Malware Analysis Report

2025-01-03 06:23

Sample ID 241122-vc6fqatrfx
Target https://mega.nz/file/ORE0hbia#WUbaV7wkKeJGJn69jImU7sjH4ipqeEYEJ-XWS7JpkiY
Tags
discovery stormkitty umbral xworm execution rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/ORE0hbia#WUbaV7wkKeJGJn69jImU7sjH4ipqeEYEJ-XWS7JpkiY was found to be: Known bad.

Malicious Activity Summary

discovery stormkitty umbral xworm execution rat spyware stealer trojan

StormKitty payload

Stormkitty family

Umbral

Umbral family

Detect Xworm Payload

Xworm family

StormKitty

Detect Umbral payload

Xworm

Drops file in Drivers directory

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Suspicious use of FindShellTrayWindow

Detects videocard installed

Modifies Internet Explorer settings

Suspicious behavior: LoadsDriver

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Views/modifies file attributes

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Runs ping.exe

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-22 16:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-22 16:51

Reported

2024-11-22 16:54

Platform

win7-20240729-en

Max time kernel

67s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://mega.nz/file/ORE0hbia#WUbaV7wkKeJGJn69jImU7sjH4ipqeEYEJ-XWS7JpkiY

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438456175" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{106D28A1-A8F2-11EF-959A-C67E5DF5E49D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz\ = "65" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz\Total = "65" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7049f7e5fe3cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000096782742c9063e49be6bd8fc40c1fff90000000002000000000010660000000100002000000027994bdccc23813bfc8e79ed936495cb62314653a92dfd789120bf1de5a17338000000000e8000000002000020000000371051bec7e419ae906257941e1ed8e89efab67351eb0f2e8ef4298a9387ca4a200000001dee4bce97125ed2bf56ee19c6840e8ed9f1b3e4682879841a74e95b53e1eb8c400000008b2f05e7ed10fbc05280a6c3e4dd1f63f2403da753608dc7a7576daad90d6807ab006d13acd7f0acaba52fa40c79fadb2f890dea7199c1b06022f2750d832e61 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000096782742c9063e49be6bd8fc40c1fff9000000000200000000001066000000010000200000008c40f6214288767dba050c217c6b61630e0e86021824bd8fc003ab2fc113c3a6000000000e8000000002000020000000f4165821894846e0f02c07b8cb91803351f4d292ff0ab35f019d96a0c9dc6d7b90000000c6f1dd31d11bc9298653889f05e7bc55e7b38d6c488517b425261bbffdfe89ff62857ee86d4ba18733465d817173f43c0c1098660df1470515bf8589d39e98153950875e7fc0a3593f0cee3316e8f4465099647cf32e43916b5f44bcfa269cac63e865ebe0583416df733610a29a1b92ccee7601746d755e7d10935045b58ece14551fc5d49d06d8bd2cc76617b4da964000000043e33fc803f05451aa05ce3287815d57615965028e08861e7b4253ed9bcdda9ecb943f17b21c4b8a083bde7384a1eeda7218737dd1e06121e6b254b5b5132458 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "65" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://mega.nz/file/ORE0hbia#WUbaV7wkKeJGJn69jImU7sjH4ipqeEYEJ-XWS7JpkiY

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.18.190.73:80 r10.o.lencr.org tcp
GB 2.18.190.80:80 r10.o.lencr.org tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.16.233.202:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat

MD5 77bc80f5ae7170ced5f073de572987af
SHA1 21b727df7e193d734376ed14cc2cb26cf9105263
SHA256 31a3d74164dd0487c5bc5f97e67971319f6be299b97d4a8ad199411fe50879f1
SHA512 3bc392af2dd59848a7afc3f0a1af41aa61d92d6d26cdfe8f5b810918ccc3101b06bc3ed381bc57cdfb72b20a4eb31a1ef5258f09223baae0db0365d780a7c101

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\favicon[1].ico

MD5 72f13fa5f987ea923a68a818d38fb540
SHA1 f014620d35787fcfdef193c20bb383f5655b9e1e
SHA256 37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1
SHA512 b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b613586eea5c8daef2ef60e1e97c878
SHA1 5bbb9302d1b8feb94b30acbea91b3f4eed8e4651
SHA256 228edaffdf86452382793b8fe0cdd5d06e62ff97f859414bf64581e9311974e4
SHA512 29d84d2a763987217a70bfde91b5da8a61c78e460e6cc508116f254f4461b266db312e45915d73be430f471c7397a68859e1c8b7d108a47c024fab9edddb525d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f6cc40a6551c593a821c4b0f9b91587
SHA1 06a30025497e57f78c306653aa1573b57d8ae4f7
SHA256 6f1293148937b7c0522252e2d8df15c47ef1452e821281fd860a1b0608ee39fa
SHA512 d6dffe855f6a50ae6ab57448889296788d1f0e5226321c7ab2141518e95b5e240f809000d1f7dad61774a9b6c0d38f4363033df3c0adbc71deed899740322aa7

