Analysis Overview
Threat Level: Known bad
The file http://google.com was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateProcessExOtherParentProcess
Downloads MZ/PE file
Office macro that triggers on suspicious action
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Modifies registry class
Checks processor information in registry
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 20:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 20:58
Reported
2024-11-13 21:18
Platform
win10ltsc2021-20241023-en
Max time kernel
1190s
Max time network
1197s
Command Line
Signatures
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1188 created 4488 | N/A | C:\Windows\system32\taskmgr.exe | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE |
| PID 1188 created 4488 | N/A | C:\Windows\system32\taskmgr.exe | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE |
Downloads MZ/PE file
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WinNuke.98 (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SpySheriff.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\97bee074-86b8-4dfa-8770-8b323018d5b4.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241113205904.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\{78C02C3E-73C7-4AB6-A23B-325ECA0182CC}\8tr.exe:Zone.Identifier | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinNuke.98 (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SpySheriff.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Windows\syswow64\MsiExec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\{78C02C3E-73C7-4AB6-A23B-325ECA0182CC}\8tr.exe:Zone.Identifier | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 256408.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcba2246f8,0x7ffcba224708,0x7ffcba224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff629b35460,0x7ff629b35470,0x7ff629b35480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13158387896104920367,10343007944609084678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffcba2246f8,0x7ffcba224708,0x7ffcba224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x248
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1432 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1F9D7D4955340B70C3AFBACCF853583B C
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e2eab00c2a5342e68c27e5b30eab79e1 /t 2368 /p 4488
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4488 /prefetch:8
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1104 /prefetch:8
C:\Users\Admin\Downloads\WinNuke.98 (1).exe
"C:\Users\Admin\Downloads\WinNuke.98 (1).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,11540447925524552322,15678576757929963973,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7004 /prefetch:8
C:\Users\Admin\Downloads\SpySheriff.exe
"C:\Users\Admin\Downloads\SpySheriff.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcba2246f8,0x7ffcba224708,0x7ffcba224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12033300018721492438,7228922298733889423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:80 | www.google.com | tcp |
| GB | 216.58.201.100:80 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| GB | 88.221.135.40:443 | www.bing.com | tcp |
| GB | 88.221.135.40:443 | www.bing.com | tcp |
| GB | 88.221.135.40:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.192:443 | th.bing.com | tcp |
| GB | 88.221.135.16:443 | r.bing.com | tcp |
| GB | 88.221.135.16:443 | r.bing.com | tcp |
| GB | 95.101.143.192:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 192.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 204.79.197.237:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | myjob.page | udp |
| GB | 142.93.33.168:443 | myjob.page | tcp |
| GB | 142.93.33.168:443 | myjob.page | tcp |
| GB | 142.93.33.168:443 | myjob.page | tcp |
| GB | 142.93.33.168:443 | myjob.page | tcp |
| GB | 142.93.33.168:443 | myjob.page | tcp |
| GB | 142.93.33.168:443 | myjob.page | tcp |
| US | 8.8.8.8:53 | 168.33.93.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dundeecity.gov.uk | udp |
| GB | 193.63.62.31:443 | www.dundeecity.gov.uk | tcp |
| GB | 193.63.62.31:443 | www.dundeecity.gov.uk | tcp |
| US | 8.8.8.8:53 | 31.62.63.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sabnzbd.org | udp |
| US | 104.26.3.117:443 | sabnzbd.org | tcp |
| US | 104.26.3.117:443 | sabnzbd.org | tcp |
| US | 8.8.8.8:53 | 117.3.26.104.in-addr.arpa | udp |
| GB | 95.101.143.192:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.184:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.babylon-software.com | udp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.88.138.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.marker.io | udp |
| US | 104.26.14.104:443 | edge.marker.io | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.marker.io | udp |
| US | 104.26.15.104:443 | api.marker.io | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 104.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.68.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 104.246.116.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 92.123.26.217:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 217.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | odc.officeapps.live.com | udp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| IE | 52.109.76.144:443 | odc.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 144.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 146.252.19.2.in-addr.arpa | udp |
| CA | 69.50.175.178:80 | tcp | |
| GB | 95.101.143.183:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c29339188732b78d10f11d3fb23063cb |
