Malware Analysis Report

2025-03-14 21:43

Sample ID 250107-stkjgaymdm
Target http://github.com
Tags
google defense_evasion discovery phishing pyinstaller
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://github.com was found to be: Known bad.

Malicious Activity Summary

google defense_evasion discovery phishing pyinstaller

Detected google phishing page

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Subvert Trust Controls: Mark-of-the-Web Bypass

Detects Pyinstaller

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-07 15:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-07 15:25

Reported

2025-01-07 15:40

Platform

win11-20241007-en

Max time kernel

840s

Max time network

887s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com

Signatures

Detected google phishing page

phishing google

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\pp.exe N/A
N/A N/A C:\Users\Admin\Downloads\pp.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\pp.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\virus.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Best-Video-Game.htm:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\DownloadExecute-Virus-C-Windows.htm:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 783839.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\pp.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 333776.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\virus.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\666-exe.htm:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\MeBeast.htm:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 868 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea0433cb8,0x7ffea0433cc8,0x7ffea0433cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3628 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8

C:\Users\Admin\Downloads\pp.exe

"C:\Users\Admin\Downloads\pp.exe"

C:\Users\Admin\Downloads\pp.exe

"C:\Users\Admin\Downloads\pp.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3532 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7296 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17126439270478597786,4820802980178374027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.187:443 th.bing.com tcp
US 95.100.195.180:443 r.bing.com tcp
US 95.100.195.180:443 r.bing.com tcp
US 95.100.195.187:443 th.bing.com tcp
NL 40.126.32.74:443 login.microsoftonline.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.213.14:443 youtube.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 play.google.com udp
GB 2.18.190.203:443 aefd.nelreports.net tcp
GB 172.217.169.78:443 www.youtube.com udp
GB 2.18.190.212:443 aefd.nelreports.net udp
GB 2.18.190.212:443 aefd.nelreports.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 46e6ad711a84b5dc7b30b75297d64875
SHA1 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485
SHA256 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f
SHA512 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

\??\pipe\LOCAL\crashpad_868_BUDBJMRMUSNLCZHR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fdee96b970080ef7f5bfa5964075575e
SHA1 2c821998dc2674d291bfa83a4df46814f0c29ab4
SHA256 a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0
SHA512 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a82e6a82a700954e62b607e36e4b73e7
SHA1 3f233d6f80b9b9b5454b5e153b9a0e2bf1324851
SHA256 d64ef4e8c4b91612c175ac890adfe49d565f1659a8d9b711153c6642c13892de
SHA512 c2767f9a2cc5a54884615ddbc0fefef0e331f2a6e46f724e00dd7756d4e202017742dbbf66b03c4d2cf782b457771c9978da7f289d03f5f3440b8b72d66ea03c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0e8c4bedbe70cf27d82d6b4570a3dc0
SHA1 94bb29f841dd7a8b867aa138d107053061821fda
SHA256 74a6cf133bc0fb32bdb90d039478b5e2be119372acaf3688551c6aed5e1a9ec3
SHA512 a9d267b6b354ade9e09e6ea0ed3898974f79165c05b3ccf162e96dca93467ebb3b1cdb515a42950a5927b821f597d864fc3d656abbb8e188c6e0c8ba2be354de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e9006bc348e9030d2722a82bdfef02d
SHA1 918f1197f8d7c9c2206e74de494287291ebfc8c3
SHA256 101fe2ad2eff94f205634c430ef6e3b0e80502ba306edd2f11bcee1f6651643c
SHA512 7e296559d86c6eb39e97737868295c7e74c1f2bd50149a3d29aa163d675dce42fc293b466d0fff66697543eb135c3ea5c1d8e3b382d2b0645962e23bca184f48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b50ec3a8ebd262391b9d89edc3b8d6a3
SHA1 2bc13a8895a9132a83462899c7d9acca55f85cff
SHA256 194ba941cbcc0f24ba3771461f2266978711a3e363455d5811594c293fdbf952
SHA512 bf2e1d41ba6c43c07c459f52c03d757217a094b70841ff750b745ca43950ed42a6bf1e059585560a3b04ebef684f885dd156302ab779da497688f8075efdfa97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2651ea12f931238db7dde37afa64e6d2
SHA1 4e5d6e25ea300c65f6162c9071cae675b1695703
SHA256 d6a0467d8b3bf1c363e188a9962242251f1d0a8f25c6ef26e26d24cf6a29012d
SHA512 cd6c1a97feb9805894b7ac4fa970efe9d7f42665acc3738cf8d54ccb45a71fe08caee061e000e1661228a83c004de33dc25a7c4731f079f60558628509231725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb7e.TMP