C:\Users\Admin\AppData\Local\Temp\TarE8AF.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabE8AC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a537f0078d2e0bb564d5978df8ef585
SHA1 6820c9c5ee5edf4ba9ca6196427c3bc287a4af66
SHA256 d7ea015843da8de44c4701573999c2b02d0cff2a6bacf4b5542b9dabe4b7593e
SHA512 1ffcf2033750f2f337bdfb9b1ae969c209c6066c4078b29ebc5648b25bfe321acfc2f7e187f6748f05975a29f9add1bd0deb68805a4228d1d6ec152ee26d20c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e73bfe2f9a696b427db4bef1e8665b03
SHA1 ca433fcf919a91e607b1c93079aee9c140e0f990
SHA256 ddb9b4ef469cd364e96f3052075d65990adae0c9cc5f4dbcc5cb54215b00bae7
SHA512 4a978ced8761d8ef2ec4e423d9abcfc2b570dbacbba938770a10c2c54d1b841197ec164d06ceacfb3f948f1065a5da9ca9bb9d4df19baa204edf177a6c3c0b70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b4cdb7f3af2cfd6d713151ed93a19b6
SHA1 2e805fdd1403e1399c18ee289bc8acf76f437055
SHA256 bf34d9215d8785af9354360cac3bea9f92a85aa76c8bdb7b41355a60ace20a11
SHA512 b0be69ffcaa826e18a4139195dddd94edc5ed0821a06316374821d269fe6ebbfd71d9b38d07e8917456173b04bf972fb857097acec2410b83ff9fce666c9206c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdedee3bc3afc50ea4bfed73eee210ed
SHA1 db205fb4f542b85006042f05e03b6f457ca4554e
SHA256 f687985f4709b0938cb1f567ff3aa4fc47ce07f3f28f01758bd8ef97e3c6ca7b
SHA512 a5392ac8cf19f6387c5fa9f92387f1da75f10365c72cf76875a869f7b92525463e1a5ebd13fca2d6a6e66baed37fb1fc60b3d615f383d26d85d20ee4c5613601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70034ae5737eb465cfb731a647adf440
SHA1 4317fac6c6a7ef3ee939829f8abc17e5598c61b3
SHA256 e85b62f8ba9278a2ffed65905349ca1baed38c627376fa53c7e790b1d28822ea
SHA512 dc4418bd41e280e7b3466171608ce927d65fcfbb051bc4b92952d0c237b206d529affd4a9f1969b4246ac980c246991bca6aa96cc1c10286ef84048035eefc6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e59584f67271727c8a9346070c27d8fd
SHA1 6b8c15a1cbd8913f2b48ad6c0e42459741bd73e8
SHA256 714fc1613d0fc8cd56efb9678d67567cc7e40d96b12d901878fcb5a628f6791d
SHA512 30741c1c0a1dc2a59945d49f3a7aa0e39089dc7514711371e780002abdf4fc351111df4995df889878a8b73803feb9854bfefd893e43e0aadc385c7d45f22f30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6724f59a257dc9ff2cd0710e5b94fdee
SHA1 84f19a65f8d7fdebea0c132d5013aa348a103e71
SHA256 0e5328bf44c567566dfb1975076a23d8722114d00511f2c3e10772ae3b78c6f6
SHA512 b04ae8656824228c8c293b35a9550430ee72062dab323833d252edd74acdf0efd60532a7f1ad3ae758ad04e129fe471aad2a5171b8a26182f069c2af1f5959a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 533221c325b97e1ca1fa3253d2cd3cb7
SHA1 7b62b98cf712c2ba39425e4d63192d31ae5fcb62
SHA256 7e7f664b686d1c71b00c4e4f6878a7f0700acad37b452393bad65dfa3088bb79
SHA512 780cb5cf18f7dfc174ff59aef6bb5a43be6ed0ebe2f8be6a40ebab3d102d696c049941f7238505cca86b3b669b0c751bcf667d8dd408f57978870c8804d149cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e28e192dfb935f7be7603317d1742d9
SHA1 8e46c7bd85f01a5a68d91907bbcc94dc6230bd6c
SHA256 a6477e6efb3ef4aabbf1f0c1249c6f4f334edc463fcfc73c0b753061f4104c35
SHA512 f63f262ee974b27d04f444d665e9935363918604992c5a49c36e722819721574ee5c504c295eae79434ab7ec682f2c5f16001d757635f80fbf90a7a7a50e0e1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23f85b6a59535b68740a5c6405afc3ad
SHA1 1ea0efffdb1828a6ec061cdf7ba8910db7ee29c0
SHA256 a5d3f9f11694d455755fa768af15aa309ebdea00c8e7b3091548fdd47cc352ad
SHA512 cd04e08227aabc33af9165fb030464e8be047af953864b565f26522d6da4ced855d91ac589050f89c3f4818356d7677660731de7f19197b6f0c16668080b0ec1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8e2fb7276d8e2f746c3943c56a6e5b11
SHA1 d281c2dd581cffc7f89fb241524746a83be06c90
SHA256 abd2a9d59bc67688f0192f91674c85d09d69060bca81938e48718bb49eb92d62
SHA512 9c310f7d5da258957a139e32191587e916ea111dbf26b68ac5823c50f128dcc0d0340e413a5a7d5cf2dbb14c20f08e42c220d1cbe243fd892383930828bb2d2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 7666fba432bf706c50447860a4419aa9
SHA1 f3b45627251eb7776b56d603bb3e8623687d47ca
SHA256 5ee4d17db3648000fadf191a4b2ef9c3493e2a4d3c641d7d635814c3053b86cb
SHA512 1a61be3aea2f891463778fe15bd75df6d6c048c29d30db80ec792a5265cce409c17fff5353176374ef591af06f32f99ddb8538224d910b828276a1f5f0841128

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 896e3bbacbbdfc46b98c4ca2b1c8147c
SHA1 084b7cf67ebfa91a2e1c7a56f9625fe5c8018f4d
SHA256 201202afd987d2e3c40b6a820848ffa9ba784bf090748628840dd5c021bc326d
SHA512 dcd8a7f5c74c0b5f0d3e1b9bb98d10801a3791d795d6c709cf94bd5c02b89b5babf0d43a7c8247be169f72cec972f417862e0c63c25d20ad44fb002dfed50d08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac45614b2c2b3a82e7eb32f0d412a541
SHA1 0d1813f719e9805d64b7db172e438a30a323304c
SHA256 26e9e7d6e705638fc5e8abb85be4ca8503b22db50e606c1e2cc2de50b0a4cfe7
SHA512 e737a83fd3186508976a8f030deb3aa283ffaeaa491136f238bc650379c6553d4daaff93d963332121ef3ebdec1e8a9b5c3388a27f1081ef15438cf2e7611e0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 823ae63a859639afac72cd291a95b496
SHA1 f4cdf8fd67777c6a3b721f9b897b7a4ff0835e28
SHA256 25e4e5137da17a6cae5857f0973b4eb3a16a25bf6978a1135ebea9852448e6e1
SHA512 6d83e9b09261f24c4174027cbc95ad43dbf07932b6e7dce35622ba591e89aa1b0557d609ac7bce519c9b292c5e0c63339055ad484bdada6fd2d348130b1cd917

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-22 16:51

Reported

2024-11-22 17:01

Platform

win10v2004-20241007-en

Max time kernel

570s

Max time network

518s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/ORE0hbia#WUbaV7wkKeJGJn69jImU7sjH4ipqeEYEJ-XWS7JpkiY

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Umbral

stealer umbral

Umbral family

umbral

Xworm

trojan rat xworm

Xworm family

xworm

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\edzhzm.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edzhzm.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\cmd.exe N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\wmic.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edzhzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\edzhzm.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\edzhzm.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4292 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 1184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4292 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/ORE0hbia#WUbaV7wkKeJGJn69jImU7sjH4ipqeEYEJ-XWS7JpkiY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc8646f8,0x7ffcfc864708,0x7ffcfc864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2028 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d8 0x3dc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\" -ad -an -ai#7zMap4868:150:7zEvent16728

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:2

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe"

C:\Users\Admin\AppData\Local\Temp\edzhzm.exe

"C:\Users\Admin\AppData\Local\Temp\edzhzm.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Windows\SYSTEM32\attrib.exe

"attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\edzhzm.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\edzhzm.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" os get Caption

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER

C:\Windows\System32\Wbem\wmic.exe

"wmic" path win32_VideoController get name

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\edzhzm.exe" && pause

C:\Windows\system32\PING.EXE

ping localhost

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject in Forinte NOT WOKRING IN UPDATE.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=VOX0pWESwhs

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfc8646f8,0x7ffcfc864708,0x7ffcfc864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=VOX0pWESwhs

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffcfc8646f8,0x7ffcfc864708,0x7ffcfc864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=VOX0pWESwhs

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfc8646f8,0x7ffcfc864708,0x7ffcfc864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fbi.bet/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfc8646f8,0x7ffcfc864708,0x7ffcfc864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18400419721958142629,9659026788670538569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=VOX0pWESwhs

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfc8646f8,0x7ffcfc864708,0x7ffcfc864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,6752441629429965756,16496250122901762388,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5316 /prefetch:8

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe"