| SHA1 | 2db38f26fbc92417888251d9e31be37c9380136f |
| SHA256 | 0a61fa9e17b9ae7812cdeda5e890b22b14e53fa14a90db334f721252a9c874c2 |
| SHA512 | 77f1f5f78e73f4fc01151e7e2a553dc4ed9bf35dd3a9565501f698be373640f153c6d7fc83450b9d2f29aeaa72387dd627d56f287a46635c2da07c60bc3d6e2c |
\??\pipe\LOCAL\crashpad_4456_GUJSUJPSDJSPCKCP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ccff51f965f8f4176e4ad112c34c86a7 |
| SHA1 | eab249ca0f58ed7a8afbca30bdae123136463cd8 |
| SHA256 | 3eb00cf1bd645d308d0385a95a30737679be58dcc5433bc66216aac762d9da33 |
| SHA512 | 8c68f146152045c2a78c9e52198b8180b261edf61a8c28364728eafb1cba1df0fa29906e5ede69b3c1e0b67cfcbeb7fde65b8d2edbc397c9a4b99ecfe8dea2dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 86aa28ffd286b08415aa197216684874 |
| SHA1 | d99924976c73e3220108817ad6bc1d8b1795ca2d |
| SHA256 | a6dc4bc6ade3039e57b538f2620b91602199f1908b23c4a2beb3fd3aa721579d |
| SHA512 | a51fbd1af778d32f2f95a9a863a59f42a7eb804dbb8ce85459297959eea21fbfe9625d74c3f91ad65016031d4b3e26eeb748c1c59e09ac68778fc670d408d0fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc593aa73aafdc9298f35bdb2a370d51 |
| SHA1 | 576953e739810cebcf401a76f92c8a0352f352f3 |
| SHA256 | 81807d86b6fbb3806df399adedb081a9799297aee2bf0bfc984020e20fa86b82 |
| SHA512 | 14c7997d35a85bbe0f8e0d1ee831b0783e59549ca0a9b4c6123d56975f005ace00d0c4aca8cd48220538ac5c34da84cf0188e4e0ea173acdb76746af5202a446 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4d6358aa6991b0cf87f898df6706aef7 |
| SHA1 | ce28f073e675cf4a29a77496209305b49133cea4 |
| SHA256 | 186a6eec19382354360f844299873a17f88aa68d32c089ed4f2de13abc519b06 |
| SHA512 | 4767adfe09ac896c1ed6c57c30d6aa7ca2eda48695a3db71cb7004101a8bfb33b2fdf648b5e4b7d643ebfa208115fdb3dcee325e5c212b6f243458aad8093d0d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 537fb154dbebb429bfde9067b52bda18 |
| SHA1 | 1dfa5060ececd541ada4af65a1efdd6c398bd6a2 |
| SHA256 | 21dd626ac299266695d84c4a5316fc647b34a1defdf64a3814bb9f04b7ffb3af |
| SHA512 | 4758fdba1217089d5876889c939b298bf4bd0f2a8c09b2536409c8501354be20369cff99e02c19d0ee0013b5b9c2808c2a8a67db72a5f4fe45c3de5be90d5403 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a1744d77f54458e1af2c9fe2f37bdc54 |
| SHA1 | 46478bf741d0bf71a24b2dbc025e8b42262c2445 |
| SHA256 | d8e571c8f669e8345736e3f5de138ee08da74f1ce9ff57e20afddb2cd4e66997 |
| SHA512 | d5cc0e96e2ebaad5533607846e9e4eaeb8338ccf97ee93819a88e55932655d2ab06966702613bda879e75008f750b9c3d9b2677e48c7af660f0c9c048905c31d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12fbfbaf0bbe694752ac1e9fd60165d6 |
| SHA1 | 378fbc9fd49bd8766d2e7914abe8d51dd6bb0fbd |
| SHA256 | f22051d7de31de2fb2b7c0e7731425aaac50c8a4fbb08b56cfad0cdc39f6cd65 |
| SHA512 | c765d418823a04657439840c19c576d924a64d1846fcfb982b1191894ab81ace31b5b94e9d0145b15086471941dcf5a17b2c34fef6e0e13a4c1032338084b0fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b37b931e31ddbe5a99dd416faeb5f01e |
| SHA1 | 63795e592638be3280778717ed2bdacf061b61b2 |
| SHA256 | 43d005dbe526af991a14c084aa8779716322584041c14a69b9b7db7b636eb0b7 |
| SHA512 | f0c0fa5f5bdfd1a98d5c6a43b0cb8a28be989ee88f58cdaa73d4ec3fd35fc1b300ed65ffc8156b712d2afc7ff21038aba8a4612ec1cc4bd1276a7fc9a2496bd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 474f871c7320aefdd62bb033f722efb7 |
| SHA1 | 0d9f1dffff39e1763ff83ac96a45b3b7f59f35a8 |
| SHA256 | a772f33271a35e7bc58ff73501c58439554bc2d71a543b414011c79f5440b92a |
| SHA512 | eff6fc7743cda0cb1ee8a696310275e58665d0ec4a8e1ff685cf7568430db8dddef9ccc4e18cba858b41fa9926250d7a363ebec5fd2b1baaf1a702178d043537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61c85dec75e7d594ee34801399bbfb0b |
| SHA1 | bb47cea5ad6f0fb10e086539c23b8a8f4b1525a0 |
| SHA256 | a6da098777ca84af61dd9e7e8dfee31c10ae222953caa5c52c78fd95bf0c0000 |
| SHA512 | ebfde00cd74dcfa905d2b4df91286e77a3c8f50eecc3135b41c05097fef77578ef5c14f2fe5c9a24e87bf4378150c3059ff235d8ce054a1d4a480eb20036de45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | fced4b6b32b92e26a942bb142f0c444f |
| SHA1 | 0bc5e12c68bb712dfc8a0f0997471df64c7ddb44 |
| SHA256 | 237dfe555b61c1c584f011acbd70747a7464fa07b49748a76f1d9d00db5619dc |
| SHA512 | a175c83d950daec2ab018bbd385991ae74bfd88959aaa5be032555cd6ba0495dfd88c1bc7d028cfa1cb073f8499edf03f8deeab8c0c5278c55e5d28318f45e00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b4b5d40a9edfdb8bc4811b5d8a4f150 |
| SHA1 | 374234a23aa51b9d0cf8c3f3e38e4c35e3c8b477 |
| SHA256 | 7eb6ea2d25a9a5792aa85b4dffae9d189e85cd9ab5987d8d15758ec3785d813b |
| SHA512 | eb0c5f3454f56a0109f3efe4365ec18c1a2a7675ec145b411b540620e2e6ea0e2b056b5d6ad0be0086deb735a979f60fdd1d722012e063723b034a27fe4dbfa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
| MD5 | 6a3a60a3f78299444aacaa89710a64b6 |
| SHA1 | 2a052bf5cf54f980475085eef459d94c3ce5ef55 |
| SHA256 | 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f |
| SHA512 | c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468
| MD5 | 3a05eaea94307f8c57bac69c3df64e59 |
| SHA1 | 9b852b902b72b9d5f7b9158e306e1a2c5f6112c8 |
| SHA256 | a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e |
| SHA512 | 6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
| MD5 | e9c502db957cdb977e7f5745b34c32e6 |
| SHA1 | dbd72b0d3f46fa35a9fe2527c25271aec08e3933 |
| SHA256 | 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4 |
| SHA512 | b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
| MD5 | 52e2839549e67ce774547c9f07740500 |
| SHA1 | b172e16d7756483df0ca0a8d4f7640dd5d557201 |
| SHA256 | f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32 |
| SHA512 | d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
| MD5 | 6698422bea0359f6d385a4d059c47301 |
