Malware Analysis Report

2024-11-30 14:39

Sample ID 241116-rj4nxsxhla
Target http://sakpot.com
Tags
danabot banker defense_evasion discovery persistence phishing trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://sakpot.com was found to be: Known bad.

Malicious Activity Summary

danabot banker defense_evasion discovery persistence phishing trojan

Danabot family

Danabot

Downloads MZ/PE file

Blocklisted process makes network request

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: detect-gpu@latest

Loads dropped DLL

Executes dropped EXE

A potential corporate email address has been identified in the URL: lottie-player@latest

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

NTFS ADS

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Uses Volume Shadow Copy WMI provider

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-16 14:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-16 14:14

Reported

2024-11-16 14:22

Platform

win10ltsc2021-20241023-en

Max time kernel

445s

Max time network

448s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://sakpot.com

Signatures

Danabot

trojan banker danabot

Danabot family

danabot

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: detect-gpu@latest

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: lottie-player@latest

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microzoft_Ofiz = "C:\\Windows\\KdzEregli.exe" C:\Users\Admin\Downloads\Amus.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\98d0926d-3f41-4f76-bd28-e313899789aa.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241116141451.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Meydanbasi.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\Pide.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\KdzEregli.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\KdzEregli.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Cekirge.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\Adapazari.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Messenger.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Pire.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\Cekirge.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\Ankara.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\Anti_Virus.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Anti_Virus.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A
File created C:\Windows\Messenger.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Pide.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Meydanbasi.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\Pire.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Ankara.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\Adapazari.exe C:\Users\Admin\Downloads\Amus.exe N/A
File created C:\Windows\My_Pictures.exe C:\Users\Admin\Downloads\Amus.exe N/A
File opened for modification C:\Windows\My_Pictures.exe C:\Users\Admin\Downloads\Amus.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\DanaBot.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Amus.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DanaBot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Amus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Amus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\unregmp2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DanaBot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Amus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Amus.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "191" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-87863914-780023816-688321450-1000\{E75141A5-0EA3-454A-AE22-2F1F9D5A7BE3} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\DanaBot.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Amus.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 416 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 416 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://sakpot.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7430b5460,0x7ff7430b5470,0x7ff7430b5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x50c 0x4f8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe

"C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x120,0x154,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/nezur

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x124,0x14c,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/category/69-nezur-executor/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x120,0x154,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1248 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {494f284f-272f-47a5-8fe9-7234b66319ba} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ce7b9a7-b508-4199-a769-4b8de64b5c5f} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2716 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3052 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5222b9f-ec56-4a62-9b5b-2fe62ee237e4} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4320 -childID 2 -isForBrowser -prefsHandle 4312 -prefMapHandle 4308 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc31243d-e862-4de1-a475-5b5e23bddee8} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4780 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dd75638-2234-411e-ac3b-ca3a9399631a} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5db9d5c3-815d-4870-8a05-f12e7bd94daa} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {525135d8-6903-4bb4-8f55-ce76d0c06ab8} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5740 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87b1d333-e566-403e-8c5c-866b6a6bf346} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 6 -isForBrowser -prefsHandle 5540 -prefMapHandle 5904 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e4e1ff2-98cd-4c8b-b6ca-356cc678d2d4} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6224 -childID 7 -isForBrowser -prefsHandle 6244 -prefMapHandle 6192 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df712707-caf3-482d-babd-07932a40200e} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab

C:\Users\Admin\Downloads\DanaBot.exe

"C:\Users\Admin\Downloads\DanaBot.exe"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@6888

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6888 -ip 6888

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 468

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0

C:\Users\Admin\Downloads\Amus.exe

"C:\Users\Admin\Downloads\Amus.exe"

C:\Users\Admin\Downloads\Amus.exe

"C:\Users\Admin\Downloads\Amus.exe"

C:\Users\Admin\Downloads\Amus.exe

"C:\Users\Admin\Downloads\Amus.exe"

C:\Users\Admin\Downloads\Amus.exe

"C:\Users\Admin\Downloads\Amus.exe"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4768 -ip 4768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 2284

C:\Users\Admin\Downloads\DanaBot.exe

"C:\Users\Admin\Downloads\DanaBot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 6364 -ip 6364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 152