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe

"C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 37.124.203.66.in-addr.arpa udp
US 8.8.8.8:53 12.125.203.66.in-addr.arpa udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 gfs208n138.userstorage.mega.co.nz udp
FR 185.206.26.48:443 gfs208n138.userstorage.mega.co.nz tcp
FR 185.206.26.48:443 gfs208n138.userstorage.mega.co.nz tcp
FR 185.206.26.48:443 gfs208n138.userstorage.mega.co.nz tcp
FR 185.206.26.48:443 gfs208n138.userstorage.mega.co.nz tcp
FR 185.206.26.48:443 gfs208n138.userstorage.mega.co.nz tcp
FR 185.206.26.48:443 gfs208n138.userstorage.mega.co.nz tcp
US 8.8.8.8:53 48.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 table-services.gl.at.ply.gg udp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp
US 8.8.8.8:53 23.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 gstatic.com udp
GB 142.250.179.227:443 gstatic.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 rr4---sn-oj5hn5-55.googlevideo.com udp
NL 74.125.8.4:443 rr4---sn-oj5hn5-55.googlevideo.com tcp
NL 74.125.8.4:443 rr4---sn-oj5hn5-55.googlevideo.com tcp
NL 74.125.8.4:443 rr4---sn-oj5hn5-55.googlevideo.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.8.125.74.in-addr.arpa udp
GB 142.250.187.214:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-5hnednsz.googlevideo.com udp
NL 74.125.8.232:443 rr3---sn-5hnednsz.googlevideo.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 232.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.33:443 yt3.ggpht.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 172.217.169.78:443 youtube.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 142.250.200.33:443 yt3.ggpht.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp
US 95.100.195.145:443 www.bing.com tcp
US 8.8.8.8:53 145.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
NL 74.125.8.4:443 rr4---sn-oj5hn5-55.googlevideo.com udp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 rr2---sn-q4flrnek.googlevideo.com udp
US 173.194.143.135:443 rr2---sn-q4flrnek.googlevideo.com udp
US 8.8.8.8:53 135.143.194.173.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
N/A 239.255.255.250:3702 udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 95.100.195.145:443 th.bing.com tcp
US 95.100.195.186:443 r.bing.com tcp
US 95.100.195.186:443 r.bing.com tcp
US 95.100.195.145:443 th.bing.com tcp
US 8.8.8.8:53 186.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.18.190.140:443 aefd.nelreports.net tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 140.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 rr1---sn-5hne6n6l.googlevideo.com udp
GB 142.250.187.214:443 i.ytimg.com udp
NL 74.125.8.166:443 rr1---sn-5hne6n6l.googlevideo.com udp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-q4fl6nlz.googlevideo.com udp
US 74.125.1.169:443 rr4---sn-q4fl6nlz.googlevideo.com udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 169.1.125.74.in-addr.arpa udp
US 8.8.8.8:53 fbi.bet udp
US 15.197.162.184:443 fbi.bet tcp
US 15.197.162.184:443 fbi.bet tcp
US 15.197.162.184:443 fbi.bet tcp
US 15.197.162.184:443 fbi.bet tcp
US 8.8.8.8:53 184.162.197.15.in-addr.arpa udp
GB 2.18.190.140:443 aefd.nelreports.net udp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.187.214:443 i.ytimg.com udp
NL 74.125.8.166:443 rr1---sn-5hne6n6l.googlevideo.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
BE 142.251.173.84:443 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 rr5---sn-q4fl6n66.googlevideo.com udp
US 173.194.57.170:443 rr5---sn-q4fl6n66.googlevideo.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 170.57.194.173.in-addr.arpa udp
US 147.185.221.23:40193 table-services.gl.at.ply.gg tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_4292_ZOWPWVKMIDILHQDF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f20f0df634f4d0bd1b3b4f21c2b0350
SHA1 390f04461f8842aa5adc648cb7f1dc6ee6318cd7
SHA256 6f0c613dce9e1857d188384c299c4647b574b7425d9e6a2062d1ea22598980fc
SHA512 dc88c4e654a381f9cf69e54fb7e228fb15179a4600461ac32520f32b03cb0a942437f3a086705feacae7ec6da0d84a42f1e6d3f3951d35d11a4b11626e254437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87d6d457e86f74e1df899f73618b6c5d
SHA1 42d362d9ec9d932a535897b06ea92e112dc64879
SHA256 5a1045982af39cc0e3066768cfb4f2356e9dc4896927f2ad024757d025a50fc1
SHA512 57565a97e6ea58a50824ea8c744d6ed94dd19a5bdee1a3cc7457171c934c875bcf0212872926246ff0a19a8a942a82d23e44a6ce0d537f56ab1b258ca4098b9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a65d82226085699b19d8a7b3c513006c
SHA1 7d62d518d63f64e42f645816aa44a1800c1d56ba
SHA256 052df6c60dcafbf0ea58865aa2114b208663a701e42e16a3eced71b69d000ed7
SHA512 7711ee9ea1163474fb90455eee64bea7a1e5a5fa6c3091618438494ad13b2756073eb150d1a59163ba4d8228b6a7bf9bd2f95c8f6b0a158b7339edb4bdc6ef0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 557c2c6f57eb2253212aa0a41e7ecf38
SHA1 21f560065070fae53297efc7efccb1b303f5d676
SHA256 c80d1b3144c72a4071e0f752cd22615be9c5175bdc33a133033f3db746b8c5e4
SHA512 ce434aab5e1cf498f94c152a461bd02e7c9b1b3b5e60588945989c2871582b5cbd86cbac53b195b4766c90f9726144e1fa337c158b78c5a33c1320024c6562f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5816cf.TMP

MD5 f50681cad475a480af5dcd94ebff68f8
SHA1 78ec93f0ed77d4adc0a991f62fa586fb7d347043
SHA256 7914577b639d6f4d1be5df15d453f102b9782c2d28552da7e4f6746587c82cb5
SHA512 f7201e068b41da72628f278b5dbd0469f3e24486d3412f841439dd47eba3a980679e71f8dc27bc782046abee4209416c4184968de7456c10c1086d878621dd0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 282b714ff560e9c6c049d09f1a231cd4
SHA1 d716a67bf92d9a6056ab783f73edfd520b980e32
SHA256 ca0837341cefb35b208e9a9fa6c6ae2961de1dcc09b2a68cc57da05f3645af88
SHA512 024bd25dd6ece5c59bf26636b54ca0dfd33392b2a53f5ae48be8ab9c302271d9404076feb1bedadc5529f0c4697db0dc898fef52dfaccc8e0984f3588cf741d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a34e4586839ef192341335e3eaa3b861
SHA1 ebd56fa5b5c716f35c7e1499f255e6e0b273788c
SHA256 7dec2ff4b9035b18f434022c0bdd90c61d429c0d544d88a1d5e3333100ef95fb
SHA512 aa24d20eb3e9deb3446b63f25e3405e7eb3845a8a763175abe2e7c18dde9b0ec18110455e4b60dcf782918159c6afbc1158f51b7d9e766f61c17ba06b690f728

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025.rar

MD5 1ccb0e3f76baec45a2d9389aaedb0b1c
SHA1 6a382595fcf88afed76560c03736936faadf9a76
SHA256 3842cf8e8fd82426fda2106334d9626c3524d29311b4b7004951b8971aec38a2
SHA512 8ccfaba6438880a83c1dae7c166616a56e27c91e604470ff85f6b958fe347d6e33a6462e2c1c5e4452026f81c41b959510ddf50639a54a906a8432de8e999070

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b00364c10d87cd87108d6726fff57854
SHA1 92230e8269af329b9db46f5f6e8632009b966d2c
SHA256 aea4a9414d3a4126f07d2a092c66fd676908844fdb9dfb811ed6bdd6752ea176
SHA512 cd65235dbbb26dc5cafa05bf6bd3b7a7d3d5f32b141d9513854738c93dc06e7e9ebdd6a4d92d1f8900bcdae4696f1ef7be4cd6bb5e85e2d1106ae91703d5f158