| SHA1 | b1107d1f8cc1ef600531ed87cea1c41b7be474f6 |
| SHA256 | 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1 |
| SHA512 | d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
| MD5 | f222079e71469c4d129b335b7c91355e |
| SHA1 | 0056c3003874efef229a5875742559c8c59887dc |
| SHA256 | e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00 |
| SHA512 | e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 2cc271040a5c863623dba1e5b397c6f4 |
| SHA1 | a14046e0ce2ab88a649e44fdff4fe88f665c13b3 |
| SHA256 | bc3625e17ac414364b6075b94356ad4b8d4617d8ac5faed1d26130c1fa41c4c7 |
| SHA512 | 62e32b175860cedd6406c62c3ccdfcf94e727ee336696ea91aa464585c4f2fa02a7263005c566d694635eb53d6ad4efcf884debea9b7ab5280f55c6ecaf31763 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376005146112673
| MD5 | 56036c3f9d9e7e2ca10533b712504a7e |
| SHA1 | 08c5af24e62d0e945cde639ede5afad84cd0681a |
| SHA256 | e2d0276f7c0a1167b523b54ccfdbee1c947638216f04e4c0ea00d3be6238c243 |
| SHA512 | 48072edf0e638a9b173945ecb4ee2e043ec376dfc7e49485ba42eabd21c19f4a645f47fa95b7bce1a392ed8b9b4fa2b3be5ce0fdb79dee4ffdc5c74f1a21459d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | b8318ad54842ee5d6f3e6837095895cf |
| SHA1 | f8c7425863d6b595c2cf43e50c212949c261d2b0 |
| SHA256 | a207f4341d88cd2da0fb32797ae3f420b5bc1d06db9707a9e60d8ceed3b7743a |
| SHA512 | b3059348490857059ec94b44e916771832bd74a07d9ecddd5fa199242d5af18d14794ceeff2028e8a0d30416f237c0ea0791f141ed35788b8732718b0cb36934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 4155b4ea20312f016ae3df10487f1b79 |
| SHA1 | 9128ff5e03401332a546624e47e7eff9e6fabb21 |
| SHA256 | 18ef89c79704ef03aeadee86b492136993d0cfbc191a40ac07ff0bac68ccfecc |
| SHA512 | 410be5d975dd68e4878c7f1ace73ea402a2897f361cae4ea4e597b3776f3decb23c1001649e23c6e1bce4c6399fcda4090d76f2e39c252434d154504d8f6192d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | d7d128e5b0359a49634f10103debdcdb |
| SHA1 | 144450ace11bfe18b52ac5dcd946afae6d33d015 |
| SHA256 | b2f330c201327e3a26111bda65cb3eb5397dbae6747cb59a26cc36ff5c618e00 |
| SHA512 | c5772752f0e7a15d0cc1a4426810f56e29123e179ad978d19ab840eec0444f3c9a1a831d156caac7fc1c35d4fdc08324e91c63472ff9532f72766d19092ed372 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 927cf01d79ea15c23440fbf4ceeafda5 |
| SHA1 | c2c1e32b5b0af1340383d179c5503d6f4b4166e0 |
| SHA256 | b5c73c45e82a97afb3eba61e534c21fc81f85411da3f23f620f4abf82c828644 |
| SHA512 | e9ca07f3512c5bbebfaeebec7f0655bd4b2c2a76d5189d23593609dc314957b628504276bbe825e4ae80190bf88e7fa9b2b4301b0bbf543ce210f593880aaf98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 1d112b2b43ccdc20984e06e19e443618 |
| SHA1 | c887ec2c5077680c8b68389e633de7a489b30646 |
| SHA256 | b9edbd6c3f18974310623c5caa8d4b9e33cc81b2f85f544e4d233cacf517cdbc |
| SHA512 | d126f5c43307b86b5a52e4669b4c638360b86bd8699d31cbaad4b8d2d79a1757a130e652e5b8f894b0b1a2d2bf190a1fa9e1282d2cafa0db5e48f312fc8e934b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 355c4cc243982e6c582a37a41dc2fb4a |
| SHA1 | 645981eb8b5c72cb27e61319401240894d482b3c |
| SHA256 | 920bc8e04a0457bb0eb953b3d836f7f9f47493afce24470ce8c3d8634a8a0c22 |
| SHA512 | 0e219d3af827c197bb5e6ecf9dc3b69abe8c701ef4076df930d53aed83a39c0b3ebffd0bc52c2ec882ce8c8fa25a8e8202ed04b352ed6050498b78aa7f98d622 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | c5c052db2b412e31fab08edf449e126f |
| SHA1 | 0a665720ac4109222ae211f124aea9771b2111f3 |
| SHA256 | bf5fad83da92cf8d383d503c05c777cd50b934d4c94788823d74fc9d7dae4a79 |
| SHA512 | 6100e6d640ab07682c498aeda52bd6b71e895e54114657dac74fa3bc17db39c7ce120a555f52de71e724dcbb21ea2fb4cc1dcfaa27009142c600cca15b5cdd90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b1a7ae7b82aebd39798780c8c0834c0c |
| SHA1 | 37954ff31de5aaf67ab34af4551ae38c5a563c56 |
| SHA256 | c3d7dba29f437045b89b882336ec31a0e137fadbb895517100d7f4d8dd0a994e |
| SHA512 | 6ede1f32ae6f475ec7f7162a013982649f8faf7f29d9befe639094edc8a5be79d328989d57044c42f7d36d5d4394ce9d49f02baceacf4c8517853a041428d28d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
| MD5 | fae48bd50bec2ac062139da21562c7a8 |
| SHA1 | 85ce5d7f243dcff22fc37286afd5eba82ba0eab6 |
| SHA256 | 66acae23c5d0846cb6f5b12fd59ff7bcd73f02a9e4109c1c86fe2432776e8139 |
| SHA512 | b980ad364d10d090d710b24d04fa7e48a7e1823ffef8be335493c3d73b88eb1484f1fa611343a9753d42ba56bd6c51e37c96aa84e28a379af2c898538f2c3b17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 7e2c0017eceb59c72a94a4fdbd7d4510 |
| SHA1 | f8acb99c5d661cfc6253914fcf979411918f9835 |
| SHA256 | cdf53d9a8cdc53c6b7dc3bac033951396266f8fd657546c4610f52d0d151b0fb |
| SHA512 | e70bd28503a89730a3617c2791f680482810577a51a07afb58e360f2b3a8fb8334f8a9f251534d6c63d29dc7e8e224391a1c9973d1803515f4adcf572e18ce1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 41c2bbcae865451a2a667268aa0d850e |
| SHA1 | 1b63800563640d42292801b62a6a4e14550357a6 |
| SHA256 | 602692b21b221ae2c135ba9d47c49c2b8012c67589e51439b0a219af93a17146 |
| SHA512 | 3b1f89c4ad1e59aaefdf97ba2a0a10cb09cd6b5160fb4fa96efb0b2bfb28074f2b8f810d2eb9c631b83f7c9f41b2ac26c23878894761245361a161aacbbc1850 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 7ff9ae78016f2aaefea7340d74907fb5 |
| SHA1 | 7cc774036dfab14abf67c25228cab244775e7b4b |
| SHA256 | a58ff5df24173ac180d53fa7614d2ac5f4556f8e9615449e5a136fffa856d0cb |
| SHA512 | 4dd604ad87bc2704b71fb87f94b09c250735e84d447f197558f022bdba129286a532c756139578aed5c13c6cfe63dd2483faf5c0485728eb7b07cc0f8acf652f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 48b62ab34d9ffe8eb8e5232dfb2f1c24 |
| SHA1 | e98048ff61e5897bb127c93bbead5e8f45cc50c5 |
| SHA256 | 2d26769ed9d723aecbded9becbe10440e612777d00014b0e4152a7df3fc88800 |
