Malware Analysis Report

2025-08-10 20:48

Sample ID 250502-f2k4rahm4s
Target database
SHA256 d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Tags
defense_evasion discovery ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Threat Level: Likely malicious

The file database was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery ransomware

Downloads MZ/PE file

Disables Task Manager via registry modification

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Enumerates system info in registry

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-02 05:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-02 05:22

Reported

2025-05-02 05:24

Platform

win10v2004-20250410-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\database.html

Signatures

Disables Task Manager via registry modification

defense_evasion

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\$uckyLocker.exe N/A
N/A N/A C:\Users\Admin\Downloads\$uckyLocker.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\$uckyLocker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\$uckyLocker.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\offscreendocument_main.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1898077915\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1776532225\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1432382767\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\te\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\zh_HK\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\ml\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\pa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\my\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\en_GB\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\gl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_750176987\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\is\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\af\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\da\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\ru\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\128.png C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1886838597\crs.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1886838597\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\pt_BR\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\kk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\bg\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\bn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\en_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\fr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\no\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\km\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\et\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\lv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\zu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\be\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\sk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\iw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\de\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\hi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\ko\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\pl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\sw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\offscreendocument.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\am\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_750176987\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_750176987\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1432382767\data.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1432382767\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1886838597\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\fil\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\es\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\ur\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\ms\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\gu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\service_worker_bin_prod.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\page_embed_script.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1776532225\typosquatting_list.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\ja\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\id\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\it\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\zh_CN\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\pt_PT\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\si\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\ca\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5620_186181632\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\$uckyLocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\$uckyLocker.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906369397141057" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{1779876A-C3A0-4071-A2C3-AFC1F8A052A1} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5620 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5620 wrote to memory of 5708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\database.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ffd7575f208,0x7ffd7575f214,0x7ffd7575f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2184,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1836,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4812,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6332,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6444,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6456,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6872,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6920,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6344,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5268,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6472,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5264,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6236,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7520,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7352,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7804,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7720,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7768,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7656,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7364,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=7592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8232,i,12769157043737619719,18132083250674574738,262144 --variations-seed-version --mojo-platform-channel-handle=8160 /prefetch:8

C:\Users\Admin\Downloads\$uckyLocker.exe

"C:\Users\Admin\Downloads\$uckyLocker.exe"

C:\Users\Admin\Downloads\$uckyLocker.exe

"C:\Users\Admin\Downloads\$uckyLocker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 95.101.143.218:443 copilot.microsoft.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 88.221.135.25:443 www.bing.com tcp
DE 142.250.74.195:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
DE 142.250.184.193:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
N/A 224.0.0.251:5353 udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 95.101.143.177:443 www.bing.com tcp
GB 88.221.135.25:443 www.bing.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 23.73.139.75:443 assets.msn.com tcp
GB 23.73.139.75:443 assets.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 150.171.28.10:443 c.bing.com tcp
GB 23.73.139.75:443 assets.msn.com udp
GB 95.101.143.177:443 www.bing.com tcp
IE 13.74.129.1:443 c.msn.com tcp
GB 88.221.135.11:443 www.bing.com tcp
GB 18.165.242.8:443 sb.scorecardresearch.com tcp
GB 23.73.138.234:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.42.65.88:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 23.73.138.234:443 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
GB 88.221.135.11:443 www.bing.com udp
GB 95.101.143.177:443 www.bing.com udp
GB 88.221.135.25:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 88.221.135.33:443 r.bing.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 88.221.135.33:443 r.bing.com tcp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 95.100.245.213:443 ecn.dev.virtualearth.net tcp
GB 23.73.138.234:443 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.11:443 th.bing.com tcp
GB 88.221.135.11:443 th.bing.com tcp
GB 88.221.135.1:443 r.bing.com tcp
GB 88.221.135.1:443 r.bing.com tcp
GB 88.221.135.1:443 r.bing.com udp
GB 88.221.135.1:443 r.bing.com udp
US 8.8.8.8:53 rewards.bing.com udp
US 8.8.8.8:53 rewards.bing.com udp
US 150.171.28.10:443 rewards.bing.com tcp
GB 88.221.135.11:443 th.bing.com udp
GB 88.221.135.33:443 th.bing.com tcp
US 20.42.65.88:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 88.221.135.11:443 www.bing.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 23.73.139.75:443 deff.nelreports.net tcp
US 8.8.8.8:53 c.pki.goog udp
DE 142.250.185.131:80 c.pki.goog tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 88.221.135.11:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4270e3bdea3362858a705c7b575f1134
SHA1 52db64baa0718d9ae3443017a1c2fbcee135a77e
SHA256 dc949db8d7a732d338217c4df2f9ad14bcaf670ce4ea4fa108428a5f64ecada2
SHA512 eb56593dd3943335bdf2863839800688ebe231a971f543cc9331799243bab5e80f7ac4d933895027e59c3c10e4ec93873e7f76802fbe9cc8e7b1a3949432ef6f