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39ae055 /state1:0x41c64e6d

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5888 -ip 5888

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 912

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 sakpot.com udp
US 172.67.75.230:80 sakpot.com tcp
US 172.67.75.230:80 sakpot.com tcp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 172.67.75.230:443 sakpot.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 230.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 talesapricot.com udp
US 8.8.8.8:53 jsc.mgid.com udp
NL 23.109.170.154:443 talesapricot.com tcp
US 104.19.129.76:443 jsc.mgid.com tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 servicer.mgid.com udp
US 8.8.8.8:53 passirdrowns.com udp
US 104.19.130.76:443 servicer.mgid.com tcp
NL 23.109.170.134:443 passirdrowns.com tcp
US 8.8.8.8:53 d3t3z4teexdk2r.cloudfront.net udp
US 8.8.8.8:53 d8bsqfpnw46ux.cloudfront.net udp
FR 52.222.161.38:443 d8bsqfpnw46ux.cloudfront.net tcp
FR 3.165.112.191:443 d3t3z4teexdk2r.cloudfront.net tcp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 76.129.19.104.in-addr.arpa udp
US 8.8.8.8:53 154.170.109.23.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 76.130.19.104.in-addr.arpa udp
US 8.8.8.8:53 134.170.109.23.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ukankingwithea.com udp
US 104.21.68.94:443 ukankingwithea.com tcp
US 104.21.68.94:443 ukankingwithea.com tcp
US 8.8.8.8:53 rytransionsco.org udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 191.112.165.3.in-addr.arpa udp
US 8.8.8.8:53 38.161.222.52.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 104.21.81.106:443 rytransionsco.org tcp
US 8.8.8.8:53 ditingdecording.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 alsdebaticalfelixsto.org udp
GB 18.244.140.100:443 ghabovethec.info tcp
GB 108.138.217.71:443 ditingdecording.info tcp
GB 143.204.176.77:443 alsdebaticalfelixsto.org tcp
GB 143.204.176.77:443 alsdebaticalfelixsto.org tcp
US 8.8.8.8:53 www.facebook.com udp
DE 185.60.217.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
GB 64.233.167.84:443 accounts.google.com tcp
GB 64.233.167.84:443 accounts.google.com tcp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
GB 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 94.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 71.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 100.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 106.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 77.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 35.217.60.185.in-addr.arpa udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 59.163.164.3.in-addr.arpa udp
GB 108.138.217.71:443 ditingdecording.info tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.201.98:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 primenetworkchain.com udp
DE 168.119.149.123:443 primenetworkchain.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.212.193:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 url.giveaff.com udp
US 54.196.173.211:443 url.giveaff.com tcp
GB 216.58.212.193:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 123.149.119.168.in-addr.arpa udp
US 8.8.8.8:53 phoenixmedia.scaletrk.com udp
DE 18.197.237.56:443 phoenixmedia.scaletrk.com tcp
US 8.8.8.8:53 psegeevalrat.net udp
US 104.18.22.222:443 psegeevalrat.net tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 yonmewon.com udp
NL 139.45.197.236:443 yonmewon.com tcp
US 172.67.169.157:443 my.rtmark.net tcp
US 8.8.8.8:53 211.173.196.54.in-addr.arpa udp
US 8.8.8.8:53 56.237.197.18.in-addr.arpa udp
US 8.8.8.8:53 222.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 157.169.67.172.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 s.click.aliexpress.com udp
GB 23.214.144.96:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 96.144.214.23.in-addr.arpa udp
GB 95.100.244.36:443 ae01.alicdn.com tcp
US 8.8.8.8:53 acs.aliexpress.com udp
GB 23.214.144.96:443 assets.alicdn.com tcp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 acs.aliexpress.ru udp
US 8.8.8.8:53 ae.mmstat.com udp
GB 23.214.144.96:443 assets.alicdn.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 fcmatch.google.com udp
US 8.8.8.8:53 fcmatch.youtube.com udp
US 8.8.8.8:53 fourier.taobao.com udp
US 8.8.8.8:53 gj.mmstat.com udp
US 8.8.8.8:53 hd.mmstat.com udp
US 8.8.8.8:53 pcookie.aliexpress.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 36.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 132.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 time-ae.akamaized.net udp
US 8.8.8.8:53 www.google.com udp
GB 88.221.134.194:443 time-ae.akamaized.net tcp
SG 47.246.110.44:443 ae.mmstat.com tcp
GB 163.181.154.240:443 bottom.campaign.aliexpress.com tcp
DE 47.246.146.97:443 acs.aliexpress.com tcp
US 8.8.8.8:53 194.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 97.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 birthjeans.icu udp
US 104.21.42.119:443 birthjeans.icu tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 nostop.go2cloud.org udp
IE 52.210.174.128:443 nostop.go2cloud.org tcp
US 8.8.8.8:53 44.110.246.47.in-addr.arpa udp
US 8.8.8.8:53 119.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 128.174.210.52.in-addr.arpa udp
US 8.8.8.8:53 trk.sparkrainstorm.host udp
IE 54.216.148.153:443 trk.sparkrainstorm.host tcp
IE 54.216.148.153:443 trk.sparkrainstorm.host tcp
US 8.8.8.8:53 try.opera.com udp
US 54.85.27.31:443 try.opera.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 3.66.252.218:443 www.opera.com tcp
DE 3.66.252.218:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 172.217.169.46:443 www.googleoptimize.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 153.148.216.54.in-addr.arpa udp
US 8.8.8.8:53 31.27.85.54.in-addr.arpa udp
US 8.8.8.8:53 218.252.66.3.in-addr.arpa udp
US 8.8.8.8:53 61.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
DE 3.66.252.218:443 www.opera.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 c.mgid.com udp
US 8.8.8.8:53 cdn.mgid.com udp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 secure.gravatar.com udp
US 8.8.8.8:53 alepinezaptieh.com udp
US 8.8.8.8:53 www.youtube.com udp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
NL 23.109.170.83:443 alepinezaptieh.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 83.170.109.23.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.33:443 yt3.ggpht.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 s-img.mgid.com udp
US 104.19.132.76:443 s-img.mgid.com tcp
US 104.19.132.76:443 s-img.mgid.com tcp
US 104.19.132.76:443 s-img.mgid.com tcp
US 8.8.8.8:53 cm.mgid.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 76.132.19.104.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 a.adskeeper.co.uk udp
US 8.8.8.8:53 a.mgid.com udp
US 172.64.152.191:443 a.adskeeper.co.uk tcp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 191.152.64.172.in-addr.arpa udp
IE 52.210.174.128:443 nostop.go2cloud.org tcp
IE 54.216.148.153:443 trk.sparkrainstorm.host tcp
IE 54.216.148.153:443 trk.sparkrainstorm.host tcp
GB 172.217.169.46:443 www.youtube.com udp
DE 3.66.252.218:443 www.opera.com tcp
US 54.196.173.211:443 url.giveaff.com tcp
GB 88.221.134.194:443 time-ae.akamaized.net tcp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
GB 163.181.154.240:443 bottom.campaign.aliexpress.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 132.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 nezur.io udp
US 172.67.74.136:443 nezur.io tcp
US 172.67.74.136:443 nezur.io tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 136.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 41.95.18.104.in-addr.arpa udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.69.228:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 execkey.nezur.io udp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
US 8.8.8.8:53 1cheats.com udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 keyauth.win udp
US 162.159.138.232:443 discord.com tcp
US 104.26.5.38:443 1cheats.com tcp
US 104.26.5.38:443 1cheats.com tcp
US 172.67.72.57:443 keyauth.win tcp
US 8.8.8.8:53 assets-global.website-files.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 104.18.34.201:443 assets-global.website-files.com tcp
US 8.8.8.8:53 d2w9cdu84xc4eq.cloudfront.net udp
FR 18.244.38.49:443 d2w9cdu84xc4eq.cloudfront.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 38.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 57.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 201.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 49.38.244.18.in-addr.arpa udp
FR 52.222.153.27:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 172.67.72.57:443 keyauth.win tcp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 use.fontawesome.com udp
GB 143.204.176.42:443 getrunkhomuto.info tcp
US 104.18.40.68:443 kit-pro.fontawesome.com tcp
US 151.101.128.176:443 js.stripe.com tcp
GB 18.244.140.102:443 ghabovethec.info tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 27.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 42.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 176.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 152.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 alsdebaticalfelixsto.org udp
US 8.8.8.8:53 www.facebook.com udp
DE 185.60.217.35:443 www.facebook.com tcp
GB 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 102.140.244.18.in-addr.arpa udp
US 104.18.40.68:443 kit-pro.fontawesome.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 www.skycheats.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.66.40.148:443 www.skycheats.com tcp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 148.40.66.172.in-addr.arpa udp
US 104.26.5.38:443 1cheats.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
N/A 127.0.0.1:6463 tcp
US 151.101.128.176:443 js.stripe.com udp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 m.stripe.com udp
US 52.24.185.87:443 m.stripe.com tcp
N/A 127.0.0.1:6464 tcp
US 8.8.8.8:53 87.185.24.52.in-addr.arpa udp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
GB 216.58.212.206:443 www.youtube.com udp
N/A 127.0.0.1:6468 tcp
GB 143.204.176.42:443 alsdebaticalfelixsto.org tcp
US 8.8.8.8:53 nostop.go2cloud.org udp
IE 18.202.12.61:443 nostop.go2cloud.org tcp
US 8.8.8.8:53 61.12.202.18.in-addr.arpa udp
N/A 127.0.0.1:6469 tcp
US 8.8.8.8:53 lootdest.org udp
US 104.21.7.82:443 lootdest.org tcp
US 104.21.7.82:443 lootdest.org tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 unpkg.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 104.17.249.203:443 unpkg.com tcp
US 8.8.8.8:53 d1gpi088t70qaf.cloudfront.net udp
FR 52.222.196.29:443 d1gpi088t70qaf.cloudfront.net tcp
US 8.8.8.8:53 203.249.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 82.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 api.taboola.com udp
US 151.101.1.44:443 api.taboola.com tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 104.17.249.203:443 unpkg.com tcp
US 8.8.8.8:53 nerventualken.com udp
N/A 127.0.0.1:6470 tcp
US 172.67.197.84:443 nerventualken.com tcp
US 172.67.197.84:443 nerventualken.com tcp
US 8.8.8.8:53 29.196.222.52.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 84.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 d1wzdj81h1hubn.cloudfront.net udp
FR 3.162.40.195:443 d1wzdj81h1hubn.cloudfront.net tcp
FR 3.162.40.195:443 d1wzdj81h1hubn.cloudfront.net tcp
US 8.8.8.8:53 195.40.162.3.in-addr.arpa udp
N/A 127.0.0.1:6471 tcp
US 54.196.173.211:443 url.giveaff.com tcp
US 8.8.8.8:53 phoenixmedia.scaletrk.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 yonmewon.com udp
NL 139.45.197.236:443 yonmewon.com tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
US 8.8.8.8:53 time-ae.akamaized.net udp
US 8.8.8.8:53 www.google.com udp
GB 88.221.134.169:443 time-ae.akamaized.net tcp
N/A 127.0.0.1:6472 tcp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 169.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 1.onsultingco.com udp
GB 216.58.212.206:443 www.youtube.com udp
US 104.21.41.244:443 1.onsultingco.com tcp
US 104.21.41.244:443 1.onsultingco.com tcp
US 8.8.8.8:53 curyrentattrib.info udp
DE 13.33.187.79:443 curyrentattrib.info tcp
US 8.8.8.8:53 244.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 79.187.33.13.in-addr.arpa udp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 rr3---sn-aigzrnsr.googlevideo.com udp
GB 74.125.175.40:443 rr3---sn-aigzrnsr.googlevideo.com tcp
GB 74.125.175.40:443 rr3---sn-aigzrnsr.googlevideo.com tcp
US 8.8.8.8:53 x.urs.microsoft.com udp
GB 51.140.244.186:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 40.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-q4flrnss.googlevideo.com udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 104.57.194.173.in-addr.arpa udp
GB 142.250.200.33:443 yt3.ggpht.com udp
GB 142.250.187.206:443 play.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.238:443 youtube.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 74.125.175.40:443 rr3---sn-aigzrnsr.googlevideo.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr4---sn-q4fl6nsd.googlevideo.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 74.125.3.169:443 rr4---sn-q4fl6nsd.googlevideo.com udp
GB 142.250.178.6:443 static.doubleclick.net udp
US 8.8.8.8:53 169.3.125.74.in-addr.arpa udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 216.58.201.97:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 142.250.179.238:443 youtube.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 d2w9cdu84xc4eq.cloudfront.net udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
FR 52.222.153.158:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 158.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 workink.net udp
US 104.21.7.40:443 workink.net tcp
US 104.21.7.40:443 workink.net tcp
US 104.21.7.40:443 workink.net tcp
US 8.8.8.8:53 work.ink udp
US 8.8.8.8:53 40.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 workink.net udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
N/A 127.0.0.1:60228 tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 115.230.163.35.in-addr.arpa udp
N/A 127.0.0.1:60236 tcp
US 8.8.8.8:53 support.mozilla.org udp
US 34.149.128.2:443 support.mozilla.org tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 2.128.149.34.in-addr.arpa udp
US 8.8.8.8:53 ac.duckduckgo.com udp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
CA 51.222.39.81:443 tcp
FR 51.178.195.151:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f6126b3cef466f7479c4f176528a9348
SHA1 87855913d0bfe2c4559dd3acb243d05c6d7e4908
SHA256 588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4
SHA512 ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

\??\pipe\LOCAL\crashpad_416_NDQYJZLJSILGRCUN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dda6e078b56bc17505e368f3e845302
SHA1 45fbd981fbbd4f961bf72f0ac76308fc18306cba
SHA256 591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15
SHA512 9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3532242d260e10b558debf2ac26187b4
SHA1 f66b6b33761e2b7f800e8f93931e3e24372da52f
SHA256 b82388c26b0affeeb0c58a3621c0c3f4f4975442d88aee3092001c2967be430b
SHA512 a37e308dc54a0f3e6864ecb6cae799bca4dbc2016ef09a9163be3eb9a13a0a2bf54ec4b16ed9e08716e79ad5021ede7c0f3ac0f3c17f162a97f99b1e302cbdc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 90cc75707c7f427e9bbc8e0553500b46
SHA1 9034bdd7e7259406811ec8b5b7ce77317b6a2b7e
SHA256 f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb
SHA512 7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85bcde0444e74e5ed81e7bc7ee3a94f0
SHA1 8ac2e850c9a42fcf24bcd05c55e2723a27f22357
SHA256 6d9d35ddabe06f02219f8cc7b0ef11bbee953f672d011f2b530f067338d03108
SHA512 c1292989d8c9a0576b8aab3ab83dc0ec4cb5a34c9f090d29320327f483359c0e4184f6fb063930b6d6560f67e5d9cd6b17744ca6ab3b025a93daa81818c93f09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07fd86c8714ef65fc71523fb0db7ef6b
SHA1 68e7d98cd62d0790d9dfee5ab85747744ca6a6da
SHA256 e449c5ae57abc2f7b7a44387b65e53946b2e52d63b211fa44dda4db4973df099
SHA512 d87724e3e6b14c7534bbe32e6b556281c7de6002858c4f89ef5288253749a821fb0a4357d4e575113adc6704e5e84ba2a03cdb4e02ed939a389754f20187e672

