Malware Analysis Report

2025-05-05 22:37

Sample ID 241229-18ldbaymcl
Target https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Obfuscated with Agile.Net obfuscator

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-29 22:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-29 22:19

Reported

2024-12-29 22:21

Platform

win11-20241007-en

Max time kernel

142s

Max time network

133s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Browser Information Discovery

discovery

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\xera.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\xera\xera\xerav1.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3108 wrote to memory of 4184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 4184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc06ee3cb8,0x7ffc06ee3cc8,0x7ffc06ee3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\xera\xera\xerav1.exe

"C:\Users\Admin\Downloads\xera\xera\xerav1.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/TzsNVCW2Nw

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc06ee3cb8,0x7ffc06ee3cc8,0x7ffc06ee3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 89.44.169.134:443 eu.static.mega.co.nz tcp
LU 89.44.169.134:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
LU 89.44.169.134:443 eu.static.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
FR 185.206.26.89:443 gfs208n179.userstorage.mega.co.nz tcp
FR 185.206.26.89:443 gfs208n179.userstorage.mega.co.nz tcp
FR 185.206.26.89:443 gfs208n179.userstorage.mega.co.nz tcp
FR 185.206.26.89:443 gfs208n179.userstorage.mega.co.nz tcp
FR 185.206.26.89:443 gfs208n179.userstorage.mega.co.nz tcp
FR 185.206.26.89:443 gfs208n179.userstorage.mega.co.nz tcp
FR 185.206.26.37:443 gfs208n127.userstorage.mega.co.nz tcp
FR 185.206.26.37:443 gfs208n127.userstorage.mega.co.nz tcp
FR 185.206.26.37:443 gfs208n127.userstorage.mega.co.nz tcp
FR 185.206.26.37:443 gfs208n127.userstorage.mega.co.nz tcp
DE 94.24.36.79:443 gfs262n369.userstorage.mega.co.nz tcp
DE 94.24.36.79:443 gfs262n369.userstorage.mega.co.nz tcp
DE 94.24.36.79:443 gfs262n369.userstorage.mega.co.nz tcp
DE 94.24.36.79:443 gfs262n369.userstorage.mega.co.nz tcp
DE 94.24.36.79:443 gfs262n369.userstorage.mega.co.nz tcp
DE 94.24.36.79:443 gfs262n369.userstorage.mega.co.nz tcp
FR 185.206.26.37:443 gfs208n127.userstorage.mega.co.nz tcp
FR 185.206.26.37:443 gfs208n127.userstorage.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 162.159.134.234:443 discord.gg tcp
US 162.159.134.234:443 discord.gg tcp
US 162.159.138.232:443 discord.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cb557349d7af9d6754aed39b4ace5bee
SHA1 04de2ac30defbb36508a41872ddb475effe2d793
SHA256 cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee
SHA512 f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

\??\pipe\LOCAL\crashpad_3108_PBCGOGHFSRHQXVPU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aad1d98ca9748cc4c31aa3b5abfe0fed
SHA1 32e8d4d9447b13bc00ec3eb15a88c55c29489495
SHA256 2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e
SHA512 150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5e13ffd4e38e6ccba231232d174f116
SHA1 861337f1c3a802b017826c072562e57bfbcd1c44
SHA256 bcc1efb8d74e392b3ffe2fd88788129d9e7dda5f14bb23aba5df87a105a8fef4
SHA512 61b60b7dd64feaa0e16b82e0e6f5d7a9428d72ec860eab62a5df22518fe182a18cda593dcf59264fe6dca7b89d2e9b91a07ba91b1b87e22f2dd93e1ed25e40f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4023ca6dc3542144eae77993f9dfd800
SHA1 cb23ef3cd43998007c53e501991a9dcaa504becd
SHA256 b05eb1ecaffc15f7c1621fbfb8f40e403cbe16e9c0b935de9db22130ef171b81
SHA512 254adc027c7dbb434073e69da53e15b5d7767bada2c61e05d9a30884754ec81b0df65ec29af280f56e435a2e43cca0c2c4813fbe39a74b5d579612799847348c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9af7bcbb5655efc8e8db6309e4671348
SHA1 ef70adb55d3c93d933cdc3608add21d47473bd12
SHA256 45d3d1ad1f2c1e2039258ed544394c9a0087a671e0b39cf00cd3cf2b7d7a9c66
SHA512 194ea85e878afd00902b3c822a48271c7d217cd5b471ee315ed10d2daa533e56b783fc10ecee7cd6c1dd9ef4114e40387df87759813062903fb9fa6a442cea0a