\??\pipe\crashpad_5620_GUHYERIFLOASUFOP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 991dd8fbe9a0cd6dc3637646bc73b6fe
SHA1 cd33a4c3c2cea06b41e5388826af365691769de4
SHA256 7e873150a039c5eda07ab3768e2b49127c3f824319d28909fe07f31d6f3119a4
SHA512 b8c1dbb54394674bb88fd7cf368214885e0c328e51651ee8f412aa1ab85151582c70189a292e24d551a8144de29f82e8e9b51ca5a695d33dc0e3326a78d05263

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 358bb30dd68058811d0649fdf2fcbad9
SHA1 b59eb9256b3aa02e3462aff4ecd46e8c5ae89eac
SHA256 c9b880d2c61c973812a90917cdf4d0a28ce66d742ff74b6d9dd3f085dd25fd8a
SHA512 1da656fd94cce876d6e9f85d291b689b90e65f7f4f4ad73c8395db012d426a069932c25dae9eba7cc110b74de752ce5c5dffc53de520eb1680b89b0c2ac0bde6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 c32ec31dc90b1d6792e332bc64b2ae10
SHA1 2d798530ae76517d03ce2d36b5268a7b4a5c47dd
SHA256 cb97abe4a7e77a170150622620e1f199a36d2102b28c33e087e7616c89193a7b
SHA512 5c18f7ee6ee6ac897538cbb7a344cf11cea24cf1bc27453488489e6e6eaf2c5773dd48d46ae7256308597ccdc0836e2f45eda411ca228c176fd8e8d8468688a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f19b64fe8476f97f5eceb1200131cca
SHA1 616c88d5bb8e94e79b8200d7a2309d454f5443db
SHA256 66d64c27894775723a55d786171161f6471caa6d304c7de1b9e1e8e1a2851276
SHA512 39670b86ef838d204696a0387cdb4b108b2f9eeaaccedb94135043e106b9089fd529d830fcf1e593fc32229bd68662aebec580657acb0e3578efff0d1d786c63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

MD5 b0917d8e6c5b6be358bff67f84eb8336
SHA1 a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256 dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512 cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fd7fc43810d7cc90daa43820be66cba
SHA1 426dc01081e236445831e5faed28cad87bbba75c
SHA256 c708852e48286d0ca7c24a2504a7e11a842a6991026a60c8c68416ec5ba5d59a
SHA512 fa8e080230ddd4d567382d66ecf9b1ea392eaef9e62c96c70e2e1234bb949a40bc4a3ac1c297e835d63830e8b8af3dfdce44e742b55c38f0076a9e84bf4bb61a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 dca9fb83c65d1f40ed5c836e7e531197
SHA1 2cea768b7433b8d3106df5f8946d8cec5fcb7194
SHA256 ae2755427f37e1d9aa2d53d916d0af0c1036f436999f66c4a766287cce7131b0
SHA512 b29220ae2f3f29358ddcd959804b2a634f8ec212485d7f7e07a2999c3d775e9d251fedc5e05a513c72993ede7ca7baae1ed370d103d58c806cec0ce23c96bd31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71a85ef9996388b1cce8bd472d1b508b
SHA1 23cf2c35d2a483730e71e3ac814044fa2cec99c1
SHA256 057e0bab658afe1ce7376426de7efb6b882c74b2b3a56f7d4df127b633a4e59f
SHA512 a7c697448b00f5ec89a692b74bddfd65802c932125722ce9a94cf27a68e8c32597cc22a781bf7b77b23d50cd56de214b28bf1ccb248fa69304f6e6c33a0659bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7e3520e6-747e-400b-bf00-09c1521fc223\index-dir\the-real-index

MD5 e0e9e65dc700165ea7a80e3d994ca2a5
SHA1 2ce1a7f9481bef04bd36ee9da99e92e03230ec89
SHA256 dc200171763bd3e437e3ca2270af6fba2231bb354d2d8949f22cff0703a7c93c
SHA512 5ee7658def908522a8ac5ba74098aa89d159d850cebb0495436224e586d1eef3c8c9a6a191b7467ae9255e7c5307cab68a9f469a61e04fd4f4485efe2ad3bc9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7e3520e6-747e-400b-bf00-09c1521fc223\index-dir\the-real-index~RFe57fb58.TMP

