Malware Analysis Report

2025-08-10 20:48

Sample ID 250502-qvqe1a1tdz
Target OIP.jpg
SHA256 67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f
Tags
bootkit discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f

Threat Level: Likely malicious

The file OIP.jpg was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery persistence

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Drops file in Program Files directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-02 13:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-02 13:35

Reported

2025-05-02 13:37

Platform

win10v2004-20250314-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\OIP.jpg"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\Mythlas.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\sk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\am\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\az\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\mr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\zu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\be\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\service_worker_bin_prod.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\mn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\el\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\cs\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\fr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\zh_TW\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\128.png C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\eu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\hr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\vi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\offscreendocument_main.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_1945965110\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_38506784\deny_full_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\pa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\sw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\hu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_2029704564\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_38506784\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\lo\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\km\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\pl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\no\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\page_embed_script.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_1945965110\keys.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_38506784\deny_etld1_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\zh_HK\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\fi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\kk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\it\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\ms\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_823314018\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_2029704564\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\ml\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\ar\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\ca\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\ru\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_38506784\deny_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\de\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\id\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\hy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\lv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\ta\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\th\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\uk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\fa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\ur\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\kn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\gu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\en_US\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_2029704564\sets.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\is\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\sr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\da\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\lt\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4812_418179043\_locales\bn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Mythlas.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Kolesium.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Kolesium.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\solaris (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\o.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906665406221027" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{DFDA6EAB-28DE-4572-9CF8-0E3E7EDFC7CF} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{A53E0A22-F543-4BC9-BD74-4C77890097AB} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4812 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\OIP.jpg"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ffa84c5f208,0x7ffa84c5f214,0x7ffa84c5f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2332,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3552,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4852,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5264,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5580,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6400,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6400,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5484,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x508 0x510

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6388,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7016,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6528,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6728,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6992,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7416,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7020,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7428,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7100,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:8

C:\Users\Admin\Downloads\solaris (1).exe

"C:\Users\Admin\Downloads\solaris (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=3756,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6508,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7192,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7784,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8032,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=8000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7224,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8024,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7460,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:8

C:\Users\Admin\Downloads\o.exe

"C:\Users\Admin\Downloads\o.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7244,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7864,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4880,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4960,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7412 /prefetch:8

C:\Users\Admin\Downloads\Mythlas.exe

"C:\Users\Admin\Downloads\Mythlas.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7440,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=6524,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7376,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=7352 /prefetch:8

C:\Users\Admin\Downloads\Kolesium.exe

"C:\Users\Admin\Downloads\Kolesium.exe"

C:\Users\Admin\Downloads\Kolesium.exe

"C:\Users\Admin\Downloads\Kolesium.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7240,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=8040 /prefetch:8