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0d8c8c98295f59eade1d8c5b0527a5c2
SHA1 038269c6a2c432c6ecb5b236d08804502e29cde0
SHA256 9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721
SHA512 885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 975ca4fb12020601e0b2a5bf219ed03f
SHA1 5f78d43ac4fbbeb91f067bfc3d3301edb1e1ab6c
SHA256 ad02fa8449dd0eb4a7a09b6cedb3612d56594333721e904db7721be5a712680f
SHA512 7a5e24c09291810d9b495a9487b71fe531866506d78cbddb55337e30bddd1fdc253baf8df445cfaa8814e88af3fbdf462bf69cd7cdb301437b0581ca590ff695

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4a9120de7552002fc56af804867c1ff9
SHA1 c02fd071638620e02665f31bb9af64881291179b
SHA256 495fece3a372ee6ca510e94755b946064988f6eb619a866a58f958a4e9f6130f
SHA512 343db0c58147a6567ef564afb8f40e6647528bbd84fe7a554e3700fe4c89044a2ed4c7eca58e047f5306952a6926e0ed4eaa8271934118a2c6c0d3c19c03fcd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aedfe63935894b1af559a1687144e242
SHA1 68f0d76d6ac582bd83e1ea51b58c00e796dcf630
SHA256 50a9c17dabc23e372883260e41e60d6b8f9a87a1372a4ddd3a03c796a513ebf5
SHA512 94f4399a4f4eb26f2588997e877a9145a43875916e7779639b3cd7e02ecb3828e98840eed03c6ee054277ab18cf49ba5cf800e992ad640e7af978d3627ba0f34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e8f46e0ecc0847bb6ceacc00a0ac87e0
SHA1 96df046cb962584723c6687e86552dba618958f0
SHA256 56bd6eadbc0a36c3dd15e5480d2322f42f1074f647dbd57de05eb7a1d732b147
SHA512 e281f427103ab0bf9104ae470c7b5c7258f300b63500080ede7fe6d4d166d4dc83262a89a4a16a6bf750e211ab36c1e07c9588470617827a294608c2b5c9c6b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e01f.TMP

MD5 bf781a0b74cf55caf348ae78269054ef
SHA1 755c31a9e0f7a7a89e18074e097c803b62117d27
SHA256 3762de878157b4130c97f38503ea27ecd464a108dca2eae1c4ae6eedb21f044e
SHA512 5b561ff3b270b6aa4a6a71fed4871425b84c6de8ee0dc9a1bf8d49942f7f08b02931fc6b6689f570104a2f4be61be34fb91099a207e84fa6a2baa1d2f9f20cfd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 efa0707b2b37b81b7917ebe02dcfb98b
SHA1 1c4e20dfb421e11bceb335760edfcd4a9cc2db27
SHA256 dc29eaa2101765d025e36d6f07b2df7c7ce287af2066cb23b2e6a430f762de96
SHA512 691cb15fb1f0a4ceb6236a6e8008c0fdb71f41bf3c5a7fc6fba2a0572e3db44cd4d937998384f4a79674d6cbe7ab5f3d88036d45f6738e7eed1e3d5439c1b5d8

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3bed9f701f0863b29ab49823691bb390
SHA1 53a2917804983750f486741638696e635a5ab71d
SHA256 6fec0599bb51b84bfd6cea36bc0d58df3a2187522107e3b36dc63da7eb7326d2
SHA512 55e13c37f27cc8a0dbf4a05225a56a6b1d5d542249f53132ae07b017aacbfaac8791208b82385d3ada14fe385b76ad022b7d4b0a1d4d4ceb98d375f5830edb00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581fc8.TMP

MD5 f6db693688d626f37bc6a980fbfa0dfe
SHA1 bec05f6d6ec4c0e2461c2b5f346998a30e84d2bd
SHA256 bd98793a56bf63203ecb01e9b4f94df4120f1112798126f43b5fd6859c0f491e
SHA512 ce17c68792d4e95c793786f6a8b010581c3af70e1629a5a5dae25cebf1b5e285f7ae516f2200a83caac9a3425ad01a1ab87d53cc5854a06bf2cb0bfde79f5f20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c7ffd0e600c0c45188d6e73f09263617
SHA1 0733a66445392b90cd8413c00f7d8d45297e454f
SHA256 a3a31216cbf33fca3103e0a485e9c958f9330d4c2ae9704fd3378472be84c671
SHA512 72ee3373cac8da6306836e051d41563462d0277a0fe7a8150e40415056ac07c1af39a0dbd3a87b69284bcf851308ec2900339d882d311e7447a4c739dddc84f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d1811b567e915d3da37564caa7aff971
SHA1 9cee91abb4e67bcf6b5df28b38a3f784ba190d91
SHA256 7654ba161ffc92ff2a33cc5dd321fe5151f5cde4995c517f51fc8325a28af70e
SHA512 94d6d8878a016b6260896873548f707ea7d6533785e847cccb78b779aa3f520d9a5e670752884654f4be815bd29ff3bf2fc37291d5cbaa7a9421c77edb2aa452

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 295eed0b58b4165e8440b87cac50985f
SHA1 20611a3756255eaf96482346507d7d25d3ba3b6d
SHA256 9ec04231ce850e859c7d3a433b5b878979ad2c925f170c10826a55ea4dca9fe3
SHA512 6c3017c7aee55f83a6ce6dc34d2ea783f2d70835d8383d553a455fc0f0ec562549b548d4c6557fe184bb1ee56fa5ddf7e5b21580e55a276f89376fd57d1b28a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 4ea59ed719e4ab9a0122c8ead482af8c
SHA1 d03b928d1e50497f40170a89a105f89a53433397
SHA256 faeccaac526a8ec55dfce028eca801ff8d8d2a4d447d230a9744a53c7f7c2096
SHA512 84e0d3bd27673f905f4d7418732684995b55fa710af58893743cd662601e22f5d734877a796614e408b0d2c69995e3eb25012fcb56f3fcbbc284157252657402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b33a9dcaa9abb7bfc366c09cc3e49323
SHA1 c570712b4bcf616962c06125484f6c9d66ab204b
SHA256 8f09b49d4c783017dd4b6a22748c49c5528cb0cc855a17c2d76f430c4ceeb4d5
SHA512 4e9b8a5920bd04165fc206751bda1326601c2a63ab805d14c7530b018a8c09c334e8e10dcef392365d9bec890a695cca1d2d243df165e00ba848611a15a63aa4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 32413102350a741bb0f16742f5bca786
SHA1 3ab9aa52729f7e5e60994de8271ecff6ebbd716d
SHA256 540076c5e8b2f5da95de399bd9e805fb0de149ba13c63fa639deacb711060604
SHA512 8629a6e241459069df1c8011782cf42f809beb779f2159c5661d7c20610dde30a0f8735f250d98bb8c4a8acf4217301b6ffa71d264632ad39250f0bb1a93a927

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 7962ae876fa959f37a73d69d7f89b04b
SHA1 c0b6f386f958d1119fd43e4aaeee9b0dfe287ba6
SHA256 b07b025fcf17a62e098417d63d019757c1a9cefcc764e6ea7752d990e7a9f211
SHA512 f0da2b680055295164e8fb7539fd9658298f8f66ea268169b913a3b17881acdf914e0bd35b2ef71ae8e03a7d69d4d947e0e58e46308f3439ff6fe5037e1a6508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 7e4defbc06530f1b66922fc4f9919d8d
SHA1 fc917a3bc99c6c55776705b0bc88b8d573a83b81
SHA256 645666b59ab2f3d2a7a33729c79aaf95c228489726df07b28dc834619ebb60c6
SHA512 b39380e1838aeac7192404522eae0785fcc75d23c023e8f3006036209f8f558bbcdb8c7c3e1fcaf89666dfe6033654905f4f6f2d537707750a009c05050240a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 30bc76a3af3a2d0f66905cb29ff68ba9
SHA1 5614a6eff61f56e369f4ec0b0ea075f7b83e6ca6
SHA256 306601ea148d836272761159ff1e42cec21857c3632e5e1f091afd299428db64
SHA512 df955f2658c73eb2fbcbd9ba3ad4f45319e1199d7928982ca35d1c394730bc9c308e47f427dee89977402b35ac7aef302a6f597c5d10d6820370c06ee87bbdc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 927ab6b27f57821d851c0787f05e7baf
SHA1 21060456d5ad456e4cc4a17cc80683bbfc738a1f
SHA256 dae675a9c73a31162375bc829d2e05b084578e6c97aa92a280216226fe1fb252
SHA512 3d5886bf689e93bd0f088473d75dbce14b678f533799d592b966de40898ffd07d4dffd4c7f629b6e74954872cd30d7868e1b6b515139afb5aa1fba373e4dd4e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e48ca95d1df7c0c912f0e19f6b39a74f
SHA1 5e88a6b21982ec995d8fec1784d6c1d34f025fbd
SHA256 147507bafcb408ca4d54c865ff53061c630be200d7c2a34453f7cbbedaa11f8f
SHA512 2c43ebc6e0a19193a8cc4e64634d0ef0e626709decfcfc5fb27874b6372b66000508f8c957aa8c9c11d326bc5301cb8c3bbf34c43bef17d316a00c1b4ef07ee7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7c6ea1f3bd390f4aa61e32d39990e5a
SHA1 96e7b5f3d3961cc2fa4767f31f5a9f24140ecb54
SHA256 e37832d356f75faf749947bffda87e015332d07ebec295277a679e7561d7c6d3
SHA512 00a454c774426e11f37e248daa7b80bc6dcc346e1a430869fe09c0f089a8fd78a85f5f0b9ec2c8673667f93611702c8a4505270b61a5e8ffd30a061e0f051b6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 e688553c6fbe0a656a84407dd3cf282b
SHA1 18853957b35a70d61285d19d6495cb1c06e68c6f
SHA256 d66c3d59dedd75e0c6407b736716303e2a19c717c912ceb4506ef580c925bf83
SHA512 dce4ad3e23a9bfab17b844ad45a5a49a1ad1ad5bccbf79444b59dbbc54a608bfda82b35fd36a166fefa032d9cf4782fa9307e1189e30933b320acc83b45a5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be66fb859edf5c7bf8c6be1f09816635
SHA1 6415269b2f8315206dba933ef3619ca0a6b7c873
SHA256 d43e785bf9a939e47869429f94eafc99ab4a87ec1735767212f0237127d2daf4
SHA512 a890e3d49e59cf4e1d36dac4898e15e51b64c0bc19eb6711bdb65adbe0e788ed40d2dff880034bfe55e60850ccefc86d46aa9fbc46f942ed77a0e3bec6e0137f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eb5b263915b95e1f3ebcc23a39175c09
SHA1 e8459cf063c25f4e9dad06ec5086c1266b599d0d
SHA256 a1fc0c05ae602d267c7bb22f795ab7ca673fedafb4e9a636144b8c0f40c1822f
SHA512 6db1bb1962f40e00ef8f9db118ddee92c604b56df21b6f298c88176b4f57aaddf59b131636e4047f1d4f6c1567642f545e53fc420de4e8ccc88cbb2686995d44