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 008114e1a1a614b35e8a7515da0f3783
SHA1 3c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA256 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512 a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Inject In EAC.exe

MD5 b6d53906bbe93e3ff62c88c942a19f85
SHA1 5021192ed0bcdacc1802ea7b2ce952d1285d7798
SHA256 b382e1437d9816afb54cfb13d64aab204998bc6ea498e84d39a4ce4efb4f8645
SHA512 d6e4be10b342680124a5da16cf9e9a7a0c0022a3efdf3763dfe316b7d1a8d60089f9a74e53271738e7c089d15f6fb72dcc9e02d8cc52575eef1dd0c23c8fa643

memory/4112-256-0x0000000000430000-0x000000000043E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Inject in Forinte NOT WOKRING IN UPDATE.exe.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

C:\Users\Admin\Downloads\Blume Cracked By Vixen Work in 2024 And 2025\Blume Cracked By Vixen Group\Plugins\EAC_BYPASS.exe

MD5 b7219857e8e1305def7a814ad27f5fb5
SHA1 b41ee7cf66e7cfbc19764c1ca5bbddcc6141e0bb
SHA256 c3d568da2c0055824bfc629de90970014fe15164693f7acc478dc7e06891516f
SHA512 fa35a119b73e9fba4dad22966f5a13ae5486931c1f1559ec7e0e4fbf4523d5b463407c7058254fdc5160352cd668bf3ae55dbb352a1276704233d5e313dcd9fd

memory/4744-284-0x00007FFD1A2F0000-0x00007FFD1A2F2000-memory.dmp

memory/4744-286-0x0000000140000000-0x000000014086B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\edzhzm.exe

MD5 7a1a8a5a682c275395721c10cfa9a7d0
SHA1 7ff2828a02bfb527697d59e69460c9fde23c7c96
SHA256 287ff7c2da6596decb83ba3689ba5f91628f452fc28744ac39a94bfaacd13490
SHA512 1df318aba2e440622c4bb29a77665de81310d89f1cfd434034c444f73cfdcab1b56c817abbafb7435c0595131d190aaafbc1d062272e1ef3aee7d02aaa8505d2

memory/2900-302-0x000001D65FE10000-0x000001D65FE50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c0ioyrbm.aos.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1544-308-0x0000020C1A140000-0x0000020C1A162000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 77d622bb1a5b250869a3238b9bc1402b
SHA1 d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256 f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512 d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

C:\Windows\system32\drivers\etc\hosts

MD5 4028457913f9d08b06137643fe3e01bc
SHA1 a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14
SHA256 289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58
SHA512 c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

memory/2900-330-0x000001D67A570000-0x000001D67A5E6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 3629336d635cce86de58d14a1f7f7d2e
SHA1 2ceedf5e8ce9841028742bd9bd8cee20fd90bc35
SHA256 df32350072470952e1a41ab53d3c35a316e6d774a8e8c5083b3b498d67643349
SHA512 1eb9db4c5e7f22fd8c7da6a5710f17662125563dba2cebab8997de958364fe05f689f14608632f80635b682e8b7b9acca78e55cd786601f5bd188bea186020b3

memory/2900-332-0x000001D661C10000-0x000001D661C60000-memory.dmp

memory/2900-334-0x000001D661BC0000-0x000001D661BDE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 70435c1b3750c6be6decb72d91e8dbb8
SHA1 b443a2fe6aba6ff388d72a342586f6b965be70a2
SHA256 743c98cbf0d9da6c3ddeaaaa06704e883b1b0d077c34478ada543b248f3a01a8
SHA512 9f9f1d14121fd5360c724628326606addee7ae41934b44bd6d3235ae8f7112ebcaeffcc2265232050955e6fe688220ff6cbdc6b06b3d1d97e63ba38cf0d47d2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 326e30550574b2a09874ff7c7fb20f45
SHA1 4c8e93ea2512673b82c93ced950752753162bb19
SHA256 f8a9faee068c7f08ca4fa68deaa618cdedf531fe50c21a5d8f59b208e59bd3a1
SHA512 5449d2405dd7d34639c4520c833b24b2bb4b1e862978319ebd033476b8bc478211ade1db6c29488c30db20e50dff7c2a3a0227e001a0ba05c97b6ab5605e818b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 88be3bc8a7f90e3953298c0fdbec4d72
SHA1 f4969784ad421cc80ef45608727aacd0f6bf2e4b
SHA256 533c8470b41084e40c5660569ebbdb7496520d449629a235e8053e84025f348a
SHA512 4fce64e2dacddbc03314048fef1ce356ee2647c14733da121c23c65507eeb8d721d6b690ad5463319b364dc4fa95904ad6ab096907f32918e3406ef438a6ef7c

memory/2900-374-0x000001D661C00000-0x000001D661C0A000-memory.dmp

memory/2900-375-0x000001D67A710000-0x000001D67A722000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 c3b84be2bbf3c65d814edb1e6d8df10f
SHA1 1e23ead985215ee938f5280a0144529654ed5f3c
SHA256 a4f8c5af90aedc806d37e2b2adc3f80d0d0d99b681b497988b44c826d7093b2b
SHA512 397860732aadd6e68d2193ae93ce9307779d267e64e21787ff6edc5428b388c132ddf69af3fb353a4f316f6ba86a5993e6d7da04d0475fe21accfac4b8ac6ae7

memory/4112-397-0x000000001BA00000-0x000000001BA0C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ab4ab3303c4ce9d48d0d9b622e988448
SHA1 7a1e2de4ddf17def469f845ea293cbf056833070
SHA256 486c1825a053ec82e97f7803ff38b1614114fd9f2f2818bb5a7c7d5ab2aad3f0
SHA512 9fb00dfe525fee16c03f3cebabfcbd921dd9777a7756578902eadc0043c80885c11305676d77dbc8715581ecafd5af0cdecfea23d3bfe06ff01481fd6e424054

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 36e904b5300eece181db0dcd66a71b34
SHA1 8ead3297da3cfda109963126a1ecbe77d24d5798
SHA256 9c01addaa8f949376622a4a46cc52ac029aadab155515db2a0e26fc0cf2e659a
SHA512 e00ea92c7c42d923ce3f055427fd9e114acbcacc2dde1aee7e9106afc4872bf990cc677e188aa099d110231d4a7b413d0e2b30ea728b450473219ab17c2fc0b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b9094.TMP

MD5 1a02fd5ae3b191eba96feef733f0b074
SHA1 21c640c8bc3fb24fa703cc55590a362125b2af8d
SHA256 3b7199ab075dcc725624bfd596250c161b5947e9b066b91e02ce338b6c2e4cad
SHA512 b582eb6989ed5217bf1660612302651d384b07be84bd4f97b59bbbe887c13b5fd988dd1d46ddccd4ee685bdb5d8c4060216bd0bbd21d5c6c36fb646e4f674fa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 948a34363920c7b58457678b2509113f
SHA1 179e359a56365f9f078cfde6e40a626b342e628d
SHA256 6f201ef7beed3e0e6419124ff1e970329a353d79fc060849b458b60f11dc0f6a
SHA512 2dd54491fd66136d8e94556b92fbe33aefda6aaf3a21f38f540160ea7051bc11f0110dc609ae2e1309f4b5b9aa1d0291f64c124246a442aa4a03b4b752ac4250

