Malware Analysis Report

2025-06-16 06:31

Sample ID 250515-pg217swxfs
Target https://github.com/Da2dalus/The-MALWARE-Repo
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Executes dropped EXE

Drops startup file

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-15 12:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-15 12:18

Reported

2025-05-15 12:20

Platform

win10v2004-20250502-en

Max time kernel

103s

Max time network

105s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

Signatures

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGON.exe C:\Users\Admin\Downloads\DeriaLock.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGON.exe C:\Users\Admin\Downloads\DeriaLock.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DeriaLock.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DeriaLock.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133917851439544739" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1153236273-2212388449-1493869963-1000\{F45840EE-503D-468F-B214-0715B2AAE496} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1153236273-2212388449-1493869963-1000\{D459C29C-B141-484E-A988-41FEC1BDAE62} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A
N/A N/A C:\Users\Admin\Downloads\DeriaLock.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 400 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 6008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffbb851f208,0x7ffbb851f214,0x7ffbb851f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=2912 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2408,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4264,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6068,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:8

C:\Users\Admin\Downloads\DeriaLock.exe

"C:\Users\Admin\Downloads\DeriaLock.exe"

C:\Users\Admin\Downloads\DeriaLock.exe

"C:\Users\Admin\Downloads\DeriaLock.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4000,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6676,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffbb851f208,0x7ffbb851f214,0x7ffbb851f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1744,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2712,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4212,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4212,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4780,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
GB 20.26.156.215:443 github.com tcp
US 13.107.253.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 13.107.253.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.215:443 github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 150.171.27.10:443 g.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
FR 216.58.205.195:443 update.googleapis.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com udp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 arizonacode.bplaced.net udp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.253.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.251.37.35:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93bf575d21d43a5c32d754cc8cc07295
SHA1 ee741bb4677ad2fe372fea54055eb7b4f8d097b3
SHA256 6754584d74404a28764d0118fbfa28b5cf080b8e7b73d928bda192a8dd14e91e
SHA512 d823a90a2341d6c8f2ecd99bc70728050673948a1f7cbc39708c21875e6d468c4f8316f99318a92f4286b838eb93a72d63c653bf248aa88b76a094236fd4cb98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36326fcbb6119326e7c8aa24c4156548
SHA1 ed128a9727e1d58b970e732b8c66fc827b18372b
SHA256 ac41191dcaf36d91f7bd9a077bc59b1bd7218daa27b263d1da6a548f58264987
SHA512 ed5c79f1edc0c65a1cf0ace91ea5538245c1569c3b25ae3cdf033ffcb55d37e7b09baec36570e82fc1525c24224cea08a53abab7e52db6376f48f099ffefd1fe