| SHA512 | e41888af9ca132070beaa7a4ad619221c3399ee4b59c4a16f258504892a0e032028d9e903b72573362501157d83d1d24a46d9f90778c01675d0685ca7821e64f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | b6ec3073cacce745a8b45669b3950b24 |
| SHA1 | f6e58fdef85e4e27e036128e25e7a4a6d933f68e |
| SHA256 | 427792f7200f608904f0832871e00621e08cdf139569d43235117e8b0b2acc8e |
| SHA512 | 322405ed9eb3d21c389bb124d63e2ef44818a6434a20342b752aeecc0cf92292617c63cce4fd7845fefc64871d6be31acea7eeb5e73d2ba1491854988f9373d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\index
| MD5 | 0a280f0d216519efd43f3de42eb58208 |
| SHA1 | 696b40466c5982ce820c233acf0379f5c376b211 |
| SHA256 | 3e8ed34044555bf8e14d05745a9c6881d0b4c74b64f70ccacc0e968f03579c4e |
| SHA512 | eed488d241a964f8907f8a512c2e1a320533b959e646b4e42930f9446fcc0d95610e6f08ed56f758d1fc7ee033909c7848d168c16f2f66116634ef59573b9875 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 16ec43d92bf0be204b8e2ac6c20019e7 |
| SHA1 | 4f8398a8d26b413159d4c66b1d294dcfa816d716 |
| SHA256 | ee6118c46ae48c012d42d0ca20570ecaef44c75843564536da04203e3eea46bc |
| SHA512 | 6421b756cc579060dd8b47a126900159a9ddf81f1ab0f94f08d88d61af6ea30684f62a44d9fffd6c4d0a09f5b55b76b69c02447d991d1070283b3f4173c9d951 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | c2bd6d72801e72df2412c11f03d22f66 |
| SHA1 | 62f1b46fca25e45ee64bd62b05b8ab0d41dd36bc |
| SHA256 | 5b2c03af0f0dadaaaf9bc0980f1c365e059e3e905a839f48bbc1293eef9b28ae |
| SHA512 | 2c30704adf363e84db975d65579e76e0112b27a80a2582a3992195dbd8ffd7c7edacc6b4dfd559e69d987552370856a8edb0575ba28ba8a090378460cbc3df98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | c10cbf5b60ad112db9e9208ac877ff92 |
| SHA1 | 7c23e20e63e838b7cc12dea81536b876cdffb949 |
| SHA256 | 69d870142c714875cb4518efc6f8ddd4f83113a2bdbcb24b369ae24112f85fb5 |
| SHA512 | 26e245320e0cafd18f915b6de68e84c2d3d999179fc307c1af95574dbfc276a2d7d0ec2cdeae01b7c1bb997528f28076b2c85b94d330842ff946ebeb1449dd9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | f1f9fdb3b13dce5207cb1643344a42f5 |
| SHA1 | 03d403c18fd420f9ddea56c3487a27c26b9247a1 |
| SHA256 | 4a39bc020c32abfd1020f84fbdcc57a3bc5b4e55bbc6b74a9c9ea5b2805bf9e1 |
| SHA512 | 025b6a0d59b5b4c3484520fdc27330447e5ed5aaae0a81b53b7b4132dffa18cbedc75104e4692ff2525e5cc563ec706de3eee0755bea4d3a41b16debf552a5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 56234647b1d38b9b95cf45e75ab114e4 |
| SHA1 | 8c77edce428e1f9413ab4bc5845817560fe4c478 |
| SHA256 | 35fd6b56c077885936398cff848a1a1d794d2959f29969a2153a1d091601ebc4 |
| SHA512 | fed7497722e6e2e87641de83dfee5e6fee1b6380bc86cf1f9e437a5bedaa090389afaa70ac6ee1e31d1aced94ae472c4d853bb7580c4f0e6bd0ca726642c594f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
| MD5 | f44dc73f9788d3313e3e25140002587c |
| SHA1 | 5aec4edc356bc673cba64ff31148b934a41d44c4 |
| SHA256 | 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983 |
| SHA512 | e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 8cd792e693b71d49c3ef58284bf22fe3 |
| SHA1 | a5f2286f103fc4f9c89456973bfbd0cde3920b81 |
| SHA256 | 9316ff8bee6ec5c9618cf1094577c6a53c314f38ee6ae85c03ede4a8f708791c |
| SHA512 | aea480f0c6a9ba3982a95df2c66787dc7453d867713e3fcc550ac2bd1bdd09e0f276aded31122a351ecb94391de0bfaf5bd3c70b51b6e18a8aad5807f1036da9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af4d4b294ba797a4fb6179e3453dd4a6 |
| SHA1 | 504b6d764af268a9221179f44758130cd7733d7c |
| SHA256 | 7d40b524ccd1c2fc3b0e4f8d655250e293f878a0b2a82f279c1bee547f68e2ae |
| SHA512 | f6909dfc86ff4342987268d54327a21b1a1ccf11b2916b377e07834af5ad2daf9d0ae7213c3c175d32fb899acc770e985386681ab7223696cabc73f02bb210da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afdd7c0bddbffcced584c752a46f9a45 |
| SHA1 | 8e13cca9438b954f3789edd96f68b7a6a13a5711 |
| SHA256 | 112cce0f9ae4d3678f907a801e9ca9179b4c8c58630566fd0ef6ead4fe6e220c |
| SHA512 | 43456c76ff0c1fbc7230fa4c6685cc64980aa6ed8c7132cc5555f519c7cbf26c48baca9de6763d24d7fb60594332bbd90e1a12eae46007be14d3bfbd412ae264 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee376ecb31ef62372c34c71f483d31bf |
| SHA1 | 8899198b226fda828aaab0baa842bfa8a6b73aeb |
| SHA256 | 2326aa67befcc49eef334612cf4df2eef27717146e8b5c5d6302496cc1316317 |
| SHA512 | ab3369464ad0323988e9ec05bf0011e66bb3577bf2943b56cda8a527d99740e87c879f38f83058481167635f0b6be8958fdd863cda3bc6d69f3108cf73b2182a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a08b140f030cc814f9e45dbf00d639f3 |
| SHA1 | c34406fd5c90d882da87fb1801662c1e73a06afa |
| SHA256 | 1d0fb300f2d8071392e5c7d72b57c233a71138ce567c10f311680f0f6fb95e90 |
| SHA512 | 21eaf372b0b1c8deb32184be069ef3a0733abbf6aa32829d9e1e00a32e811f9b491121672f30bf870caf4d68bf933eee0b135a58ccf6c9457bf539f8a967662b |
C:\Users\Admin\Downloads\Unconfirmed 827514.crdownload
| MD5 | 42397910ed49ec52b321e806fc1767e7 |
| SHA1 | dd30b1def92053c712262b274cb1d9bc4819a284 |
| SHA256 | c9e07f4ca083a99dda2bc9062400f6b54afceba4c6ce355914fef66c9f018dd0 |
| SHA512 | f1a5a7ab4bfdbbad0179e1fc4e22cee96854a4de8ae7f367ea34ebcc7c2066233b7fc5c45787cde697f08f15c9533a5328198c6c778bbea6640f456c3c1b12b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3469c8bf93858ad09a6e7d12fd3727e3 |
| SHA1 | 5d5af67450ef863f2b4d91013be5d507086f2b4e |
| SHA256 | 9b15e3ff0f0cce4e170af58113e4c6a5d92830702ae602decc2e4747955f56ef |
| SHA512 | fa8e6b0cb4c10e81334a2161e4ec225f64a0e61442d48006bfcaa7c4dfc41aaf1c2b93beadf3ac7e0cacb77e47035e318a5800397604786e1dd4069684fc70e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 599bd641b106d7654d63eedc39cd6db3 |
| SHA1 | 3cd1bb07c3677806d7d49a3d998655ba7ddd109f |
| SHA256 | a8b9eca2e97c2d0545bf6653cf3d8b239d690d9c175b3adcb1396b80b518bc2d |