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9bc5e7394a25776664a3e91dac5c5a5c
SHA1 47009ee755dbb6056d1d4b1986b71d3f6b5448f2
SHA256 f93d9760911b0781edfb984d772da360a8480c650238c42a07e1aedcbb199896
SHA512 d8e0a1958d020a6c205bb789b1e87a51d9ae565780ba5b9bb823976e4cd02b242d2b7738afdf36a9331d132839dcedddefae8c59395c2e270d9222359aa777c4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d8de7b6d010c9708a3b9b5cf395b65e9
SHA1 63b10f547479e8dba5bfb16728299e1d0588c9f9
SHA256 fc50537ba852096075e0da4b327dfd85a5892536534d624a4407c07ed4775a2e
SHA512 193346c9276638c87f27bf1337644d0997f115c2ae1d785a8b7d753a7475f04489667a885bb0c9d13c8a6495e3a2eed1e83486f0073d2176e2e72c797bf94028

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad225314f9f3a068a44e91b32cd08084
SHA1 5984ca1c2c8f352a38cc23c1fd7813d80bcfc5aa
SHA256 956835ce31d13f7c26984d2f078a55469acc7bf6296fc7cb500c48fd053d34dc
SHA512 eddb7ddc805386823bfb77de81bb335d22a138f94994a6ad3b3b0450a79e46d153a570aa0b08e08e1ba7447523495636322b76e9d39b7211f70c6ea365a39fb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85b0b0201fffccd4c5c419643817e235
SHA1 e34bb09afe817a943ea80db7a8b76f567fd3d840
SHA256 c54a11126b8e0cbe886f2f23636e51eb1fd51aa032b2f801e418e59fa0804ce0
SHA512 908a7dc68be9e59ca27366f79eca5bd87c2445d872660c00a04a97a064c029ab1744b7905c6777d1cd241bc9ee300046e5ae6e626f66022553326633f76e7f87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe589517.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ae7cafd2ad1945bf8a28ad35f985c189
SHA1 41d23fd0a2c13dc7117f67c422df5a8acd5727c3
SHA256 00602d1d53d95a39ca6c39ae7f664ed8cb6a5792e24bf9d9df2db3e56216cbbd
SHA512 0f8cb280a1f8630671b4e55c37237af2542b96c7ce1068b845a796ac2980f97ed4ce78679abf49e9e43b0b70d6a760bf1a42952518fdf307262c48d8c0bad604

C:\Users\Admin\Downloads\Unconfirmed 761916.crdownload

MD5 b464744ab9c9ebd75169f1c8639e432a
SHA1 ce83cff14a367c1fc88fdf1b9aa3df2e64549d85
SHA256 08975e2665243e02ad55dd53892d907554b297bc19ba2e4d11334eb67b45f3a6
SHA512 37f4cd8560b480126ca38135cdac10d28e56f36ba42583b8cfbdaf6555bc656a2448c67fc715b2337e1db07d4d87ec9336e7f7ab5418bf2bb4f9a0206817beaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fb6535c56dcbcdb25ae7e4f3702491e2
SHA1 645031e2c11442520adaef90395b2571b26f8730
SHA256 59b44b302f2f45bcbf0c59d509cc9c64ddcccf00ce457484ae62dbf1c1b49473
SHA512 93a70ad5df7a2125ff8bab09a459eca70551ac93278a4619ec32396ca0c9c6fcf8ac85ab346ef25622e57bcc13aa23d428f39c92f25a7ad97218236f32b0c095

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 185e802261c0c50275f200d09ba49e03
SHA1 e5fff1fbda8e4f5d0ad342ee3efa43c94d07f8ba
SHA256 f2fb01ee8eec401d20f1422b4849eeaa869c2b8713fe34ff1b9e899f765cf7ab
SHA512 195225b3ff7e2d8dcd4b1385a028c8f09520eacc727cde430710c8f59fd69ed8e23b1bc9123c159f703845eea442c07db670a987044f53d8dd9d22a88c3c3769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 07b38127b2bc659eca72838f0e297553
SHA1 6081639786b5f6b4112edfc822cea2ac90a6f172
SHA256 dbc1e308b0be54cde41435c97de7ac5988aab4909dc58ee71f3600f5b560a78a
SHA512 9c074af0be9e762d75c709d170b41ed053a9c86035d8311628f6f12e5063c0c988055d21542aee1201edc22b296efe9f8d2698e3e13284c79f605b61bc938cdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 606e86441f575598551bf7869f389bb1
SHA1 49f8cac832c2f15612cee1bd490515516faebff6
SHA256 4434579a3489a83f67f6de3feeda0419b460b24bff47c9fb201d5135756d0876
SHA512 5d075990a220ac08d72e4b8f6ec2c920f2cf93e96ddef54461ecee58337be426a65988e8dc63d16a3b0a5ddf0be34e564271ba175e9cc296268942e08be69b40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 58960c4568ef706d07acb81f072ec73d
SHA1 0d2f6a150ae9f0611086ed3f04943bc7005ca926
SHA256 9ae8ad2f18925558eaafee959349005a05f0280e35e5e1f5b183ba6616808473
SHA512 cf77f1879a1df8c926b97c1369973f5329b1b7219439ee1a80572628662995b6cb24f20d4b24a166dfdb697ddc8dfda2372ebda364f11baec4cdd9ca94e29e84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a1b15ff46d2dda82f2d62fa28c24e7ea
SHA1 705bb03438de1f48afade92d629e975325917b62
SHA256 67e79fdc1245a33d9d0bb93025fa10d1a9e44832ae35c79bc906e3ee5050747f
SHA512 e4551251acee6c7f80c46ddf5f3c6d16d158d43a74be3aad3adc20e989e8801255434f8113894a23bd8eb7cf1f9b3e735316a10ed5a7c5ed61aa1440bd4bb642

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d841547198246e63d95424b086ca5f5
SHA1 6094bb391963d5f822523e5fd2ab5e86f8d203fb
SHA256 993870cf3bf0de03000bc942cd5fa2e291e20a21a6b0c0ac026b7cf54fc88678
SHA512 00316910ff9afef8d06bd351f81f348d5b3d144f4da81ecf6b380b732b50a5465b8f49bc0d50575363adbefedb51d06de2cd795d980da4ad839b797583c40650