C:\Users\Admin\Downloads\Kolesium.exe

"C:\Users\Admin\Downloads\Kolesium.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4364,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=8188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,7171304320319760938,512118926282290850,262144 --variations-seed-version --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2c8,0x7ffa84c5f208,0x7ffa84c5f214,0x7ffa84c5f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1828,i,18002461045990706691,13177217747720772738,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2296,i,18002461045990706691,13177217747720772738,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2308,i,18002461045990706691,13177217747720772738,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4484,i,18002461045990706691,13177217747720772738,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4528,i,18002461045990706691,13177217747720772738,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4528,i,18002461045990706691,13177217747720772738,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 88.221.135.9:443 copilot.microsoft.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 23.73.139.41:443 assets.msn.com tcp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 23.73.139.41:443 assets.msn.com udp
GB 23.73.139.41:443 assets.msn.com tcp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
GB 95.101.143.202:443 www.bing.com tcp
GB 23.73.139.41:443 assets.msn.com udp
US 150.171.28.10:443 c.bing.com tcp
IE 13.74.129.1:443 c.msn.com tcp
GB 88.221.135.10:443 th.bing.com tcp
GB 18.165.242.8:443 sb.scorecardresearch.com tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
US 20.189.173.5:443 browser.events.data.msn.com tcp
GB 23.73.139.41:443 assets.msn.com udp
GB 23.73.139.41:443 assets.msn.com tcp
GB 23.73.139.41:443 assets.msn.com udp
US 150.171.28.10:443 c.bing.com tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 88.221.135.34:443 www.bing.com tcp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net udp
GB 88.221.135.10:443 th.bing.com tcp
GB 88.221.135.34:443 www.bing.com udp
GB 95.101.143.202:443 www.bing.com tcp
GB 88.221.135.10:443 th.bing.com tcp
GB 88.221.135.10:443 th.bing.com tcp
GB 95.101.143.202:443 www.bing.com tcp
GB 95.101.143.202:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 88.221.135.41:443 r.bing.com tcp
GB 88.221.135.41:443 r.bing.com tcp
GB 88.221.135.10:443 th.bing.com udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 2.21.185.196:443 ecn.dev.virtualearth.net tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.218:443 r.bing.com tcp
GB 95.101.143.218:443 r.bing.com tcp
GB 88.221.134.251:443 th.bing.com tcp
GB 88.221.134.251:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 95.101.143.218:443 r.bing.com udp
GB 95.101.143.218:443 r.bing.com udp
GB 88.221.134.251:443 th.bing.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
DE 142.250.186.99:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
DE 142.250.186.129:443 clients2.googleusercontent.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 88.221.135.34:443 www.bing.com udp
GB 88.221.134.251:443 th.bing.com udp
GB 95.101.143.218:443 r.bing.com udp
GB 95.101.143.218:443 r.bing.com tcp
US 8.8.8.8:53 rewards.bing.com udp
US 8.8.8.8:53 rewards.bing.com udp
US 150.171.27.10:443 rewards.bing.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
DE 172.217.16.206:443 www.youtube.com tcp
DE 172.217.16.206:443 www.youtube.com tcp
DE 172.217.16.206:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr5---sn-p5qs7nzr.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-p5qs7nzr.googlevideo.com udp
DE 172.217.18.22:443 i.ytimg.com tcp
DE 172.217.18.22:443 i.ytimg.com tcp
US 173.194.53.10:443 rr5---sn-p5qs7nzr.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
DE 172.217.18.100:443 www.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
DE 172.217.18.22:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
DE 142.250.74.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
DE 172.217.16.142:443 encrypted-tbn0.gstatic.com tcp
DE 172.217.16.142:443 encrypted-tbn0.gstatic.com tcp
DE 172.217.16.142:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
DE 142.250.186.174:443 encrypted-tbn1.gstatic.com tcp
DE 142.250.185.110:443 encrypted-tbn2.gstatic.com tcp
DE 142.250.185.174:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
DE 142.250.185.206:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
DE 142.250.185.78:443 play.google.com tcp
DE 142.250.185.78:443 play.google.com tcp
DE 142.250.185.78:443 play.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
DE 142.250.185.142:443 consent.youtube.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
DE 142.250.74.193:443 yt3.ggpht.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 95.101.143.218:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 c.pki.goog udp
DE 142.250.185.131:80 c.pki.goog tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
DE 142.250.185.78:443 play.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
DE 172.217.16.206:443 www.youtube.com udp
GB 88.221.135.48:443 www.bing.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 88.221.135.24:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
GB 88.221.135.24:443 www.bing.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 88.221.135.24:443 www.bing.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9d35fd9bf8525475cc7f8d097423a755
SHA1 804153ffb12842e3ed6d28f7acdf2bc1590b7a56
SHA256 489797bc3f66e9609ee7685fb52232c2861413711dd892ccf9f0af7005e08ae5
SHA512 bcabb5059818b18876d3475b346f78a6ba01d9a3d6fbcb9bbe0eecc3ad81b85829a3568e37dfe2bdda6258b750a6c72eeb031d880a01ad5951480da9241b942f

\??\pipe\crashpad_4812_BZFMHSVLYDKOZJOT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9bfcb2cbea23e9b46bf1215ef6855a9d
SHA1 4c0b2892a3dbb39bb8854e8257f85ce935517af7
SHA256 3b6000c7f67a0aa1a01e687c76d197ba999dcfc9151c2ce8882d962a52c990fc
SHA512 0425eab1a5caa9c40fd31cf30829304c315d725ff22b803f4399fe276e1d9e3e31218f2aeb0666cdc6a854ce9668c9c06d3ed9e4877d19ea20033fbd74ec812d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 01cc3a42395638ce669dd0d7aba1f929
SHA1 89aa0871fa8e25b55823dd0db9a028ef46dfbdd8
SHA256 d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee
SHA512 d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 1d9026f75791c2f8758b820eaa35589c
SHA1 29f2983b4b74a8f388b5f28fb9ad4a872bd055b8
SHA256 1aee2eb2b64c19df9da11f62b8a5c55f7448683b4f5c4066e4b776aa3e5cd8cb
SHA512 1074e21b34c627702eb952445181caf24fa57c9b59c1459096fa54cce055566af06bd4bde7fc757595cba184d5432e2666b9e8f58d084940192b89587d6dbf48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 172092d7b5fde904173f3dbb22b202ac
SHA1 20edd880ec4ebe967683cbd29ccdc8a603b71a6b
SHA256 9f5d6111c053ae413a1af28ac764dc9344ad30cfcd0c2b8f798af0bd7849e7c7
SHA512 b1124e86ddf01adaf0f838a770220dd8936e2c9d3cc7d19238e40ea9a4f302c311a71cbb8ff8bd00be985b692e6dee7c7ead5be75136d7b30574f600bb90c79f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 254563501a981bdc9201e3f0ddeb9d12
SHA1 398055aa686f0f825a1139620ffad00e49c6c60e
SHA256 a8c86cce61912fcac4f62909b1323e58ede091ca52f131880316bd0e4789a79f
SHA512 f6f2d42a670007070a272a639b82533cf3262a15753bdd15c65ddccdaeec9b6debc98efff4b6c0b1c0fc74d99b4d354164729fafccd0fe9d62f66d522e52637a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5942e46d85a27479ef17206c7a3658d
SHA1 f9f5c07062ab37f3cb8770dd91b3ec7796fae55a
SHA256 2cba2428bf98ecd0304199f93d06e95f453d5e017639e61ff9da2b1b191f257e
SHA512 0ea7ae09de68e8c52ba8a9c416fef908c6d0ebaae402d006e0718f30e574cc12152a04f8969c6b5da7b79cd03ad7086af35975ca7d5418548d1d2139ad374307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 ef83f45aa76bf38ad06cb755a3631172
SHA1 443701988af068308a945ecf1c7a17e740c4715c
SHA256 21b01422c56dda8a9fe33e875463402c383298f3f0bbbf5981d4eaf45d24da9d
SHA512 844be9fdbfcddb589214c13539b7b1aa52af45b762be35b4134a20586d9e500ac2a488951361a1bd96e0d0f75c7a07d47db40f68b0f49c4b476c9b2f7c170f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 312eda13250f427e3054418e589cabc5
SHA1 d953c890fbf0af39bdb4ece8c0ff69fa0eba150d
SHA256 673c56a032a3d539ce786392e3323985b17d22a894e7ddfb7543ff2a88419dfe
SHA512 592bab812105b38c6ec0a593d764ca42804f3057ef114b253c4ad852768b9628f69b2e7e0eb54dbabc53bc47b699079d1b67ff2412aadf85923d4c5ad1910f77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

