Malware Analysis Report

2025-05-28 17:23

Sample ID 250508-js811azsfs
Target https://maconsmallbusinesses.com/wp-content/uploads/2018/08/
Tags
discovery
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

Threat Level: Likely benign

The file https://maconsmallbusinesses.com/wp-content/uploads/2018/08/ was found to be: Likely benign.

Malicious Activity Summary

discovery

Drops file in Program Files directory

Browser Information Discovery

Opens file in notepad (likely ransom note)

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-08 07:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-08 07:57

Reported

2025-05-08 08:01

Platform

win10v2004-20250502-en

Max time kernel

240s

Max time network

235s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://maconsmallbusinesses.com/wp-content/uploads/2018/08/

Signatures

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_513344481\protocols.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\nav_config.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\automation.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\classification.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_512148278\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\smart_switch_list.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\travel-facilitated-booking-bing.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\office_endpoints_list.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\sets.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_513344481\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_513344481\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\keys.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\travel-facilitated-booking-kayak.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_512148278\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\extraction.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133911646385604236" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3623617754-4043701611-775564599-1000\{CE4601C6-8F82-4AF3-BD68-55B20B282731} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\notepad.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4132 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4132 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://maconsmallbusinesses.com/wp-content/uploads/2018/08/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7ffd4ee4f208,0x7ffd4ee4f214,0x7ffd4ee4f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2096,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2000,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2292,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3536,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4188,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4264,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5068,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5108,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6760,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6012,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7180,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4580,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7120,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7184,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6952,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6632,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4284,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5444,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7032,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6656,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:8

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6664,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5392,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:8

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Documents\platycranianjn.ps1"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6936,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4244,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 maconsmallbusinesses.com udp
US 8.8.8.8:53 maconsmallbusinesses.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
DE 142.250.185.142:443 clients2.google.com tcp
CA 108.163.153.194:443 maconsmallbusinesses.com tcp
CA 108.163.153.194:443 maconsmallbusinesses.com tcp
GB 2.16.153.203:443 copilot.microsoft.com tcp
CA 108.163.153.194:443 maconsmallbusinesses.com tcp
DE 142.250.185.142:443 clients2.google.com tcp
GB 2.16.153.203:443 copilot.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
DE 172.217.18.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
GB 2.19.117.83:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 2.16.153.221:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.16.153.221:443 www.bing.com udp
CA 108.163.153.194:443 maconsmallbusinesses.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.253.64:443 edge-consumer-static.azureedge.net tcp
CA 108.163.153.194:443 maconsmallbusinesses.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 13.107.253.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 c.pki.goog udp
DE 172.217.16.195:80 c.pki.goog tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 84.201.209.101:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 2.16.153.204:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.253.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b99753da44b6438da8e7242bad3cff63
SHA1 ff0646d30233e2108edcbd98f5a185a6eddb8e07
SHA256 9ee28f735796661bd328fd87235ba49e01fc0bd7723d5e1660787b219b492f96
SHA512 55a6014a7cc40300f43e2e1338812b1aa05b7e2ceca6ef6afe09ceac160bd64a8aad34e189ad8c58524b3e1065eab520b34ff94324e34d1ca9ca419b084021b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dcbbc33f50fb1aa8377416ebeda1d59d
SHA1 2147bab26cdf2f17740b344362412bd2d4e157df
SHA256 3175b81fd48ba8381d330dd2709c50a8f9863f7c216a546c9c6cafd73a168c13
SHA512 1046b1249145307dff1ea1985de361b959d4277fad2316d2c685344b036bc53c2312c6621acae39aef280c2c06655932bed94f28c704157858eb347bcbec82df