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 71af98300f399e90ca91dec41b6375cf
SHA1 7028cbba4bab491c5dfe37b1dcce1bf8b42cab63
SHA256 523477e248ab1e451f05703790a50d3ebae06ed0bdb16b942b45342a4524a32b
SHA512 c60d5e24804d7d7f8e33f59f51ed711b722c0cde14575e457b39a26cba4243b53d2c967064f5c17c2f1b697d40c7dcd552dcf9298a7c0db03e18afc2d73a184d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 622921477473e93dd9223d6a6047dae2
SHA1 c6a5bc5a590fa0c75b3725ceb8b2628671ec54a3
SHA256 b1ee18ec4b74bd98f27151f10efdf21e03ae7b5c8398309de570318eedd29b0f
SHA512 df56309937468d93ac2478141e5111568b5e18c3e16d20f62e437e60f5e5a3b8212fbc17feb1cb089490f5f627dd62899ea5506535b3f5e99ee3783cca4eb6e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 68eae8ae528b3cf4965c780505e8274b
SHA1 23eea22c5ced491f0933dbdc428503548ae48636
SHA256 5c677af2d6e78de58c66b09577213d4b1c23cf0409822378053f1c457ff465aa
SHA512 7fb225df90deaeff597ea4513985545b5ca6d3b4478dbe5969554f15ff4b2c1652c6220b970304884adfc2860be045599130534f1c45586a7adcfb29a8e72ac7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 57632c3e3288b2d52d3a6ac63d989c5a
SHA1 8bd0a80782c89a5da2e8d950205dcd93aab5387e
SHA256 f63506da8221e2480de12f403a9a18c91470ca131cf67b83dd7e003dcedaa611
SHA512 e63931370f5449e16030189ea1e5da61bb654f61e34b713fc46e0e20071c1b1f5d52fdb8ac6495fe4d2de1929b0eb2ca6a1214b2dd99133b6f2cdbfdf6f36554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 13d1b429e99059f97e58fa10dd69f8b5
SHA1 174c7f299158103127d50de82f1086c3b66e8258
SHA256 1262bff0591c36094d058ab102b84ce34eb1e547e8ff00557bf8d55449e58e40
SHA512 30dbd99f1abe8d2a9ddf73a93ed199ffb2b55903b5bc2618935a64ad54706f054fc9b46a80ccd1cab4eff3f5a607b5b599f5e02a2e89c990e10b210e4f16ed9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 e0edc621e4ffaa368d2e0677d3f137e6
SHA1 e374bb44d1834cf6eb688eabe1820aa5f7c827d3
SHA256 13da46f8e9749704bfff6b6f51a202c87facf593280dfde4127e5858c28aaeaf
SHA512 d60643fe87788d76dcf1cd941002ceef18390cac5eaa683bce2e2dbeaba684b6fd656a94187379b71105333590412d65b3466cc9c37cdaada7e009c1c9f8435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53ad940779eb89aa286d17fd17cfa486
SHA1 7dd58533c4563944b20e6d6b4d6e7e391fc3d835
SHA256 b791c98b6c2b2c6ba81d38ade2b9f928035454339cc5b4cd44cfc8b43090c68c
SHA512 43fbdec9807397d9c90feb1cf917363d06bf0cec567bb42161a551013b9da7fb85db3c8911867ce8ffb8aa39c17fe59a3479ac7ad13097dc07416b3d20ff4401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e67aa623b981501513a31896187d5c2
SHA1 f80eab93c39df6db780324449dd054f939871db3
SHA256 bd5709742fcabf2310b1135371dace289dc4760a1b9d94d0746328fbed301218
SHA512 ffde2ec538317b7e9f56b0e47b8f197bb30930dac07835f21fa436858a4e9f454ff807530d8c0898df0021102fbf29234454dccc95f6fb7f2f4741d289108188

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 49e89edc4619d5fa106cd2104c495814
SHA1 9ceb2b69e07beac3ca9fce00600b5bd773e48267
SHA256 ce5698ab9471f7ad7ac6c3ed491ff01c4a7d0cdfd5c9dcedc1dd7d4846e55b91
SHA512 afb389d2f717cd89c3f640e7059d8d11fb15f7c14de1fdff8aa2b7baaf7eef9db057961c7dfe347239edf5203f463a37cb5b38a07894bfc966e2c6644763afd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0d934832f8c40a50acf7911455e6fd1f
SHA1 ce18b0af7e55ffecb1702122cf71da6dbb955a07
SHA256 f9574110112c97e18b623c8a3f66509113e0b97bf82037d90419a28e2a267234
SHA512 fc0500e8a3f1430bb75becffb187e4950f16018375ae1f8a11423d78beb78d8661d5d9e00e59da4a8288a105421f634eeb721ca29653082c4edf15544ae75f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\ff2645c0-3d15-4429-b6af-1d051001faa0\index-dir\the-real-index

MD5 d52787f8cc17b8b5e78e9a62d052189c
SHA1 6d8e381c6e7dc3db1746b179d312ac1ad55bfdfe
SHA256 702dec066fb35f80eabe3492811f19e4393b1285a900a5f93be99e8b4f034787
SHA512 327e544a83218e65a63ccadb4098470773c3acafb03f76f9ed02b83277723d574dc0b1efa22599f3a21f82c2e7fc7ee8044c3054482b679cbd218ca93556b33b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\ff2645c0-3d15-4429-b6af-1d051001faa0\index-dir\the-real-index~RFe597f0a.TMP

MD5 a3a6e9be0ba9e1e5d779f1f67b6c287d
SHA1 ea6afcb30aac75cd35d088fc57031dbd758b0d13
SHA256 b96cf3a6e84416bcebcfba7761f168ce78e32bad4263c166fb6d1cb113315798
SHA512 c29e2444c68a4bb0acc062385034b139f90fc78355ab8aeddc88ec261c010cecf9d75e965cb4ee0c968bda0c6ba04eac640cd425495850b9a4135eb6f105ca18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt

MD5 334dc2b67c9eca9906c8816886d63306
SHA1 cd131608e7dfda4820dbcc701813d27f2d25f958
SHA256 25a2988c072fe8f77546f37794925b9ba8e8c639385dbf53643281407fe7a944
SHA512 f4a4bb5efb6671e6a12aeff28ef5e020ad5dfd759b625a3c10d251fd02e38f3826711502574f63f4458829fdb76f79d7880a37c08e3dc044e83504aa33f18727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt

MD5 6d7644bf5ff5c331b9d5c2b6cca99705
SHA1 7ed5433eab9bc6e799bde27f5b6380913f6f8ed5
SHA256 ede2181e221d54905fa2d093bb17c8c5efba77b9b35400132931e3091b34ffe5
SHA512 e2b38188883780748341f1b666e54ee3ba782806ad57e73fc539874caf164379a84129a713273809d9372091157eaa4bd4de751fff4a530adf9f4aa904b7d1bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a68a3c5b12416cadca0004e1de467613
SHA1 560d581e6a263d8e3ddf10c3935dbe28160b1bd5
SHA256 1545683b7f02f562af2d436c8d070e688d95df24ec810ad45e20ae5a61c8d2ce
SHA512 2dd7c91ec62f715717439cd127908cda1fccb669512585ab08e1721147ac5ce59f336bf6668d8c850c09c5d00e30e55bc080071b19c6a0ca6bcb7d3297b15465

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 8af84972b5afb7d1262350e509cffc34
SHA1 01e4a6c59498f83c753e2d8d40548356a2fd0d2a
SHA256 f1099e514fe96c4bcb138aeb299808bf9dddf3ab0c18a28c6f60ffadbb566d83
SHA512 7eb8cec45a12fa654275d4e69cddbcc9b00fed8f87622ce80b9fc70fad6424d405583581e6f718b4b0bdd49e27693be64e60a97e9f9102e04fb4e4db347c2cc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa6ca494aceeaffca5b60642218208a9
SHA1 bb4487642c8cad37731e073f20b71a59ae0c8087
SHA256 807f03b0ea494dffd9538337ef1625a207983a23d1d839c8fb5ce09960a3e3e5
SHA512 56244d601417cf4fd9afd94df2e0bab443732c94f489222b8708b41ff7068720c4657d9ad411d1fdf03f2bf1a5488cc36c16d3b8530e8ca76a4285fd509b9240

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

MD5 b2229d4466ee263a188530ba16cd7af1
SHA1 9059266f5a47c5ddc2a792131b9b60908dba12db
SHA256 17b766b8e77333366da8c1331052ce026b1555b24c7f8404333420e97fd6224d
SHA512 1038d1c865f0aaca95381491f54eb83e4e61ccda9534de9e9de4081df3761ed6257d88f72a1054d2f2f4c2d570e3e2f14a73925b2867679749fe47d8762feb2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8f9d28305d40602d2e90383589af4c78
SHA1 782228f5da0ac6c22fcee43e4fd4ed417b9fba2b
SHA256 e6a00972c17482d386174365aca078ed1cd0117729123214d117b63266ffaa5f
SHA512 c5ccaf7fcaba5ee86a6010d4ff1b5fafea758487d1cc5b9e20473e8d0b58044ddb4290b18db11f43ef793b3fbad6cbc91fc37b8d7b8b3992a8d7bffae4ed35a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe599e4a.TMP

MD5 cb4572f87d58648931bc34e3dd30670f
SHA1 97c49b9103ea2bbcf97ef845b1a602f049e79543
SHA256 261a4b299c61ed63538da0654a370e08b61b921ccb92ca4a24bce301ec5b70e9
SHA512 3cad852cd26394f4c0aa08c6fc9e3099d247e58c1da71e331f2fa5270c09ac278ceb3254fccb7a9dd388c0a81834d8985c1d903d1cdd77bd75ea41d9554ff4da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d20f5194996dce1af036ab489ffc50d1
SHA1 37a7a7c81a8c066981ab5a0a48017bb9ff3eef96
SHA256 ef87aec4f5368dce2663db5b635fae11a457e321f22d078eac9764e4a73f3c15
SHA512 147160f44a4c556682ea988d65caf1ce3f58584f8d5fa6a0fbdb308517aad2701b2a0747967eca4d9e01b8a08dec0079249c7da03eb59ec469c32b126cbd9e4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 deae32f7532a6a719faa3ee835970862
SHA1 5a3fde34b5a39357d0c0aa43ff4ef2131f7ecd0d
SHA256 66e01a20860517989a418f77d82682094354da3f10b4c666425c0e7a77d81c1e
SHA512 07d44a9ef3117fc0d718af4c5e78ce406a1fe391c3bf2efa8daae15200c409f41cead4eebca9de8b9225f3867ea26175220bb49c25b3d72ab8a51a428455223f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3931d2a1676fe356e3cc538077b3f6ea
SHA1 cff4007125bd1af830cdf643d64a0d587977528e
SHA256 768fbba4cbf894121f6aabafbd67f53c7775e7ca046caa11c9dc7a91bb0a7ec1
SHA512 897ea86dbe6ea28d395ac210d0385a4aa321e388a7994da7b31edad3ece464790db5f8089386f605b93f85c81841ed4df79b4d22c888a75e1a68bfaded734ef0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index-dir\the-real-index