MD5 b0917d8e6c5b6be358bff67f84eb8336
SHA1 a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256 dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512 cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1

MD5 cc63ec5f8962041727f3a20d6a278329
SHA1 6cbeee84f8f648f6c2484e8934b189ba76eaeb81
SHA256 89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1
SHA512 107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e11043baff77c82b7d7e6de7b44bd81
SHA1 aa7968df8996e45afd5efc068c31581eddbcf7e7
SHA256 65092452e7c1ea8dafbeb21eec93d0555a0b4f327b3eb08a5fcefa3ebe9d3432
SHA512 4e3ecfb1184972b6450ee18431dd8ad39158c0224cad150e90af93a540adea95c5e588b21846c3ffcb4848b0b20dc2dfd0c46969d2545b6c7bcf4f4314f33b8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee7469849cb859c8dae9ef23ab949322
SHA1 2c0aaeb7214a17fbdc18d304c8299db838901298
SHA256 3c1fb7ce137d3f20a5fc9e90ffb159f8724126af86c15d6bdaa4aa0cc72b1ecb
SHA512 e0e43c05f08960d9f57dd89632f61d455ece8bf8b8791d23351f5e3ffe6aad480f9b9e34124bc316f0ec799fa8ddaecda7ea8ff982a2e672beb05948f1119059

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\the-real-index

MD5 5540b786d60e57378e06b0759585cbfa
SHA1 74f256a51b1fbd1ce2ec200b85b1fe517c097840
SHA256 c46a99dbca31be6a340f515140fed1cf95e76800307ff1992cc94274bbf6471b
SHA512 c7a9959a0902b6d09ae6404f1720d57d5b6c8e47122e6545f345992fb06b0d6261f222df3104bcf79479242976db8386aac6ee19188bf7ad555a3d413d61c2d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\8e03abe1-1319-4fa4-95b6-3c644a3c8009\index-dir\the-real-index

MD5 552bf05f84e55311bb337febc667e43c
SHA1 47bda7bce9572cf17af508195fee23999adf8cf4
SHA256 2f73aa685169e8cd8969b72a33c34c32973570a1d78563fb49390ebdbab4a848
SHA512 fc6c97a8efdb84f280ce00b670e0678fc17a4d82a0908c1ba14185ed5b0cc34137dd16a0c141b58e7c5d8acf67a8dd619b1c15130fbe41c26af7af653624474d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\8e03abe1-1319-4fa4-95b6-3c644a3c8009\index-dir\the-real-index~RFe57f7be.TMP

MD5 a3f733455f2921686c6bb9b5717695c3
SHA1 72758d8765c4312774385e5044e5efc692ebae8e
SHA256 14aac1a31607a59d2c001ad519e58e6efabc8aa714365590e09992cc40adca83
SHA512 a06138406afc7eb14df9d500826ae0f850338e1a304ad550d68cdaf51856594abcd19988a19ccb7bf37ed0ea9441938b918ae3f6abba3132fcfd78fc6b5e3fea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index

MD5 e7f2276db0db99b73415170b4c224332
SHA1 10c6b763bed04a985313328e45eb3ca2cf5e9aa4
SHA256 08bb083280e359a6b605c6f6cbf4b612190cd0a48f9d5434c121f01cb4fccd0f
SHA512 c4777dc74c2c89b297cceb8404928ab6821f2cec41fbac33d730f24f7b58e166c2e41a9b4e6fc3a6a3cc701bfd7d2ec7f0889832ec642722b394fd6e0e6b7287

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index~RFe57fb96.TMP

MD5 09c25849d13a4affea5d3b547a15c3df
SHA1 1e458c222f7c03ab0cd864879e38f2aa7f1122bb
SHA256 488222782e2a600ffae6e71d837899e06f241df585062367bfa67fb37c94eddc
SHA512 c6bfbe17bc48e6e87f50e36df1dbad540f796ec3b8fd014b19f898bb9d2b329d44f77c22c292a897bf2d6a2b075ac62703404d8890945b10524811c8b2afd664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 aa9d7823847451f432540b3fd2d68bfe
SHA1 775b7b1292c611d6982e84cdf3b7195187e9b107
SHA256 5aec6ea9f0444dc30a4bc938f25a749bd64cca0c4de9b7e33defb240b17f5b88
SHA512 bbbed3cfd14b366b9640716877330582898c965711f1acfc244419a1896d6ae89e0ed3bd296f9dbe7130052f4aae097cf9502e7f776dbeae8da269db6e999e63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581112.TMP