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5badff.TMP

MD5 d9fec639cd2f6f79b18ebc726fae4054
SHA1 577184318e1b5d6ede5f8cb01d66a2c9f4b3f3e1
SHA256 f4834ecbae271b2e0dd916d557ab09f1b4263b726dd10f3e236547892b9c33a3
SHA512 43dab50dc2ff441c793699fe922e4d99d25e17467337dd63a21b37212a72693941b6c0d6f36b9d489bb12b71e34e69784a6c2190186d2b613c69fe934f2a07c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c77f78da633d74b7fdbd339b565c975
SHA1 7d152a797c72c56010b1dc5191de60fdecee2d76
SHA256 f6403c6e0bdbbf3da715737cb48c70b4a05fe8ac1a19c4f1d9ae0ac449d72b8d
SHA512 9b5a6e7dad4e5e40919dfb9e5685a1452c48ceb8f0b6d5aa0434cca89066410d88837b6b896a8b8d85bf67af45a8263dff477526e9f32c465a31155ee85d65ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 60bf0673299fdfa2bddfaf8303a67f1f
SHA1 6ad8d1418a35bbd2c3c001ae06ca49101d551742
SHA256 29d5719760408cd5887a3b002de29c9294290d65b18579797bcf7b9f1710b131
SHA512 407c3c29795738806ede391c3751d953428160a1239d56b1e6c6f32c8aae26d04878fba72b949415b96cd4c632225c1ef0975840e75e48677c856eb18b709010

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 45f466cab92aa242766d8fc96269a4f5
SHA1 ca2fba0ef2bebf89eb0f29551426cccf3c6bf128
SHA256 26d5cac78756f9efd24749d2e351295506f4e3f17d66b7056b2552e1b60a9ef3
SHA512 f19c2cf1489297adc0b9cd541a0784d9c0cc66482f75d191bf5a9e895fbc0f722264ade986c71e3ccae9b254991e5be808d99e06cf16eb2fdc32579148b858fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41572389-31a2-47f5-8f67-0437fe1357bc\index-dir\the-real-index~RFe5be9d0.TMP

MD5 04940d1fae8f154e15d032ab6332d51d
SHA1 bd81452e67a0328097f3da598cd40ae3115a1c08
SHA256 b647138012235177a3b9773a469fba268c6d2de6900684865c63c2861d5880fd
SHA512 255801bd270832a20ad000d8a9beb467275176e3e97b3bab8b0eb550947dce0cb2d0e01664549a5d8b9963dbb9c1cda1616494cdf5f60a7b0ace8318dcf7b160

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41572389-31a2-47f5-8f67-0437fe1357bc\index-dir\the-real-index

MD5 234e7adb24f83f1ce0e33ea0986de871
SHA1 253821c9852d20400f59be74281b539c6841e7c5
SHA256 f726803ff4bfdbdf226e10f5227e188745bf28f7991b2405b4f1e796f93f23c6
SHA512 0d0ae03445d57338f902c2c78a965e26f1a1bde743e20c940e78e313390fa8332f43bf5bedf22ab660cc63975a2ab6bc90c878b9d423f61d5b4cdf1d68cce141

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f3a663c6e67b90acda52674e97d8be87
SHA1 ec668491966b1a34a514a1350c9827ceb0a8ac2e
SHA256 d586ec1a70adecf09583cc10c8b09a10848ee7b8d961799b90345f3677a3ea30
SHA512 547ef8f7a37b86bc334dd2b5b1b4b71e099e7e2d56a09b74bac0ab3734c451de05d88520b2934d57e5b822c8ca376369c222675fbe3ac6fc1ad42038af2fc209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 12f426d9a751204d4f417f288faf3165
SHA1 27db03edbc354a47a28013e80ebce9db7198eb57
SHA256 c5e46eeb40134ddbdb2f89af9363b675824fe5f0968b4ff51c530e8edb993005
SHA512 1fb05ccf51e809eca4a78996a500e72f5e1153d809711046614b7f33dd530a25bb379336855ca080d56b72859ceb5af28f20020edd794315d6b8b9a45c01cb30

memory/4112-709-0x000000001B440000-0x000000001B4CE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41572389-31a2-47f5-8f67-0437fe1357bc\index-dir\the-real-index

MD5 04b0dc218582435e9a682c0659969054
SHA1 8e82023b072f6a94d702fe21408d14d74f997fb3
SHA256 b6b942708d61434cc41261ff6ad8550c94a7ed66e02586bf9871dc055232571b
SHA512 f19e77bacd8c68a3e64810e8426b16925473a6f1d9ceabb14e0d64edf37262138357927c21ce925e03dfc58ee6b29933d917b6c9cb37bf67fa0e30f45cd19b1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2364882403e8f544d24e3957dd35311c
SHA1 2aeb6e83976ca1773ff1f26937d1fcf9f08339cc
SHA256 ae2580dc6c2821a66bd2d51077babab97cc0115dbfb164c4c52902af39e0419b
SHA512 c71378b2c55c671b048f6f5cc13136c854d1717d36e1127f0781a8f7a9454499ef006862c17adc33c73f9e18ae82ae8475819871614f5f4eef5a466159bb3301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dbd965ef82b0e2192af50284195c6f18
SHA1 f06443ec1b15717a1666c70ed1b8b8a0f3537c77
SHA256 3b9f4e09c49faa9f3c18007ad56bf14d21a2737411aa1643569b1fdf9b48c33d
SHA512 f0942263cc82989cf92c3fb6831994c04b1733fd75c46cd723e6856be14f9a8e92cbfd22d8c9a382bc29073a212f6023f05105546fe8b2cfa2c57fb7705f1d00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 9c03982e4ed2efc93a65fe9fdd3b5991
SHA1 d7c31690a7b4b861f7fa36158bd5fd336ed7c459
SHA256 2b23bfa90d84307a27d61b1d4f3d9b14141ffa249d0cefe2ba3b68330cbe5f97
SHA512 d2e6cd7a605c2a377a4a5c80116273c242cdc1e5c6b36683024d12af59a7dc518dab826a39bbc665a822baf53d817d60d019803f3816abeaa9029c4b67bb3f06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7f2d66626744c222d3a1e1447e5872d3
SHA1 ca0471dc8fa4e0db5ac8e141b6554b779d1c49cf
SHA256 5e40b259856b285adf7f11014b363044b5ad4aa195d3fa1ab040092858975111
SHA512 63967dff37cfab969638e73f9e3b1deec89f7a82f5448fc9dc12a5c04a990def86e010db1cc8b035b6e363beb443e9191049e214b64f14e55cc2475de701452e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bfc28bd45eadedd543ba8833e562ed99
SHA1 36d23bd6a9e18505d160ff2d67850bb4a59c334a
SHA256 0854d0587f48b09f64cb626a6174f511ce481385095ba8a3318bae87f2fa0683
SHA512 3b1fcde024130dad79723b28c233a1909cb8ea28a9a5c21deb8abba2d47ec0ad28b9d531a124e7dc1161e34ac0d609f2360e516399a9bfda9126c86636f13bc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 15c132d5512dc1cfaddc92d366ab7cdb
SHA1 ad4ae54829963a8c12130da4141d8ed1b8a7cac3
SHA256 584fc04d2a119177b3ecaafe4db49f0c3e15423d8e920d6462d0817f1e9c292a
SHA512 39b892d97fa248f3d04b65dc12e7eeb6a5aba1d40dffd12eced50a919adaca2c70fe07189c81a9ee237636dd6235d68d0a2efb15f2e7bc9c192d472ac874d55d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41572389-31a2-47f5-8f67-0437fe1357bc\index-dir\the-real-index