| SHA512 | 3982f06303c8968ebc6c791945e8cc8df363a08947fd97bdf08f5ba986dfba9d1d4b7807265963befb906808a9f9a4f870f81f07797c1ed45520937b0375fac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 630adc4717704681e7d0e8c0dff8ed6e |
| SHA1 | b9f54c26655e65f95f0345ae7f73688ad81d1abc |
| SHA256 | 0077cc5293733408eebe21a4b0aa068ee6f4091855a16b392d788b52c7110e4d |
| SHA512 | 5fd0200307fd9df59ee68ed416fc7a901670dbb04f027712377a1b859390967fddf1b8bcd20b6207b2d61629155c5b92a72020cc785a8b5959b2541f84f86c0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58be3a.TMP
| MD5 | 7af244d4141ccb0d591883ef87f45840 |
| SHA1 | 387fd1f966d7bccdf97136eb30870ac377718512 |
| SHA256 | be53e745b5405e73a88fc7ad71abf6c4cc0d3cfaf45bf42923f69c9c4b3ef515 |
| SHA512 | 64a7240160cb7e942550a7ce1e42b1ee153f5af0905f1a7f34b07db48a778e530ec62e0c9677e0b96993c418837b63d60e9456247a5e2ee41d95e805d41a6a5a |
C:\Users\Admin\Downloads\50MB.bin
| MD5 | 1699992acbe557095d85941d51e1a36c |
| SHA1 | e0983eea9bebf846ae171da5d85d15d78e73f717 |
| SHA256 | f19c6758fcccab7519210fe10d78349a8fdf6b028673e1700c295ddd13e1804d |
| SHA512 | 6032bc061afedbe01c7be02f7ac7021226ea2e5848c410904776a75ba29362cb9f4bfe5f50a9e7eb8bc22f4f75a2bd45488dd54b7e47dab3e3fa8770517714f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7165798d26cb8832abae7d8824a0313d |
| SHA1 | 8cec1ebd567c460461bd6aa269e3c84a809ffce8 |
| SHA256 | 8387bdda99ee25438e29dd22ad07641b52dcb35c39d37b461f8917f9ccf459c0 |
| SHA512 | 89d9b9536bbe3e395f30c6f7343a6bf1d46f0157821a492d699ee7d43645963b6e2acec29acb5610c59f3fea4cc5aa9a9e141909875ab511c67fb67d78276f7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 018cec97771703d7dc374265a122140a |
| SHA1 | 969f02613835ee4d1425d18c086070066753352a |
| SHA256 | 87ae2718120c5b66e3d0a6bd5af70cc3dc3d726833ec79af071ae8fdfa2dfe56 |
| SHA512 | 20bc9abf24af1b502a96cc40278e000f35ae1c6d7ade37062c654ff8a43bd528ab725af7b48599e0183001860025a22cdb32f7a88f5e4cb984d50eb673f654c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cc804e9b9542c43d4d84acc183bd2a7b |
| SHA1 | bc630145faf1a1dc1a3f65cb35e050b83dc46f69 |
| SHA256 | 085536d1e8414207d61381430b7871261f9e073531f0ad8cbde9482926a8a84a |
| SHA512 | 6ae9b292bf45f30dd23321b65b716eccc2d0f17c3efbc4714e031aff6c0ddc508fbaf0505ac5579d96f762f20d46f494337cbdbe767c08d7bc5a13db88074076 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593a8e.TMP
| MD5 | a92ddf4e947355d15c3cae3a6b3fa539 |
| SHA1 | 172b4e0fddf6791a7abe54e6bf1e4f376816095a |
| SHA256 | 7d65436db548ec61129ef077b449be9798435c3c6606a9e4d4fdc71dd56ac62a |
| SHA512 | fe7ed38f283239b9db6949b4cf92946897f4d3a1d3640b75a814bed85983a994f006ed8c0f9c0841f37984e8cdd23458e2d01194392e5ca2de191d2c8e563c92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b6e98f5651315e6328240700863c5f65 |
| SHA1 | a7ccada51fb789ad82321d69d43978bdbe6b4aa3 |
| SHA256 | 35e6e7445da272fe957c125da03ecbaa98a785f71d024b167015541a0f01f551 |
| SHA512 | b6afd378a06db6c948e43dd024799063f9ce94ffa1696c5213fe48be08633bb1a4ed29b36c46f0471f37412d740fbaef2a3c14c7e1dcd998a57ce0c05222cf65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2227a244ca78dc817e80e78e42e231d7 |
| SHA1 | 56caeba318e983c74838795fb3c4d9ac0fb4b336 |
| SHA256 | e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24 |
| SHA512 | 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 55a93dd8c17e1019c87980a74c65cb1b |
| SHA1 | 4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d |
| SHA256 | 4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009 |
| SHA512 | f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | cd74fa4f0944963c0908611fed565d9b |
| SHA1 | c18033d8679d742e2aab1d6c88c28bd8f8a9e10d |
| SHA256 | e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804 |
| SHA512 | b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac072892526ebb90a2c37c4f7ce14761 |
| SHA1 | e0c90013a492ee5e2111919fba9e551ec2565b79 |
| SHA256 | c1065d63d018d9053bcde58545f6b3dd0d2ba366e2277b62d163ccf4fa0da5da |
| SHA512 | 240f40e6328fdc1de5e269445b64289faef4ed3cba47c01d253ee1c0cf8359591900c99458aa966d93792a552c0131aed0d8475e7830b3ac3717c018f015e35b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 862088651b6e85877c5ebe06f7587954 |
| SHA1 | 8999016ecf479033e827ffb1249a58406214420d |
| SHA256 | 78618ecf27852c114729e888424dbdb2ce8a5e3b40baed82176d42916939a8f9 |
| SHA512 | 9916d370da4fa5e6905c61e023a8a16f7a339abcc905151f5b93bd8c3177c4591ad521f76d69dcdc4ebe69d0baf41127a6e901017ec57eaf7504ce77eecbfc55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58199b4d7225afdb2cce938320e1104e |
| SHA1 | fa680719d99e1e6564576a7e6eed4dd7afb61ea2 |
| SHA256 | 17e6a900504a9d58970feeb62a550a530767550c671a487b30e7f2c23dc83910 |
| SHA512 | 6e840571b746de413c43c7286c64ddd469fde4aa78e93919576e253a241bab0584f69534319b1945146a955440fbb64b3da7549dc23b2e399aa76e6e0f823c1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0364a52a1f5918f710537cbed2fa468 |
| SHA1 | a1edfc34e637d02c97fd0bfc4bb318c3afe265aa |
| SHA256 | 052c094d6e6612b6295f71ea8945bfe8b79b3ce816f275688b8644c20266c613 |
| SHA512 | 4dd1d0e2b9785c25ee76ebeda69a9a6426421801eabe3dcf7918f11d297d80c9c6fc1e0185d0d4aed4ba4473c2a73b071b272afe67b9f40664c87ba825ca7167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dc2e19272942669b06c04c729fe70971 |
| SHA1 | d465ee010fab260b047f2010ed4925468445b732 |
| SHA256 | 345c57d8140432bb8a1977d2d50221f714149f197e01a01be2202b1aaaaeca49 |
| SHA512 | 1d529bdf7a9142f6383facec62af983b208aa47c63c59f8337df7b0c8d7a588d84608b5d5dee21e651db39a2d97dc4296007434c4803f9c8e7386ff4d4fd2566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f9b30627def0bb442528a44fc589bdde |