C:\Users\Admin\Downloads\Unconfirmed 643375.crdownload

MD5 1c24930f8a949586fb93e1fd62de088d
SHA1 bce395a44b0254fe05fb25a08ba9a0c72902e83a
SHA256 65ff7709c935ecf3144670cde40a5a07685337d557242cec88302f575cc3453e
SHA512 7847d3d66cd68e1c2aec614cea230fa6c82d6f0e4dbe5a2897296e60de8149c76f23f6939ecfe2d1cc8fd4570fb0895bed88a85a878e2097884f82fe8007ee93

C:\Users\Admin\Downloads\xera.zip:Zone.Identifier

MD5 dfcb8dc1e74a5f6f8845bcdf1e3dee6c
SHA1 ba515dc430c8634db4900a72e99d76135145d154
SHA256 161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67
SHA512 c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 76b18619fa495100887b6a07bd7045e3
SHA1 28bb8c33765c1fa15be7dd1a6418062bb49451e9
SHA256 43a9ef55cea86606e7390785247d9cc9104f015f4ca2e302526949f6a9536469
SHA512 1ef2838ceff2a997b805cb1dfa3f63b46c229591014502601ca95f8dbfce93be307f5d1bcb6d5582d8c3ec4d3175b42489c86f2ae64d68b3cba7f0a56a134f81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4cda2b726f5ac20f8b32e05ca8cc612b
SHA1 c77c7b16c461d6ae8aef4c70bb6c4358cea21ee4
SHA256 0701bd3507857e6ce7aed14b8947724728d753a0bb3abb97f10727201317c3bf
SHA512 6a58d572c72c214ca6e8b616196f14b2702890eb40bd47a0c4d9aaa9bd479024d03f18a4cf146ec50312062f17ed55a35362e55aec57c4ad69a46c14574880e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ebf6.TMP

MD5 30e9505a28724bdc1f7cbeb0ebda3168
SHA1 9324a864ffc5ef96bc0956168b21ae7b1d199250
SHA256 dff8e1147382225d5bdef7fe9083be97fa0809b46baea822d801b45e24bd9650
SHA512 10cba5456896542d4556ad84e299f38b53db37d618882f02371d250772a9b2d29993974052932b83841d5e1af302acb190302dbefc586ac93183c090b15368ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d8eac4d488fdd10922d1c4492a32487d
SHA1 f840d6558670607000f046fb506ebc74217dcaee
SHA256 b78cf3caa9e843c4a9132a2988ea3e5e03eabfb1e4eeabfc18f8d9d8bf4aadca
SHA512 14f3a84a4e82e832ee424c4e6bf844fd2d7461d69fc28a7911ab37edb63e9f3cb21ce23508694a5c60a4262617228e5a6282558fae157051914b106b97ddc8ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3efa10535af2cd74a7f9befac3ce48f1
SHA1 abcfe814a0a4ea510f0378eab634883069f80f0a
SHA256 e90d5a5787a2618deeaee89db26ac54815a8eec3f9c958cf7778aed19740072d
SHA512 098cbb12629838dbb2601fb7540b0e047cbf631e4417f0ed857e464f020f36481ca5c2b8f018703e5218578598c605d926515432230ef9d95b9ac7d2eaf271c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 008114e1a1a614b35e8a7515da0f3783
SHA1 3c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA256 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512 a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4904a5d3b7900656a3d336fbb69bdda7
SHA1 0c0eb9a1e8ea93b35e62ce87b4f5a8fcc07aafa2
SHA256 4c8996f809b955042527a0657d8eda91739b2567e627a00b8b648ded3a521a71
SHA512 a53de4ae134e1af214b70db62287651b7dc43c628ab946d2175ec4427b55e68350533906e016c5ebabe6953296044478f18d163aa4375b95f4ef80fbb7cb6a59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71ffe8a34637263712a04f3d8a2258b4
SHA1 2f393bb8bd68fb0c5e9788e01e2fda8f27262ec5
SHA256 39971a3cbc6566780cd3efd9023d476f3d03be32e9fb4f46cdb5323927c4fedf
SHA512 6c71ab6e2f3ef8702749429b6d854d191faeb3ea14ed7b0c5052340deb2962794f34c509a4587446c1d93abe809553a95165e116f6493b634f89a905c6e7fab8