MD5 e3d2b2b95237e47d5369749b20923638
SHA1 22f53a71651a9eaa6a215f5d12712b58a0aeada7
SHA256 46efbf8795bc372d0b3f3a610296856f2b27023a2ab6ccdac9036a924c263030
SHA512 9ae4915ab12989f6895167b38cd50c46dae899eccc365a6dcf42a378b7b403304c07dd0a829590bb7206d91d86129e236cc0e4b3aa236a9d134f078609f54926

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d25a5885805c2c15a51f3a9adc7a714
SHA1 d757ffaf0b532f4ac3e61158c5ead8582d448813
SHA256 66366258d4f6d0f0fd7663b46547b3a8f7441cd3e22e80474d80f78fc4bfd418
SHA512 9d4a84c8e120026264f52b3421a8c3324aefb8a4aec80b893bd95be185b35bee570d09ad2ac87aa4eb81c12a4e6d947b28832bad608ebb2aa7406c78507fc713

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84116b7acfbc7cc911e3b2efdb1a8613
SHA1 36f5fecdf8b84426388df02dbfa6617b64eb338d
SHA256 6efd591e5c8658821d45b524c6fc654e5f477296411750855e767c58a7cbae22
SHA512 ae811292cbfa70701e903a40175dbce3a83aea386faf4c9793d7f98bf94efafa28fbaa1902800e854fc889ba324bd07d6dbc7a7fcf72fcf594562756bcdd6632

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7357b51acd301f8ccee020319e34898c
SHA1 84a2f7978d1eb27b7d29e0a6019fe0b3f064d5ea
SHA256 1288c3c47d6066a53bd637cf319157669a825cf9330519f62e2df400e752f03a
SHA512 6b1f12d003df10bb1facaae4bcf4f401418fc07ddbe0510284118a802622d8774f1f0159f4b481c9f7e76d8617103e9c45ebd0b015605c5ea578e31fdc4ea37d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4e82470ca088114067450d302458493
SHA1 378e4784b87fa4be2c654d8effbb2a59c2511894
SHA256 655edf9b7a73e6517fd3a2feb59911f0f7c451180ae8267a2143d2d4abf4f991
SHA512 3caa5d9a7d3ad56637077b10b5938b99ea0cb64ac8d0953ffec30d852ad26e932215f00edf0c2a2921a06147927219943b345dcf73deec22fb80798c6996e113

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4fef3cd42d9bce6e081eb1f3907d8e46
SHA1 b9c767b577024d08115f044edb736091075e18fe
SHA256 5160ddc9167779a66a3bda70576a536cc24e12a7863766f6a10c337df01292ea
SHA512 3a4a5c3a54a8853024f403505194245feb9346bedb8e7f80ae551e28317008658c082ed53c10b84a7db18398c85c61c54560ba60ca650a8b6381c81c95358ba9

memory/4112-1056-0x000000001BA60000-0x000000001BA6A000-memory.dmp

memory/4112-1057-0x000000001BF20000-0x000000001BF32000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d9e340d9a73a8be39391c4ae5c5face9
SHA1 024c5f4894a7f2189e8c384bbcc0a837f72b4e18
SHA256 c8afd7bf12873a8b5be13ba2e00e2b263764093ad81a1087468c33c8f2304e71
SHA512 d4a16fab7af006d6f84f6671aa08f30477d197c5634805956f1ae1b5081bfe96eb632befb78f0fb870b1a2c3815990e3c097f9e44bbd04bcbaa5ca57b79e54de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d74a101c51ddb1f08f1bd84e32e2bb79
SHA1 b7c72063c0245785f3b0f67bdb27ef8eb84f7455
SHA256 b5693fc3eb0c10aa1567fc4ebc4db2adcef91dca1a4229c94aa2dccd79437c6e
SHA512 cbe8c4a864ec0f95204c40184304b0922aaabd044ec0cda298a100901c740857742d8ebcb64afffee080e610c8649153ad582c640b5ac75728a0b0c0b36e441e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88b0a4ccab3f07d51f1fa6e78c59e62b
SHA1 c8511cc83a28744e5239e78096fc3e447332b0b4
SHA256 e54cfc72108b982066ffd987a1fb747a56f6bdbada9279ae166122b001ed0596
SHA512 3bc56fa9bd587a4379f1b32ff65ac73fddaeaa883a844efa259dcc21155670547377bc1d632f1823d5bcf60b49a83207b6daa3684d6e725f8773af8ef01760c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c43f4655c3a3da5ae89d78c726d60d0f
SHA1 71a3ae1173f7e4c64d5f3321dacef045940f5d2b
SHA256 ff8f5f731456968f56d47e8e8e7c97c6c720e7527442e00eff23923f2b740531
SHA512 a932e979935317b803c844c1f35e42f6c246d62417b65d5888e13803dbec16ff8b462ac7d55553dc71f7b76986359753e3aeee2c66a106cfe914399d8aa1f7fd

memory/4112-1234-0x000000001BA40000-0x000000001BA4A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6e62e272d2fe4eba83f97138849ffc81
SHA1 6559fa91792e886109f6e7ed63b9b035ff042918
SHA256 20a7b8c08b561c663da4b6cfa6f12a4652d7f60ea685e1364fdd99f68dbe3b15
SHA512 bd5a4e3bf765e1a93e2a1c8e313085ed4c9dff58484559a837a47e3eb6db0231ea2b09ef98a1796a7b763fb457b33fae6806a17a83e7967d9a267282f4bda032