MD5 276e7fc5ac5dc798f5f9c9e21b4a1594
SHA1 93fd97e08fbe50658d732aad54389e9c146426f3
SHA256 ebbd0173bf18f7b63ec988673f729e19a6448f9e9efa80c9d0d3a7865a6b2337
SHA512 3fe2a75c905d28e7ec44e6f9248783d2050727780d1deb1d80a9dc78bcb84d049dfdf02123c451c86e8ffbdd25146275fb12af0c5b9d8a723fda03ae2d83a9a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index-dir\the-real-index~RFe59c1df.TMP

MD5 d1dc70c6172f2fdecad6c0864812b286
SHA1 7b511f656245ad1b77f2cfc3a33f4724dd788476
SHA256 5084f49cc990352b7383b74e57c91961d7e601dd215433af469aaa56c27818b9
SHA512 191bbec0028133b81ec047b2800c3bc0198273a16c92e7709a1ba0950d69e71d0427ffb6e8159dfb9b461a4d3bb7f30b13f3fa9a29f36ce34568bcc75f1b018e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9aebc171e801551487873b5885d878d8
SHA1 80c9caf09c98381c0e65e63f4bb9b91d9395786f
SHA256 181b941fcd6b1a84f592231d83352d6d84659c93ea60d228a5a1e316c74ec5ba
SHA512 c0e68bba715cb299d94868c7e961435bf2d64ab0618d74d25f34b0f246ed0529d4ad231b4a1930b0980c23578848146078a581f06fa106f4a5e9fa573d4d11a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0ea5e658225869b347b835faea02e636
SHA1 f475784781879181b7a9e854a9a365a5a3573034
SHA256 e34e66c0b769b2ae5491eb4a389badba2ab36c495d481aa3277c3ab7b223a0a0
SHA512 25951b58857ce9e579622bc7dd8391f3787e0e3696fe29b8a43a438bea89dcf9cc49fe421249c180faae478e9b0ef03337f15d15302d06026c37ba2eb7a0c174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

MD5 14e8dc91d8c602054be80c75cadf6239
SHA1 de3d6be0577179a55cdeb03aa8bf0c2417bb7dfb
SHA256 94e5e2cd39a92988e80ef26c474c6d128db812d4eb8b673f28f14a6f537159a8
SHA512 62e33e3630fa64d526820ec359d014a0f516f6da2e6df38b3e1610bcf462a0a511ef0154e817016648cb872197ce30aff379bd6675bed54076e79ca4c141af6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc04aa7c580e22a6a150750aa316d8f1
SHA1 50e8f1c718f0c4a8dafd10f7e537965d242107dd
SHA256 9ec6fc5a88fd8e1814f5f03ab9a2be30e72662f01ed79929205b49932e17f45f
SHA512 b20ad5df6b9e9472b43517bee2f89498cb40830fe5ad45357b9db3726e521f0156d6806b5fdaf6e0be02b2a394bea2ca90f57585196354713eb93c7fe4a02d12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b6cab0e15f5b0b77a5a7744d4138181f
SHA1 c85375bb5b204bade92d8d3128b3f74850372c0b
SHA256 ccc5da5185fa15b46f0433345e8d8fd309df12aa7e96cd1d5fea742dc8cac3d6
SHA512 07bd69b7f94d4ba27493ae589d5ed9971d275b2b69e372c2569e8c798462196ca43230c6fd032beac2269d2d932f201c87d90932e6c69225b0fe8ed789c0cbab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index-dir\the-real-index

MD5 952cf969e226d649472274d1c86cfaf9
SHA1 d98587ee008dee3ab6f72e6fc639612c1077a59c
SHA256 cca8268861cd9c8aa3dea258ff25fae790184edb551f1b6a1ae09dcfa8bbd6d4
SHA512 e11caa3825a71ce0315aaba2dcd17df530bc626c06d827fc0585dcd3b7affac6c3b19212c38a434f9c319070336f69daa9ac7f7b446e07c624b8fdecb6eb2074

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 95d5f6befa44f9bbba6d8c8779d4e52e
SHA1 2d4ab32d4d35040d79e035ad474b78ae901796af
SHA256 5fe87cfead644e64b04e7a1b0af635aaa517d6fb58492c41e3a97c08ace9cf2c
SHA512 ab30622906b5abb31990e18ba6cb4f190914b4ffd37db12d5c110388c263a50ca630cf45a1b0da43c9ef9bccf344c3444c85a83a69de1d140478ce60558003e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 340f9585196666a68d6a989d6883d11b
SHA1 3d779654e31c41c577e710a4b58d6b555e4cf11d
SHA256 724a15776939195b5944f40e133a166eb4d6f492b8fd764a6a1d5569ba2d7135
SHA512 ba1481786e22f98c5f7e2f0dd551795b05a1717327edb889a18bb9f2270e3ef640dc28d0fe329a34b2e60254b6a2982ecb89739780773c093112448f5d7d5726

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 96cf151ce60a01015937f3747211440a
SHA1 d28a5657810d475dc1d0e2622123fe25c8e72be5
SHA256 8745fcd0ca33c8203515527f86b697803f8e660284b2e1ca8cb2845574a1844f
SHA512 ae46162d3d4e71ccf7828cea0ccd37abde43b1c6d22a5bc5a99d2fd76f02879527cd8c8eb08b7f102d08d087119dd213f71f38711cbc706742f7e37331cae61b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

MD5 2f740bb391d6c630032fe78a6f3b53aa
SHA1 dc4f38e104823f3054aca9b01f6906fad04f81b1
SHA256 32172c7c2af488cc611c0d797f0ebffed289fd8d8f0e0c77fbc77f0190b95622
SHA512 eab1e99f74ffc8ef44cd85c871375fdce0ea88ee5bc1a262ee00f13827808a5944ba84d0ee92ec51aa7f433f6e737ef4318330d7e7922a34035aa51ebb2232ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

MD5 1682bfa731083c2173526cd01dfa659e
SHA1 457d65329d9866ac1dc3d3ca441ecbd2ce6019e6
SHA256 607dc601ecf72dd0f619449e8c07c3ed9cbd51feda031c5618ff44ca1cc69e02
SHA512 6e4701bc05b868957c11371ffd1938b6a897d4b80b39db8c1ccf3a54bc67842aa12a997e03b2b1d9a4c44ec1e2e5208bb88bfcef62c6f7382d17c58bad08a2e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

MD5 2c8770159b5e28590f900c9d0d0a197b
SHA1 cc2b62a6e17dcb8b96b70f70ecdc6a0cc4657b06
SHA256 20f45db47d8f5bb4b5db3bf98dc9db7839757c7285504c78f7b8692f46f054df
SHA512 2a7bf2882d725fd057f514ce92e572a86e14c928ae2d9f241ea2ea396fd5d43b777523dbdc9efd5bce369a254ab8c33e0ca1321e4204ff1c27290ae268b6c4a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

MD5 aff17b0e3769effaf0119f7863913a95
SHA1 7f4f608b4c3bfc0118168fc995a22582a2ab165b
SHA256 9313d9010db5b54168fb41ab11fa0c147bd8b0cf60bc5b61b7cfdd4bc28e12ed
SHA512 f09a5362cd3732162dec76286910b36efe451fa8602cd23bc0cf90ee970c19a419ddbeb0b472e48cafdc61cd3a762616416a19453a1958fa9a51c7cd124d6a73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

MD5 8e433c0592f77beb6dc527d7b90be120
SHA1 d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256 f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA512 5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 780f9b8697146687e10543b1134314fd
SHA1 a16dee3b41c0228a355b21b942f3d01106c6c838
SHA256 f432ba5a64b8f2f9258f2d8288d0e4c4910b39d20852bd6c3e31e81b3e536444
SHA512 8520cb9e6c2c763650bbdcd7c11973b4f010e92c72d83634a9643b670fe8632a09e033c72d605a0b2c63f2955e252a6c37ce341035c24743e8d46b8f025e961c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6d12087e9751268723a6a4b4cf7e89e6
SHA1 17d15f61c690c0dd29b843da79d4533c48905af2
SHA256 dee750a025a8bd85b8d5e623284939f9455888c8b52f16c1e2a2258f06f4044e
SHA512 5fc3a49b06e4075a8d78d5a0db04726917b2d106d1643bda5c03b3ab9ba4109e6be51ca952c8973048f03b641ad26371f491f588a974b7f72ae8940f7fc8676b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c2969f14dd43b86a5750aa0f033ed4d4
SHA1 0c7c61fae17af5fec142721b60c9cdae1b222e7d
SHA256 b59480e3aab90de67daa135c1b1cc7d96fd4da61ceb18ffca91f4b5b496535ae
SHA512 b10c6bc728ee2c016b0f383bab7aba0615dcd01a452f15f4c8b7d7c56da14f63db6943635c2e3a516763da4d7958b9dc4d7250ab7ae653deaca8053210f501ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2700ccb7e76ff983adae54bc127fd3f0
SHA1 7c7af58eec7ef8d2d643e8a041b2f42c62876473
SHA256 5771c0b8fbd780eaadc28ccf8448ff949557ac49cf6a01adb44149e3b7ebb5c5
SHA512 ea6532e24a871d539b6b416bf23f460c99991225f15bfc5fc67b96e654cf7363754d8f6e6496593ef5b938bc42605aeb56eda5809b4c91d8b6edb5628c77e147

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c8f2b9d0-0069-4d10-982b-f0d5080dc38b.tmp

