e6b7a8d4dab9447d256ebda603165b276e6bbf16c14c6b3bbddd843163355

memory/5048-1728-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/5048-1727-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/5048-1726-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

memory/5048-1725-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 26179859d6fd9c106a4ee48e7d0b5828
SHA1 b35d355f42db4d95036ee0683aba42b725d121ce
SHA256 f9d1f2c97e3ca86274724d3611a6f53a5f25b503df46c00f37bfdebef82e2c3f
SHA512 b77f9410c5f6394d8865873be20cc6a34c1e59d29fd3100e12633fbe02910d3b3e984d1fa90169dc2550daf74368c47e47e970bcd77abc758dfdc5be402e772f

C:\Users\Admin\AppData\Local\Temp\TCD25F0.tmp\sist02.xsl

MD5 f883b260a8d67082ea895c14bf56dd56
SHA1 7954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256 ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512 d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f499bca6ee02e758e0d50b18563916f8
SHA1 3b853b12af6db0b9a0deb46f8f399299b81d6429
SHA256 55b9bc6e0dc50f84b3436b8d93b353f34c921164843f94740eec50675642c6d0
SHA512 2341ec8569b9d64a05c72e5ff4f96a6acccb7e718de9280a827246352d06994149ace707c4f1b275b526855554f449d395bfc0eb01fd1fb5824eb83ac81aa033

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\10E8908D-3E7D-4D1D-8B56-8D44B577E145

MD5 2f82426450332b558a61ae9ca551abd9
SHA1 abdbf8f8bdd7572bcdefbd1e0b7da8d3cf17144d
SHA256 57d6315a8f1f11aaa111a9956ddd0d560f791f757c379ed77bbb5a1b5b577f52
SHA512 dbc43dab6cbde98647c5a88cd508a1528ef79c030286cf82cb4cb03c4af81930ad1c3b2644ead9eceea27cd5772324f42a51f04f1693102254567205a6abf0b5

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\01E93570-7AEB-4ABF-A893-54153B912A35

MD5 85ad173999ed440af6120f3b4fd436fa
SHA1 eebe3bae40b0c82db581b905e2a4c4a90055c9b3
SHA256 2fb3e7ca57b5ec8657ff2b909c74dee246e7ed2b30abd60dec96fc4fb88bd165
SHA512 3c506252a27bc4a3d718fc2ad89036850ee3c9d5fd79966fc5e28debe1844d96e8d2777e160e8537034129fd8109dff027bf5eb4a082c99d0db93730ec31427e

memory/5048-1980-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp

memory/5048-1985-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRC0000.tmp

MD5 3497f4d8e54d3f7ed61c48913b717d73
SHA1 248f250a54b2bdc2df787a131b84cbf7fd282550
SHA256 e3cad40e8f2baba3de50a8945a6e868fab3d276200a7228d48416a808db6bc9e
SHA512 a9290ee3fdb1f4cdf0258d6dae3c31d64a64ea0a31d036363946e8577f674d7737c447f0e83c7d53f9c2a6e1be7fa4dee6046e1de7e01e18d84d837a84dd6485

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 c0eb5d07977143d4469e42d052bd2e81
SHA1 bbb468129feeb5c9bd7e9082d0ab1491ca4c174b
SHA256 bc96f6fbe8f3e80f9395fb6824aad01c18a8ada02577b36257f3a61e8700cd1d
SHA512 aa78a83bcc1f05f91c2b2b8693ccfb3ecbe86b9e97754f15037af5b5fbc957fe52f095f791c44ddc4b6b2985f7520b68a5a8540eddac406bfacce70299cd538a

memory/1544-2001-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2002-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2000-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2012-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2011-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2010-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2009-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2008-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2007-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1544-2006-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp

memory/1188-2015-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2014-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2013-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2020-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2022-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2021-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2018-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2019-0x000001E570960000-0x000001E570961000-memory.dmp

memory/1188-2017-0x000001E570960000-0x000001E570961000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 785270.crdownload