| SHA1 | 4edabdcf80c698aadc63c643374ec9d6a12ee10c |
| SHA256 | 48054ba222510cc403a95c8b050381029307aa667c32dc12ceea362d15f8ae12 |
| SHA512 | 8031dfd431a6663330642e5fae5361a84173d8e12177226956db27201dbceb5bc679824174a859c3c19cf605abff3a173c9320103dba974a623d48c5e9f49dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d1246de9b0a4bfefb2f53a7258c76912 |
| SHA1 | aa216ba3eb4ba1a7a986c0911497736f16c47bff |
| SHA256 | 4ca6ca02b1ece9a5847ec5c578e3c87f42e68860292225d3ade96b8cc2756835 |
| SHA512 | c684e821a6f519a5a0e6613fe190c01ce409b4efee0b280692db72906328f9436aba972dff067d228198ab1f9993641a1b443c5b075e0af69872e334fd779e2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6971b93e6d15ded250def599eaef8abb |
| SHA1 | 374f67f7b2f3340c5e366ff071fd82fe1291b4e9 |
| SHA256 | c74015931893fbbbc7aa505bc396d20c571b471b7af8abd8227db93a19c50692 |
| SHA512 | d5d17ee8b10927efb1b175c9d397ccff589b09e96d4e29a026f62e070b8252b5aec0bebae6516cf97e243021e09ee10d09e37bbb1eaf5e1cb9f8c457a83b4578 |
C:\Users\Admin\AppData\Local\Temp\MSID5C2.tmp
| MD5 | 6425466b9a37d03dafcba34f9d01685a |
| SHA1 | 2489ed444bce85f1cbcedcdd43e877e7217ae119 |
| SHA256 | 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d |
| SHA512 | 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371 |
memory/1180-1341-0x0000000003440000-0x0000000003467000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll
| MD5 | a2d4928c9836812735b3516c6950a9ec |
| SHA1 | 01873285eec57b208fa2d4b71d06f176486538c8 |
| SHA256 | 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8 |
| SHA512 | d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87ad2d371e42136f0a73b341f8f77b41 |
| SHA1 | 96e97d51268eb9864754edf31e74c935a5e1d40c |
| SHA256 | e6fb9bf125765428eef0e4a63b141c2c9c042002dd6bf7806abc231965b34b01 |
| SHA512 | d1c8c03265e51e8352ed5854f1c5c005918225ddf756e73ce84bbb29417f984cda219d409e92884f9180fcfdc0d96780fe65372550eef298a3ff940e2c586b32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c1158bbee1628a9388e4d6e58ddad379 |
| SHA1 | 9f82451773303c4f3fc1fc9b2050034cc4f4fd51 |
| SHA256 | c929110c01b3c4ed0d0abd4be73b6253a2b66777c86b320217bc0c526ed9fa04 |
| SHA512 | 22801ce5dc610839d69339a03faf5379f8319116b95d5eea1459b29cfe6c4976f3fc56209374bb60e60b8617e581d6541e99db6a5cd638aff572706b12a3df6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14ef93667c1c9e6fecaf5923fc07ec2b |
| SHA1 | cc327d4f34eb1e9c073e0ac0c69a01e89a44c217 |
| SHA256 | 25f637443eca4d90d8f98b3ea3140f965dd91b58b5c79b175d3ddd20f42ef076 |
| SHA512 | f73058ff5a751066ee035492cace19c2396cf7b699c8d1228562cf1e26b2826b0fa812d93152ee8460974790f983541768777188a3635fc9658a959b9e8eb397 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b5af250ada382c389f58f2a3b437d14 |
| SHA1 | dcac32dad7348296a9f558a5eea7761c61fc68b1 |
| SHA256 | b5d4849076026161d5f5284acb9ced55e6ca213dd904c595aeb115727bf97cd5 |
| SHA512 | 78907f084cedc5f75757e22344b1f56f31aaa1cb6520cc621b83468bd7db79e2c4c1a6eedf539e68562a6744ae935e595b42c8ce002c3afa2b2d1727e14e9d9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 78f550d885ff8c2ed6a4aff65eed0661 |
| SHA1 | 06f032a451a72b302f84574c0e49e3d53a3757e9 |
| SHA256 | aefb295a5581fe9e4b7e42fd2e6d3fd5a40a896d17195e40d4ce78daa0198ecc |
| SHA512 | 0e13ec7321fb476d2ef8167da75b41d6aa4ceb6802e90386c67cd78da673048b41480c664d0d775d92d0054e915760318d92aa2bd39a8087d83c30e986fc4017 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7875f5bafce49dcc97d6765e368bd89a |
| SHA1 | d3d1fc0fcf231f096f47689544baee412df99fa5 |
| SHA256 | 25ad6038857ab06da2b55fb753088de177615c663c995e820b7cc3fc12892e98 |
| SHA512 | 5f33ce6548d68838584eff70332aa1f16d68a832d77a7122f3d790a9bd24e67c457f17bebf218c347a586779f4be3b925a5fe136c2c9e4575f5955efc168907e |
C:\Users\Admin\Downloads\metrofax.doc
| MD5 | 28e855032f83adbd2d8499af6d2d0e22 |
| SHA1 | 6b590325e2e465d9762fa5d1877846667268558a |
| SHA256 | b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e |
| SHA512 | e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34 |
memory/4488-1522-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/4488-1523-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/4488-1524-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/4488-1525-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/4488-1526-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/4488-1527-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp
memory/4488-1528-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | ab83459eaf1f786be59664e2baad069e |
| SHA1 | 938c4cecf0c8ddb611e24aeccabe1a88e9d7c7a0 |
| SHA256 | 7c9e0adc7af34a22f0a336dd704f70e8f96eb05772f54b6cbfbc2083ea76ab85 |
| SHA512 | 47f3132a0690b366d59a839d5ed9f948f8571cd3c80d0d7276893e1434f36d457e28627aa505f9858c475b90cbac9db67b839989620289a68197d71d7c5c9b8c |
C:\Users\Admin\AppData\Local\Temp\vbhja.rtf
| MD5 | ec912d694d759028c2704cc63345c935 |
| SHA1 | c41bed895f63d97a46b46fc7642aaeeca7e7d863 |
| SHA256 | 1d30b17891da82e34e696397bf7c33e0dc6b6d08bb03512074e76adaed8d83a4 |
| SHA512 | 622f6ddfa275620ae2d100073e4393cbb57d98270f9ab1be1bee4b3d969dd663b90c94d402fe9a50a4f93494cc047ad170c1a27d33e0a6144f80ab83c9810871 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\40E9D98E.emf
| MD5 | 0ed5bc16545d23c325d756013579a697 |
| SHA1 | dcdde3196414a743177131d7d906cb67315d88e7 |
| SHA256 | 3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3 |
| SHA512 | c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af |
memory/5048-1648-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp
memory/5048-1649-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 626babfe0510b45d4f6aaf5c5f189160 |
| SHA1 | 4cee9b05e3ae47effbe97b20f2560b84ff2a70c7 |