MD5 8953eaa269b82db6c50f4957936f984a
SHA1 818f449ee840e94f9287aad2e936c9296a9b24f1
SHA256 165e3ac47b786b37a13bc49acb37d03fd297dba264b990f206587ef29ec0e626
SHA512 d93e0c7cda589cb88ac0a78615d11f67955b31a19c6f02ea05a157a7bd9b5cad4a16f20d2e5f6473453234daed184e996e0d8d84703734581b5a07363ad31dca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 406aee14f1ff61c84f3d9e63ea9dcfef
SHA1 9de185a36f4a3c2cc745c93c3695e1040fbd2bb4
SHA256 694e2aa2675aa7ed9a5ed919f6cbb163f3dc39c862559995363f972a734fbb20
SHA512 1a374eefcabebc2a707c9f05c8de6e71cba28d418385bfb67c89217053ec280a3a88392064f2b35dabbfe492e2a162f3b4ab26dd1d854e7298232e22efe54cd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9f3160d2efd7023a2de396e1813ef9a4
SHA1 7fd0451950cd28f16a95d0a7bf1b18fe1fa1bbb5
SHA256 57df4bbf9fb2d6a4ff74fb946cd1741a81838ebc7ced96e4f43d18af414484ba
SHA512 8618d92dd148a8109f290968ec45003d2ad310463ac842ef3b60cf6940ef27b237c46224c67be7070be2f79a1837183cfe281e2a897f94c6e10051215437695d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 dddd09d2cece96009d004ca2f8c7fc84
SHA1 d0e0cdd284b5e77086253cc4694a4e67baf6ebd9
SHA256 c7e7283786d7950be5f62c9df20b13b5ac42e69c54447b1c2e9f52ff031965aa
SHA512 93665ee00ccd2aa6f3b17eb7ed614da2aa5bea1fd1be8724758aebc61982ee2ad13e2f85c9ea73959c927002a49f72c0c853f0abead78d77a2ec6797a2937e5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 c084a2d91bac3ac94f9fc31239ddd14e
SHA1 16e86e5515b9878a9b843a0328b2f8e865b8bd1f
SHA256 1a10c509d5e831d941924b2a00a0a3839affaa033cdd8ad257d7f03b2fc46c9d
SHA512 c94a590a7f4bd8af3ead298d604499b207d83f8c331b021436ccdaf50951736d19f29ed53eb85bd1e66c626cd5cc8d409a3f7a4f6624febf2eb8a00725db49fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\406cca4c-91b5-4d14-b7f1-78dffd4d4884

MD5 c6684513ff7110b1b8cd6f6811bb75fb
SHA1 e3128cc205c5c2d78d076aa3c8463b0a7924cba0
SHA256 c4dc36a6c626a1305513a08347b4b7c815ac0c2896c5775052eccc91183c17f7
SHA512 95525251799a44ea4c84ec959cb029af3d14a7e7e50003b462a8ed8d6d5f23ce2aa76c80f3443f1706766e99c0eda061583472be728d9aa2a3e97cf453ad09e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\3df0246c-61d1-4417-bf15-44a23004d130

MD5 8995f82f800db4c90787adcf4f10d287
SHA1 510b5015ffd5d206c2068d5269a2c1fe4794c667
SHA256 0a738c2b1f7583a152ce84251916904398e185f84785ce4117bf48c1056b5f9c
SHA512 98d5a31197536b0f5b9eb28cf16c6ca4a3fbd3ab39fb06782536a6f0c8e32a8d228c9eabee95dea08962228b38a8beee1fca842c8f8d2cf741539f8376482c75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\c88e60b6-73fa-463c-8ce0-00ee08e641cb

MD5 e7f8876da34920426cc779ace4abfe08
SHA1 4718213df03ef022cddae75d6578be3e6bc58e71
SHA256 662f86f333e0d0826e9a10162e96ec8e84a64ce7db0394435b793a35ad64856b
SHA512 210f2134f5e22b4416fc731990e989d6d28004f4a912588214b0e264519e85ebf0fac58301283e8185dc1d870c00077a856b2e259972f6af984f5406acc98475

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 e8141118cbecdcdb7cf8cca6f8b02fff
SHA1 b2cdd01b864da6b45e77c45fb78d2c0e445635b2
SHA256 9f18727c1013c3f35afca53315e87d2d05ee3f346fa1de990e423041b3f631ac
SHA512 261fd93c9ae032f984c4ac2f01499826d1b62f11cb86456c369bc4b155b3aa5a27f74a27e809e9a8563d9880233352dba958210d6808becc192a75f06e15e272

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json

MD5 f97b6fd19176e464bce3b61b4b871635
SHA1 a40e3135692777171d64af7017faad8b6c628b05
SHA256 fe230bdeafbf1bd9c16e144688ff9a189172b397a7075604a78f1845b50dc053
SHA512 0c9405b73b23464d0db4aa253a04b33a8c90ae02c5c697ae29d3ce00d9e263539527c2c47e582f4fa37669da84a97205eac47371e1441f5a85f8ff91691b80b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

MD5 693085c79b7a70f4efc2506556226a1c
SHA1 4bedc2e9d4186fc3cbe6df8724e2ab8ebe094338
SHA256 d71c48cf52ee0f26ed32f7ab866b5db1fd56fd5c93ab86750a1ce3a32c7c0fe1
SHA512 6f21c3f34c25196b9a7098cc07cf592b97c7eedf7536959d59059873ee1da4dae12762614e59f5020a51773ef1c2e1983cb397aabaa9bbab66415f0a51469018

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

MD5 1673a1ad853223f6fb0aaa0963b6283e
SHA1 15b6b98555e78f02dffbdf096cf9d81534325e1c
SHA256 30209f39e2af45f4f5c7f172790f340d0bd47dd17477813fa258b29d3173415c
SHA512 d067f6671d277f536811edd5761e8e03a5a40af34054b4ae33d8e9b14629a03ef3ebfb5781838b891b175deedce3da3b4331d0aaa57ccf09b7e273c2a7ae1b96

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 63af4c5424d1463b04416cd20626fe3a
SHA1 f43ba59fd7cfbdcc715397ac09bf87db08ec92f0
SHA256 4d2354ab51b4546098d61ccbbe91e16cb16a15b2e488e963751df3f0493fc028
SHA512 05d93bd57125475c6039a5f4e34629a4169e225c12cd22820f0728b584763895c6ecdaecc1dce1f912142941a240675584cff32a313772f2fd0d8f12af049aa9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

MD5 87f6e29c3b3e96b77a46bf6d16555d29
SHA1 a2568a9fd899751c1593908c2eb4f9ca9eb7f747
SHA256 fb759db1514abd8ae5502994fb5f2a2e5f88073bef7241b3b6d3452723791949
SHA512 6297038064028e3d7328235699483b93336ab1badb59e5ebef46cd1efb9b7d9b1b679de8e96fd1d957bbd3ec1911d7bbc3995dc1bdc29af18637449ada775319

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 e3505e0fbb7b9c316af83f3e2e5070a8
SHA1 3eba8ed8ff8d435347eb7a2f0a92519d2056a3b6
SHA256 7cb9b400fdd433ba1b3f3b33ad43dcef4086b8176d0b6e7f2dfc9a6416fec963
SHA512 b6ebb2be79066a16a73d9f451fd67dfde9989ff13fd1dcb4838bb3b2380d2bd942a6be0c9f12209aa8dca4197d2adc730c80884ffdfb7e8c55bf21f380be1716

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\8ADF0B8FE76015F32F4AD7D4AC02D58AE5922581

MD5 ecd12bd593b123a6e886c1dfaab457f0
SHA1 177c54b4c6e296b8152bb697ba45500bea98d954
SHA256 1d4c1992d9b983819a6a1036bba871902f5a0b572f96e511c2c81f5043a95644
SHA512 177cb390ff8fed1d8a6e667bc45ce9e9e2b44b7bae45d31dab85768f9198e39f1985c0f428b858825e1e753a86bfe185760825a5f381c69d83499bb6b9c07e1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 f17bc5883dc25040f47619e179567109
SHA1 6004adfed3e24139b775829583e691118bafbf73
SHA256 daad59f1f376cc41b6e2c22d6855820a477fd7ee64fa8249945703fa86f1cf6f
SHA512 499661ea8cf90111af7e8dd1f1df325a48169b52155e28169a6420318c9f58fe112b1d8c9a5b4d46138522e780ef30a64068d03d2cb650fd1e99fd90dc8fa584

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

MD5 eff00426d6b0aff6b47bb97ab831f89f
SHA1 83e16cf56f9b18da2be645326584fe7c2febeb51
SHA256 4bff23009145c88f426e2f88bbb1f6ca0cec1215313e9552524a3b3ae849fe46
SHA512 0a2e5e6f19cde1c3b8bc34cb063ff9b0e08529d16bdc33f45159aab96b219784baef16c246ab64f4de9e09859c9bd53f36a24a70883c0fc72eba8a2bbd2d3eaa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 e9f8c099d6872ec0a544540dda78509e
SHA1 49f154bcd6c86e943e4668b97f78e68dc4b726f1
SHA256 a96f8f5be21ca915dacab7cc25c3d9d6c8023c72e14bca4480b6d73d816c065a
SHA512 4048b1d6b741a253d02a4515a185fdd00f68f0f1163a09115cb4e97bd4ed9bb27af96d1b38683d73ffbc09f9f68023a015a697b99700abb708d471f15d27be87

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 24d9c32912535b5300aa8fc4ed829f74
SHA1 9c2e85e41da233e5c7374bf7ccfde24863041a7c
SHA256 f9ba7ccdfaf235580852ca8dc22d99d240e88ad9d55c35c190391637caf248a2
SHA512 7e89af723bfe03d267e63a66f130988cc59a72dbccd4e64412ed7f4bae74ffd3aee3875a42df00faba757b22a8b4b5a40c3d6d2683e1cd6ca86663570fe3a5ad