MD5 eb9324121994e5e41f1738b5af8944b1
SHA1 aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA256 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA512 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9b5a37a4746a0fb01491644b4d5ff0b6
SHA1 70dd974864e3770924186158d0eb4af5cf9d8933
SHA256 289838bfc28ab55967af777a05d6b1ff8b3fd5e433a888c6e7074838ef7ba8f5
SHA512 f8538ff3bd0524f3f6cddcdd7be9e6490bd40fbc0c25762bfbd78886971513d2310ac1cbcb56f7cb46446a444a5cf175ab57105627afb98111e69c12a1f19b3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8324e1d6d5045d9fdca84bc363c70536
SHA1 56b4767645062f27f73f818936eb06e1a41e286c
SHA256 6e0eb87aeca95641158d3b3c901697830b04aea3f356d1346a447e2eaf19eb90
SHA512 9d725207760641dddeb31001b102cc3462f31bdb507fd02b420efd87424d3e4bd9e189c684c1dde29a001332cf019d30180e299e4c42a518b2beeb87574bd825

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e44e401b55b9e89db53bc83ef9863b38
SHA1 5af850ca1e1f52c70623d1185d8988fdef3ef333
SHA256 687238cab09a3785c4dd39113df6ce13def8a226a4bdfe6ea4497fc204967ca3
SHA512 51f917b7ffe05e525fa043e22e02bb9a3c053863b622b0ae99668fbc7f96febfd0720123650b81135996c191a179ac5fd83e667081cbaa13ee64bba7d76a35cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 95161f6c8498b8f93906acefb5614aca
SHA1 33875b7cc541c9b0df58ddc35b07f5cf6061250b
SHA256 fa0dc5cc41d94be12f23ea98ad90d856570ab45114030d0ea74cb91465e1dbb5
SHA512 bf05185d0cd91a80084673f59e99a6d3a3a19c89cc5aeab0ca62be8a0be9ffc341f150f4b5e615c362e951e0d3d6a34a4af7b984cc0f82ae8678f93731a3ad66

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 1e1329dd7fe372e92c6c04dfea0067e0
SHA1 0040ffd6d09496eb365f031b1733744c7778fd6d
SHA256 3cbbcf7fa8cf78785dbc661b169a31fb2c514d8f0962bf39f8cf1b8f17b8ec41
SHA512 57cbabc7d4222c690454233a9820c951c761c5f10ab90885613ceec72e3b17ae7530e62279e5795e2bbb1772fc49445e83f1170192e52eff28aefbb9eb589dc9

C:\Users\Admin\Downloads\Unconfirmed 314552.crdownload

MD5 ab3e43a60f47a98962d50f2da0507df7
SHA1 4177228a54c15ac42855e87854d4cd9a1722fe39
SHA256 4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f
SHA512 9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9b327c92886586cfdcbe0669926758da
SHA1 f51c7af74311fb6b94653986051fb2b168727254
SHA256 3276fdc450a84ed290fe8eac414e94a5447e5eefd733accdcb3221c0c9f83b93
SHA512 d7bdaf0e66c2145e4af264bdcaa12758cf68429cef3efe83745fbb7101bd1638e044c5262e0f47321e1d92b344abbf7f88aec411dad34fe970838bcbf9a79f0a

