Analysis Overview
SHA256
9b71311ab909174fea4634b9df30c36c2c79f361e21fd5e6f4de0b07bcd010c6
Threat Level: Known bad
The file hybri.exe was found to be: Known bad.
Malicious Activity Summary
StormKitty
StormKitty payload
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
Looks up external IP address via web service
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: LoadsDriver
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-04 09:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-04 09:09
Reported
2023-09-04 09:40
Platform
win7-20230831-en
Max time kernel
1559s
Max time network
1562s
Command Line
Signatures
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Windows Services = "C:\\Users\\Admin\\AppData\\Roaming\\Windows Update Folder\\Windows Update.exe" | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | checkip.dyndns.org | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2520 set thread context of 2652 | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | C:\Users\Admin\AppData\Local\Temp\hybri.exe |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\hybri.exe
"C:\Users\Admin\AppData\Local\Temp\hybri.exe"
C:\Users\Admin\AppData\Local\Temp\hybri.exe
"C:\Users\Admin\AppData\Local\Temp\hybri.exe"
C:\Users\Admin\AppData\Local\Temp\hybri.exe
"C:\Users\Admin\AppData\Local\Temp\hybri.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name=65001 key=clear | findstr Key
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile name=65001 key=clear
C:\Windows\SysWOW64\findstr.exe
findstr Key
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | checkip.dyndns.org | udp |
| BR | 132.226.247.73:80 | checkip.dyndns.org | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
Files
memory/2520-0-0x0000000074CE0000-0x00000000753CE000-memory.dmp
memory/2520-1-0x00000000001E0000-0x0000000000316000-memory.dmp
memory/2520-2-0x0000000000440000-0x0000000000446000-memory.dmp
memory/2520-3-0x0000000005EB0000-0x0000000005EF0000-memory.dmp
memory/2520-5-0x00000000004B0000-0x00000000004BA000-memory.dmp
memory/2652-6-0x0000000000400000-0x000000000051C000-memory.dmp
memory/2652-7-0x0000000000400000-0x000000000051C000-memory.dmp
memory/2652-8-0x0000000000400000-0x000000000051C000-memory.dmp
memory/2652-10-0x0000000000400000-0x000000000051C000-memory.dmp
memory/2652-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2652-14-0x0000000000400000-0x000000000051C000-memory.dmp
memory/2520-17-0x0000000074CE0000-0x00000000753CE000-memory.dmp
memory/2652-16-0x0000000000400000-0x000000000051C000-memory.dmp
memory/2652-19-0x0000000000400000-0x000000000051C000-memory.dmp
memory/2652-20-0x0000000074CE0000-0x00000000753CE000-memory.dmp
memory/2652-21-0x0000000000740000-0x000000000074A000-memory.dmp
memory/2652-22-0x0000000000840000-0x000000000085A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabB6B4.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarB714.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\Local\Temp\passwords.txt
| MD5 | 68b329da9893e34099c7d8ad5cb9c940 |
| SHA1 | adc83b19e793491b1c6ea0fd8b46cd9f32e592fc |
| SHA256 | 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b |
| SHA512 | be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09 |
memory/2652-73-0x0000000074CE0000-0x00000000753CE000-memory.dmp
memory/2652-74-0x00000000008C0000-0x0000000000900000-memory.dmp
memory/2652-75-0x0000000074CE0000-0x00000000753CE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-04 09:09
Reported
2023-09-04 09:47
Platform
win10v2004-20230831-en
Max time kernel
2221s
Max time network
2146s
Command Line
Signatures
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Services = "C:\\Users\\Admin\\AppData\\Roaming\\Windows Update Folder\\Windows Update.exe" | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | checkip.dyndns.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{09F3CF3C-389C-4FDA-823F-6A1FDCD9AB9F}.catalogItem | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 400 set thread context of 2220 | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | C:\Users\Admin\AppData\Local\Temp\hybri.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Process Hacker 2\is-CJMO7.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-NNG0F.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-Q24RG.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-38IMK.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\Updater.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-C2G3V.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-DT7M3.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-QEH6V.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-060QS.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-A7DP0.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-98361.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-BIS4E.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\UserNotes.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\x86\ProcessHacker.exe | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\x86\is-P1PQV.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\x86\plugins\DotNetTools.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-QD63R.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-1PBOA.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-L4RRV.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\ProcessHacker.exe | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-8T792.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-JI752.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-EEFRQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-STJK0.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-NN13S.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\x86\plugins\is-4N2KO.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-NJFDO.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-FM5SU.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-9Q532.tmp | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\peview.exe | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll | C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\System32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1980726966-773384374-2129981223-1000\{1A667D45-1717-4CD9-9F34-205176883520} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\hybri.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Token: 33 | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Users\Admin\AppData\Local\Temp\hybri.exe
"C:\Users\Admin\AppData\Local\Temp\hybri.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8611746f8,0x7ff861174708,0x7ff861174718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\hybri.exe
"C:\Users\Admin\AppData\Local\Temp\hybri.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name=65001 key=clear | findstr Key
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\findstr.exe