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 48d8f7bbb500af66baa765279ce58045
SHA1 2cdb5fdeee4e9c7bd2e5f744150521963487eb71
SHA256 db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
SHA512 aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

memory/7016-3113-0x0000000002350000-0x00000000025BB000-memory.dmp

memory/6888-3114-0x0000000000400000-0x0000000000AAD000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 6d059d5b2631fe287b75875b6c5e92f6
SHA1 55e3a5d018eaf45fd45d76123c6430368ddd8f37
SHA256 aa9c9d58f7f23f60dc3418dda5def08cd2cfb24e0f1cad41935185e97a2346be
SHA512 0257ec1878577066916d7061a199af7e8e0493db6d04b17063d35354329b7b4119461d977a35a9e89d336784b3539dd855200c81c96908357a4a8eda684a2586

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\33809CDBDD69269236BB05F66DFF2693F384205C

MD5 f92c9d7cdf7443551d331e580d01a647
SHA1 c13b2a599a008f53130bdab3d4465a8c00bed2c7
SHA256 9b969350175291b83394f8755fe0108263a52515b12cc8c21b08adf0a55b0635
SHA512 414e03f7c0f987dbdf953fc02f04a0e558cc2745ab707c1fccb899f22b42f2ec391355318a346245726418e6f20afbee858d355862866ae5ce84ec4c76ad5857

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\C63D2277AFB9D33AF6C3CFCCB684D58B42F37D12

MD5 aad8535d879c6ff9a0b48a9578fe3a18
SHA1 93dfc406c4e07940619abfb64e9dca9b2d9241f9
SHA256 e838623f5a4f8b7da3683714ef13b409c60344c832d14295a528e01469f9b299
SHA512 7c6327d3f53c259cf904569651bee9c87c67a071e1c3e96e67fc97afc1444a5ac3f151a07d0d3b8ee052abc568ab74f7347457757479a274c5d38bfe09022a6c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\C93F59131F26430B8E189FEBC8E637317721CE6B

MD5 787dec87151cc3175dbd024b775fa427
SHA1 37594fb92e64f5fca35e90803711b3fc408874fc
SHA256 35e29797f4fb9803a4110933e04f9a83abe1970c6063cfc2f2105e000849d110
SHA512 c3c05c18a935a1533f7dd142b7e7162d69932036aacb723a73aef91e9cfb90158d0afe0d4d9f89f0e88b0b9775a910b309804e113fe57c799c9f657bdb704da3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\BEA4DD767DBD7BEF2D1146F1A7C7B6DBEC858F1D

MD5 15511b3e5b70dd3dbd027b2a0bcf6022
SHA1 66cd16b6ccc81985a1bec32f145812cb187b2e92
SHA256 6304ddd8458f80e94ff9bdc2e62a9be22927536e65228ff0c4d9f796565ee96b
SHA512 a6b153fc7b8b1494d2e2faf91593cae39bc2be8a350cf7f0331eb6d941283e66315a20d8750ed07d7c19694d9ac60e5a743e894424241ae3f0201a8a563c5e30

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\7FB78C9D4678D3E57F04D54F36A2847939730A90

MD5 cf08239833d47b513aad96db07fab757
SHA1 dceb3640ba7236bf27db3cbb4ba87fc4106a85f8
SHA256 6fb7cb68992682b8d9b0476ff2ef418c068af2c496695efb93c321e4f765fd4e
SHA512 a0caa373b9f1aecafc0e25bbfcc2779b5d825aaa6f8a98ef064ca95a4267dc87da9b4f481535202fd0e637d84c2fae0aea3a6e1a6f09752d0df859fb444dcc21

memory/5888-3194-0x0000000000400000-0x000000000066B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 6aae807ca9a41345ba1ff1832a0d2c52
SHA1 522899a6d75c8918da9cb52d800a91209dc02109
SHA256 982f8f3fdc1f8fcb8316042b2f2b711eded66a57622a73e15332f53ed333c6ad
SHA512 b6e56b309a9222a085a6a5006ac46f8d7d01fee97152e1d2f4c4180f3167c2daf74ff6db6b56ef7385479a50fba15a256a7149f475660a78b45c097200c7e3ce

C:\Users\Admin\Downloads\Amus.exe

MD5 47abd68080eee0ea1b95ae31968a3069
SHA1 ffbdf4b2224b92bd78779a7c5ac366ccb007c14d
SHA256 b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec
SHA512 c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

C:\Users\Admin\Downloads\Amus.exe:Zone.Identifier

MD5 dce5191790621b5e424478ca69c47f55
SHA1 ae356a67d337afa5933e3e679e84854deeace048
SHA256 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512 a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

memory/2148-3234-0x0000000000400000-0x000000000040E000-memory.dmp

memory/5888-3260-0x0000000000400000-0x000000000066B000-memory.dmp

memory/1168-3268-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 7a4689a5f7237cd33530466ff8845846
SHA1 df55364cd23dc2330bf0a53b40e262d499bbe35b
SHA256 045250121a79ae047579b7e54456be2c9032e05b9482256edd397da0d23367a3
SHA512 98a4de8168f76aabfd2614d1d547d4a5a883a0d23eb38fc3ba1e1c628d20dfabde47e6f12e896c99caf4b2d28ea696d6f8c0039f7da235f6fe9b0e4b5a6310a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\jumpListCache\rsC0IwZXNWMY3JWIAVeJrs66EWZbCk_wv_Wsi0dOIQ0=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

MD5 644c072fb2ba59e1d8b64d3dfa041d92
SHA1 5ed985b2340804619081090cb896ce8d90f72d3f
SHA256 86568d5aaf7f2bb9aa85e89621056e23420a27f6a85697ea91713bb6e102335a
SHA512 6cc0dd90b05d728ea3dea136b978ff688b074e0279f0cded7e74a0233b0b74097513e1a626726a30ece5a90c9c3f4636ff86d94b5f1f4354ca477c0bf4badf68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

MD5 982ecc854c8faf4b7452cb6f67af5b81
SHA1 8e4212e6be2e8d188ada9bc02e1e6a9dddb4e672
SHA256 acd24228dff49b87a20280ec7d0202289553ccf5ee8b70665ba43be932c89048
SHA512 3ac965e1d8b25742663a6c4df86d448ecc96670d8a2d396ca9913556b40a740014e041f13d6422834e6fbd3f5021ee1c94216486a658a2004116926d1cc5bbc3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\cffd9bc4-e110-4ab7-b80c-0a0721e35e80

MD5 ac99ee7c283cef5e86cb5aa026c39a48
SHA1 4e8671ec2b4f499f86fb78191f84c1fe394ca7ca
SHA256 d3868252cbff4182349e20098730a26fdd5b59b1aabdb4896f1fed4cbd7f062d
SHA512 bf1dcd4e54d23f9aadc2eea74171a3b65613dbe68bb55b935b4f855facec6d524f49b6eff49706c47ef5e88498f3a9e83acbbe0f1b33ad19be4a7e9ba1fb38ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

MD5 3222e5ad9468d7a75849a03f52453cda
SHA1 47dd02d5519a72c4b7c6df8765e53441345cc738
SHA256 75475e534dbce3be9661e0b1d46296a09f17b0477feefd6c9fdb9ab0cce65c2c
SHA512 d6f9a9bd032fb2c2bfcaf56d0a4e519f6e8c76cdbdd08679ca19839288763365ccde1a86cf5874f26425ae1ec6e41526eb90edb4283e18a74c9068284ff345a3

memory/5564-3398-0x0000000000400000-0x000000000040E000-memory.dmp

memory/6112-3400-0x0000000000400000-0x000000000040E000-memory.dmp

memory/6112-3403-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2148-3405-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 3d4ef502d2912a70c362072959cc0554
SHA1 c63b4efc83c73822429859fb51014cd291f48ab7
SHA256 bd965be46432eb5aadcdbd12643e16c6649ed3466de3820d41b4531bcff0cf20
SHA512 57ac2aa7c2198f7dab453bd30777240f5ab710ff0e960c83527e1e3e6ff05d716c83454026e52a5d30e94423ef18dd375b1ab57d641ce1cc8cf06b02cdf57340

memory/4768-3434-0x00000000087A0000-0x00000000087B0000-memory.dmp

memory/4768-3435-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3440-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3441-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3439-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3438-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3436-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3437-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3442-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

memory/4768-3443-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

MD5 dcc7f7210bf408db6707aa9743cb8554
SHA1 3a0dbb3a5882bd434962bc8391ab738802a9bf7b
SHA256 26db5d90f4f41734fd98c4f909bb40da2420f273ad4fd729ed8a9f5a1215ac40
SHA512 38e1b5cae546a4cd622e96c916216ea681a2fb336f4122ed5cd9d1d275aff4ad3755eecc1f0c36e6ca065952c521b06974fbb6c57ad7c8fef7e845190c6fda9c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

MD5 d8917a5cf44a9918390e179b47109333
SHA1 07f2a5e29eb7df806298bedc850d68c3b17f1fe4
SHA256 f3cd143801b8985ec6c5a0e30dd1c857bc0d3c22e218cba561c1381dcaa0a18f
SHA512 0fac82861ebaa21768d2d6df6c3a9988398d0b9c43fe34ea4c8f1d6337a20c415ba9f4b6fdde6b8719f34b22cf3e5859fbebf9e2ce9a2c05b8ad1ede855ef214

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/6364-3467-0x0000000000400000-0x0000000000AAD000-memory.dmp

memory/5888-3469-0x0000000000400000-0x000000000066B000-memory.dmp