| SHA256 | be579993cccbc9ea653ea5fe09b91de992f092d4e9d8ecc1de3fa7ac9181f538 |
| SHA512 | 79499828a55a2627e636acf3239b3be0a0cdbbc883aebcfbd4e492dee31f965a83b5eb3cdf302849d9dcb8eb36c21c8f3efe268248f0894f8d8bd1d349258874 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 3ecda6d1ea18cf1253df8bf093c49f55 |
| SHA1 | 9540c1c7c6afc8112e0bf86e87394eb4e5d5a467 |
| SHA256 | e20a8b56ab164025a4ec29818556d63644b27ffd00bb0e0d8707dfebc06886e9 |
| SHA512 | 01ba6374c3067c40e074870fcf28ff437f585c6f25b758d9739631d75265d75e281414086475b979ddbec34e8ca2ffe15f18e8c4fcddcce5fe58f50196ca4602 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | c97bad87ba7ee3e62a850ee063503f03 |
| SHA1 | 8c676fc60e557dcaa4b4a421a44f3f16630923a3 |
| SHA256 | 2e297928c31063fbcf534744f5564bb36e800d6b7e4ef9b41ba531c41aca2a70 |
| SHA512 | 89ded8b86329f8d7745a8fb2d03d3c102941161d17e02679e76e490d0142fedf615e6b7a8d4dab9447d256ebda603165b276e6bbf16c14c6b3bbddd843163355 |
memory/5048-1728-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/5048-1727-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/5048-1726-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
memory/5048-1725-0x00007FFC89ED0000-0x00007FFC89EE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 26179859d6fd9c106a4ee48e7d0b5828 |
| SHA1 | b35d355f42db4d95036ee0683aba42b725d121ce |
| SHA256 | f9d1f2c97e3ca86274724d3611a6f53a5f25b503df46c00f37bfdebef82e2c3f |
| SHA512 | b77f9410c5f6394d8865873be20cc6a34c1e59d29fd3100e12633fbe02910d3b3e984d1fa90169dc2550daf74368c47e47e970bcd77abc758dfdc5be402e772f |
C:\Users\Admin\AppData\Local\Temp\TCD25F0.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f499bca6ee02e758e0d50b18563916f8 |
| SHA1 | 3b853b12af6db0b9a0deb46f8f399299b81d6429 |
| SHA256 | 55b9bc6e0dc50f84b3436b8d93b353f34c921164843f94740eec50675642c6d0 |
| SHA512 | 2341ec8569b9d64a05c72e5ff4f96a6acccb7e718de9280a827246352d06994149ace707c4f1b275b526855554f449d395bfc0eb01fd1fb5824eb83ac81aa033 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\10E8908D-3E7D-4D1D-8B56-8D44B577E145
| MD5 | 2f82426450332b558a61ae9ca551abd9 |
| SHA1 | abdbf8f8bdd7572bcdefbd1e0b7da8d3cf17144d |
| SHA256 | 57d6315a8f1f11aaa111a9956ddd0d560f791f757c379ed77bbb5a1b5b577f52 |
| SHA512 | dbc43dab6cbde98647c5a88cd508a1528ef79c030286cf82cb4cb03c4af81930ad1c3b2644ead9eceea27cd5772324f42a51f04f1693102254567205a6abf0b5 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\01E93570-7AEB-4ABF-A893-54153B912A35
| MD5 | 85ad173999ed440af6120f3b4fd436fa |
| SHA1 | eebe3bae40b0c82db581b905e2a4c4a90055c9b3 |
| SHA256 | 2fb3e7ca57b5ec8657ff2b909c74dee246e7ed2b30abd60dec96fc4fb88bd165 |
| SHA512 | 3c506252a27bc4a3d718fc2ad89036850ee3c9d5fd79966fc5e28debe1844d96e8d2777e160e8537034129fd8109dff027bf5eb4a082c99d0db93730ec31427e |
memory/5048-1980-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp
memory/5048-1985-0x00007FFC87E60000-0x00007FFC87E70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRC0000.tmp
| MD5 | 3497f4d8e54d3f7ed61c48913b717d73 |
| SHA1 | 248f250a54b2bdc2df787a131b84cbf7fd282550 |
| SHA256 | e3cad40e8f2baba3de50a8945a6e868fab3d276200a7228d48416a808db6bc9e |
| SHA512 | a9290ee3fdb1f4cdf0258d6dae3c31d64a64ea0a31d036363946e8577f674d7737c447f0e83c7d53f9c2a6e1be7fa4dee6046e1de7e01e18d84d837a84dd6485 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | c0eb5d07977143d4469e42d052bd2e81 |
| SHA1 | bbb468129feeb5c9bd7e9082d0ab1491ca4c174b |
| SHA256 | bc96f6fbe8f3e80f9395fb6824aad01c18a8ada02577b36257f3a61e8700cd1d |
| SHA512 | aa78a83bcc1f05f91c2b2b8693ccfb3ecbe86b9e97754f15037af5b5fbc957fe52f095f791c44ddc4b6b2985f7520b68a5a8540eddac406bfacce70299cd538a |
memory/1544-2001-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2002-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2000-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2012-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2011-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2010-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2009-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2008-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2007-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1544-2006-0x000001E1DE1B0000-0x000001E1DE1B1000-memory.dmp
memory/1188-2015-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2014-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2013-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2020-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2022-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2021-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2018-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2019-0x000001E570960000-0x000001E570961000-memory.dmp
memory/1188-2017-0x000001E570960000-0x000001E570961000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 785270.crdownload
| MD5 | eb9324121994e5e41f1738b5af8944b1 |
| SHA1 | aa63c521b64602fa9c3a73dadd412fdaf181b690 |
| SHA256 | 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a |
| SHA512 | 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b5a37a4746a0fb01491644b4d5ff0b6 |
| SHA1 | 70dd974864e3770924186158d0eb4af5cf9d8933 |
| SHA256 | 289838bfc28ab55967af777a05d6b1ff8b3fd5e433a888c6e7074838ef7ba8f5 |
| SHA512 | f8538ff3bd0524f3f6cddcdd7be9e6490bd40fbc0c25762bfbd78886971513d2310ac1cbcb56f7cb46446a444a5cf175ab57105627afb98111e69c12a1f19b3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8324e1d6d5045d9fdca84bc363c70536 |
| SHA1 | 56b4767645062f27f73f818936eb06e1a41e286c |
| SHA256 | 6e0eb87aeca95641158d3b3c901697830b04aea3f356d1346a447e2eaf19eb90 |