MD5 fa01bd4fc7b4c1a5927aced7e8490d65
SHA1 e1b09d9b757590d53da8a2f63dc47a84c8059e7b
SHA256 2321b863d16a9ec12cabd64e157a0ce7fcfc7c83018fb01b3dab08f7ba0ce6f6
SHA512 be32fe4fbe5faec20d59f9a1916405886b60860c50e605ceba7727031bec03708859addb4dfe22d21c44a9ca2f80f7aecc113d69a90934fbae36e720dfdda673

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

MD5 b89b46a304af12ccb95ceae9ce308f4b
SHA1 ffeef4e51731adf958fa8e5f61ef9f6e5c73abab
SHA256 d63c6e0250a8aa819922f87b929fe60fcbeecc014e33f57b44468e6ea8e9a92c
SHA512 c55cd2901c3139951d060fa3c3bbe0396fe3566fde5a5666444d7da843cc1253091eae509aa397dd74e51ebfa807f7d72db31507dabe617f604e0c3b4f994854

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005e

MD5 7c7472671ad243520309825ccf3ad368
SHA1 d31f249d78eba658deabbc8946507eb5eac02423
SHA256 3a14d0beab7fe119c43fc98f26dfabc8a264b8a4afd2f44571e3805fe372c83c
SHA512 0eaba5d0f781ecf07ab43e4409cc800b53c446a92917d0410687af95a171484ca6729d6112448abaad10849f99327e5ddf17dec485ef3db1d4f21e76632df14f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

MD5 71c8533978b7929a3d41afdc4d62fb11
SHA1 3c63080974b36b5c4a7d013b1621a8df2e7ef482
SHA256 888b12ab595b876149574fe3b8a56294bedc47bafa927f90c4f7b2bb48f35e7c
SHA512 6ba3080b6e7b46b150667309b4c5263ba60f2d5a4b73c4a2b4d2aeb47516481085829e4fc8d631d055a2a3bb12fd83901394f4def36dc6e94f648b1a0722ba3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9abc6812709b3a255f58735941751860
SHA1 a09ff232b0b7a01d5903b70e8c5b52e88ee57a8b
SHA256 ea99bfe9ebdfbde5c5cdcf933849a87cf09ca90bb620634edb82835166904305
SHA512 b07e005411d292a45bd3a2735d8d59f0b7c5d2ccd3ef5d32f2bc98bd7a9dea5deaab21c2e94ffc30f91c1da30cfd58160e08dac1c28ad5ada82e1a6d437abc82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 bd81e8b7dd160227f7462636399ce609
SHA1 bca228bee766591b99a0ee815fb82e8b2b4ac0ac
SHA256 d8404780601d29a2aecee7714aaccdb4eea75552de0b1862021a793260612b10
SHA512 bbe7f7d89697f9c5232ebd507fe3da1628a76e63bc19dcf4576ca38e0bdfee2f2e290350ed7d2a164023a84eb044b79f289fd7aacf51c9fd3b8633735bd367b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe584419.TMP

MD5 6457ccbdca1a871b3a0635c1cff20487
SHA1 2f05536b599cdf091ecf73f4c8437dbc446aac60
SHA256 693760938f5eca578ef79eb543ce7a97ba5effa40f03a7df4661d7412fdaa76b
SHA512 ef83f659b6614ed653e6369de02b872d6450240d9896a5715a9c21021859d4e3bddd43c8ed726e44303ce3ce45a6e06d887e4f0a61f7754608e0164d5d57d152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c74e6de86573b4469aa5dfdbc933ed26
SHA1 534fa3ea40f648008de4344d9d213f07a4bc09b8
SHA256 9e17e7c132403140a1f9d2b5140f48518fc23616add39febd0eb823d36ee74bb
SHA512 5b203e1bd0832a4d19171ca8e5091f3b906e348a41d7b817eb6b0d68054c352a90f088fa650206788585b7edcd1eb30186efa14b3596a729c5ab0dd28a848ca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e94bc16b-82d6-4cb6-8035-66d24e93c0f4\index-dir\the-real-index

MD5 c8ea19386f3813b671811433c2841f32
SHA1 a0baf1c8f05360ca7a53cf74798b60990ee2e086
SHA256 226daf9cc208305046189282b9fc94a127c1c68e0751e3f11790f65cf3a3e5e4
SHA512 cff7200ac054a9c47de977bfb53b647c5aabd3bc1806cf826ff556866f51e8b4213c4ef3f9798f9da79540c5f38576b96341ee6a083560d7b0ab589aafb03672

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e94bc16b-82d6-4cb6-8035-66d24e93c0f4\index-dir\the-real-index~RFe585280.TMP

MD5 fcad8b4cd0825ee5ae183b7c23fabd68
SHA1 7a8aaeba826257f7c8745e450026df9e4b70e297
SHA256 7df38abecaaa043adabc287e81fb17bb9319442c03b0888701e5ba3eedf01170
SHA512 35a9e0afcee7a0acf59f40bd7a55c1d7a8a0334dac5a4b06e1f29ebe40a9c5906cfcb3458ece731144d8faac6baca1b15c945321d423d3a0d3cd03cfaa350e72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