MD5 02149a4978dd50e3b4aac607db5f1d59
SHA1 e699c0aaa5f1df8e31bf21a7e1ec149a4bf3b566
SHA256 c971d84c16c1c97c222163f85ae2a67bb859519a3a39fc8380688ada3c21de4a
SHA512 ed92e17f9ade826e2787e0034f0ad21f2fb63ba9de26cbf49180843891f7a09f62c01db42b511239b114aa40ee9d05b9e19b0e51f4afa9a23beff6c60489ff19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69113f100926908be5fb3d68250855aa
SHA1 135d4c4caa536e4208f7dc744a009e8f3c0ecc60
SHA256 8de1896807443335ced3557c558f895e72275f1705f9ee0da655df2d50672f55
SHA512 f16ec77bff1110590e21940d382b4b7ca25394d0279ed9a7e0dce5b747e46c06148ae1fe2a2aa305f9f2811dacbe90d93a9b8aed1a35b6b1a233e6a418ddd57b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7d54dd3fa3c51a1609e97e814ed449a0
SHA1 860bdd97dcd771d4ce96662a85c9328f95b17639
SHA256 7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247
SHA512 17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0d04ed83e4be54076cce46df6cfb59a
SHA1 3554b3f031f286d52df86772d95d1d6f63bd0881
SHA256 52b9a25425ff165e954fd303d82c957bfe2dac805e9d8466e1a4925c977442e8
SHA512 9286e935478294875a98dc84c3b8e2f5cf6f0e4ee2a292e52cabd56ea091af74f19a590529a182fa92ad05749b06c009c11aea1c640cddc30a417d8b077d7ad1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da7054048714bc7e4dd0926bf44641ba
SHA1 705360312e6b230b9deffc66b982def869df3d30
SHA256 1aacf9a689d8887ffbbcf80fb1519a01d3083b4ca26faf74c001519d6f131064
SHA512 f92c73714c6685daa7a2b8845c524c1e58b80f3702174cdd0e79e053286b032be68417016a8ff19b3efa1654da69257f7ef76f396232d8100ef49eb4a51bdd7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5701956b3e0058812618dd2652fa58c3
SHA1 1bb9037f9b526b9d83c8add3b0c7f97defc826d9
SHA256 6606bef69e0efa9c4993de21b2390ba654817a6eb0235c8489da3e6f0fd61053
SHA512 c964c7205344114d61ed69bf269cfc694ff41fa55700d52feb1c53b5152632024be6b84cca0c8958e074390227f92f8fee9538e0171784a3718d1f6cab79da03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7030c679c546a5bd2350121da1453213
SHA1 b0cf0bf4a130c5ee642e9956522613eae69723e6
SHA256 244d5105b18050ae505258b95733d0311e976ca061fd518437e8d386f61af332
SHA512 3d0486a2ba59496d8625158a1909b6730973462370b73ed743fb963da2d0fa013556d97e3281080de750d1a91d452f253bbde9603595a0392b1b13677803b3c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 24d4f78b68d5c40bd6e277a58bbdc20d
SHA1 e7434ddfc534b3a9add0cc35e1d927ee74373ec1
SHA256 ff25770b208e36be8eec11a5e4370a6114b04113f6a933ae4403e1092ed167fb
SHA512 4f5bc49fa1abc7dc91672149de98c950d899c6d2aeb919611d8a1bf3cbff28722df9e5480dd9e572be1c6d0a9ef166d4b081bdbd0d6568b94860151c4fec41cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 b9cc0ef4a29635e419fcb41bb1d2167b
SHA1 541b72c6f924baacea552536391d0f16f76e06c4
SHA256 6fded6ba2dd0fc337db3615f6c19065af5c62fcd092e19ca2c398d9b71cd84bf
SHA512 f0f1a0f4f8df4268732946d4d720da1f5567660d31757d0fc5e44bf1264dfa746092a557417d56c8a167e30b461b8d376b92fbe0931012121fac2558d52c662e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9dc3bc9e-96e8-4ae6-994d-a69399cfc227.tmp

MD5 3b891dbb28e9eef18565871ce81d161e
SHA1 4148e81c743b94281e0a3868cf4467c1c56126bc
SHA256 70a1579a7d5fe73ab0a5784d057c86443538814426b951d834388248e7712931
SHA512 277783aad3757fb4955ca403f44762dcf701e5f9d33cb9e61e0f4c6056ac618a94a99e089e937c62a7add107af7523fa036a68929d0d3f55c127905cee9a8370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7a6712b0a0f2c41e3b60d37fb0e7976
SHA1 302fdf33cc77bc0a00600d88c209968412a4075c
SHA256 4f70f587f9c3a30a2820959a0e5ca1ec263c41b3068500aa0005acaf1ff058ad
SHA512 857a84577938f3e1cf6ace6357b35da6d0b9615a9c57d86073cbaab79a429476911a582d26f43c14d2c15e18a4adf5e8a23ec3d5724008affe5ef846a59892c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5c14792fc5f736a4f135146a2a6513a3
SHA1 09a3eb091d6ee9bad113884dee6a2b3e983501da
SHA256 a940de26b9530867149c3f0ef278e6f0fae8996345d495378b6163f492afc7b7
SHA512 4fac7253238522fa9c40df23b402cb5cf4e11e9b7b37016fb7b5644b8732b63113f0d62d44206413a350ca5130b22cec06eac9ca725bea47bf848e40f33ee710