memory/4072-384-0x0000000000CE0000-0x0000000000F98000-memory.dmp

memory/4072-385-0x0000000003330000-0x00000000033F8000-memory.dmp

memory/4072-386-0x000000001BEF0000-0x000000001C03E000-memory.dmp

memory/4072-387-0x00000000031D0000-0x00000000031E4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 852b3c86a6d00a8d3060b0e512794602
SHA1 587d453d6f65cc18b93d7a337aa8469194cba20a
SHA256 4c284c3b63994d4c70b60f8aee3eb6a30299524a3069fd7a33b163bdef47d8b7
SHA512 5714749c9a80abcda6b4afdc2edd387d486d0011799e19f597a8a40be98cb2af405eecd0d38a39954f772b68508642c3ea51cd97e50222d3d78b68652783d683

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 621894d2f21905aeb9c029008675948c
SHA1 0c6eb44d7d47022dcc09e54c7c0ac651bae32aae
SHA256 c3759c102d942a245d233291352b56bb2df3f49f987d50ff51e86883fbc7b972
SHA512 f63dcc2cee5483e6be5bbfb627df8052e688aac6a79c77313ba55764078f4f694383ca3ba479603814853da67c6c1448b97aa0ce2f94b13baaa72f63b29a5915

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 f62ed2b98e56f9545f9cf56efa4da37b
SHA1 dd2f49bb6b32b399411b5aab8a9786cd1273de37
SHA256 ec9026c5a8c96bc5f62506cab36711f065f3bc3c8587154b57680fe185166dba
SHA512 acad29f2dcbf24816af9ae8a492fb7d6dc84a1716c1d605bf295b8b28dde8c9061815036fa402b9d9d5042616d8f2ffe2c03bf44a9a2c14c80829a3da2bce529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 3e6364411fb2303e0d6419f3316ff8c3
SHA1 6ee8ecb2de9d69fdc28ef02ce31a2cc5f8dc9373
SHA256 2cbf8b6cc314c5d76006f182c0dc116e160b4736c462a06395a092f0ea378b22
SHA512 fc71ab918fe8204bc8ce4cb8b0520c3dd13e3c07b8f0e63b08fbc32f9dc32ff235cb09f25bb8841f4aa481fe9a08ed7f7c2a735b8d8e875248a2fa5f238c8680

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379984363237866

MD5 c8257272cd9f0fdadea44fbb12daaede
SHA1 7177e2c67428b06e997b6e063501d9df6fff0077
SHA256 80c6c17da5e64051801d33040e7ac6df419c33c3c19037707077fc187b8356a4
SHA512 e8f590596fa17053b9c028aa3f3ea723d84c7055f12c8c6bcbc8bd4327e762e9515e990c71664a4c30c25b31cdf3b18fe014bff3d9ceca5b7f262ca482d68426