MD5 51e36cdf1e14851922feedca1b8a3faa
SHA1 aaa027ddab7c6a4a7c3c0c1343474a352932cb57
SHA256 38ffbca3e96d998ed02f3f5e3005a70b5eaf9d68017ebca7a798ed826aaca033
SHA512 5b834ba6653865b437e8040774a7ab72400dfa6e4f2642e664011a222b30f64e37741650e808107830943baffe851adf09ca68562867852bb8f834ce7068dee5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58530d.TMP

MD5 946cc9d7279a34e8458618dbe1f4a04c
SHA1 6c4c29928e6d68624ae5405f421ea76cd390052c
SHA256 57f95031fa58092a6e38dbcdf0a8f4ba97a81a7ece2c9243892be807f9290b38
SHA512 0eeb0d8be4c8fb4d9398f9245ceed9c079fe97f503c4d16db91f06361887ca2174fe6c3a49c8fe696491863c768606e819ad4a07a7dc7a016719e2dd66c34062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e94bc16b-82d6-4cb6-8035-66d24e93c0f4\ee91b116cc2005be_0

MD5 545df9de80abb7f7eccd05cbba9f4675
SHA1 b327e3569ceeeba57bb5b3f861a209ee22e87aa7
SHA256 3e0dc58cc2e928aef0e9e30555731e188ff3c5ff408ec17e197e5fd0cac8ee64
SHA512 b01c7409daa8ecb938fd4fa2da773b293368ecf4bab4d2ebc372502d3531dbc86cc3afe93d256d4a22a0ee44e1dbdd272521ebfdf0be0ab9f1380aa3242841db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

MD5 fb542775dba0d6d8cf2b554c03a68eee
SHA1 ba2694457f971b4b80e023733ae36e36bea0db13
SHA256 c525a1063a3715cb6096babe4b7e52508991877f7bcbcac0658f9446889235e4
SHA512 1675c15217fab965a38449c5449732a40ff23862a5c1c2552f1b62a3742384af1128df64880bee2a5f63a3f6b2e0784245ac85cb4a64c7a6cb095700ae731101

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

MD5 e930cf00b9f1df58faff97bd4c06db59
SHA1 efd2155e9faadafe1558e1c5e5240e4f01db36f0
SHA256 a41c0edb4cecad4f7644eb7348e57331065814d38c5716962098990b320f4f0b
SHA512 d402f6493c039f2c59381ec6ded80acb410cb95834699b5900cfe305fc1cc9d59e4546d481d46c11f1e4eb7e5f10abf923790998eb2024cf22a3e3b4f5551308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

MD5 3e2965715a0e4581141016e3e90f1956
SHA1 2a29a85b9280a07983b669bd55fb00210b016fde
SHA256 35f8e38cd29dc9670a87d303ded1ac66222237f08aceea49a886fbe1c509d2c1
SHA512 822075e34f9a429417adfb5930e6d22dbf395252311990020e576eecc3b013e02d181c9cb98e5266e88a8e9e65b2d988d79e01792020a36bbb0141a855ed4cd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

MD5 17a6d98b23a2c373af73eb085c3a22ad
SHA1 9505445ec0bb1f632f1b3fde44395f722f46a8a4
SHA256 ff6aa19e48ac7c61136eef8d50224ebf6cf03e315344bae24419cf7b26a9fcc6
SHA512 8453ca8630f92da9f5ccabda074e608aeda8e99171f98a20443ab38f0a6f41683ea33685a175af6cb6b0597d0163607b4a1c137291cd8c9cb128d0749b0a52ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

MD5 d7ff50bfe3a911e6c398aade10cb733d
SHA1 6549bea7e8a6b3478100490bd836090c3387c3cb
SHA256 bb99ab2e6c435c1d5b5955da73027be6171b654afebaf8950dd68cb8b23f5bb4
SHA512 f33a9b155cac484342bd3ca53c2ba075d2c9e09f2340a11da803ebfa33c5336d9afa3d5507bccaf87c724f3043caf8cf88ee0c6d87ed5e0e1eb0acd19a77776d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7e3520e6-747e-400b-bf00-09c1521fc223\index-dir\the-real-index