\??\pipe\crashpad_400_PUEROPZTXBJFFGIT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 cb9ce93a39854087b15dd96da7ec88da
SHA1 e98b462a7e2db1a3f43729f147f5071ac0382e7b
SHA256 6b5e06c1bf235fe4f93ea03949874f02fbbef7dc4d7b839bde8f31185959f16d
SHA512 3de3ec1c3947254834966a87b17b700ab79d256a914cf9d74605aab0cfa1651f8a62b41dd7fbcf1abea4849b4cdf41ba2f352d3a32d6bde9ff5bd418a0695b70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 b54ed3062e77da540c89e02ad2b48a0c
SHA1 00578ef2296e5e2a8872b46c5e7bb93153cec1a8
SHA256 027bed01170fb6bf9eae37948a9366eea9ebf9906562a7ccf4fd752aeebe92b3
SHA512 052413c1da1f5cf39329be5df53d36abfacf9c93d2bc9d2c5d20aa77275e30a971410ea5edb34715eb0fed8d12c690b0c4ae488c6dcd930ebff3a4f62a14a677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4ba7b9cb923cec2cc0439735f6b8cc71
SHA1 06a22d2237887a8e3506acfb46519e686e63a8d4
SHA256 39484f72dff2f06331793863b53153333ce6ce28ba5126208daf1851be37ca55
SHA512 5b77c98221dcecff1b9a13655daf588b9ade8277c8b53e97438a87725877e59f43e2488fb96a32bbd75b82b7bacb62fb92d778f170e6ca9a051b603045a575a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1211a1b328db2e84e2f536e0e9978f8
SHA1 afe5a2efd1de75d4be0fe15c5195d6d020390c12
SHA256 96e3d745b955ef63c84e6442ce97a468c93c6f490da5ef7a57d3836fbcac73e3
SHA512 ccfb6e79006d055185374e989fc151379e9fea16a985f08f0f5c4bbff3f0f8419bdc9b7004f22ee611b8040601ed53e6e913e74166551e4bbbde5cb1328c6d00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c85771d81440d198a423f1225589e0e0
SHA1 00480d552c2ed41ccdf4faee3090259bae2ad45f
SHA256 7db83841766157dd49ce66f194d5a74151926b4fc6d7c4b6a8fc217e869982b2
SHA512 66b66da1b9b98ff7f6326f4dfe958e8086709e678174fdd3e6ebaafb0e7ad854cb6158a8848f5c5fe969b45d321f09af7e6ac7a4aa14c6354f96bd068e970496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\Downloads\DeriaLock.exe

MD5 0a7b70efba0aa93d4bc0857b87ac2fcb
SHA1 01a6c963b2f5f36ff21a1043587dcf921ae5f5cd
SHA256 4f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309
SHA512 2033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14

memory/2660-421-0x0000000000F40000-0x0000000000FC2000-memory.dmp

memory/5940-422-0x0000000005110000-0x00000000051AC000-memory.dmp

memory/5940-423-0x0000000005760000-0x0000000005D04000-memory.dmp

memory/2660-424-0x0000000005910000-0x00000000059A2000-memory.dmp

memory/2660-425-0x0000000005AA0000-0x0000000005AAA000-memory.dmp

memory/2660-426-0x0000000005B40000-0x0000000005B96000-memory.dmp

C:\Users\Admin\Music\desktop.ini.deria

MD5 e1bc4f7581f17635f7728f1bb161f215
SHA1 0d8adb6920fcfd34bb7c72cacc96129b31d540a3
SHA256 0fb8c2320e0c8302910e3125cfa7a78e4da73c7a085f04408d2ecf433a283fc7
SHA512 0e4cf50ea39beca432d189b23a7ad63929cfbd371eeb8309680930b3194763f73fc1c662ada1df1f5cc6afd6efcede610035178ff2acdb986024f0a4f8a74e3a

C:\Users\Admin\Downloads\DeriaLock.exe.deria

MD5 79ae7f747206567fef8e19ba1eb0217e
SHA1 d2cfecd6690b291379f019cfe335b7d12a0e8445
SHA256 e16ab8de7b7a53c1a51d3acd0f9b137a6f36da7935a951017816e9363420111c
SHA512 7ea13e0c3ce6997b18584e4911a0c55417616f34fac78f25118db7a2fa32b2f604cfbcccf2656fa0734f4bf20663299c28e52939b730b35afae1c9414e03a64b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 07dd98194d704fc007d4fcb25b6c8e08
SHA1 1e830959b0d544298a626e547a633585c38b2f1d
SHA256 f8514eed6e1ca1a593227cf9b028d8d0c35432021a44cf9ff60558401365c7df
SHA512 c9ba35541dd17ddeb8570d99124cb3b7b089208866804bbc035d39908b13e93a829de14f8014cb77d792b685896f787463ff91311af9667970b54e923395c3d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57eeb5.TMP