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38872bae5a3625b00ef95919f92ea26a
SHA1 250c3f46ee5e9fb248f8b43e2a0f0d2153f06861
SHA256 1fe7a7cc4e8d308cbed147cdd19949beb0ab314bacbf63348c291e1042f49e89
SHA512 7644493e2a8a553ab2510ad39effc3025883c2ca749d51e61c599317e7bc72eaf19a7e6ef81749afbc4d6b84805aa8ded65c204357324e7cb5e2b42eb2d6f254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1f13810ee7bb46b_0

MD5 b20339bc944895f345e1eb8302b14d79
SHA1 d696e14f57d2608bf897321d7ea225d1d261562c
SHA256 078496cf71a815a239334d2b0fb42501204ea5c1ca2ced7acfe211a64b719175
SHA512 53f1eea6d6af49d5db259c87d592501a1561d0bde61d0177965935f798c4600a35c330b8228e50d8889ccbd8e01995711cb1acf3525c4a79e22694f1caa63b65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3042fa8ec1e7050461ccb0a2fecaf004
SHA1 8fb87a3f12fc40c3b2419dee852170a275ab0538
SHA256 87b1ec7e23c8d652b394f57004eaa40fadd6290125de71857c11aa00be741864
SHA512 54b035b9834fa47ee1c383725a8388888ff1c141bfc40ad7a96011eb9bbfd253df8050e12b11e2bd8c3900feaed03b73c99362ba750f2845ae6a9c429ac059f9

C:\Users\Admin\Downloads\Unconfirmed 783839.crdownload

MD5 b7e1e6f5827b1ff0b9495e01338672e2
SHA1 67136b534aca7c8b458ef654c8303e223dd63983
SHA256 3c7121327c70e80abf3afa9b65a25ff3887f796874fdf7c02b5150f8a633aa77
SHA512 ef6c9ddc8732b662d78c6b956f767cd84e4b8259b6c083f0648710820299b851881b203237540162d4c0c25cf352da66755ab8a05d86d24bc13e130c786e07ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d98b071b00f73e6e743213522cbe0142
SHA1 5afe2e9ef80138ae219c3639466e094ebf06978c
SHA256 fc7c3af3b53509cd7774842a8f470eb631c2d9ba5c9d2084e97c9fb3e570f062
SHA512 f2229fbe77c50f97f380a0adb7e36adf7286ca50b0f957113a7e3b0cd2729327b79520969af5d7aef6cfc9026728947912998aa991f3e371e639b3d450b70088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a4e5ca1ea68b931132ec896ff4c9eb3c
SHA1 6cec705f4271e59c6caff480f269f3048bfe1fac
SHA256 bf112c566667ed8dccc7478c11aaa392034ec084ca92dd3fc501787d17d2baf3
SHA512 e7a6815ef087b1d88d32be458ae7a41d266de2a07f42998063fe3a169e3ce68ae0a564645be1d9d87af60a9f3937f1321d5d5aef963053e465644a15a45f0d44

C:\Users\Admin\Downloads\pp.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Temp\_MEI47562\python310.dll

MD5 a1185bef38fdba5e3fe6a71f93a9d142
SHA1 e2b40f5e518ad000002b239a84c153fdc35df4eb
SHA256 8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e
SHA512 cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

C:\Users\Admin\AppData\Local\Temp\_MEI47562\VCRUNTIME140.dll

MD5 a87575e7cf8967e481241f13940ee4f7
SHA1 879098b8a353a39e16c79e6479195d43ce98629e
SHA256 ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512 e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

C:\Users\Admin\AppData\Local\Temp\_MEI47562\base_library.zip

MD5 5b2b482b287015240f296c370e6f9e11
SHA1 f824af57523ac8eae77316cc650f2646d03ee955
SHA256 06f91f55b0891c1f5c0bf18e553d73a37fb9b402e74dea30996137361a9a143e
SHA512 233330f66f8e7ce538438679e5f3c5361ebc427f2dc8dfbac52a1cfb7e1eb11f8a80a2b8f8082b9e3705d4465fcf96b4e6597c12553ca00abb1246de7419c229

C:\Users\Admin\AppData\Local\Temp\_MEI47562\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI47562\_ctypes.pyd

MD5 92276f41ff9c856f4dbfa6508614e96c
SHA1 5bc8c3555e3407a3c78385ff2657de3dec55988e
SHA256 9ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850
SHA512 9df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7

C:\Users\Admin\AppData\Local\Temp\_MEI47562\_tkinter.pyd

MD5 63cb15c35973016a2faa85b6498e7e6e
SHA1 e4b29cfb1816cbb4dca48cb1c198ca77e62c1d2a
SHA256 fee72ad34e2ee6d0156d7521f3fda7fe1c336201db4e694bfacbf20f3de3845a
SHA512 ff63fc2f4b24c5001124b86414bcab95044661e71220308deaa92aef79184e559b28852029079369f38926d9fdd14d524d43ab6fc9e950d7287b05805dfb1d10

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk86t.dll

MD5 4b6270a72579b38c1cc83f240fb08360
SHA1 1a161a014f57fe8aa2fadaab7bc4f9faaac368de
SHA256 cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08
SHA512 0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl86t.dll