MD5 ad2255ba5264754b5b928da6380e160b
SHA1 3036195adf199fbd5b3f4b9eaa6203c4a2ef4c89
SHA256 a5cb857e5254ca56eaf0b33915aa0a1b7122f8be7caa890d1fef33e5c16a8a3e
SHA512 8e988d81ea85850d3eb7c1bf77c2823a2a4fd59bb51a1cd13d4100c98073945325181f009aaf4e20093c0c75cb1f95032bfbcbe714c91c3e35f8777758ca94fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 9ce96276f3bd9571a5e42c73dd08e962
SHA1 c6ec6606e2acced41c8dea5147b4e18f05d5d772
SHA256 16b95b8cd04c4c9a90fbe019fe0d89ff5189e6bec1957b7fefc9bf179907fbe2
SHA512 8164ed2dfe24d4b69af69594eea236e8fd76fd587f7dea4de1f1a2e5223edf2f9564cb005387f8be3680070071d086456d7125bffb241b1935fd261d42ffd22d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

MD5 3f8927c365639daa9b2c270898e3cf9d
SHA1 c8da31c97c56671c910d28010f754319f1d90fa6
SHA256 fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2
SHA512 d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 f0168ccb55fa24f0e573d7d9f82e6fb6
SHA1 1347fb510c6327aab591c443f401df40ec684c23
SHA256 0c460435e11e1052cb8771862db3ae984b8631b0bd721503c6e05d5629ec25d3
SHA512 8eee5fc4eea1a059e01ad1c153267eb48cba237eb89fcbc4521801a814ac50827e6bd4eb667f58141118883c6b11896f7bef7502839d86a22134138e85b1a8a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 837816468e5b173c5929ee621658de92
SHA1 a7d36fef2e4a8778806079d08a5e84df5cb3340e
SHA256 15ce0d8891f553e6461401a9110992f044d42d8d40d8588adeb7be5ba9c87650
SHA512 8a00b0eb107b7ed33fd5495cce6700f3b7d0b9f366ea4061cb8fded649a48f7067c738b971fe9f56b376bf4833e017bfa15a81a0235b0bc9eb21a05357f36045

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 37b5db0fe1714bde9be2e802366d6f25
SHA1 9adcb73e7f7af078309d786863b6f977216529b7
SHA256 9ac659631069c40980da63dc97c70202f796f2643ab3e0458c84f676f875ba75
SHA512 43729a9f819a8239a41799779dfc3a39bb958f94d8b0cbee27aa91ab7c2aae910218a5b038768a63719b43e608bfd00c05a2de907e60c94cb415055a0a61a1f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

MD5 55db53a89098f4b6b215e1cc6e9efc60
SHA1 4a1d73f9c6e11a1597c8e1237e99487aa5bcf05c
SHA256 d2ffa7fdd7892b4822eff4a89232bb1a4a37a52474819e5fa6b2c0b1d32e8e43
SHA512 cade704e8ae437799fd726b92c8ba98020878e7bb2c0d5920986745b11e5542e55170597cc9da5d20dfd525f47c3a1c2c85a1c67e6f281801cc63bc44fa35102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

MD5 3f3297819cd2b781023bb50471132691
SHA1 206d8863f895adc7cd368b454c86715ba027a688
SHA256 bd2aadbf00196cc0ac2fb4c03e46c10ae55675b44caa9d3419d8f71662841173
SHA512 12749e9126de711f23204455aaf9992e02102cf5261e91c3e9f43016a80b83f72854188baed529c0b1ea0c8d78c031e30b2cd70a532e85fd93d1c509fe7965a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

MD5 e729e8699547cb5bfb4f424406b8f551
SHA1 5ab8f998ba9fc47a60c1af131c29bc9f6b656b53
SHA256 8b584c48779d727e3638c8922aa47b1413d8906130bd3c480dbe0774186d2915
SHA512 027438641482b3deb4c3ef779542f0ea5c1a97fa90a24523b645b9d53ff13e03da89a102f6edff4752d0a0b517cb131f3a8c7a4f54fe20f23ead8d357ad970bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 f71af6f4d0bde9a47d886ab1f01684c5
SHA1 5b4379c18f5aafc53d3b11fa3a1b80c1d8ae3200
SHA256 fc2e8ee6130d172ad20dfbeba132c4e9bc52c11d9ad11270811a532e0abbe451
SHA512 20df4b34ace64624a0c3a8cadddf14345bb375be841a82e10cac1491cb546b3ad2c0498ded346434608c44f8c6d400466c7b5757a6d61f1b5f3a2079224c3936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