| SHA512 | 9d725207760641dddeb31001b102cc3462f31bdb507fd02b420efd87424d3e4bd9e189c684c1dde29a001332cf019d30180e299e4c42a518b2beeb87574bd825 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e44e401b55b9e89db53bc83ef9863b38 |
| SHA1 | 5af850ca1e1f52c70623d1185d8988fdef3ef333 |
| SHA256 | 687238cab09a3785c4dd39113df6ce13def8a226a4bdfe6ea4497fc204967ca3 |
| SHA512 | 51f917b7ffe05e525fa043e22e02bb9a3c053863b622b0ae99668fbc7f96febfd0720123650b81135996c191a179ac5fd83e667081cbaa13ee64bba7d76a35cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95161f6c8498b8f93906acefb5614aca |
| SHA1 | 33875b7cc541c9b0df58ddc35b07f5cf6061250b |
| SHA256 | fa0dc5cc41d94be12f23ea98ad90d856570ab45114030d0ea74cb91465e1dbb5 |
| SHA512 | bf05185d0cd91a80084673f59e99a6d3a3a19c89cc5aeab0ca62be8a0be9ffc341f150f4b5e615c362e951e0d3d6a34a4af7b984cc0f82ae8678f93731a3ad66 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1e1329dd7fe372e92c6c04dfea0067e0 |
| SHA1 | 0040ffd6d09496eb365f031b1733744c7778fd6d |
| SHA256 | 3cbbcf7fa8cf78785dbc661b169a31fb2c514d8f0962bf39f8cf1b8f17b8ec41 |
| SHA512 | 57cbabc7d4222c690454233a9820c951c761c5f10ab90885613ceec72e3b17ae7530e62279e5795e2bbb1772fc49445e83f1170192e52eff28aefbb9eb589dc9 |
C:\Users\Admin\Downloads\Unconfirmed 314552.crdownload
| MD5 | ab3e43a60f47a98962d50f2da0507df7 |
| SHA1 | 4177228a54c15ac42855e87854d4cd9a1722fe39 |
| SHA256 | 4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f |
| SHA512 | 9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b327c92886586cfdcbe0669926758da |
| SHA1 | f51c7af74311fb6b94653986051fb2b168727254 |
| SHA256 | 3276fdc450a84ed290fe8eac414e94a5447e5eefd733accdcb3221c0c9f83b93 |
| SHA512 | d7bdaf0e66c2145e4af264bdcaa12758cf68429cef3efe83745fbb7101bd1638e044c5262e0f47321e1d92b344abbf7f88aec411dad34fe970838bcbf9a79f0a |
memory/5656-2254-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 79f602aa793045c7976113aafce68f55 |
| SHA1 | a1f03982121b20a450754af86f1f5954b9d8f771 |
| SHA256 | 4085958f2ab5a88fc0afb0d81c3fab1c4bbfe25c27bbc543fc5511e43406af90 |
| SHA512 | a3620372799084c68bc3ea86fe6042640c7af1dc9dcbbbd1c5c63876d5ceebdff2c8fe1ca77f563f6af8ee360e10db5af0883a20754e3c98a1b9890da9fc9b0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2392e81c4857a1f5106b7b475981f12b |
| SHA1 | f07d45d83cd10c6cd80b00803918ad4cf998fc46 |
| SHA256 | 84ab56c0faeadce34e50fe26d509d719b4dced0346b801a42ef03f9df45de012 |
| SHA512 | bb3c9f4aa5d9b16b999aa29a842660f9f05a361d5c332cb39cea98a277829835e09015b25f03334d681846506a890f4c456681e661a25c0c51a71b6d535ee6c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ebffd9212fc4a3a650998c7fef76fe8f |
| SHA1 | 03b7cfe35f114e9384a33dbc1a2c8a5b75cc24d6 |
| SHA256 | 367d0d6edf014436aefed5d685e70227e6cb3a927325b20a9f5a8984c60673df |
| SHA512 | 9181f707c5727f4ad934813e800508ff949b1be844a5d1f845e44f665c31352576418cdb5dcf4ee0293f2804cef91be2ef39e59d8b74655ccb6096ea7ec08ad1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c7d99a32bf6a990419b522c16cb4de5 |
| SHA1 | 6a30f4c63ba678ca2a2579981b5e982eb6577ef5 |
| SHA256 | 02922f000bf1a0911c142653bc87c82e5ffb77b2decab72247270ceb5a42dad5 |
| SHA512 | 9da62fdfe9301d4c02f671b32f4a9ab1d57d3355975a6ae56c1084ca509cc44b3fbd0c8ca8dcd237c428758e4240ad9639ff3b229be690efb7fee2c35ba4d3ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7d3393e2845529327b16da8511622ff7 |
| SHA1 | fdd3f455e03f3acc3bf662669188b7fbdad89247 |
| SHA256 | a167152796c6e795d699a7a7a2fecfc01e4be0755fb4674d653009d82d7cabeb |
| SHA512 | abbad8ead830c9e4813668c57d5f9d579d3058e87c0ed0751c5c93cc03996f30e2ef3309f54c3579afefb38ef65b6508041cecb987b0493cec4641fff56574cb |
memory/5656-2411-0x0000000000400000-0x000000000040E000-memory.dmp
memory/1080-2414-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2413-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2412-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2416-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2421-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2420-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2419-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2418-0x00000239784A0000-0x00000239784A1000-memory.dmp
memory/1080-2417-0x00000239784A0000-0x00000239784A1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e3378a6b53c89950a8c2a9321ff5b8fb |
| SHA1 | 08f84410338ca8c5ea7fa87cb451889ea34cc71f |
| SHA256 | f2e546cf00841eb5705839aa72c7f032786b1f1e4e32a3fb6fdcec87aca54db8 |
| SHA512 | 31ca162d5cdf36101a14dd2d9fc8992af7a2de14e0fcb4617a6edc519482de2ce2acab23f8cc6c773f883c8509325f50e1eb39cdca1d0cfa68ee0d415758f9de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\154be5b7-5d05-49c8-8772-d0d5eb0f3745.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7aca588bf765699c4182a5aefc0842dc |
| SHA1 | e83c0ae650431f6d5f09bf9a05c1b4cdac7bc082 |
| SHA256 | c4b4a1991297b10f21da7a0cf2f5f8579757a315a8e332541537973e7e368116 |
| SHA512 | a279cc2da7251b2c4eb52b99f3829be623e85bef7930260158cc390687f1170d0b3369e65b71760ca29ee1fb6d664271d468ee3f45005e8a028dac0e790378ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 786583cfd2bee40727a3e4e4e4e08ce8 |
| SHA1 | cd6c8f069e0492ac558ce80baf841ad1b1756143 |
| SHA256 | 0743edf83268fccaba566fa2c276325b62fbb1c91bd1204080d83b72da0a42d0 |
| SHA512 | 420b257a8455fd135ed9e123aa22287249ad60dc7d905c92091552743cbde98d9c37c4ce6bd4957319a1999fcd277dee1261795a4df4f6e70027ced4b4dd100c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9572c4e17c235afe595d9413c8150e83 |
| SHA1 | 1da502be5636c8bae67ae3dd75ec4d9688e6b30a |
| SHA256 | 97b3b869afe14215ffa5b33f15a44b935f797ef0e6305861b647e2e4de35c6db |
| SHA512 | 7a6ba8aa018e349df6b3df130229abc1b997b3dc2a44c6318dff607fa68dad83f33116ff46ab7c36abe5e6129247d2303cfdef014069ddd04f314f7f287e4c2d |