MD5 0a14165ba488c1740b2f9ef7580d44ba
SHA1 6bc101bb59049e75d5f364885e59ec2f58c29b68
SHA256 cb1ade0ccb2106a198077f1edee519ae8f3230a34c843be163d9c7a5a11c7b48
SHA512 9ca39d780b1cb853eade3e40bfacf81e0d4d392f3736a3d9ea23db5e69fbb52e13fbe0061cf7aa6d3c9e69428140c1c6c4f082426af22fe5fc0b09103df3e422

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b87c04be8348a57c07c8245d2787df83
SHA1 06deadd0fb58d25b5ab16ef372d724ecbccb64d1
SHA256 8f0731ea81a44400c101b8790fae87740b7b2ad3fb75e1fdcd76bf514de373ac
SHA512 00cdfb85cc84007e8f367e5fb19e525732949057bf0d8374574dbc50a31e2c3ef52c32fac093984eea6123b6545a504704a8a9e8e44d38f18075609e7f615721

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 96ff0a7fa01fc7a55913b4beb9b070e5
SHA1 18f8133e7893b66eb7e3b90564361a582c0b4769
SHA256 8f7daac3839ab1809e153de8814eee620b457472c149bb944ae38925660c815b
SHA512 e0260e44e53ffe39c0989db033631910ca4833d841deb90bdc6aa053c78ed953c006c3dcc772919574a5355dceeeabce668fd4e86326ef976be6f531e0897c2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

MD5 6c05a1c4dec1181224b7f9b18e62a827
SHA1 146f73405a235a2575c84ddb51bfc59f4170cd5c
SHA256 25e068178d9551299dbfa9f1ab90b992e65b8badfaaff251916d306efea3d7c6
SHA512 6edf87e81fc18fdc58dbba2b1dd74acf47bd6848d40e5eefa11d8d4bc97ee10a94e4d75af3562acfdfcce9e7e2ae19edb7114774d5ad500b1bda8f4decea5164

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d168a4f29069484d0360695c912f51b
SHA1 86e9f83842e8add96b3392d37f4950537639f2d8
SHA256 0bba8082b8eda86a665da4f4cf51b840ea8154a73c13cbe9010b604c79a4b7c8
SHA512 f7ca14ec6d64d09392a958d9d23842b1147549857c77c3044ae4840ae5eb9f5bf53ed808f2f5e49fa9e7d35c55720e0034ce5f7c72d061e6582160aab4514aae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2fd546b249982789932e99200fbf6128
SHA1 be4d06bef249cb946b2047fc45ed32fe506c5a1e
SHA256 87a8d11218b803e01c06a5f036524ef92b40ecf57517b420b843b5e6d4d89986
SHA512 7b49f0e99cbd26c18b11eaca18c5cbc1a927cdcb03278eb38da7dd2fc767cee287c6688facf244e64d09feea3c270f82f75a9483981189de75a321aeb2d09156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 c66d4f09639bc36461280ac425191d80
SHA1 909c4cbfddb5d0fa5a50e86cec0e47bb785572f9
SHA256 419dd5d19d8d3b348358eca1655e33f18c1a1a186ed761b9db73a53a0048a211
SHA512 e0e8438c527ed1c5b90fac45410735c98d12149ec2781db67b4017eee973e9de45b06187500ada925098ffb610d439fbb7fb392bd8a02d6d9a64c5b6196fbcc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ea5677d400486c6e6b02ed6244b61c3
SHA1 fb8e4a03e69b46397988b20093b63e84690dc43c
SHA256 88e002046187fc646854f08625a1ffbd8e538ccbe0690be9ef8e3cda8ed26f48
SHA512 dcb3be1077fe064df72e75d6b1df9c976c25b9d4b0b8ffdffd85b4a8b8eb8cab2ff8e841a7b0f3cca7864e0fca24f3ba7049cdd33ccb301d97e2837ed17bc2d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 3e45022839c8def44fd96e24f29a9f4b
SHA1 c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA256 01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA512 2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