MD5 3230e4f49b144ab238721c7142f3ca10
SHA1 1faf1c8dea22291a174c5eba27ff656c1e7ba90d
SHA256 730a91180f160ca2e6fdfbeb4c31ca4f53a35b051fbac1902d2c09afdb884c97
SHA512 975c4f7ae5ed4444b068c9abddaa4fb8b6380235b9259e1839ebb1847f7edf4dade1a5456fbb573e953b60bacb60366a02bad4da0644319147550ec3407852d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 9b09cace5808b136373d00b601d41b56
SHA1 83c0a6cbbaf3132b6f6b51bfab80c0eebe634dc5
SHA256 ffaa4d8a96730b2a6cc9d44e5c655491a00a39324191dab8ff3403212af66661
SHA512 915bb52a4a17858fda95dc0975e529750170a8a69fdc64ac5d6448efe54fdfe47272f9fa510c9de09f6de9094fa746e246af0356373572ff8bc80ebb4fdc9b5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b611bbc3f9d80427f2c8813056d3c135
SHA1 529f3ef1a03063d3e234a4afe15c3fe882ba85f6
SHA256 47854dba23ef61b51934b768137246f2b3f49150b2c1140092fb4714dcea641c
SHA512 b7b6780d68ed102b7c21646ed51f98c67510cae450106c78fb53487708d8763cfaed7eb0afa74ee0c48658a71e95990b16b9ebb85867e55e01ab03701f312b6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49b3983fecb04ed290abb1e53450b02e
SHA1 7be2db800ac4bc17c6e577f114662e22b5c8a8af
SHA256 4620e46a46ee8489868e5a30e440f4ef3fb1d78be23941de2dc421543137c6e4
SHA512 3314857b370e883002e866c67dc0003ba3e4da0b55f4e533daf4ea49b6b5e3e6e36e5597ffb648658b8c753a92ad80a96559c3bf282e7655d18c3f439cad01c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0

MD5 638b28824ff7d2a8b5eca31267ffaf3d
SHA1 51c91fb5de5248d6dbbe194565231c4bbbc197fb
SHA256 a2477313b8f9735a83fff20ff6624d26a13c893601a3cf6148bc997022913011
SHA512 0eb506d4d9f7bf3aef60dc2d69135a1eb6c9748eca15f721cf5310a7bfe131e21c3504dd75ad986ddfcde907cedd8522caa64845de1794000c2fe7a477189af5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 a98a11a9a9a2c3300270470c51d83edf
SHA1 71c568d203f98609465df2f1171ef94a8232c0e6
SHA256 e1ae90c623cc05c77a9e1ae54dfe8215959fc236f6823217afe31d8f86a5e415
SHA512 f09fc3d469b53031d71423b66fc00bf35f540b6d706cf038cffea02bdf94a78d403f30719afc5b93bb38c55f41933943a3150d933ae4b9dde9a4dc05e10bdf9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 abc5ab7aff8db2ac1a593bf67f84f7f0
SHA1 d0ebfab0da61bd37fbdc81af805a24e43d3321ff
SHA256 256d0dbdd89c73d12b5512a17063fdf7ab529509bc8f35d57eb999bb998639a6
SHA512 d6f39e9803ee6b82497ae8551eec79226f29a02d81b14a11035e92d61962cc3058a28927870da326f59d2ba6757680f117061f35f9a449187da3315d69d49aac

C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1898077915\manifest.json

MD5 778202dc964e7fb0ab5bed004f33fb14
SHA1 932ed013275e2c1172575885246c937c7cca87af
SHA256 4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9
SHA512 9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948

C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1898077915\deny_domains.list

MD5 085a334bdb7c8e27b7d925a596bfc19a
SHA1 1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256 f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512 c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\bc7eb19a-ef49-4483-ace4-c00fc54e699e.tmp

MD5 788204cb52d70ea1798344ecbf24be45
SHA1 8743cfa4ff351b602fbd0b146fad1db838f5ca60
SHA256 951b613f710810519b7634e1709caa1c6f7ce73d69a0356df108ff295de0359a
SHA512 75ff6d8a5e1d8d32b7389192d0f1744ce541e7de16a402d4454997497711280b088eb380bebf792c756060e55fff23b4d29165526a9344505b5738fc29465655

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e94bc16b-82d6-4cb6-8035-66d24e93c0f4\index-dir\the-real-index

MD5 00c63b50212e4051774f6fec82384bff
SHA1 9febc725411cc2ab9442368108b64abd52aacfe6
SHA256 f6fe125bea7c10f77f3c63406da4b517011962b796486fe0ceffc79565bec174
SHA512 a7314aa33efbde531efbf7872b7757df32de5ad18d049bd95df823153333e018184c542196d6e15c112f9e922601b198017b3a1356d1232172fafdbfbabacb62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6363e1dd-13b5-40f8-bc40-32a233453843\index-dir\the-real-index

MD5 971e54d9a7d9fb6ac5bad3ae5b011314
SHA1 43e95f56382844b568f7b5079f4cd9936ec1012c
SHA256 87d796691c972cdd74fc1f272176857f2b998935d439a9952820ba75f639b93e
SHA512 1913d4fbef0e8f9cb6be5da0256fa3115a9878ca6526f9fb7782ac4880a84429d9e0d875821bd9b4072a8b1c1b47e2ed5b8f44c7aaad0a5798affb4dccb3a29d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\39de799f-d5c5-433f-a742-46fcc9ae40ae\index-dir\the-real-index~RFe58c0da.TMP