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 d61f4478ff2abf04bd09caf0450bbaa6
SHA1 cc574cfe0ed854168b9ea04c71018f41a603f66c
SHA256 ddcec686e057ef63ab641e56c99fdc70a59ddf987d7d6a4a0a215b448c826ac0
SHA512 38fb8be23eee44331262c4a767e8f3796450c46be8efa5763182ae7d3479b5062a39f8e808df9571cc1f463d1dfaa139c8c66faeb0ea3f8bd8b543e5a5eb56d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 75412c8146fc5f328c12f2a47dfa33f3
SHA1 5571452220a473a126a1817acf16e37eb2e2eb87
SHA256 58905b5abe7f382101f128ebee8a6ba59f9c2c40cec11e4084677da0af227173
SHA512 257f0177fb174892e797333243ec98c3326bcd0d60ab4e053fe0b602ce006d85e146c883b7f4bbe4374e8859f5cf78d47566a7884c0de2a3065a85826436fcc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 da7a0fa096144ebaf6a8a2ef84efd7c0
SHA1 8e721480811ef6f95b8e0ffc8fed7826ddd7dcd9
SHA256 c5519c28698fa87c5229adff2f1b81bbd6647c1472066d61606081870f568638
SHA512 c27d249b12206756a6f2215cdd49c05bf1b4adde6d4e8244d6fcd4723b05d2df41608703e9cb1ca3f9169816486a0df79f87465189f285fa68651ea6ce62045e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 84fbf1276f120314f7ef1397c80771b3
SHA1 f8673180507f109eb415fca1ad55b60db633be6d
SHA256 016febb23f38fe85550eedc8bdb073c3f55d35140eb887bfbe42d657faa63cea
SHA512 8c07bec7fce5264e7c7ef39d0a4b530783f3389a631f7835e0a9663b53bec5d83407af4df96199fce34681931fade18ffd4e48768e3ed96d2c49929e0f741784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 18e46602014eb02065e054719623beac
SHA1 643244511c9bfe97493c011bc59b3b5195b88b09
SHA256 db949ae0a218da6b5e53da5ac42a778113b4d41102f398d27563263ca225816d
SHA512 5f5d6039676f987a422cc85734824f0b2370fe8941197c593ff0811fb724cae6b6498e8e9b15c45e517fab4aee397422ca0ee8b63a20388e8f356af78dcbc714

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 a3ed0c1be9561471582f8011a143fac8
SHA1 d02c72734e0dc5c66dfb6b524ac092ef2decf38f
SHA256 a177678107c485c8766613b5dfbed08caa70d570be2fb2485eb9f6c1d3718875
SHA512 f14f5a4bf65d0f9d1bce077e6405c7ae099a499c04a053277884b79c718b70a6eb44039fa6eca94eef8b78317c1f3604df0189d8e8458ca01039b59dfddaf487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 13d3779cea804b18a3cfec98abff59ea
SHA1 f9632651c19c90a601eb6dad95f7dce1da58e15b
SHA256 0100c012f6b1e81b69a4f633c66dd714b6bc5f07416efec844204add455cea5c
SHA512 60902fdeb767d8a6f3f221e7d398f5964119dfd275705641ddf7f1e9209cd9a342c355f64a5baa2eae24290792803f456bb31332cfe126fd30f710a09cd0e6b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2ad92cd4f23cb4c9aca348dea2ec6363
SHA1 7ffe3bc242a16d616668c46531ba45b9b8409cdd
SHA256 b4f9094535a0d97ad33d2a82dc9495a90f80f49a8ffc21f579e1713736b73529
SHA512 6d2b711739bfab13daeebac060d6c9b202d572ce2c8901092e6967ced1cac97111d040472db81b30d86fe8279a4433240b6393a832e5bf67a73619fd41187312