MD5 e620e0800b90f4d2cca0405cc7cb8612
SHA1 ed876da71e67b4b056a415b45033994e85494928
SHA256 76551abeaceb0aa193d7ebb7e5163b9564079b81dbea521edf0bc476e8f10935
SHA512 f48354b5012076c19af812252e437a093f0e6fddab3c9c84357673233cc64a268176c268b01b9568ee3da7bf77cb1067bd8837aa15631f1ebeda77ad87535cb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 14dc21ba8516889cbfe475113d739ac5
SHA1 5f1ac881e79dafd9c33c00c5080960424c72e918
SHA256 f236db4f8eae4546097129ff2b60d6ca8be3992ff2ef45d5028767266b7d51e1
SHA512 3e8ef09419c9c7f30944a915a8050e6cfaafefa220be6bd37942aa8af45c78c3a0de35958c7136265a3770d92c137de694ddb781dab4c925ee1cb02993a31624

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

MD5 d41aa89c803d1f4646e315a00b13ef90
SHA1 2d2e4e4893d73300894fe0da4b5bd8bdf2ec90fa
SHA256 7ed8b94421cce9ec93618222817633fd088860f3d98b49a8ad150b97e6e7037a
SHA512 d1223cc6c9ea5c89c1ef5c1661f86f6bfd122705795a0a2ef921a1999857798451ba32c42c10db75ea8618335f09c22a6ef7ceaa2d7c0781ce544761f56e2ac0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe581671.TMP

MD5 873ab861c05c49c43aeea6adcee4ac37
SHA1 7729e2fac8fdaf48f36b30662410ee8af8208c3b
SHA256 9ade19225c37f29e47f584957d48e1ac06d6523bd9897e881962df92c8660aad
SHA512 47087e0d5bdadc0b95b19b44ceffb1deb34d5b35f4038d6687fcdedb4a9edf48548e5a0feaa1c479a8ca92ed30e4b4af1f1652147b4dd7075b4caff6306c13ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 29fed12df5393969e37b80edd2265c6b
SHA1 832527c02caa4aa5e2251034c4e7fe9a6efa5103
SHA256 5d456847e2e0ce1894e89052cebb635691927e351dac448a0ebeb0e21751134e
SHA512 da576700ab4969b39347b7f393bb53aabfdb9d880c80ec5dd117f91839a5d754867b4acbcf1aab14fc987e911ba8e368b765c5a88c68accf18d09c656d112a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 ac8606c48b5a330bd73feb59fb859463
SHA1 dc82b7d934eb5f9670873c4be5b5ee379a4386b5
SHA256 7231e99f09f525df69b70d96c222b0149735620b759d66ceffedd818e7cdcde0
SHA512 6fd4130459d6dcdc6b3a30421bb10292e097d8076858af053d0477bca8914c3fcf9f750d767c2c73cad884c516a9efce29bd79de420c7ec82f7d62036912267a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe581bb1.TMP

MD5 1cf563796119c25d310fddb3c1632169
SHA1 9625c3947d456ab3d6c6c0dfe777b916eeb45d15
SHA256 d526c17686f0340eb8acdc106b8d7067d9fa859fc0a99bf6d18800d421fe74c7
SHA512 8b40a63674b69b7fb7ae681e75bea629acfb9718f073a5d5b79526346eaba86223e7d9eec34167207562e23f2b0758c4d00fc5192fe637a5b68ef4c884e58ce6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cc2872b473072d62b7645d31433eb2b
SHA1 ccbc50d4a894400b0e7baaa7ab5f1d6956b527fd
SHA256 54c4bc66171fd226855f68a915ca69b10a4c35c42b9a09a8d6aba66ac1d6e602
SHA512 fdc52e108b294379fc6d7fabaec94d5298b46488505337c6a50a9ce613906c2da31a665250d6126e05495de62d752af49ff4dedc52a67bd4f1a479f371ea4cad

C:\Users\Admin\Downloads\solaris (1).exe

MD5 0afcd7ca960cecf358f0ed09c8c3bfdb
SHA1 5485f19e7c2bb065530307443d44374c3706f933
SHA256 77df13cb8fdac0f93035d9df79c94ebe5f1d701ef0133a7678fab9ada60f73f2
SHA512 5242bf7212ee87f5561cef9d84c3104b825ebb01246026912cf2dab719e96dfa7ddc4d60d56903cfff47732322365ad9d47d6488e39657ce406eaa7dce155d2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 dd76db7a6d3a243904bac0e2993c36ff
SHA1 8d413ec42dcf9a62f29fe914c51b3fc82565aa8f
SHA256 5e72e5b8a7d96ed0d87848b266520eccb636b9874f6f54d2f12b2a0e74653296
SHA512 368a83454e5b9f2b1f5b9ff60506bc23ab55ec5ba09d258149b9d255e621ed6acc77f4fbb594a8e048e3f33fd9838860ab081fbe67e8ceba04f5f2af73330bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 90af086122f5767015b4a1cce5964a03
SHA1 1000b90f50f3be4cf88573a6e509049d1365e689
SHA256 f10187dcf7fa095adbefdb3654b5cb9be8e2568064eb883e52ce65215dc48b80
SHA512 21e84cf8a2704f482f923a164a2b6446d520ea5a5dbd651156745479c7fcbe037b655d1a41a6e48ccde2400274c630caf06e6571fec2b5bc4369476a6954dad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 07aaba6c7db565788c577d8b85ae275b
SHA1 c97ac01b180afd90d17dbd6decf50b4f124b4352
SHA256 78b5bfb903bc0301bbf4b24e66a405a3b97fa9b6ef7585d47293e504d62269f8
SHA512 986fd3fb4acf4206c2bb44fd343e80fcf2e7c5399580e7cded713d9265b677fd170430390fad872166c18fd21deda2a6244e5e9bfb33ef7ef8418dc1f3c582ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5866d3.TMP