MD5 c40c0db0588e848a20368d7f06615321
SHA1 da8f5f46995ae350281d42b26758a20538c8d960
SHA256 7478338ddc502a12d4a5c53a624236092f97f05a4e06047ed23fb2b193a2292f
SHA512 4575420502e9943f0f654115db0ef0a832c4caa38c109bdbc4df99cab1f3d427f35de79c572db5b34b5228e5a0452e79168c1cb28ad259263124898cdd5e71eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\39de799f-d5c5-433f-a742-46fcc9ae40ae\index-dir\the-real-index

MD5 15db733e5458c6a779579cb921f4c542
SHA1 d8162fbb3615210b74b53efed8d872c2c729cb20
SHA256 d5bec6b87f86a601013ba4d11255abc66c0b606f1e9c4fd596f54c615b0db5bb
SHA512 fd77da7d866bffefc69d502821b3788d4e2586d07aa03a0f8365dfecfd36a1c20860bb7361f64b6c411fb28abb5309135460a9b5c57d836cc8bf3320a9026fd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 44e675a81ca24c96c140a263b9451205
SHA1 4abec4f24976a7eb9bb28e9f87c5e6a2a2fe0bdc
SHA256 b969c133f1ab2c3c756bc25ea26f1b115dcb2235babbe2ec49b8c90320948928
SHA512 ddbe56cc82a2932ea88d04839a3cc458e341bed3128e38cb063a976c938d766dd9865000528e3f3f4862e036dc9eb84a921ea08676ec1498eaf7c99d41ad7f86

C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1776532225\manifest.json

MD5 a0fedd9b29991ae92455f05414e5fa74
SHA1 300c53982db6bc2bf1875a8e85518e93b94d1f15
SHA256 e3fede606090dcfbb6446f4da29cb6ef3afe7d0b0c8faeff52f7feb2557fdfc8
SHA512 63ce6bd825cb611f34ae5d3a71eee40af7afc460d5a6ece59d4bb86d37a38a9e6a519d30adb720ddedf332754a3ba5f44b578cac3a610ecb8182c0ac3912615b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.1.1\typosquatting_list.pb

MD5 45b4f63711eaa89d9c9792be8b19c2b1
SHA1 59c28d96b19377751accf132f1c42557e2e1fa8c
SHA256 9144637db432c2e17209b2893ba67278fd1acdad9231096674caf7a6b4236253
SHA512 43902e07f6eca8141d458e84d1fc136d850cdf1551597993099de6e2496d29686f8f93263be94abe023588ef5f979533d3e1baf29688c992bc902eea550f8256

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 45e3946b36113dba0d948bd47260f95b
SHA1 9b2fcfe79ee27803fd69fc4e776ae6c9e136377a
SHA256 f978651aa576b414b22260530891caf517708e40e35932be6d9d84a646ab881d
SHA512 461a4c98f8f30696f0d8707f86a530cc3deb3b933d4510c91f9e1f5330164454efb758a5b05e1e3cbefaf196071b26b16e48abfc0a17dd0dd705875b5777bbfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37f404704b021c18f9a6efe7f99313ba
SHA1 b6d7c89f79fb7066dcf1f9de70d72ff20851fb83
SHA256 1e44bf538224d8120b451f93bf02664a7eb70ff156dc030b65fec16bf074e4dd
SHA512 0b9b34d96a4ab288c80774bcb9f79d4a1b71f0647d04aafa06b2219cd0f74009b53abeb9d24d013d61cf653ac8014290505d35b64301bc81aac8a6e83bc62dd7

C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1432382767\manifest.json

MD5 22b68a088a69906d96dc6d47246880d2
SHA1 06491f3fd9c4903ac64980f8d655b79082545f82
SHA256 94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88
SHA512 8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

MD5 60beb7140ed66301648ef420cbaad02d
SHA1 7fac669b6758bb7b8e96e92a53569cf4360ab1aa
SHA256 95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985
SHA512 6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 4fd093e2c75acb8c8e4b011e25f6b962
SHA1 5c79a6be015b8a37a82c1ca4fc5b75ad921059cf
SHA256 ba16a6b9148846d7fa91750e8e03c428ed6217fd89ade2d74c4e3d0715a54c63
SHA512 cb62d9c45626aeeb0c0a5525576977acc69393f8ab3eecf8f7a3b92b91f6349ba5a151b0568767ae303e65efa3ec6e08365f76f276ce7ee536994a077da51341