MD5 1ae6f0a3d99922ff34ab5c3631e396c5
SHA1 48fd16ac071d5f84bf1bae0aa65ce9f307230c30
SHA256 1c5784f93d7cd67e1fb37395ab8f9111f766adea796276095b423fa311c6f581
SHA512 a5fd306b8b49d0df5fc59c2076af67a5825ae76e80914ec35b827c2ce46e9df59e17c6ef58a8d7fdbdbf13af395e22b49c68b7630531137dfce628b2115e4efe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 682d548226f7de04be485f9303671213
SHA1 20302b523987f498b6d24c67ad67128e8df9120f
SHA256 b47b5ccf30d4e2758b225fa040bb1cb10fd23218229270a35391d037615a4506
SHA512 c88604c23ac95cf541509ea0c5195a4e991a663dc86b02ec52fd681d50f04c65c61ec4e16c0158a96b87e2acd8793ac2f2588cbaece79de7e37bb8dfe1320d93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

MD5 8556221d05939d119098f047a3f74383
SHA1 84e41c8d82a4b16f1e5c73dca26c0df3814b6a88
SHA256 41cb95e67b2bbe701d068de24a90cc8aabc3459ecfec3ec6eddf36bd37d8838f
SHA512 89e42fd8f584ee8246434bdce7ef82c4b4519cdde45f95ff11675c09b06c21a5719a095c52b65d03f1a9506de258b78c3f757362d21bf4a71e17469ad68f4996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

MD5 a4bdb2f218e0bde8351b20121bd3b3af
SHA1 6baa51f73148657a09afc2d6fe8418aeb51d8a7a
SHA256 9dff37fe970c48070658f5ef2faf40102824f0080afeb0e7903be054c1e3c726
SHA512 4aa99749d939740bd9369e40b9c1b0b88eff25bc0a0a35383654c0983a704edecd1f3de24b7ce1f875d4856a623278f2cd0eb7ed385a15db986f7f514a0c207d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

MD5 c9789bf27bdb48a63bc96d8945d2a941
SHA1 50df256f4e5dc9e9dc4f69897dc41206a8f2c807
SHA256 f0cfc25adfda0c1d4c942156dcf67b1e4d6ac41da107323ce1cea84a425d1f8b
SHA512 e4e8a1569ad4dbf9eceb02619eec4c00172f5e32ceb3c9f8ab9f528af2118e67d71f55cd432fa51a14edc08c5bdc596f994ed1d2c5453aae0457f7a499f5a2e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

MD5 e1a8c20930736d2b93a50694cde8be62
SHA1 89f919d542549d634d75584572f353bbbf4dac27
SHA256 07c5267470e727178ee7d1864eecd9e66186e4e2b560c02d198bc63b2c699be1
SHA512 95e1f4fae8bd416266c1d63f335f0226d81bce97d9a226afae503e9f08837f445930e4356ae7835d30c44e40fddaf1ef4940ae34d5c229e1e675842eeeff62a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

MD5 0327116a94be68d508a8448c6cb18b93
SHA1 ce0682ca6ce1533114f8d71c8fcfb0f2ce5ab012
SHA256 3df6bb07a6f5af60c8c7e71039bef70a4d811e0a11de0c5eb91705f0872740bb
SHA512 68417905044c6e9f5b664bbef69502feb198d355cda42b16e5e40e06a5803b6fca84c2e655f2a658321be2fb13bb9c2a0a6c7be38b48b736d61bfdde16ca6bdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

MD5 2c5d93f83e9c4810d3fd8257c06f3b56
SHA1 a33a8a4c75381a0e83e31ff46a2e57dccef1db3e
SHA256 82eebff2d35e1abd48d48b7ff1908e33059281734c7827b006093fed49e5fee9
SHA512 0a03771731876243893af94c7cdb64517647a72830a08ef79055005be8b652b47e0ca1066e3898cdab310f6be18e51901da1c5ec822440f6e69d6b2f5a2aefa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