\??\pipe\crashpad_4132_AWQLITTUGKTSKFQG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 05e85e1f6b689b1cf229b04980d2f3e7
SHA1 81a5e858d42429235d5b4ee4d7e56da332bbb125
SHA256 ec1c98b1b74f1486471c5ab146785602babaccd33297da73b49308e7b34ce46a
SHA512 3f143ba74975e19a1e52d9cfd468d7caa49a8ca1507ac2d63a8025db2e16afe06ba4d2bc3884dc679760ab21904e61f8ffdb6b3fe639b48dd4bf8759ea5f9d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e3657a3e5af17025e5b20b4931cce12d
SHA1 7da44598dee34ea617c2b72a2548a0d67673983a
SHA256 27973aa04128f6fa460261f9f693e01c441ffec5803932411abdf934b1e8abac
SHA512 f18af8e2466cb85cb07b18126b14fb18fd954909737a03bed2dec4e7300b2ffb2e79d4e1c786f68cea312e9725cb6dff4c85834abfd797505197258964e9e11b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 164a788f50529fc93a6077e50675c617
SHA1 c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256 b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512 ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 c6b9fdbe0913af65c42cb530f7040071
SHA1 858b0ffe6c043d19b7ad0aa534ab52ee6a02afe1
SHA256 5f214c1e6125e32af7983b45283264c8437725eb582e3def5d165d9d04292453
SHA512 fb02e9060ef6c06916531eb318b3a202fdf987a8aeda423a9387e02788123ce723093bb5af517241e249d80f8cdd005e9f7a9aa8ef75b9da44678927030d1b16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 c986edaf2ae4c9080c623e3daa33e46c
SHA1 4e2800dea5a06b7896b9070239b515dacb2c7aaa
SHA256 efc7748814346e4a3f9a9c14207d6de0ebb7e7def3007576fe3b9d0163f9a7f4
SHA512 b06148421d315e694d4a62fde5280a304593af252a13ee0ecd36aa1acf6191ff93f6483df8a70fea764ab07de16cb3b6ee2aeed6c1988d87aef93ec619cb9923

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Temp\scoped_dir4132_550008302\a8ef57a8-4b36-48f8-898e-e41715bd84dc.tmp

MD5 b0917d8e6c5b6be358bff67f84eb8336
SHA1 a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256 dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512 cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

C:\Users\Admin\AppData\Local\Temp\903e0001-b123-4bcc-92c5-d68127238c02.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 708677daf2d2506204240ff1ab816277
SHA1 f351922068184c7fe3d8bd88312e582194f82051
SHA256 56146cdaac4b05fe85ff15dbed72fe955e85dc79d900642c75509aa69eb9dd60
SHA512 208382c57a8ee7dc027218890daf8c50e0ab8b191dc1db4b288f2a9232ccf4920c448c6edf61e684a64acd07c72a7b4e68ab60e3901a442269b9e3a7b9256ba1

C:\Users\Admin\AppData\Local\Temp\2e75c5e3-6edb-4aba-9bf1-1ae1ff711baa.tmp

MD5 78e47dda17341bed7be45dccfd89ac87
SHA1 1afde30e46997452d11e4a2adbbf35cce7a1404f
SHA256 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA512 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

C:\Users\Admin\AppData\Local\Temp\scoped_dir4132_167457499\CRX_INSTALL\content.js

MD5 3d20584f7f6c8eac79e17cca4207fb79
SHA1 3c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA256 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\verified_contents.json

MD5 738e757b92939b24cdbbd0efc2601315
SHA1 77058cbafa625aafbea867052136c11ad3332143
SHA256 d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947
SHA512 dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\manifest.json

MD5 e805e9e69fd6ecdca65136957b1fb3be
SHA1 2356f60884130c86a45d4b232a26062c7830e622
SHA256 5694c91f7d165c6f25daf0825c18b373b0a81ea122c89da60438cd487455fd6a
SHA512 049662ef470d2b9e030a06006894041ae6f787449e4ab1fbf4959adcb88c6bb87a957490212697815bb3627763c01b7b243cf4e3c4620173a95795884d998a75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aaffa8ae2418033ca98e757c75c4e6fa
SHA1 adfed240a4393e1c8aecd7ac2f3ec4561fa62212
SHA256 a3fa45c6d4e7d38ba66627d149ee5cf24ca9f5dde0cf8fb49cdf9061f85aff35
SHA512 0d8b3fb12e8a260b5b006779e3c740257ade24010214ba8b127c0cb39c5f8646503bf2ba7a835caa97a3a622270127953e8b58458a939872556ff57b87e4eb13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 8de7850f52ace8caf4c1e4ca435f6afa
SHA1 a32e4a69ca8cfbdb75a6c4ee6f97d0cf6fc843bf
SHA256 e7d851768a7f089b4bd1573d060c1893c1ee08ec12c28cacb1387e7185bac456
SHA512 d608653c1953a322da6e2d2be3cfe1f810de7789be7c1ea509616acff4b67148ab8fd66daddfef6d1e619cd8ed9bcaf1a1eefc02ff9e9fcba9e7aa6358bb3ee7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 11f10b3773c10214bd63d5b96622a300
SHA1 04e5da37c67546a7f516bb054bcb61a3134cb2b6
SHA256 db592956a32ed1c0e2cfb8daecd4a92170c2f7f8d838b1aaa740d4eb6e894d3e
SHA512 a16d7b7959fe4b8c377deef3f4bab03953d776aee5c2d9754786ecadac92c50d41af005aacf5be061c7023e2ba37e1d49ba66548e886876ce7bb3855acc527a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e975.TMP