MD5 75909678c6a79ca2ca780a1ceb00232e
SHA1 39ddbeb1c288335abe910a5011d7034345425f7d
SHA256 fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA512 91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\encoding\cp1252.enc

MD5 e9117326c06fee02c478027cb625c7d8
SHA1 2ed4092d573289925a5b71625cf43cc82b901daf
SHA256 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512 d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\init.tcl

MD5 982eae7a49263817d83f744ffcd00c0e
SHA1 81723dfea5576a0916abeff639debe04ce1d2c83
SHA256 331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f
SHA512 31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\tm.tcl

MD5 215262a286e7f0a14f22db1aa7875f05
SHA1 66b942ba6d3120ef8d5840fcdeb06242a47491ff
SHA256 4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f
SHA512 6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\tk.tcl

MD5 338184e46bd23e508daedbb11a4f0950
SHA1 437db31d487c352472212e8791c8252a1412cb0e
SHA256 0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9
SHA512 8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\icons.tcl

MD5 995a0a8f7d0861c268aead5fc95a42ea
SHA1 21e121cf85e1c4984454237a646e58ec3c725a72
SHA256 1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85
SHA512 db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\opt0.4\pkgIndex.tcl

MD5 07532085501876dcc6882567e014944c
SHA1 6bc7a122429373eb8f039b413ad81c408a96cb80
SHA256 6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe
SHA512 0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\ttk\fonts.tcl

MD5 80331fcbe4c049ff1a0d0b879cb208de
SHA1 4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf
SHA256 b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b
SHA512 a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\panedwindow.tcl

MD5 286c01a1b12261bc47f5659fd1627abd
SHA1 4ca36795cab6dfe0bbba30bb88a2ab71a0896642
SHA256 aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9
SHA512 d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\ttk\button.tcl

MD5 d4bf1af5dcdd85e3bd11dbf52eb2c146
SHA1 b1691578041319e671d31473a1dd404855d2038b
SHA256 e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf
SHA512 25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\ttk\utils.tcl

MD5 d98edc491da631510f124cd3934f535f
SHA1 33037a966067c9f5c9074ae5532ff3b51b4082d4
SHA256 d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be
SHA512 23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\ttk\cursors.tcl

MD5 18ec3e60b8dd199697a41887be6ce8c2
SHA1 13ff8ce95289b802a5247b1fd9dea90d2875cb5d
SHA256 7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91
SHA512 4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\ttk\ttk.tcl

MD5 af45b2c8b43596d1bdeca5233126bd14
SHA1 a99e75d299c4579e10fcdd59389b98c662281a26
SHA256 2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b
SHA512 c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\text.tcl

MD5 7c2ac370de0b941ae13572152419c642
SHA1 7598cc20952fa590e32da063bf5c0f46b0e89b15
SHA256 4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e
SHA512 8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\spinbox.tcl

MD5 77dfe1baccd165a0c7b35cdeaa2d1a8c
SHA1 426ba77fc568d4d3a6e928532e5beb95388f36a0
SHA256 2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277
SHA512 e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\scrlbar.tcl

MD5 5249cd1e97e48e3d6dec15e70b9d7792
SHA1 612e021ba25b5e512a0dfd48b6e77fc72894a6b9
SHA256 eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f
SHA512 e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\scale.tcl

MD5 857add6060a986063b0ed594f6b0cd26
SHA1 b1981d33ddea81cfffa838e5ac80e592d9062e43
SHA256 0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05
SHA512 7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\menu.tcl

MD5 078782cd05209012a84817ac6ef11450
SHA1 dba04f7a6cf34c54a961f25e024b6a772c2b751d
SHA256 d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89
SHA512 79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\listbox.tcl

MD5 804e6dce549b2e541986c0ce9e75e2d1
SHA1 c44ee09421f127cf7f4070a9508f22709d06d043
SHA256 47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801
SHA512 029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\entry.tcl

MD5 f109865c52d1fd602e2d53e559e56c22
SHA1 5884a3bb701c27ba1bf35c6add7852e84d73d81f
SHA256 af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048
SHA512 b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\button.tcl

MD5 aeb53f7f1506cdfdfe557f54a76060ce
SHA1 ebb3666ee444b91a0d335da19c8333f73b71933b
SHA256 1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5
SHA512 acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\http1.0\pkgIndex.tcl

MD5 a387908e2fe9d84704c2e47a7f6e9bc5
SHA1 f3c08b3540033a54a59cb3b207e351303c9e29c6
SHA256 77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339
SHA512 7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk\pkgIndex.tcl

MD5 3367ce12a4ba9baaf7c5127d7412aa6a
SHA1 865c775bb8f56c3c5dfc8c71bfaf9ef58386161d
SHA256 3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898
SHA512 f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\package.tcl

MD5 ddb0ab9842b64114138a8c83c4322027
SHA1 eccacdc2ccd86a452b21f3cf0933fd41125de790
SHA256 f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948
SHA512 c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl8\8.5\msgcat-1.6.1.tm