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d93605c756d97110c45bd2a8a91f872
SHA1 d906b67b316541a5fa74bc9c87deaf306c079724
SHA256 9a6a29947cb715b20dc84690d34ed5c9d34b56883be2e4f93d7951007e68b4fa
SHA512 890e9adaf7cabdc4b6bdf0110d4fb26975435c0dbfabfac8662240b1d792a451a94d2ab904701280b3037c68be21081b7460b7e1e2471f7afad54b3320383f9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 5970d3a421c9695027a942184fe32b86
SHA1 991c7bfdb2f69c701f46235ee7be817cda57020d
SHA256 42684c2d2644b61a28cd287cb0bc7dc538f1a208f7b79b7a367724edf3ab2144
SHA512 fba2e83a193ff24efaf15201d09f028156100a058ce478f588f81a223e09b1329180545e36d731833fdbccfa6c3c4462026bf2b6bb695cdaaa0ef24144405b95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 a3c3f30109d9cf693621cf663018f88c
SHA1 5e583496237ed83230b7c83462c7061f288f6462
SHA256 c5f07e21163fc7eb62267eff75585c228353bd039cc8c3e5e981fff96d9d86e8
SHA512 32cba36bf3c3c25b6618a15bdf057c9db856f1c6ba292b233cc2a7a87fed3d170609c546bf07474bf9eecd6cb3c24dd9de06a9390db63f4354b8152f83c1ad3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 7e86d5c1bf2ff36b15bfbd8fcf748b16
SHA1 59a1515ddff8caec85c4f27ffb17b69a42ec6226
SHA256 82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856
SHA512 943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 2a029687e73114ebcb4fad10c0114e8a
SHA1 f09cbbed46b9f8c731568bdcee13024e89bda397
SHA256 fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b
SHA512 211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 371acbc285b49822148df22b8a2cab3a
SHA1 505297dc85b5259977f05b653d7a80235bfd89ac
SHA256 1d77b2b5f17f5e215971200dfd6434931a520207b83875b1d7f3d0e584efa10d
SHA512 966e2201e084cc433480909d2f741f9ae48b10f38b8a1fc7db072d8e36a8f9c80c4093f36abc8d6de7965ea845692b1a8d310bd1af705f09341d6fcdc985151b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 a98076a8742f552421fa1a698d5c1aa9
SHA1 9943f40de1a9058f79153486b7336351d0d7b769
SHA256 cef9a522cc7b6554ec85f788684d1417dae2a4f3c5448f35ed4f3132ba18d36d
SHA512 8edfafa5d4f0d2bb5a105fdc8b8b42f2705bd4b17fc733f5d4b072c32798e92ca2e05763fbd105cd8f12fb62db20af45e1b6e09cbce200f20aea54211553fa51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 f7f672170f817b98fd1b4c2d728bf4b6
SHA1 eefb6a62d115936976cdf891c3d3df3488353593
SHA256 769a79a90804a1ed37f0dc6cbda09d470f0d395f5b4f6c7e636b987a34f2545b
SHA512 f024927c2b541f5c515573acc698caa6b6568ffc7adf3972c03a96bb75b0dd916fdbd2c4439cf1f91951040f15674cb5d283eb19480bb8daf44b8f4179bcfd66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 88f59b67373ce6faeeb618de325eea99
SHA1 045687e066c93fa5b368a3c230779b1ac06826e7
SHA256 b85da6d538d80c0fd0f552e435bcf341e4b49d6d6ba4d9691d0b6f927e56b4c0
SHA512 bdb0950eeeb64788f5a397359c3e84636b510c51b76deabc8f575e29ce4412c2e009acb127c9ffe226df25e9cb05759eb1ecf4d3c33ea422ba62ab532404798c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae2081642a4af49e42cf7afdf5924a03
SHA1 1730dda4057e2fe145665c19198a7e812a45b41e
SHA256 3ec5011fbb542af1332d867677032e6ca2da9cf4a9ee1fa641a567b96282e686
SHA512 2e2b8420a97bcd268cc23940757dc2084ea4f202978de9918d98b7bb57778f3ab3275bf3d3b3cda58bab12c42b87f1a614ec568cf00af2bf23a2e20a475e9283

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 5ea7216032f1458c3be76c139f2ad2ad
SHA1 9a1bc5d247ea3068a16a9d43e8a588c26369b27b
SHA256 eabab0ee01f3cdb4759f9ff2e77afbee7c175e3244040fecf36f95009e0aa76a
SHA512 bd0bde94cef0ad9823a470c391a4fb336fb3ef59f59638dad4f1293402489be570df1a48daf98a56e032f84ff29b59aa1e26e78f36109f2d0ab3b2ea45c0f6e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 cbbbc7d124422e9d4f01cd5d60d375f2
SHA1 95773ed618cd2bce247380ebca39a43f6de1279d
SHA256 04689bd146ba13ab074d1d0dcf0502f9210140ca573729dba506bc30b2bbe52a
SHA512 f36809389d9a627b9adbc63a44d6007a0f277ee9be82d6a6beadc407f6e23cb450454cf20aeac9d14f621a5d4bf0cc45352312d1de2d38b615d977eac743d528