MD5 585c28bebefc8a953d8855179a47ca61
SHA1 678354b5873c6374d4794ff2e0fa741b60bbd184
SHA256 19bedb328531a9716e1144406705c9905b3fd752db841034f6f04990767508b2
SHA512 62bd7c4107733a1c2b6a6dffc7ab4f51a2f1f8f19e1a24903abf909b3e7c95570a3bac0a35473d103a86db4f2b594cb1d9d68cb9608a71013f3212a514813c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9aed77eea01c0e12f353ac3b96b8a380
SHA1 31f25cbcb4105b534964e43bb1bafbfe67cfc454
SHA256 a46e513bde07965023ef51d486475053c89a4e65980473a6bb9483955e750d19
SHA512 109de7e0f52941a6ab35e3b495469038a3b0024b2d8383ce9648c2dc9bd107de325d12f266d39fe82503d4a3ba6ddd02e34a993a7f7fde7daf6e44c4a7161ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

MD5 85c78587e1c720890cd9c05bc9e1bd09
SHA1 8b2805a0087cd6ceb8bd8c3fa5e103f016a8ab5b
SHA256 f384c85d7f117be26f5afc3d41fd1e555c4f86e5ccddc0020af7778db6ac90b5
SHA512 25c8b4d6f6cb0533f699d062b4de2a3bee6aed9077ad18cb2ff1880f7b9788bde1a6a235d00c3221135b400dbaf0058d49c03bd1f185f49071392cc153e39c27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 96683ed8f599459966085ffa68cf517c
SHA1 ea91d41fbb24a2cd920b280264e3a6b0d72802f4
SHA256 24bf8306b5db188dde52faae7e31be2b539e29fc88187efbe09426e518c4a536
SHA512 7e4c06be0ff00a880f1cd8c229878dd1e123d5c4408956ac1405647bb4a07bcd762fe82e5cd0521730b01c7282e7b58fcf7207c4e9a9396adea53bc423658b0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0c6502f41b6e7885d96cb7a32d28048
SHA1 6e293830eb9aca59c26aa75bccd6dec5a86cdf3d
SHA256 3464e928bf9ccdc71f4931ac973d44e649bdf32bdcee1685a86e287bba74cab1
SHA512 afade2bd03a9870ecc49346b7d9c6854c8c7231b60ce4bed0fa3049d9457581f77f069f63d18458cd2cffc4b4c1ffd6df16430cf35b94ca2dc30f2db7b24759e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 415b53a5c36a5e0c905cccd47458f5ea
SHA1 6127d8187271785c74c87a896a0d70e7f7e3bfba
SHA256 8a52103dac3fd5f98899b2d2e1bd8dd254a8dc2ee6852077b7e46a723414ebc4
SHA512 3f1a173456c551822b76e4fbab2de9ad31cf92eea38b2bc02105d58785bcaefe2a36b67fd53b8d21239a8620c79c292c53f1d83e4ffbc87d28790e51bea6ac77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 4b984ad913afe72cd62b825932f02af0
SHA1 7ecee688e2dfc0644d6fec0729c8b8ead56ab3af
SHA256 c49c9e9bdbd65cbbd192b80a7c5ed3f725653433faadfc74ffcc1ddc53e1d1b3
SHA512 1e7233d2cd67095439f6f52decbdfa473c98da6bccd6e20233ccf0d9aeadf4ae2ffee4cc471c56c87c075826bd74edb2186c94723139aaa58ec68d18a2bb7d05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