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 778ca3ed38e51e5d4967cd21efbdd007
SHA1 06e62821512a5b73931e237e35501f7722f0dbf4
SHA256 b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0
SHA512 5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 14c1a4b84a0d711534691f5a61c2f00d
SHA1 226cc5e4466258637a8a310efcba8870a6d037f4
SHA256 88c9c5bd775622378ad6641ecdf22558b407b9a4133f0f631f9e472b269ba4cb
SHA512 90866d68ebd8c9b20b7b6c8b5ed818efda55fa9005d257cb53ce780b7a5e03937d9d99930caaaa89e57edabf7adc77dcf770738638630207066e5a776b4c8a33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 17abd063764fb0ed48f82ca3c340f77d
SHA1 abd91ba11a12744e471d11334fd0d497fc0e1896
SHA256 7922d5ca636714ea7cb4dd4598af9e8c7c77862adcac2f4f2f3ca5d0715deb5c
SHA512 9112e0dee08e6cb8abc76e5e5fc893530917b97000d3fe3a028e222a3c05a4be89bdabe678f5ac13d3127a32224f3b0314927259c6dd6f6531012f0639a870ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 5f68de3a9fe2532aa4ff04097df4f272
SHA1 fa0801ad789220ac5f93c1cb1a0356cc157792b2
SHA256 e1117461878eb28381c0777eef1bf8ec226826056e631ba72006a67c07aceae2
SHA512 df92065a0105e3718efa066bddf3121ce586b69d3dde4e64293ed483d34e162d3d567b01a934a2750853a4a161ec7d19ac41753feed44431d6d9f634b79ab6bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 383b0cf9c1ad6f185bcae0daadd3a542
SHA1 a4d3ec3ae12e9586c62ff18bb8311ae697f10c3e
SHA256 3aee4b10da5eb1bd91dc1ef2d158e4984659dd164a5250f3944710c610caa62b
SHA512 53ff30f96d32f6261b2063ab723c2e17feebf1a259d96263db8f923550bf813ba7d90118d81c43dd37e250487d709f8909ee61fbd6e014d4ed6c198ab9cd387c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 e8caf9aa03a76568d4dfb4bce1c070b2
SHA1 929a63300cc8b20e5d06dc052ec862b9b5df3a1f
SHA256 d6aba74a90bcbe4a59e6d0d336f0354327449ceb67ad46dc1cd0ac0b8258173b
SHA512 8e9f6d753624a0370581340612ace94e8c1c62bc64b0b4c39035721c6d088bf77b544b9f0e380c5038d0a101e8500ca8fab589c38ba1d1137df9d3f3bf140658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 6820edb54d296940c9c94291212f5201
SHA1 061430c1f513984356179c34826129aa61977efe
SHA256 dd3863e937bf47e61cd7f60f16f8bdd16d50afc0a7e9de500e63ba438424e185
SHA512 cf849e092d9684887f7f11c50d37f1708a9504bb302b5cc2126e3ca5ec336660d45476e6918a5e88d84ebfe77fcf37c00a5b2c7699ff5e7cb9ff291eb32655a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41572389-31a2-47f5-8f67-0437fe1357bc\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fa56bbebfedf45b1010b874e7c8c0075
SHA1 0bb86a1701f87ef206e7b20797083a3a2fea40c8
SHA256 ef5230440cb5632b0c1f85a1601c00144df3742dda02ee45b9dc0e54a8b62817
SHA512 5a6538b2e837a871e7ec0f33a094737c545c8db5c4936dcdfcf965f32821a97800e575e8a429a2ce1a6b728993319bd5c222a8a4eeec8ac92d5ce98e26c2664b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 2d0cbcd956062756b83ea9217d94f686
SHA1 aedc241a33897a78f90830ee9293a7c0fd274e0e
SHA256 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2
SHA512 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 350fef14b9432c8888714f9d69ba79fb
SHA1 f02876195e3b3628384124d63cbcb3606a06996d
SHA256 dbb362d29b9b4111e7722bae880e8a79ef8efe96db4cdf7869195f5cd0066fc5
SHA512 8fab4f3151a81a2cf0465aaf245d507da97c230eeb86dd6e9cee798e4d8d953aedb2e7e4cc004fdc8a5f7e8af0ded27aeefb4c626ad61c95f38572e13d49d419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 e5cce0f7f3481f35883a52626d5f6b36
SHA1 6c974e18637932d5bc0612c9ca0a131d74574b78
SHA256 69eb4636b411f705e67f64d6d3c91ae7f749524a1d77851d86412db4ada09c3d
SHA512 f39f488ba8a28c609f7102dee83c579bca126eb96dc5a0b43501cfdf6e1534c83d22bf80d3490b7b6c0c01efa14f256928bd1d127400e130ab1188bd1edbd445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4be05e99e2a668def43a16e6e55880a1
SHA1 2ffb2e7bd5bec25849e7bf28749e26528d565bd1
SHA256 f44b76d621a885599ce81e77bae857f716c2eeaa347115e724eb266c1a6ed3cf
SHA512 a43469e8f775421e03b03e20810f162882bb188344d76e4ae4674fcb8d1b702c464235faeb478558406662a32dca45acfccd81a5f24ed689d5f46914facd933d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4df7f198ce3ef6c5b4ee6afa9fd329e3
SHA1 250a9f7643efa57c8e85425025a90b6f1f93f26a
SHA256 273370e3302586d758320fb70fdf2d595c23cd1dcd30de46769be70b2c7529b4
SHA512 1537e8a058c5a0894f120df7e02813c84d21060d51e60ab71f26d24c6132cca1bf64781e26a30c418d9af14d0583f8d12b3063137845451d2c85f30fb6152256

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 91a348d7438bd688828dc8c143302e0f
SHA1 80199635eef0d67f2568d83342e6639deb02bdfb
SHA256 7a056c0a6e467e6cff15d60526a496de8570aebb8316224ef183697eff667740
SHA512 412c3f4d536f26fdd3758cbaa8fdfb5a3b1d35e37bcb6a4b15a1be0f07e17247cf81339ea903bc433313d3bc56a0dd16599e6e0ae33eb1d4e87cae1ef7c101ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e8d29b40e88ec3f3580b0989e1c05ebb
SHA1 d7e47e366cc107257b66ff833757e7c72baac351
SHA256 bda20e33997cd4cc2a2acabe53f40ba992e4fce004ec14675df184b01d5523d4
SHA512 27d3d46afd3fd49312161f4425df85f838d0f66f6ee4c7c7dbc1f504a519214865dddace68bdafa9a8795281ce903cb351733d413d60f7122f88e1479bd246e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 f9eaaec7001373b0d281a702277dd85e
SHA1 c3e72a2c9205867ecf48aa09ed1a98a68bdc5580
SHA256 d96f2a5f6653bedc4a0a900a7ea8bfb32480a4add7cf2c4ccd1b57a57d08f1f3
SHA512 82900c54f698c1cc6c550d5bf4a73faffecf6e4866c9622b4f81e03ead0385610c50051ce386083ba840210e1a9beda171324a605572ba7720a84b90277c8d5e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cc21a14a16543b7df9ea967d7f9ca8fd
SHA1 4772bbd7c95a539639e06fa8de0d24e666ce8b35
SHA256 9cde52ffc750f9a22ec46c44b1fc0b5ee403c871bcf825c3726023d64d4b58fd
SHA512 2fc87b39bec9185146af049102564729a3f2ba75a09c0bd45a60233110cae8db7d6b7e246b1240fd2dc8c05142ff1c3a8cc8d66868bbca4d193a0a2df833689c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 100e7d2ef6533e203bab7b03d2c15943
SHA1 2d6a7ecf9d609322e0d4c8095dc1fcc5abe0a1a4
SHA256 1e759017b1e8ffce8825d81bab2540dcd6c34531ecf2d54cb77ff06bafa97112
SHA512 398abb24b81e95a5490520e8d6670ff2afda205668cda403ec43f35c2cab02aa923357bb0ec388855f6b2353033298539548ce404b872213dc17fa7bf60ec24a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0e8976d3253bb4c28805c23a908004d5
SHA1 348471bb28acae9301207e3eb2d0839d926eb994
SHA256 1e15385bc01a57d5643d03e39fccf576a23153935fa041920f8e466fe758f764
SHA512 370b336c95efa77ac229c79d6875580a2e7b6329544d74f1534a0b74a073d5d089bebdcb6f9619d76aa3171913ed87253610562351839ee147bc94d482a09c1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f83148081836e069b32fc72a9ac8d1c
SHA1 7b3a06729d1724c50428b0a1a34836ceef04a816
SHA256 9b0db6189b9b1b92ccaaa60b9693d8412be82eecfbeaa7417fa0e06ea99164c9
SHA512 77f6ba669de072ccdb1ac45014f25405f8ed921e8f52bae0ab257546fe4ea3b6a837039ea84b9f865bf5f91f6db0b43e444a657202e08534301153ac60a1fc23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7286cae90079bc47a1caeb2ffee79d32
SHA1 dc2dd20f79d0ad0f3119d207c0178dd2c7364e5d
SHA256 5ac20b229d65c22bff731ce126bd0555a49dced929ba86ea1137e3496aa0eaae
SHA512 8003873fa7cfb4ae6074dc99b142c3e789694a96e37bb442f4188c9df4c32724038a6c299e560f4f5bcad941c4ed66fbdc98fe8abf477b65077b8c371d7319d0