MD5 a2e53ee908dc616b23256e82e73343f2
SHA1 c40b4ad46f6433a900536b7abe1d6544d4ee8ec9
SHA256 dd1a1e2058a992fda5828a86ac635b5efdb488e2aa45daf66f180ed95ef0a857
SHA512 3ef3cb8b808e747928df27d5d931ae7a68ec09c05106880680089d4e356bb06acdf6d87cc1a3529c9a6d19e1eb991e563bd6392e8197f6716c1c44dc5b444d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

MD5 60c6efabb021c8eec4ba448974887f11
SHA1 1df8405943257b9356bae8467615d45151931aa2
SHA256 709d97f82663324b2c441d42258d4aa6d8a0334f03c1935b0b43c9cad3ae4305
SHA512 714c8fcc3343ad259b3b9681c53063dbd99c0023bcbae51f0f607dcff8cde51cc926d6cfe93be8eb6e2e159ae0405bfc9236df984b47083449130a4c0d7f44de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

MD5 3790b068a1c536940b9640a7e3e04b9a
SHA1 e400bd69288b03dfc60d6a1aa6116bd7c33ad664
SHA256 e6dc0ef47922b83aff1287cec50e76c3ab5c8d5a9c662f46230312ff2c0d69bb
SHA512 9b5b60a42b266dfa457ceb9af65675ec86ef0388841356e4ab481cb6f69ab3853c92f9d2e9c63ae9ecc6b9f2544ffe619972a2d9e034a95f2649211fb715a31b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

MD5 c8efc94f0b1d5d2fcd022f0ddeede705
SHA1 6b834927dc08786d9d000e9f4ab0ff1eeac4b7bd
SHA256 4bccb0cbcc1711921c11e91b01a6e6291cdcbe7e5a56745ce29f0b08bca88d73
SHA512 592c59ad5854fa25deefa5cedd7bffbe1de6390d0c28e710cefd67a61c5f78ce4864c087f5640e1c14fb8bed8190515a4de4806d893693407ead261a83afa251

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

MD5 a1dcd778b8c06c4299a307532ecd6a40
SHA1 722771bfa67e4bb8d614a33bdd1e49b55f79c47f
SHA256 a5f807ccdc864cbed778010004bcf2b3510776ff7963c91fb94daa85aceb8986
SHA512 7849c1641343912c3cd4f1f312fc9eeccd4a0030735973cb56b308b204250ee5209c726628ce17926bd84748f26df200993355440b90455c3cca7b71a3fcf740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

MD5 dd9f92d1a1ee662c1472c992ebbe36fd
SHA1 8b21e6a4915b02bbd247d8846c6a742c120ed880
SHA256 fb67845b981f637821eb9e809b9fa1c62d41b1bdb0f84247a5a1297dd6b4e154
SHA512 e5ea698d8345800a7edfbbf0ac800a6368dedfff9df79d4cf13f507f561312ed6ff68268038be7e7e2ed6d0009ce20ed7d7662eb304e49fe7b6cd741ec9091d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

MD5 f813ad92abc739744e185e3990efc308
SHA1 6391306a6bfe3f30fae3611151c848277c33c31b
SHA256 28aea16c149f5ee078b34c03cbb8c0eee86663923fc384324cef00f451af764a
SHA512 3ac8cbb479063ce2ceb339684f86dc87d0a444face209e55de9c68c17c81642fbeec4b64ccea7f424e18b77add3c0caa4bf5d00e5d6f39728d4d61c74120244a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

MD5 6a726a217a318999ac0aca3d010bf812
SHA1 2a75cfcecd66d8a78a763a2178a8566b61c49c9e
SHA256 2ab8d1161abd32099dcbb3967f8e31962e08f7c665ba6613372fb07715b74338
SHA512 30cd88837085b0b244469a891c86ef30a3cd5a8f5c35fbebfcad6fded35ee9e49677c5325c55af26f21eb5cea6390549fc9e1b402e9b8bcee6a2b950ee8161b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