MD5 bd4ff2a1f742d9e6e699eeee5e678ad1
SHA1 811ad83aff80131ba73abc546c6bd78453bf3eb9
SHA256 6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb
SHA512 b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\auto.tcl

MD5 08edf746b4a088cb4185c165177bd604
SHA1 395cda114f23e513eef4618da39bb86d034124bf
SHA256 517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c
SHA512 c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\tclIndex

MD5 c62fb22f4c9a3eff286c18421397aaf4
SHA1 4a49b8768cff68f2effaf21264343b7c632a51b2
SHA256 ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89
SHA512 558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1966a34ff786ce40ff38d8c73afd699
SHA1 264fdb13870073c42f0ca1e115cd77d0d42ea195
SHA256 6bbc6abc2938f81b1283943b6ea4daf3a9ab7d07c4e9e42c2cfec81502ba897e
SHA512 2a3d9b7f7396be99b654fe8598f8efa3f48e4f91533a63a7de65e528483382cca7dbad27ccdbff05d74a9479a8e9d015dbe12d981f4696742a76a8cf0736a6a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89e8d31b5d0b0783f1bc573bebdb4c8d
SHA1 7fc09e6273a5385890e0515e02367b201210cc87
SHA256 a693bcbca93be374682e6481ea7b65d4ddf0783b103aa8d9ae4031d3482a3ffd
SHA512 d8d880f59b51f3c75fad9581e0596cc8c0d12ae0c8aebae5ba20dbf2aacae97e0c94aabe8f09c92d54ca545a237b1d3d69d5c9c2a061476c14fc269378c7fb1b

C:\Users\Admin\Downloads\Unconfirmed 333776.crdownload

MD5 3b58139d7df562371f077005f9a44c31
SHA1 009fc2ec5aa7d74d81c499a43fa7f6bfcc40cd22
SHA256 5e434f817ff1c104c66b65dc13b5ca9c53e6671940daa37798e38cc9e7a5a349
SHA512 f862c4d1c7819b76fe42bdb76bbe782ef6e446a6f53aa898333a51f6afad3449f4e44e129f6b1f5ebffeccce02c721c809de9621d6d1b44ec35fc7b9b83a303d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7221bc4613befd2ff21aea3f2400524c
SHA1 b9961b1c7e2feb88efa1a25f7f3714e5bb3a4766
SHA256 4a06d55e5093477362d6ab0f3347c0eec116533815583e2cd9b521960285f042
SHA512 7df24cba11cbf6e68cda3e43401c2bd91749d7bbd7b214a3c4d936bdc185af625850efb5484d1bad435061aa06f5ccfe66a3cafa3434e094a74490acfa73eeaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df269de111ef3067ae07c4313420c6d3
SHA1 df7e5dac2d10178dabdc7232886cbd776496a18c
SHA256 05240618c6fb2cfa5e843c7fc3b7a9ae7a4c7496ed514e2ab316b7f3f049f426
SHA512 3f034ed761aedc586fc918c4f172426db80737f13e75de2c160fdc74dc80c9831b5a415ada601fcd200a08adefb273e8d1c144fcdda0824b89a4b8e7a1b3891b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5e144ba04898137565696ddf3d00097f
SHA1 5a0627f17ed547edc38e333c0faeadd50c1f2ff2
SHA256 5c4698d2042d6e1c238774ee73b6b3fc63751153f33fdf1ea7203ee59494215b
SHA512 5160508bffecac20c34f4afe9332c1907f655b20d78a1abff7dfbde62a0c448cdce585e789ffe64b7dd437d131b2605b0e2a0e24d420f7289729037a3c15f65d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6be2d12f5018e7da8f4b9dc03578586
SHA1 02eae3f80caeaf4237da4d70e68d43a80112d22a
SHA256 57c513bb56b934c316d87d479966d1b2036524bf6a803e5ee627d81e76390a0c
SHA512 4100cdad440b625341464f138fda72339280d7914919ef3aa541483fad60a22fd0c05f4525e90f640efe612ba28500597f4cefd1d9744f7b50f05730ffc4bf9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72c71e797a6df5317c48b49b785d4812
SHA1 5e2eaefec8745ca6372e61e7863815d8aa27f5c5
SHA256 bbc15958848d582e2fa412f3dbc532d29841561eb65472dc54b58eb689943afb
SHA512 23562f5748e55ce1c0f3c457cb52d4e33fd9d5b93675b36e07e73cf1637f37295a1772cae00abca4139d5a3a09703afbec65be05e2b3b5bde250770fb518d403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 0b17fd0bdcec9ca5b4ed99ccf5747f50
SHA1 003930a2232e9e12d2ca83e83570e0ffd3b7c94e
SHA256 c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d
SHA512 49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 8a84a9a2b45dc725a4965914720cf189
SHA1 8f8fb6903ebdc196ff052e903471365bb06c2e9f
SHA256 4500947751561cb4b19a63e0b1220fa705e306a7b82d36bcd75b61cc6bf7d6de
SHA512 1bc09c4986eb57012369a8f8b5da2400800834bfcfa318787f2bf4c563b4767d2ee649243d32579a507074bea106c7c59c910f2b09570e182e1ede6b3b824ae8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 c7b82a286eac39164c0726b1749636f1
SHA1 dd949addbfa87f92c1692744b44441d60b52226d
SHA256 8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0
SHA512 be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 8bd66dfc42a1353c5e996cd88dc1501f
SHA1 dc779a25ab37913f3198eb6f8c4d89e2a05635a6
SHA256 ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839
SHA512 203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 cfa35eb916108c25cee62cfe1c13c087
SHA1 7fb0a039b591610029243c9f5d569a4e4674a99e
SHA256 986387f306783662f401ae5a2641b1ff1403efc91887185a8ae09187b91495bc
SHA512 356fcfc8fdbc7914734f5c6e057f15e52bdf35b8e626b46a0fffd2cd18c1e4ba8f11948f8ca656005b9d6e5007fbbd3d18b77699e00866a289bb0521e657cccb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 73ae26390c113c01fc31250099c1ef9b
SHA1 09f68aad0b281544c0355a6ff5b0f046161944be
SHA256 bd99013886bea6be9496a1dfca0fd9cfdd4df246a1246797ece5e49ae6313070
SHA512 b13bd60ba4af35bab35baa2c3620b4fe0992d5ca6954a4a94f14975ff437052ce72635810ac5d27032a30aa58425309af10c441d738ca48adadbc94a26d1bc72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ecf20ecbfed57997f5aa25adcf864fb
SHA1 92b93076949f38bec168402e698daf9c715a6871
SHA256 fbe70f8f45d49d476236632690fd5b03752058080038bcdec6ee7a2a4b44c0ab
SHA512 aed7a8aee4d41bedaf0c525c15c6a9a230b8c8f6140c560afc3c2770ea6cdf1e32ef8f6470c6f01148a2bde7e9ebc46ef1bec761e2f2d329fb302340a77dcedf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b416d4be731e5fda8d5cf44f22891b5
SHA1 00d47d5879cbcf28f01e228f1b702d5deabf4ab5
SHA256 d5f1fa42b4cda1d736f8b97756e741da58c8041c224e62f0059496791c922223
SHA512 7b7aa185f34f1124a9c39ee5b5e30f000bf5c2c1723041b85665ab28a7bb2d0ab927432c1278cdbf2b06bc8e7bfb9d6a64e2bf3aef7cad2b442fccd69b1d63da