MD5 04f7a2898766f48b93a4d02fe63db592
SHA1 2e17b99bc5b782bf1788b7ac6e61c5c71102343c
SHA256 60f39955ba6ebc07d147cb2689cb36f6ddb71b7c695b1992ccbf6889620d3538
SHA512 349f21400b061aa061f988c3228322a321c54ea394232072b6feb934adc449dc2a11a7456b1b8e1da0daedcb9870a9e3a5503b523684f2324b7de6f0606299cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5f30c4e28fd491ea580450083acbaa9b
SHA1 d76856a0377a1cc7d1cce6518781726205656982
SHA256 69f339cdc055eddcd91db2b1f4e60918b891c6793be664a374e7c106ea8b208c
SHA512 4f30424ebcb411234551f79c7573ab78f919d3c8d9729aa3eefbe6decb921ba3ebd8605be41b20160dfb930be2307fb421c87d02ed7b03473b86097be2766b47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ef44dd71ffb6a136b028ca7162963e1e
SHA1 578e8989efa5f5ca50677b55549083296fab41c7
SHA256 e2e5e45f7078f3fc741c4ed85dd607a77ec3180cd94c9144fca515a63da63b40
SHA512 b1d731834d438ea90a9fd3dfe074dd2e8960ce09e2c385f6d8ae9fc76ae7f390a8eec26989d273e41190d8b95a5e3a7b6b04199d3f87dbc8584bf7f5500164f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f804055a553bfc4b1ab8c53425d5e87
SHA1 10d3bc3cf5553cca53a8b6e48b7d3184a7a13096
SHA256 9c45aeb09bb67b884373e4b15541d3ae1864eb9782e33e492fdea1263d723d02
SHA512 549b5cc2f111efbea87a93a4763985c4c470762b8d46f2e6fd2afd8d9cefc46447c3b1d6b2cf0c0cd79cdeae5a262d70f8b84ec002c0490cf7e5f885e17bf870

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc034f4f3013f93d0f10cb5589f495b2
SHA1 220bcf723eee92e29c12ca20f2ba3e356ff395d7
SHA256 3c201773aad60b6ad3e44288abe120daed92527e48c9a59d0e540bdc2d38a188
SHA512 17144c9de2c89a020887133fea3262434027706f42ad62a971ab62194a13e1f4dcff5576903d686f6603c7ab76e3fd73c8b7a7d544064974f6ba3d342ce73a37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5884cb.TMP

MD5 e20237ab1d85977d7950c3786e842dfe
SHA1 94f8f8ba80ddfcfd0b5120c52f3ba842dd45f690
SHA256 4f462cc5f1e53a141ddedbed714e16e3a49a2176e99d4353ca6c83a4a542b04a
SHA512 1df6dee63f28174fc38215f99847a2933d54c32bd460c7ae1adf06d60f17489b9eeca433fa6d8f889d4d9f03e7968ca0f16d684be3443c6dfcdb22e6b850874f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 fc0ff9400f75d2ae82f516037823eea9
SHA1 2338bb020819582e84394937c0fd4bd54922adb7
SHA256 0d08993d04708821ee11860f974e01d5e737e8ab35d9fdb05640ede88bc89f0d
SHA512 93f323d8af1c8c52101d4c948f4113237b71d0b5c116f16f37d8ffbb694fd6b611c1d1fe72b63974c436805a9ed50bb91b6a5f43faa43681b6a1f58b90644ba1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\120d2e89-7e5c-4646-9e73-299be6ad8e29.tmp

MD5 3bca8411b45106afaa963d562c371631
SHA1 78857d33a65e7061ca18a3540c304f01e7e85325
SHA256 4503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7
SHA512 a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 3a82d953960d8d6b56b86f1cb4f0dab9
SHA1 2a27840fae6a1f15d0522db77c991572fe06d89a
SHA256 c70dcd3fca860bc1206ae5f6ac2e19b3852592bd78816407d3353ae458987926
SHA512 890c0cc91e62bbf5a2238c0496b2f5b664819a29eb2f4bb80e924f4878ae8295ca808bac3b94383a03a23bf73d962b40028ec742fbd8025f2d3ded518b486dfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d803a24b2961aa143a0105fd9b7566ac
SHA1 4375a8ba6a2a37e34e7763217735d98aa452f1cf
SHA256 347d62347e774a1ea32f345c1b3283303d69579f7fb7b6ca9980a6d55617b474
SHA512 f227bc7824f9282e412c02f6747dd82381af24f104132b5c36f9e5463e9a8de152ff94d7e4770950c2e9801da017a4ff3b454a17555370f0b561ead4185926e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 564972261314f7628395a3a67b02d9e0
SHA1 f869b109198c468c9831b8a4d2040512f7411e08
SHA256 f00fcef617837bc50d2834b45a0a7f83018abac01c147369141df0bb55fb95f2
SHA512 81436fb4b417bb986cf8a781d86083b441567607604309eb1541a8367287c9fbf4348ce6aef33035b3253050ac46c52ebc2839a03df95e4281f7d325ed1f4653