MD5 41c1930548d8b99ff1dbb64ba7fecb3d
SHA1 d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA256 16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512 a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 b2b59589da683d1db1cf9a72bcb3f10a
SHA1 07ed3d7ca37a7006d6db47d90ec8c68c9366af50
SHA256 ae1b6a0dccbafeffb0c2691c6bbf090541f4162fddf7422aedf3dd7441a105aa
SHA512 f7a2b20fa254e970aba7689b75e27bcca2a158e896f5e6ce0627c3051b6a4117f2346efdc924a64e6af31f48168cb03c5f437655d0f48f8a490306a57d87bb32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e4f055dbcde312606b9c0381018dda26
SHA1 ce8482e926a50fcd0f8f3564f4181c271386a30d
SHA256 103c985f701e198f179b73a3ad6c265e8054fca8fa4ac2dbe81488bec587afc2
SHA512 61b940934454e0ad4b5cf7b01bab7c75dac7cebf27209ed36bbc7c20020ae7763766ce87a33dcc953882775d18ee6c516ceb2da5c9c089eb0761c92f80ee254a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 77cf0dd56d628b498848a09bb1c69c27
SHA1 2f8bf225e8885b1a5c4ec12c2c3baaf8ac67827d
SHA256 290479c0a107fc7970efbb1d51ed18c0a48814b145758861183415b2cbebcea9
SHA512 78c7ad3c989b12f9df3f2d0363dbfa2d8ed2c11ad98adf2773d07e41a6cdd7ca51214322c11ed00cc0feaac729a0c0c4f6712042a1039903fa23f6707e681f5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 ee2b7f50a02901e5faeedb4b59b79861
SHA1 8de538dcf61bf590df1b31275bbf4803378ee3ba
SHA256 2db1f67f0782ffb5dec5541b70af7179cf16e89257208b305bca6ecba30b6a82
SHA512 9ef624c5b0f9cf30e183c79ca6d58b89861135a0628dfacd47ce708d3f29ad89acf355245c5fd86c4d443b0fb895225791249d7c6ea0ec68d26ee4abf8fe4a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 22bce282baef96725592ef258aa6343d
SHA1 075dac7ca87346108e4b18ad6901814957c9b082
SHA256 b2ecd47115c3b718aa2ab4b623378cbd66af30e390b88e6b2979420d0486da9e
SHA512 c057f181f09874c326413c0a2a2ff9a57415e73d51753e932d4bf7ff93f0feef110585500505ab743dd6f3b9e31b1235722ed8524381af67aba641ee7e730d81

C:\Users\Admin\Downloads\o.exe

MD5 c5eb98a2024b3a77d59e1e5123206997
SHA1 be4551f0ad0c49aac85e7ce5f429ddd57be83b01
SHA256 73c0eadb15dbbbe57f7eafddd46379cd87f1a58a30cfef0fff212157bfc4c359
SHA512 b69e87a6bb4563073a3f4428c7ec888a22e94cf0b0703043d179c90cb2c15b5f9ebee39eec30f85d77393a50bf6e6eb8bd56606c1f8c404c6a88380f063cf9c5

memory/440-2080-0x0000000000FD0000-0x0000000000FDA000-memory.dmp

memory/440-2081-0x0000000006020000-0x00000000065C4000-memory.dmp

memory/440-2082-0x00000000059A0000-0x0000000005A32000-memory.dmp

memory/440-2083-0x0000000005A70000-0x0000000005A7A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58d02c.TMP

MD5 70e1e1950facf7d4d7c8531e5873a0e1
SHA1 d9b6b57aa0a5877b4baa7ba505528c7d3bce7e8c
SHA256 c007e1eacf939411573d22554950543c30f816507a30af2d4db2491e204f3438
SHA512 30a7eb83621cc41317e57163a8379c4fa4ef535475a139a8db9cd95076f8d4b3613da07952b7532466e56b74390fd539f9b8f2b420c06bf705f8e4ce2bb1ea69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d5e73f14a4643ad8e56eec82c44fa9c4
SHA1 a6ab45eaeeabae74eac60919d59aa09744fea1d9
SHA256 fbe2ee5948b2586125d0d0ac79b67a879f6fdbd8d054761a5ea93aff45bfa0a3
SHA512 451b33ce54a3a7523315d4f7ff606dbd92fbf47539a8b9748a7a44037b4d1fad5ca5f50cb1ed98377875c90e10252820a4ab8b6fff29ddfadc2f9e2c742b25c2

C:\Users\Admin\Downloads\Mythlas.exe

MD5 1bccdb1cbbdb299f4053dbab4236dadc
SHA1 baf7c15c30c705fe99c4b5cbada6a46cd92cec22
SHA256 e65c793a31137ae75a6f30ae2933bd7cae74fcd4330b6c8770c14466bc3a878f
SHA512 c32b746081cf17dd1e29bf132350f753cd10636d37caddd3d3b8714675710c67420d08ff27e3d0f7aa71f0977316f62261cc5ca40badbb5d2bf76ee3972bcc3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 d668d4ff3e0a3804222fc8c9e7b388ea
SHA1 015e207be9704003893af7bb60cef31bde99850f
SHA256 6a1e80ca9c0cd5608c949398aa733c1acfad03b5fd36e95d5e2414dde5bca0bd
SHA512 8dbf4448b0f0bb5a2133204136b494683a3cc7b609166160b29bb3e720396b7e215a17a4c9c77f95683bbc62ab5e09552d9b095297abe6788791cb9e558fb7a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b57443e2-32f8-4994-b577-f2e819658f8c\index-dir\the-real-index

MD5 7d03f80270a90f53f833fd999f53b8b6
SHA1 9d722a8ba5e72f6aef2b8bd3b14ed3ba005c3464
SHA256 1b0f80c1ff646c0d83912265aba7fca56ddb90ff3722e6e50a45a1122ddb21b8
SHA512 1738af0850491b54e8535823eb8c5e088c1dd3379f173c3baf8c51c972f57e4e028c495f9d4f8995c311ec62971c6f3ca573157e1e0dcdd81111bf10a5fc9698

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b57443e2-32f8-4994-b577-f2e819658f8c\index-dir\the-real-index~RFe58ec4f.TMP