C:\Users\Admin\Downloads\Unconfirmed 944495.crdownload

MD5 25b68d92e01f691ccc480b99a139e2e8
SHA1 31018791d0183a7ed8295c685c6fb23b03601729
SHA256 e267cc7220f980f33f82570ff3af234e79bc271b961b0021ef95b6afcedf19e7
SHA512 45c0113f7522224302c00ccb9e43717e5c7c9967f7283a89b7927a36a85316199fd283491519ca69b9ff4572b932b5bb061e71eb08c9675c9c4dbfe1d471adb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 f1dceb6be9699ca70cc78d9f43796141
SHA1 6b80d6b7d9b342d7921eae12478fc90a611b9372
SHA256 5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f
SHA512 b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 73fc3bb55f1d713d2ee7dcbe4286c9e2
SHA1 b0042453afe2410b9439a5e7be24a64e09cf2efa
SHA256 60b367b229f550b08fabc0c9bbe89d8f09acd04a146f01514d48e0d03884523f
SHA512 d2dc495291fd3529189457ab482532026c0134b23ff50aa4417c9c7ca11c588421b655602a448515f206fa4f1e52ee67538559062263b4470abd1eccf2a1e86b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 8dfebf27fc5a0c7b08a68b6b8c760d80
SHA1 ee63301ac2a3c51993bd9dedc973b9d1ade705f9
SHA256 f80fae598b38c44f3d1cb93512b405802d3e40a24b679cd600a7edb8744d3791
SHA512 65b81b920a0da9d6fb4874755c8842d552aa9c42a007cdbdeaf464f8c79ad724d97c9621c84ecb3cf9b9163f12b45c6e2a67d466b18b60fca52ae9bc30e6fa49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 2ee3f4b4a3c22470b572f727aa087b7e
SHA1 6fe80bf7c2178bd2d17154d9ae117a556956c170
SHA256 53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799
SHA512 b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 6c1e6f2d0367bebbd99c912e7304cc02
SHA1 698744e064572af2e974709e903c528649bbaf1d
SHA256 d33c23a0e26d8225eeba52a018b584bb7aca1211cdebfffe129e7eb6c0fe81d8
SHA512 ebb493bef015da8da5e533b7847b0a1c5a96aa1aeef6aed3319a5b006ed9f5ef973bea443eaf5364a2aaf1b60611a2427b4f4f1388f8a44fdd7a17338d03d64a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 76d82c7d8c864c474936304e74ce3f4c
SHA1 8447bf273d15b973b48937326a90c60baa2903bf
SHA256 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512 a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 b8b23ac46d525ba307835e6e99e7db78
SHA1 26935a49afb51e235375deb9b20ce2e23ca2134c
SHA256 6934d9e0917335e04ff86155762c27fa4da8cc1f5262cb5087184827004525b6
SHA512 205fb09096bfb0045483f2cbfe2fc367aa0372f9a99c36a7d120676820f9f7a98851ee2d1e50919a042d50982c24b459a9c1b411933bf750a14a480e063cc7f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ef774e9d78241fc96a8883954d7e015
SHA1 bcf03173ebbb2a6d007bf9a3a43e652cca9304e0
SHA256 c228aa921f1f4171be7c71d3236df135cefe5ee6c5aebec08afd91662e4212d1
SHA512 160d91e67fdfe29a94ab6f17d6635bb2310e2ccec297dfbe614bdb6a1cf2eea0bc1092c6841df4ba12dfe61c7eb1cbcd08af476fd2b522386f4cf6f594b53524