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_512148278\manifest.json

MD5 af3a9104ca46f35bb5f6123d89c25966
SHA1 1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA256 81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA512 6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

C:\Users\Admin\Documents\platycranianjn.ps1

MD5 64b32e80849b3a853d27bf4a27b2ac43
SHA1 a4d23ef37b4641b47829fb4c118620becc82ebde
SHA256 be742d5f7e6723a99961f7e2443a09552f0a08525360f4f84751c0773c93eb4a
SHA512 dfec9fd6b6ee0356398d9203dfc69afd746e19858c88d1db75d6b2f2a7bee5ad2c6fd84cb92b13e7afddab88a7402dca031c32edba830e5345f41eecf8fa8f51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b877b64cbf0ce3ede6eda471cf959faf
SHA1 3fda5dd58e81c317baba2b7ba23be2de07998767
SHA256 b3fa36de9ad28920686662fa629525d6d5506e0cb626f30cb9b7ce234958ceba
SHA512 47601e39b7475daea6a0afd524de1ce7d7124e53e7e011feffce8dfe5c0bc9c1fb568a164f13cd55d1617a840423d5562f8672c1353d706b5e5d78c2eb85958d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59ce5cfb5050bca947031c4eece8b0bd
SHA1 46ae7e4293c3fffa77b0381569699aee1622ae10
SHA256 ff8b0e8b5f486382fc87dad7159986c22ea1378b51f3dec8c3a1c76cb1d6d080
SHA512 e1d3d46530edddbf6cb017f9d55c907ed4b33b00b127061e20e83200cc64ffd2618a5967b4d9d5a8d689858f275f082fef6c5d4169a124ae11fb86cc1991ad99

C:\Users\Admin\Documents\urobenzoicHQ7v.php

MD5 3407a07c85650e96c3e6ec56aa46ea1a
SHA1 cad92877b5a293aac54432bd9981d68d80aab31a
SHA256 d9719b4c842855ac5b7f8cbbe36b04aed226084e67d26d0c5f239d977f4a49a7
SHA512 76379e47eaa4f254b36595d43d79c0034b02b68015f958ef66fb6c04a83acd7ff3b039c16cdcd7de6c95350a382f18fc29723ea84b7e5151f09a4872f7946e79

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\manifest.json

MD5 c3911ceb35539db42e5654bdd60ac956
SHA1 71be0751e5fc583b119730dbceb2c723f2389f6c
SHA256 31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512 d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

MD5 499d9e568b96e759959dc69635470211
SHA1 2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA256 98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA512 3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dca04d0928e0b2efd3794c0778e091d0
SHA1 55fd34726c10d3fefd2c38493a06ccba710736da
SHA256 80f6228f4441e57d33ea0839ceffc412741772c66864df3c5c449dd46488b7e3
SHA512 9b7af0627edaa089cf07cc12cb733eb5c3742782f345450201af43a91cc704b1079fb9e4442279353818bb3674ffe40c0d2d878530b92584836847575d34fc09

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\manifest.json

MD5 a24a1941bbb8d90784f5ef76712002f5
SHA1 5c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA256 2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512 fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

MD5 94406cdd51b55c0f006cfea05745effb
SHA1 a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA256 8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512 d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 3f23d5364e2cb7bd3671030b0d74317a
SHA1 7f1d7e2dfb224a8678603931a1a6bdc5d7c56ca3
SHA256 1482e0c763a66cff8304fb59228e9c4ef878d8a8784bb3758855670021b1e198
SHA512 b182de903f8600dfcb7e2c09d8a3c056c13a8508d8ee24ba8496434d7390949c3a00dfa366899682772c9e795f337eb2d3114db065f9aab3cabf57b96564610a

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\manifest.json

MD5 c3419069a1c30140b77045aba38f12cf
SHA1 11920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256 db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512 c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\manifest.json

MD5 7f4b594a35d631af0e37fea02df71e72
SHA1 f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256 530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512 bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

MD5 bef4f9f856321c6dccb47a61f605e823
SHA1 8e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256 fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512 bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\manifest.json

MD5 4055ba4ebd5546fb6306d6a3151a236a
SHA1 609a989f14f8ee9ed9bffbd6ddba3214fd0d0109
SHA256 cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5
SHA512 58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a