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 55fa2e1e7bbab2177cc3ae15e9639f75
SHA1 af9671a320f1d269feb45f5952058db4efc4bb4f
SHA256 c10535dde8b5b26fa941b518dd4092ee11cfe5b1a705f516d6f146815b8b8d78
SHA512 30bf2c2384cc5fc0a7bbea991da728a6a85668d9166e535f03ec426c5a3bcc55fa1daaae9b5bf26d93bfcfb45549f18495442a9961948c45bef528da7e07fa30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 9565600639fdca3110b711a64b6c0f8b
SHA1 f6a1c1384ce83dbdce0b27c3cb3a104eca3adff9
SHA256 59ed66a3a27ae4b5a5366f7736195dbbcba4dd4d8f7b9dc1cd17d9bcbc112916
SHA512 22c09e7f1894c24a952222734a069a80c53d5cefce97271c3413ed6d5fcfcbcaf7324b3d5f6f0ba9db55d9b53735ad9f6a365b68a17c6debb90e04acf3f3dc55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 eaa8e2c251f108d4b8dee1995707db7a
SHA1 264901adeff28012c9bd0eec8edafbb3dc7e3be5
SHA256 8b07a402fab2f48227aa7705139f3c232bbc9db0f1763b93b353ee1b4ebede48
SHA512 c7436efb5b75cb1121e8f253cd513eb16a668bd66bfde009d1e84885f95adcade4862fc78af48e0f7c33b2c51e092e411756bfbb4ca3f39bfdb78f12eee9aa58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 f3d5f161dcc1a8bd405cf47d1802c52a
SHA1 e762fe3cfcc82eae41fe27e1ec07c1a1ac7b4793
SHA256 b3c03567a32d663f814ffd6a68188709ac9fbee2f6c3a80cdb6e38e8b9e12d0e
SHA512 19460846ec942a7eae889dc6a54fea6160aaed65159a96d0bd29da7c7cec2a649e31cc39e8839ea5c8ab309046e6efe34665d764945232c7623f55fcddf5621f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 48e7900349f06e3bf146edb1ce110316
SHA1 59c6ce65086807249669e6110951b7dbd5abf5e2
SHA256 ab8cb59bf238edf0f7b0b8ac89f709a74e9234589fa526df1c98d1ef33fab2c5
SHA512 85beeae4744b1551f671b5d0e40b4d658b09ceb2d4679cd5cae636ffebcc7defbea171ebc1b4c6c37d1793220b414cb3c90028553171d5a9eb6827ab1763a1ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 3c000f6f9dc1ddaa10a24769a68bda68
SHA1 338c348f56732e159893438ddbf0569b6830aea0
SHA256 ea59f5b3c8f5bf7405fcebd2f10112188e228f7ec950c7886498f1d1f27a293d
SHA512 790c0e2f21db577435b254c2384e1ca992c73fb5856b12dc03decb64515e7e3cb373d79391ee9a54532703351ad91cd2213c195eb8d60f95e7beae98557e0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 53809c5b10bc3702ddfcdb479402c551
SHA1 0a8435aa6b64218b3e57feb7a70ae2cd523af8fd
SHA256 95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8
SHA512 302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 4b3cfe3fb13bbcf4109ab7f2a3c3e0a9
SHA1 415dc5bc2ff8997ec006f944c267304415b65c15
SHA256 c6009f41735e1107fe56b8c90e75e1a5c6f49c66365883eb8df1551e69263abe
SHA512 ed832bee74a0c8d892071f45b539d9936e154d86327d757a7c9d7897caebceda75910d92167476a199a004fdb762ea9ce53444168738c54127be2ec868d3d790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

MD5 2b05993e25820ca6de46c3699dcd3749
SHA1 b9aac78da85afd7b018b095f38ddf2c4de3aa286
SHA256 7907f8d2d1daaeaa14986a1d154f5150cf17b771e44ef2af6b38ed952c147c37
SHA512 bb1133cc2a4c1d33d1127c00c1b854c1a62414e4609e2c95d1184d44eb44e64184ea7fd1a88f8a5dc0a62ce7bea0af871b0bfdb270c6c5933871d682be265c69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