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59572e.TMP

MD5 8f43e873a6cb0afec53bfa87ec514330
SHA1 0cb16fd00ad7a341f406526b967c8d6fe66c4b52
SHA256 b92990ff955f15b41c8a0cb39dce3a8ea22cedc33d4ecaa2cf6d3d334c1e36c0
SHA512 117bffbb0160e0d812a9329f0156d2c7fc38393c912cd276362f4f6e25619cfc0119ba77184e0a25afd6302b10376030ee331bc6320ef717e1fd4e4b9bebe8e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d8b4b978bb179d54423fcb3c3617b7d4
SHA1 eb0a539837db75d5d677af7b2e5a87f5fe7f6090
SHA256 a7055877fa1fa99de42352da11fc5fbb2362bba7a3a7440f16b1b41f41684f05
SHA512 3029273f4be19f71bf15327a0cbafee05d8b3feb16f9ff89476b8733566f69c6a150877a6c6a1a683b17c74a7fe8662de5655545f9bedf3945437b9f605e1a13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 a0baec677b8a478b267cc38c6bc89102
SHA1 1efc623375a4b41aeffdd44f83f5adc7bcbb75bb
SHA256 f394108be2a984ace0934bbf82cb87dfdd534f885909ec1ad706d0ed97c81633
SHA512 61ed6c372889d5e043a460a9b81cd188646e4b76f192a7ea598a04560995ab19740a4b432e59af12491d84f2ef13e0f2398c7da6b48fe08d7a57791d33f40c25

C:\Users\Admin\Downloads\$uckyLocker.exe

MD5 c850f942ccf6e45230169cc4bd9eb5c8
SHA1 51c647e2b150e781bd1910cac4061a2cee1daf89
SHA256 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA512 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

C:\Program Files\chrome_Unpacker_BeginUnzipping5620_1886838597\manifest.json

MD5 a64e2a4236e705215a3fd5cb2697a71f
SHA1 1c73e6aad8f44ade36df31a23eaaf8cd0cae826d
SHA256 014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846
SHA512 75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

MD5 811b65320a82ebd6686fabf4bb1cb81a
SHA1 c660d448114043babec5d1c9c2584df6fab7f69b
SHA256 52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf
SHA512 33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

MD5 0779206f78d8b0d540445a10cb51670c
SHA1 67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54
SHA256 bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec
SHA512 4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

MD5 2b59269e7efdd95ba14eeb780dfb98c2
SHA1 b3f84cbc37a79eeecb8f1f39b615577d78600096
SHA256 ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172
SHA512 e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

memory/4440-2713-0x0000000000510000-0x000000000057E000-memory.dmp

memory/4440-2714-0x0000000005600000-0x0000000005BA4000-memory.dmp

memory/4440-2715-0x0000000004F50000-0x0000000004FE2000-memory.dmp

memory/4440-2716-0x0000000005010000-0x000000000501A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 603cf64461152ac76fb5abbebfa79115
SHA1 96b7ebafca59e2dc81917bdcf4fdd359e0b9bf4b
SHA256 25e97868c27b05c337b105f584b60fbaaa2db1e426a01eb48cab4049c870ecba
SHA512 de6eccbf5c9c07359d46beb28268f50a6ba55ee477614a0580043eef0ff540f25de27e3f6f9d7777a53e928351504d8687dba6acc6e49d5ca347a938c9d6605b

C:\Users\Admin\Desktop\READ_IT.txt

MD5 d845190db42d07b1f4a34292d8f335c7
SHA1 fa97f5c6d4aa832a0a1451730e8ba2a32b2f9339
SHA256 6bd70f8e5afcaf2bac76a5e40649be7ad4d59fb10d37e4f18ed3b1027b714b9a
SHA512 9d9310f6885084665a54cba5c33ce55d2de89978b82d59c70746f1e9ca2abdd094713e562f802f5e723654824ab872b9ab453cb32e279b5960edc196f683a08c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 abfbc09e010330a46db8b5c7e9ab88e8
SHA1 be34becaf0d5e8bebab7eb3f4cefd5b762423eac
SHA256 5f01be6e7e16c827fbe204677db7cea42b5694bea5bc2d4296f0a344e2cb3c4b
SHA512 b5c848ed04453538401c0903e348c0b478d901ce0a5abe71cbe1ecc7897be58cb7f407aea3150178e2d2eff15e566280a599edaf195109ee093baa48c0fa4aa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8f8a67b6b1a953feaf92de823873a94
SHA1 0c88f6660c5d3d0dadbb28fcdda23d108701f1de
SHA256 67fe03fd44f994cf5d4bcafd8a373edc53b27d67a57ab2ae3ce0fd4dc9911ec5
SHA512 d6bba229a0d0334de368e690c0939b5f7cef8f8ccc2951c74a6b76b5599fc632633d1fa3307feaaeb6099b63bc12dfad44da345d2595315050bff6c36871be24