memory/5656-2254-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 79f602aa793045c7976113aafce68f55
SHA1 a1f03982121b20a450754af86f1f5954b9d8f771
SHA256 4085958f2ab5a88fc0afb0d81c3fab1c4bbfe25c27bbc543fc5511e43406af90
SHA512 a3620372799084c68bc3ea86fe6042640c7af1dc9dcbbbd1c5c63876d5ceebdff2c8fe1ca77f563f6af8ee360e10db5af0883a20754e3c98a1b9890da9fc9b0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2392e81c4857a1f5106b7b475981f12b
SHA1 f07d45d83cd10c6cd80b00803918ad4cf998fc46
SHA256 84ab56c0faeadce34e50fe26d509d719b4dced0346b801a42ef03f9df45de012
SHA512 bb3c9f4aa5d9b16b999aa29a842660f9f05a361d5c332cb39cea98a277829835e09015b25f03334d681846506a890f4c456681e661a25c0c51a71b6d535ee6c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ebffd9212fc4a3a650998c7fef76fe8f
SHA1 03b7cfe35f114e9384a33dbc1a2c8a5b75cc24d6
SHA256 367d0d6edf014436aefed5d685e70227e6cb3a927325b20a9f5a8984c60673df
SHA512 9181f707c5727f4ad934813e800508ff949b1be844a5d1f845e44f665c31352576418cdb5dcf4ee0293f2804cef91be2ef39e59d8b74655ccb6096ea7ec08ad1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c7d99a32bf6a990419b522c16cb4de5
SHA1 6a30f4c63ba678ca2a2579981b5e982eb6577ef5
SHA256 02922f000bf1a0911c142653bc87c82e5ffb77b2decab72247270ceb5a42dad5
SHA512 9da62fdfe9301d4c02f671b32f4a9ab1d57d3355975a6ae56c1084ca509cc44b3fbd0c8ca8dcd237c428758e4240ad9639ff3b229be690efb7fee2c35ba4d3ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7d3393e2845529327b16da8511622ff7
SHA1 fdd3f455e03f3acc3bf662669188b7fbdad89247
SHA256 a167152796c6e795d699a7a7a2fecfc01e4be0755fb4674d653009d82d7cabeb
SHA512 abbad8ead830c9e4813668c57d5f9d579d3058e87c0ed0751c5c93cc03996f30e2ef3309f54c3579afefb38ef65b6508041cecb987b0493cec4641fff56574cb

memory/5656-2411-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1080-2414-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2413-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2412-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2416-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2421-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2420-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2419-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2418-0x00000239784A0000-0x00000239784A1000-memory.dmp

memory/1080-2417-0x00000239784A0000-0x00000239784A1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e3378a6b53c89950a8c2a9321ff5b8fb
SHA1 08f84410338ca8c5ea7fa87cb451889ea34cc71f
SHA256 f2e546cf00841eb5705839aa72c7f032786b1f1e4e32a3fb6fdcec87aca54db8
SHA512 31ca162d5cdf36101a14dd2d9fc8992af7a2de14e0fcb4617a6edc519482de2ce2acab23f8cc6c773f883c8509325f50e1eb39cdca1d0cfa68ee0d415758f9de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\154be5b7-5d05-49c8-8772-d0d5eb0f3745.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7aca588bf765699c4182a5aefc0842dc
SHA1 e83c0ae650431f6d5f09bf9a05c1b4cdac7bc082
SHA256 c4b4a1991297b10f21da7a0cf2f5f8579757a315a8e332541537973e7e368116
SHA512 a279cc2da7251b2c4eb52b99f3829be623e85bef7930260158cc390687f1170d0b3369e65b71760ca29ee1fb6d664271d468ee3f45005e8a028dac0e790378ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 786583cfd2bee40727a3e4e4e4e08ce8
SHA1 cd6c8f069e0492ac558ce80baf841ad1b1756143
SHA256 0743edf83268fccaba566fa2c276325b62fbb1c91bd1204080d83b72da0a42d0
SHA512 420b257a8455fd135ed9e123aa22287249ad60dc7d905c92091552743cbde98d9c37c4ce6bd4957319a1999fcd277dee1261795a4df4f6e70027ced4b4dd100c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9572c4e17c235afe595d9413c8150e83
SHA1 1da502be5636c8bae67ae3dd75ec4d9688e6b30a
SHA256 97b3b869afe14215ffa5b33f15a44b935f797ef0e6305861b647e2e4de35c6db
SHA512 7a6ba8aa018e349df6b3df130229abc1b997b3dc2a44c6318dff607fa68dad83f33116ff46ab7c36abe5e6129247d2303cfdef014069ddd04f314f7f287e4c2d