MD5 cae357d101c1811fb64fdbcdc7dc53bb
SHA1 f88002f886ed68fcaa83c9bf27b58b15d5d9bbf0
SHA256 89060e1a65e4b386bcee6c21147a8a3776e107081926dc805c0531eb22c70a2a
SHA512 0e5a2c6a396a1f8aaa3593dfd2515e618d4d43a5925a73993a11245ed2517157429b780c57b238948cbb1df278ddeed93626280ba461177b4f233dcf1e909d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 129fe733e110e47b2bae49301a78a610
SHA1 ca6655ed6c6bb7a709f149fc4498f5d19c632570
SHA256 b5ed0ed93c732d90fec554016324aec37b169c8a2aa0d7596895f60778c6ba2b
SHA512 549c14799d834ebe49a96f90e99b420a5cd007f2d4631f0a4531f2c067250e5aa24ab103fb84aec898b081b0cc629fca3496e7640ca15929152fb00c09704903

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 8bb34926db9b09d39f94c3a09594c40e
SHA1 6b09d4f5d00e9498c13baf1416fb24f353226dd0
SHA256 24c22c6a5c526cf7a39a46ee1305a982b39542c0e3eefbb74595614963f08727
SHA512 c69944e8103a05c09cb1ed0a4cb13a0eae3d1a678efa877ca8d2921f50debd8c290eafd9e9aaf3636fc5608e960c8b82e13f54ff49e7502aa7143982da72fe72

C:\Users\Admin\Downloads\Kolesium.exe

MD5 46213d88cf0ec128340d5bdc2479d1b9
SHA1 2e8f3621f860beddf4985a9f5bea2863542e4a7d
SHA256 82b489067d0a1a9c3fb525b4f9a48dc709d4a3bf3d4a881b44e5c98283b1e809
SHA512 c958db74258699c324c7ec1fb14f03b7a71a4ee7a6e2bfe7a479fe9e7926e1afc99ba858fb613a65cc8c99559740758d162d2e228007cd0f7fd29b5b11ce651b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10a745930126ba2f217f1f4932ad7385
SHA1 8a3162797d6036380f95d092d6d06d4efa6578d3
SHA256 5956c7b13f9256d374b529d625c8ef1340edc1d9747631f566de34651dfcd503
SHA512 4bc973e4a20a863325cae3ba60317b59fd7545caa4bdd3810da8dc289c424e414086d667f97eaf2294bf41e82bf076ec0b7820a1e532d80b6c173c85c10495d0

C:\Program Files\chrome_Unpacker_BeginUnzipping4812_1945965110\manifest.json

MD5 7f4b594a35d631af0e37fea02df71e72
SHA1 f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256 530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512 bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

C:\Program Files\chrome_Unpacker_BeginUnzipping4812_1945965110\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Program Files\chrome_Unpacker_BeginUnzipping4812_1945965110\keys.json

MD5 bef4f9f856321c6dccb47a61f605e823
SHA1 8e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256 fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512 bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af4e7de1b0faf71fd9b1d5cac9ee02eb
SHA1 a70eae363a4cb35cd20f7aa5c9a23fc03049a8c2
SHA256 8e0e3d097c42e4761a29d228d6e7de15084862055b2c7e60462f9cf6afa7a8f6
SHA512 75af160e29b806e899507b7d7e6daf6fb41173cdbead16756c4b963787de43ea11bf4e2a5bab33888d77002e6d844a0a117457e7d0aec9c56f8f6dd4d2edc483

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 745765b7a6082aa86b5bedb513894bc8
SHA1 9947fc5869ca6a7c879311de7620cb052d24c162
SHA256 606750f656b5790efccecd3b162de8bf91f9747ed292cded444824381bd12fe3
SHA512 53a26c60671fe8b2b0cbfca86c44f401a3648b5da595635d04f4142fd468a3d7644954a80799b1419a58a1ef2b9dd68d4feb3cfecbf81ccfb70aa8093be1c9c7

C:\Program Files\chrome_Unpacker_BeginUnzipping4812_38506784\manifest.json

MD5 778202dc964e7fb0ab5bed004f33fb14
SHA1 932ed013275e2c1172575885246c937c7cca87af
SHA256 4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9
SHA512 9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2cc0fb195da3d01a4eda7ae527158cfe
SHA1 36d1a99e7e99cccbfd7528e5b0a7f6f71d8ea1c7
SHA256 f9f8121131eec8ee878beed5ff74370d0f2cafc973f3f18f93faeaaf9d21f809
SHA512 334d7eb50106cbc8b517236fa27cb9a86c92217921c7525ddb815b0ab305c3fb404bc774fdaf4be4d283c3ec483dbc12e68f18e3a40b109cc1ece1b7ed9ae8bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0dc5d97e49cfa06957d5de21fd1ac446
SHA1 fea4d2d5d59f90f8fbfe2dba580edd2adad7b04e
SHA256 36850b579e88df2362e3c6bfdabbd121354416338d7cb85b79a0d89b59737c13
SHA512 d61caf87485ca8e1b8a536f934da2531174844e0ed9d442ee0096286db331fae832a923c36577f82c534010e5bba7a1017c6558b7d7a2f0670563e75ff6e1d9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 814af8d9571e7ee37167079d30b4b0e2
SHA1 c6b2b705563766bdc5dc902d330ad6f5026314fd
SHA256 3d577f73703fd1d9a09b5da0f41ac10c2e07d1f3ef6e468eb18ec54cd83fbddd
SHA512 c121701ad0226211474ca1423e137a94bf544b737cf2a0460a07aa6746e0ee1fc5d613ed407578da14b88cda69d16e7c955c957067c9ea24c0de28d764d90fb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 925f4a7f4809361853cbf80ab8714a78
SHA1 fa8654756f5d8cb9e422b1a415170efffeaf02ce
SHA256 60c7caac6f744af854e6ccf04fd08e157d5f00b2fedc68f9e611725ec9a19d66
SHA512 c62c34b2a35158b47aaed14ce7d3a60db42e522c2825e9150518c93924b3f38d0693a0156723a1e076c40664c58d97919e4be7211eeef967fd102818e63c9214