MD5 0ec7d765a850c648ac69e82df120c240
SHA1 a8b67bbfddb5ea5b1e7b125c4ac68961bc4cb4ec
SHA256 ebefb4f1a94dc2bca30408097e87440dc87406e56c6af82c86fd8902d6f3c592
SHA512 dccf222a5ebfe85213cac5be0ac3295d1c63313a1d65a8b1056bf6354fd4e8d59d09d28b24220e1b861087b34c197cbbdad3e3aa476d31256191a031f92d8710

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

MD5 06683093428834519c100588d3bbbcef
SHA1 d36355db08f9186fc9f502735a5dbb966d139e92
SHA256 a976b59f11b8e9bfa80d88e3b53e8d2073c3f039a0544066e73f4b58f4ba38a9
SHA512 06cca8f8cd9bcf4ed5c972358aa9bd683213f1d58f6a76a5bd3201592ea30803fe56b5fbc7047607111301a67ed1a332be9549578cf73dc04a7f7698c40e4181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

MD5 7defd708966faefe5c610f256994fb99
SHA1 12cbe5e32a480c679457f2738e75aee2618a946b
SHA256 f7a1e98ef42e92cadc8f6232f107ecc0c1507ad11b4e242c05db82ff0ff4c3f6
SHA512 25e62926be17e22d979cda3f5214bc4911bbf190bcc7e73f264cb9f97707139fc4779359c1712abddaf3c9adb30f21c006473eec2dd4f9f387281826e247ce40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

MD5 bb8ffd17bc2c03b89d9b76025acd8a80
SHA1 526f36106bd0843753bb63269445d73ada4cac7e
SHA256 7720db5312bc3c9f0d8489abc4a259cf57ef84ee4d29678a1f24808441d3f32e
SHA512 931db226940fcbffffcf55d1192e5cbffd317571a8b6a30b61560b83e879e1964517a78b8532ffe4abb9c039fb7d0d646c3c3f206accf0b9f4ee44b2ebf1a31f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 7f6192fe0ef27db342251d2a01c961ad
SHA1 fc93f08f701490aa2ce487ed35662e27db94e200
SHA256 97bdf9396956c4b41b443a4aee51e263eeb4fea669d2138681073c55c251b238
SHA512 cc60ad5b47d479510d1eddbe4aa939ac749572a35d36dd9545de9fdc89b6bfa1c06813e55f5851c53c611107c0581d9e8198059168957d67f53e59889a77cb5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 0790c2aa11f8d0aa3a44fc4782cecc5c
SHA1 f6f51906d6e62ca7443ee24657f3845e745b7f9c
SHA256 5bd755ef7da449f50fa8f3893ffd2a0429c5b9d3cf912219a250a926aa415b69
SHA512 1467f0d83d3973ffe5c2044341996856c7c1472f51e96d6c45f967306ee0175dbabdedd7a4194c8561a379af6d26016daab4c0d2523323d96abbb8654c4deadb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

MD5 4945466bdb08badb2d7f523afede3e75
SHA1 f39875992f97ab89fdea7dbfcf61640ac9a863b5
SHA256 a7a8dd30e09d840a201e68d731e0812e9f57833db4d6c14791178dfbc0b6607e
SHA512 9f3c4df12b08c4d94914c1a50ca1e19ab7a81b0366eeadec36f3db56fbd777660189fc79c9fceac4268acc38fa571d58acb7d134f384e40b35ad0994beb6aa58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

MD5 0d881399760fed248d5c33f837fb9042
SHA1 074c4a7cca02d1d80db7cc14fd9f95a1cd46baa4
SHA256 6c32db7d2144ad321edbac8da50bdc3602395589f5fac3886cba592b986c54ad
SHA512 9c6c72984538712694340f0f2dd79701e48e72b019dce20b863fd02372499fc031e0b35db77431183d8d6c55888bb8e54b954dfea778e755f9ac925e59226d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