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37773393005ba9b8763bd0435f101640
SHA1 4d1bd239520d5437b7f44f8eac77a5f0f8d0e671
SHA256 cca9391ba537c050066c1dbb6cbda8b1ad81cf50b90c9fdbdd36c085a8a9b904
SHA512 918a2f168dab388f25abe1801cb26c793444475cf7b9fe35e9ed2174a8f03fe32d5fde5f0fa1c83c7162b8e5d4547a86e5f38a679e58b9132fbacfb486fff895

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7d2342461bbec360f88e2dd78ccc66da
SHA1 97e1c6b017a5f54f582401c7584ffbd4d4aa2a7c
SHA256 e1a5a61973a0ee2eba94f1d38740baaac45f6106250ddba748af49ba85cbfd76
SHA512 c044d021270f6737aadca282f1e69d9e135a512e33ee446aef9058f5d21df84d5ca468ea9842e79518753ced9e4e7c98b97d06dfe96dae00e2ae4b9155201116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9417ef25cf3bb51a1b9e6cafc5c2b785
SHA1 33602646c3e679a78ed5de2a32597fd27b58a91b
SHA256 359d152ac470c09b2e959c3e89ec5f902e13640c0e4d46f9fdc7674047e7bca4
SHA512 bf1639334320e4cf34bff7c6319ed85ab4bf97ffb9702a888bc29458734da8e034e777de24676652211e3feafb5052cf159193a70a3e692cbb4c6045302520c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9fa2ad88ba7fc81f094297d7aa267be8
SHA1 813733c74a51aaae34629b10f5f11fcda60f66f1
SHA256 65b1cc455b89cd60802f140d9844b1c50d17a4188dd140009cab358603ce3ed9
SHA512 8448b19588a7ea435f75657ea5e9fcd5add6faf5a14a1efe3469615fd653bd013e8a00d47d424614e65565ef7ed800b29b61faf9e32eebf1868cc90cb971e0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b35df4fd598811eb1e575029b4197744
SHA1 5045ff3f96d09161cdfcf4a0dd47c5e0ba0630ca
SHA256 1596bbff696ed4a7d99e4ee06272cf0da094c4e570ccd0a4732f64ff6d845f66
SHA512 8f24e5951fb16b26bd4cc3fd770988c33c1b1465e112570407c73bc8858d480ec2d6b2c82e328275e806672c5c86b71979369f610ff887142c681fd047a298c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ffff9c00a5da470e1f73a254109e0171
SHA1 8582f2a2eb4a30862511ca9b141dd74142a430a8
SHA256 ca0ab7b667f1bb18b52f20596b4609ecd02e20c557bf9428c1ae6d46a17d8c08
SHA512 5ad93eb2de55b350a9aade67e701faab8cee5da6a1ea1a4430890d0f4e1a64a3609f60499120695f129fb4f75643415a8a65f5497fbb780f6256562ad4699bc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 55558c2bd0bc5e73dd412b263850b1fc
SHA1 9f2687441bdeeb2fec60bf48f365b63ba404fc52
SHA256 aa59abd2cf2f03bc7d6d7c4c4db5acb9fedf7c43903693d7f635e4738843adf4
SHA512 28ba46fa9ed458693ad1181bb7a4f3cb41357960e664502d74144cde3f273b04f4c34c14235362b1c9c1d43db99a95755414aa2d1ed3e286a06d33b0c3208eea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82cc98540b52df01a7bbe9021f81381d
SHA1 74bab31166d06f07b90e8fbc0a33987ad695bf68
SHA256 76875cd22aed019572c15eeffede22ad1db32c9d97f897f83d40e81823058829
SHA512 ccb25a702f81674651cdb238269f93b0e65f8ee6b2e4df90bff31ffb319968bf6eaed980692d7827756efd613990086c3df33c9e8482e4d25c577cda758595b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c6242e57bf3db5927a7eeba5bbece56a
SHA1 84c29cf1673fd926148fa3eccb236655d006ce9f
SHA256 95d55529745cba4c5dd8af63087e3a1d2d58bbde3397c0c99380a8f9ba7235b8
SHA512 99b56825a06eef5f152f757144b11826354ae3a86d88d2a59f0902bc55033ed3e707fc7bd7361291397a4160c1cc4fcb493c9b57dbcf91edee9cefaad5b435ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c57eb.TMP