MD5 4d208bf16374e0766605112cfd4e1503
SHA1 8a58fd024e65e427ab897c0bddf3c32a72dbc77c
SHA256 86f7d81683ebd0536c044564b251a36fcca5194b316900dd37bc336e7cfe0296
SHA512 ce15088597809fbc562dc2fd4c5f99864418c6ad129b23604c1c7980f01a883caf8053db692af41dc751223df69eb8f55e5910510a7965c56f9f266a20c8a4bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 be88db4df74be0d3e44b6ec79b74e76e
SHA1 def8756724d83001203333ca4333e4617b1715c4
SHA256 81608f8ba170e3e6de780d4a9f8d00de2e192ac503e793210f4978a772044805
SHA512 2d83378ddba21ab289249b3b6e7f80786f1ac101f15ff7cf3f21ea2bab703b3c9f57e22111101b7bf5c7d12417a383ba074de914167895b49ed558db0e490bde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 709129e159cf0f55c57884b1fd217b5d
SHA1 c4a1ba04fb6711060ec30618a4b2a5222c045ef7
SHA256 d8f1e720fbcbb52ea51ece50674ad02d0dbd253dc281c1d31230812d646d4f4b
SHA512 728d2bb4fb4d75ddaf5358ff8eb0452df166c4a701c89409dae6eb147590e0ddf423ccd26f83d08834fb0b6c6a2c79b94518ea39ce67e3bb3e4520a695f1f81d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e8790e3d936c5c5f44636da37f244d9
SHA1 9208e0b61ace07599802bf7642e07aa0d6d4ba35
SHA256 af3e030b454b40d9a23f086aac4b56ed38509c26f12b38c2d81219fa9cbd1704
SHA512 dfe96c5d1199cf40b358dafd8d45422072f2d25a36b6cb828c3203e83c96f271243be0377f7729845450857a8f63879f54ab7cd6ba586efebe0cfa74934249dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d67f869657ae13e6ec7ec18320c93e4
SHA1 1304befa217b1e618c6f9632d5c66207a802a567
SHA256 1a06a968a9eecedc3364ba56c4978530a38917dc0eedfa938d43ec4b2593ed02
SHA512 906554a9f9943645d2a2650d23e741986aec998605bf93014520f9e38dac281d7166ea6d530b498e5cf039c33be78ec52e57fc9fa8e6c590c8e011226d907cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 99a5aa8b6190d8b44fe263686eadfefd
SHA1 5722a144716dbd0c9f662f71e8446d75d65437e1
SHA256 6dda5f876dc8478ed3b0c28e2378fecee5d0837927e21619d6474ba169740346
SHA512 827e3e13ea5d2894567c398db7cd4e954cca2818633f74831c9f2de2b49a1505041ec23e2c866644a2e64ef16224c5f9917bc7ebd03c7210a1081e2ddde07b6a

memory/3500-550-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-552-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-551-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-556-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-562-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-561-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-560-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-559-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-558-0x000001BA82700000-0x000001BA82701000-memory.dmp

memory/3500-557-0x000001BA82700000-0x000001BA82701000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 1e7dd00b69af4d51fb747a9f42c6cffa
SHA1 496cdb3187d75b73c0cd72c69cd8d42d3b97bca2
SHA256 bc7aec43a9afb0d07ef7e3b84b5d23a907b6baff367ecd4235a15432748f1771
SHA512 d5227d3df5513d7d0d7fb196eef014e54094c5ed8c5d31207b319e12480433f1424d49df759a7a2aefc6a69cef6bf2a0cc45d05660e618dc2ec9a2b082b7b5f7

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 b5ec1c651d538125bbad8ae7b5878883
SHA1 fc51a9862cd962c1dcf92da77deca73aa79f0c04
SHA256 7e4836c483ec272727cb1e69f6d1769be0f8ea3783dab5fc6846bea18f8c5114
SHA512 ce915256b7339ce5ae8c12864b66f8c83c4ef31185e46d5877776a4fb21ae18a58c742af77312d54ca77f42d33c63e9b6ff868c078d11d423dac4b72cb599f2e