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

MD5 d962542bfdfed6f60ed65a98e122ff0a
SHA1 90d61cb1bc2fb79f32330b6986fa61b1d1525148
SHA256 9bf58e8847f5bbb71a15cfd0fbe429199e059f62d455df4d7f0ee06c4088c2c9
SHA512 71a491cd2a7e75e69625b03dd6634c06683dee24d15d4f171af116dcdd3dcc9ee93bb00e7c1008e6d2b46e77703d258cccb98731feccadfb7915aa30430f5cdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25503effe5d768eacd4b30a93ffc553b
SHA1 9171ea564715558429174481d6d256392ed7c6c1
SHA256 f41d60414877dbe2a14486c4acf37bef0c55cf76b80a12f8c229349ad5669741
SHA512 4f3873d07f470f93d99393bb21d6e8b4ea85f4b55879d273f16be6b0ee415550540171f4c9dc6f2e6ab546e1e8adde587545bd1749db5534de0300bd57e52358

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 3e45022839c8def44fd96e24f29a9f4b
SHA1 c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA256 01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA512 2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

MD5 f6975d81c729d32569c5df3cb9251fa1
SHA1 2391b170af2104e5d67bc1dbe853c0af43b9bde8
SHA256 f9b1cd20d141b50fea7f71b294644c42b8a124bef65452f0d84202c97736b611
SHA512 f75fa93365317727b1d7a4d0f8b013894a139b0dae6f85688a573411426f8ba8363746e5a4dc54324935ff6944d4384b6c27227162bcaad95138bf20bb5339b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e229e942-34df-4780-bab2-a84df60464aa.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

MD5 ba9996d1f96b08dc3596447c5e8fc1bd
SHA1 47db139e0b0092b7000dcfa62c2525d624181a9b
SHA256 0089d5453347a890656a2a3364bb468825c54f36fc8fe346b0c60d4210fa32ab
SHA512 c15bf6eb8a1cacf6a7cc2c14cd6ac7273a67dabf4b9ec45d4e053a3779a9360cd23921bd1a5150e42eb5104cc42f3c66948f962f4d977531820e50dac6e0949f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 410cba6c843ee3ac737d650d275ab34e
SHA1 1179c8b2ed0299845e2af587e878581e49253a8d
SHA256 ef7ebf0ca807a7e88710b73db8fd1d3ab81f1353938a188e7395ee0976932304
SHA512 9d3949cfe5e820f88d9393a05066f09eb2e9cf22ee6b63af66f755b8d51990fafecd0ceff1ec112acccdc69ca62a676057646dcecef6c438f21993d9a3cf5979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 8bbb2be5bbeadb874d28e7eff43bf350
SHA1 e0f43144a8d4725483f9270d1a932adea68f25cb
SHA256 1650c09b6426978b6ea517f713d0d93cf7c40ca205cec90c881888c410d03aef
SHA512 66846de7f06244da3f48aad278671a03196959c44238af8f043036ecf492af974780933acd8178e519074f9dff12867ae50969a970b7ec4d18a2daf83d0fb23b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 00dff25777897d807c416af515fb1007
SHA1 c83a784102c12d65f1eacb5e3723d6d0bddd5c89
SHA256 b5dbbaad1cebe96c11614c295662df1e46b9fdec9c0da98feb43fcc0e5c78f22
SHA512 17bbbdc6814e06f054997959c34682c916131ba1b701fc18f3ab0066b3ac4c3ef0dca73ed1709cf57d2fd3cfa315628de9bf65619307b71d4941bb64a89aacfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 8406f698037a8d493b6265dfb78b1b74
SHA1 2273e9d40a1e27117d845bd4955fb7fe3c76ea2a
SHA256 6f8c18e46a71691f1af60637eaeaee20e982a30dc122cc44518038d36ac4b5d5
SHA512 b112863ad378bfb09fa873a76df0220ef85ed63921bb45746b64205b80ceeb659c0918cb2ef5d28cce189a6b6cd49ced229a8ca3bb9279e3b92e5fcca4df12b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2afdc06ec2c5886555f09bd6a674eb7
SHA1 d632ece09e09ebca4af0e710039ae6aa657f3039
SHA256 8a9642155ebb5d2a35a057bcb1ed859d7dc32408ba4c0a82aaff2f74691fb449
SHA512 09203daa475af8b3fec92d9316c4ccd66426a0d630dff4e5335c7d90b549114e2f2c1f692ce1128487d54ab02250026827720b66e661ada657b50d0598cd0d24

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-02 13:35

Reported

2025-05-02 13:35

Platform

win11-20250410-en

Max time kernel

0s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A