MD5 60eea2db068ba5d3f9aebc0088d92b19
SHA1 68b966d4926e629dd930008493faa641f485aa01
SHA256 765bd8cca900b3610d12818224d6fcaa19b684503c4981b36985787ded9dbe1c
SHA512 97cb89df3a5c4af2d00a17fbad6d29b3ccdd94a7d34bb559c6d747bff7170ba1bfb6e94cbb8dfcdba9adc0eab380e114034d42f4addbc1403554d95b5c10e220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5ef576ccca9b834f9755cb40780188f6
SHA1 019a7a12869ebf842fe7f8cad1c4119d789e8598
SHA256 040e852f83d9bc2a8902f38bc8c90d1b2268282ba6c39b7b14069db6acb641d5
SHA512 d19798e1f45b7f9f246a9f4c265037963b3424aaf6d1e8e2b8c69d0f377897da919c446452ea17da503d0f4dbfc27f263baf264eb0dad4160853b224620442b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e8d98fc7acbda878482c3409a11d5569
SHA1 91cf3a8d7d08f3dab1d8324a2446179a0b399d3d
SHA256 d906ccd8b7d8b9b634cbe2569dbb6c128ad7eb176fb64a94f41afccc6dacc025
SHA512 e655a4c23de631e98ccbd0887d7b965241bcbdb2be7347a277170f9840e43e4eb85780605cb23aaf4051af7f294f7a830ddc014e51f0e335079e839cc27d9772

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\92601d9d-1a43-41b1-8d64-754410ce9cd0\index-dir\the-real-index~RFe5c5d2b.TMP

MD5 aa9d91f091f01788830fd1e2dce7a231
SHA1 9529839ce66f80455c9de7dc99ced70b6bd10b1b
SHA256 4df275e2d4c618b49fb6d4130b9a4cd83c215b4e92da6c2c214fbe654ef60987
SHA512 8bf1bfadc8ca76887a1f970e8ab69ae253e9f65b0f5481b4725d0fe6cad0850001b290163d02664215e700934430d9260f8da88e470824a3ca677aeab7f8e9a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\92601d9d-1a43-41b1-8d64-754410ce9cd0\index-dir\the-real-index

MD5 329b57ab996ae845c6816c22902e2ec8
SHA1 87b383c5f18cfbbbecc763dff94dc2abf5647be7
SHA256 3761917cba17bb2fdbb280943eacc1d5b5ea0dbcb3fd9bdc5840f7cccf3f06f9
SHA512 0773d1d40840ed4288efe72ae6402f46da53de1a8b1a38832a218833733500483190d6995a3361658dbbdb05f50200a62b3b5d7243cba3a9c06b7d0de5906777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d81df3c6dd0f7803bf31b842518ca18f
SHA1 0dc43b70c62f718ac82f6f5a28341b73f29c2a0d
SHA256 1ebaa7b7d19591ff0360e426ab46c6cddce85cb5822f625c94c4170e90d38371
SHA512 0db6ab1bd3c4898a55a393b714551730ea43f4c68cd84c53f890e71fc9f039000947941df94f28ce409022c2661c686d3688eaf33feb629eeb974c024105acc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5cd2370c83ab5ee061c6ef594863ee21
SHA1 399c717a3f712d47d89ce75eb1c8016f7f6692c0
SHA256 391bb6beff749f47fd6dc4257fc55bcd2d324214c95d7528dd5619be64f1f56c
SHA512 cc5384cfe0ebba1e53185d990191509306bf3202a2a5bfbb81c5ac5dceb3875be1fb8546527f23bd7a406cd400ba1c97cb325e77639811a7314d4e2b50f6c1d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e816013eb85784280726a777624618f5
SHA1 f4c5c6663231cefc4ba37bb7ad6ccd5e094ec7aa
SHA256 f65cd404d750d420eb1386fd79e4629bdc55931bf3629ce89eb864accb99bf27
SHA512 e86601516d9031821e14dba9ef953009419486c30d1b7acf001c2fb6594f16449bb8fb9361f19e757ee16cb557c7427a43a0f69cdca16715e533cc5bbfa7a9a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e562c579329a45d7d945b609eebe0f79
SHA1 8f97370d68e0cc7909af22e025478eacaf80b6f8
SHA256 84cb19ea39924915f7641c6f4bfcf0eca107ab73adf9656b2db048a4cf0ee600
SHA512 a234b5fafc926d5debc9eb09c9900a2f117dc8473be0cb15597967657d3f1aa68b254d4268d16dc77cf504969d1bd193e805e138e35343cc94b74aaa56cd6609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 99274d2c4cf7f363265ff43c5da7f53a
SHA1 45e84ac2c01a859d0025228d0ef576e1eae87e24
SHA256 cfbf6d94b5d0d8993b982a969cbeedf945e1ba51484f7899b452530a5ec1a55e
SHA512 15511c42055337c74bbbe34eee2a0dbfb3325da6997c0c29d6ae7475cf623c8dbf97f2aa84146131a68177a6f5cf7b27c24870bc34bdda93fd5ce0f2e39de4cc