memory/4112-1619-0x000000001C640000-0x000000001C760000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2387acfe7d0fb5907834e7af73a5c72d
SHA1 ae6e473a4d6df8bb4dc22bf51c001af707c57e69
SHA256 9895865e67f24ffed20b10d26b11ef894eaab339426161b095f2aed373e295e9
SHA512 d7fd73f7c336b5afd9063183429f6bb9afc3dd3a22eaad62d8db38afafd0ea37b241317ef3ff7e911674fcd54881b055fe120af57fe1e1829900f6c20b7b75c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3abf965243c56889cd26ad8c941189b8
SHA1 baaca33a55ad3eaeec78136585816de83fd794f0
SHA256 57232d1ff87fe04b4a12992c59915451046500ab262d277b0403e48b935888d3
SHA512 3c0683212b1f8c3a4ec1c7a46112c19820df07fbc598049faae8a78c54a06b49ee1dfd2ecf2c83ff3d1d2cdbc0b1371467d25419dd31d98cfdb60c50c2b46d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f353447da15b2b8d1a0257149972ebd0
SHA1 ec63899c03b0d940dc7cd5186384bd0efa6e8d5b
SHA256 0022677afb7abe2da4420c147f273df4235a6ae09285f6c16ef3a6b63e68022b
SHA512 14141eefb2b50ae945ef01c9e26a51c18c2fc11c932b2083e14518ccccc3319406341de03a88d384ab3963b09fc024eec95c091cbd34a44bc6af3254771a61fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 029a9ec434f8459795efd62b02b6de16
SHA1 d9d60ad133190ff577151a49c39ecd8421bdaf12
SHA256 2d5bd292a70be71faede5e9b0ff12bbb9972bec3a99aa30b74987c2e07ba07c6
SHA512 997df821b072354d0a4c3be3a608fcdc5ae0ac08fe151a68fd026b75ef5c4dfa3828eabe434af52e0a842345134bb89de4d87165d8dfc165fe3bb2c13aea37c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e7713779dbc4efa46db5d94c21277b7a
SHA1 7d00ef0cb816472e69f4ee386cb974bcf4e2b3ce
SHA256 293ddca1ce3900aa8db455bbad673948043b6da3d039b3fb62b3a8944eb1c3ec
SHA512 d92c7e4f199c129041f36c704756a07584229c3a816627e1320127079a247a02c0179982df9bd2599a4a3919049e0a9ef1f0e3a3c7b1b21ec0d3cef6dcd2dad3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7f4d48b96d61d8b7a628df5439c058f
SHA1 a54e8fe76f478dbedf4f134ad9928b5b2df9ddf8
SHA256 366501c10075eb0dc3a5f2c924c3d208258f8698c88314171dd69b40d8aaf998
SHA512 b21957af3866fca814947ea8216c2b403a5b2b7539a7ddabc7c538ea5feb17792bd77f3402a40123a53a7f304039133be59575b972220be3182d4ce61876a43c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 404be6036eae4b1d6dc2ec5fdcc35c5d
SHA1 07e30111fedd53e9540d878ce184f0ff342434a5
SHA256 8db1b1bd0fa3a7b1043df37a64247702ed956630623fdb1be135e5576981b2f1
SHA512 fc3849c9c598de18de22cc99fe7b17d7f10c6b977bc7a38fb909a798088fe0d0c9dda475347f9d533e6e710f582fe37fc5ad9754fa91e9f12e84c2555669ebfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 36c0249e9ef3bd8dbc1599b5a98c3dd6
SHA1 e75883263a9f2257dcca7fce9570b5844b85061f
SHA256 380ef95f244405c8c9bf32aedadde1380b8c52639cb7969e96702ee23231c530
SHA512 a497508a83e91b84a42493a6abfd454c4b18eba63b8b296919896691ec02b40f35a8442107f1f611a0a9e8ee9f05ca9a93204a0f3ad4d382a76039094ee135cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acf9cd9e8fe6deb8e06d022b4398f709
SHA1 862c03ab3fd9340d4451a4b462917e09e8e74a9e
SHA256 54aa4073e240c50a2c4f4c9d6fa27e92d74de4c5d374d87c179e4ef82e411f31
SHA512 9af5c9ca3d9307253ef166d88396be40ca66cc8da657db1ddf751c42362c07416e2847b17d04a101e594607cbe8fbc4bfc59c287105548b6c9daabe390fa191c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c723821aad670a6aa130346761570f9e
SHA1 b99121385260518dc22bfc2090b8d57a6b537a33
SHA256 4092a99050bb43db5fce861af47bc587a88397f3245135b891c64733792d1b68
SHA512 7192b5ec850ddb1ad0c8ec5347af0c8b534bf06616d4846706416842164fd22de499bab31b5b532226744c02a6f564a9df7d9c5adae1ba21128aad9c71f80cf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 73d87f472b2f09a5070474111178ab2a
SHA1 402d648030e613e0bd0b070cd4835523bd87c102
SHA256 1a0503b282b68bbf998bde670960c4d546b676419b34961b08c980a045db28f1
SHA512 1a4afb2409a13f55990b6156a91d48a43ef4b6b48e454b178dfec6b6d062f10fa227294ebd60ba076e773fed45d51a0c770e23631d50a2f0420389280a65639d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d72639bd1b029ff297695e7af5793719
SHA1 b872790cece5a0563f0020c4e43e29ca75ba99b4
SHA256 7eb2cfebd6a61c6fe459ad0cef9af8e253fbd33dd3a568bd108a93dbd8945da8
SHA512 9ea962a344a9451376a677eb04fe79e61e2d33077ed24c203effdb7a7dcbcb3a1f818c85db2655525f76e354f2c54dd7f4ce6d31283c38fcd7c146775f737cd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3b0184190b310903648405672f39fd6
SHA1 8c3dcd8ca01cb6abb4bd0b0e5b22f48e2bdea75f
SHA256 ef5d3e0839082ddb6ee58358f97a43eb50ceb0d76eba1357f1f71e271d4e8316
SHA512 9e283d696701157bd2d890427fa77b12e81ea37a29eaeaebb69920c8dc24c59de36a3c850b04fd0407f1444e5307f543cdfa80e23b43cd62e832cf403af922d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 226ef535da25de2ad243638febe861b1
SHA1 cebbdc17a840d47d5731753a39878833e2da7460
SHA256 d0505670ee407ccf4400a316aacfab8efb036a34362e9c01bc537b9eb8bbce65
SHA512 725777ca37d9b6018a8ad3ebe0ac20760661de531702a1b8d3f21f64ad3bd4b39bf7b67349528e4003662999c7898b9061513b2c6a78f630ee604499771e35af

memory/4444-1947-0x0000000140000000-0x000000014086B000-memory.dmp

memory/4112-1950-0x000000001BF80000-0x000000001BF8A000-memory.dmp

memory/1624-1951-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1953-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1952-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1957-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1963-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1962-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1961-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1960-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1959-0x0000029061890000-0x0000029061891000-memory.dmp

memory/1624-1958-0x0000029061890000-0x0000029061891000-memory.dmp