MD5 33473b8ec1407a3ea695f5e0c22fc2cf
SHA1 4acebf301f24731478381f3bfa731b079b3f1896
SHA256 d13f36770622abc4d2b3eb0d4acd0529d876135cccf88f52cf9bf20b80dcff59
SHA512 9b07109aab02ac096a22489a984436f2a4c33d9b8ff347aebce056376b43df25155b61f950e0521a0157c8dd5a24d137de32ec634a77c41a7dcbf70ad3245811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 3390e68f542221fdafeabfbbdf46c9b6
SHA1 86a181330b82567b70914717dd29867a8fa81ec0
SHA256 349c26e3f15d1535f6b3b38223de6023f5a8d62a267bae5051e7b9def2b4705e
SHA512 1473e8c40c30729c340b068a79a6ffb207691503dab3b40c46dff3c22899ed5446f97009cbcdc414b4b8a0d0b89719ca57898578a72ceb884769ebdb615bf786

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

MD5 bce06a8a02c5085421ff2032094f699c
SHA1 60d4760f122223a0d258c6fa14bb32fbd4eeb6c1
SHA256 7edc9f42e9255938a06d7145e23167afd6bafca27ad3ce4fa8019a3ad16e0760
SHA512 7603a36da0e53062473c7559520620246e57d71f4d04609907432db4f25b203c788954fece8fdc4d2fdec0666048fd501f8b7ac849b2eecbfe4cec381081e48b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

MD5 0dc7deb9d429199eb077403c9b66ef48
SHA1 84fdbd8a2e3b032086c7bde795efdce9d576d764
SHA256 5ba6ca9cc760eac6bdc0a67b783091a22b792026732a13dd71eb5616011b47f6
SHA512 f8d3016aef35658980cc53020dfeb025e5529f0ed5ab5a2dfb7e73056e0a5b378e8cc100ba76b5d64b6db9fd1c87d91313cf5944f4e3788eb4be8bacd0afb574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 95c73c6f6c862962ae412ef9c545878b
SHA1 fa27ad25fc35841467ee1cedbe7b159f6ec23517
SHA256 1b03bded58af578b39bd33add18d1d7aa709e5a2d237f3d43db433d522922728
SHA512 5f0120a1aefd91b4c54b749c8426243ddbfb2744e8db01be0168f22055290656e4ca72604f340cd812cbfdcb22600296177fb2a44fa05bfa2ceab790bf9144e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 7a28accc2d44724127d4966cdcc4f19f
SHA1 294ffe7679aa9b8c5f3876451fbb8a21d3a487ee
SHA256 319dfb8364aa15082781469c7db923d8a850be778977f2166e2a9758bd8267a3
SHA512 5d5d68a1ca27ba1c64e1afae37ab511e9787e94eeb8f8ac887ae8570d461943553deb54da3ba03e7e2f3536238d2c6787c3d5bdf52ec167ac9e7cdc51ffa2a1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 0a71e8e0e9c8d4bbadcabcfc018466ae
SHA1 37d202ddd94d982e7e0d44b4257e63c7cca8a3f7
SHA256 c1c10065190b6e7c21874c0351a8924d1770c134522eb67ae62a81ea04b86205
SHA512 897441af0bb79133c351c363cd9ca129839d82bca317f39ff361ff2479cfe48a2a622dd6683d93dd28867cd247cf6c2140e34497aa1d8ebe481688eff5879467

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d36c9029c3ad3b7d38cdf01f2b93110
SHA1 7681e2416c97eb9081bd2570a1c731b66093c5d1
SHA256 5dc8cf6c72f742baf633b849e6fd9dd617f16e20559735d6af5d44e24ea9938b
SHA512 22db37f8fc178cabe6b92c8f9a61d496d68f8ee3a62822edabfbd13fd3f9b4c97d72191d05cbe473f108c9cc5d381bdee4a030d68928c065ee0d086af696878f