findstr Key
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile name=65001 key=clear
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7832 /prefetch:8
C:\Users\Admin\Downloads\processhacker-2.39-setup.exe
"C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp" /SL5="$1500E4,1874675,150016,C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9301072860852725909,11371460634897694351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files\Process Hacker 2\ProcessHacker.exe
"C:\Program Files\Process Hacker 2\ProcessHacker.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8611746f8,0x7ff861174708,0x7ff861174718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8132234247784512934,3728707166728155935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.233.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 88.221.24.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.24.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.120:443 | th.bing.com | tcp |
| NL | 88.221.24.120:443 | th.bing.com | tcp |
| NL | 88.221.24.74:443 | r.bing.com | tcp |
| NL | 88.221.24.74:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 120.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkip.dyndns.org | udp |
| US | 158.101.44.242:80 | checkip.dyndns.org | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.44.101.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | processhacker.sourceforge.io | udp |
| US | 172.64.148.49:443 | processhacker.sourceforge.io | tcp |
| US | 172.64.148.49:443 | processhacker.sourceforge.io | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | 49.148.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| DE | 35.156.181.219:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.181.219:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.181.219:443 | btlr.sharethrough.com | tcp |
| DE | 35.156.181.219:443 | btlr.sharethrough.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| NL | 216.52.2.91:443 | ap.lijit.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 104.26.6.139:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 172.64.154.159:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 209.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.181.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.139.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.2.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.38.105.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 2.18.121.75:443 | snap.licdn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 34.111.234.236:443 | ml314.com | tcp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads.pro-market.net | udp |
| US | 8.8.8.8:53 | tag.crsspxl.com | udp |
| US | 2.18.121.72:443 | ads.pro-market.net | tcp |
| US | 34.111.234.236:443 | ml314.com | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 34.232.140.51:443 | tag.crsspxl.com | tcp |
| US | 8.8.8.8:53 | 198.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.234.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 512fbd6a34e97e81edb14d15b460ac52.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | 512fbd6a34e97e81edb14d15b460ac52.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 72.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.140.232.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pbid.pro-market.net | udp |
| US | 107.178.240.89:443 | pbid.pro-market.net | tcp |
| US | 8.8.8.8:53 | cdn.linkedin.oribi.io | udp |
| US | 18.239.69.58:443 | cdn.linkedin.oribi.io | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 23.44.232.202:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.240.178.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 104.36.113.111:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 202.232.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gigenet.dl.sourceforge.net | udp |
| US | 69.65.16.142:443 | gigenet.dl.sourceforge.net | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.16.65.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 126.22.238.8.in-addr.arpa | udp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| NL | 216.52.2.91:443 | ap.lijit.com | tcp |
| DE | 35.156.181.219:443 | btlr.sharethrough.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | wj32.org | udp |
| US | 162.243.25.33:443 | wj32.org | tcp |
| US | 8.8.8.8:53 | 254.210.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | processhacker.sourceforge.net | udp |
| US | 104.18.37.111:80 | processhacker.sourceforge.net | tcp |
| US | 104.18.37.111:443 | processhacker.sourceforge.net | tcp |
| US | 8.8.8.8:53 | processhacker.sourceforge.io | udp |
| US | 104.18.39.207:443 | processhacker.sourceforge.io | tcp |
| US | 8.8.8.8:53 | 207.39.18.104.in-addr.arpa | udp |
| NL | 88.221.24.49:443 | www.bing.com | tcp |
| NL | 88.221.24.49:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 49.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 4.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| GB | 2.22.249.212:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 212.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imgur.com | udp |
| US | 199.232.196.193:443 | imgur.com | tcp |
| US | 199.232.196.193:443 | imgur.com | tcp |
| US | 8.8.8.8:53 | s.imgur.com | udp |
| NL | 199.232.148.193:443 | s.imgur.com | tcp |
| NL | 199.232.148.193:443 | s.imgur.com | tcp |
| NL | 199.232.148.193:443 | s.imgur.com | tcp |
| US | 8.8.8.8:53 | js.media-lab.ai | udp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| US | 2.18.121.77:443 | ced.sascdn.com | tcp |
| NL | 13.227.219.98:443 | js.media-lab.ai | tcp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| US | 8.8.8.8:53 | d3c8j8snkzfr1n.cloudfront.net | udp |
| US | 93.184.216.16:443 | ced-ns.sascdn.com | tcp |
| US | 104.26.6.139:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | browser.sentry-cdn.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 151.101.194.217:443 | browser.sentry-cdn.com | tcp |
| US | 8.8.8.8:53 | stretchsquirrel.com | udp |
| US | 8.8.8.8:53 | 193.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.148.232.199.in-addr.arpa | udp |
| GB | 157.240.240.1:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 77.121.18.2.in-addr.arpa | udp |
| US | 18.239.63.144:443 | d3c8j8snkzfr1n.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 98.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | ads.assemblyexchange.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 18.65.39.56:443 | sb.scorecardresearch.com | tcp |
| US | 34.160.128.137:443 | ads.assemblyexchange.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 34.110.240.68:443 | stretchsquirrel.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 34.160.128.137:443 | ads.assemblyexchange.com | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| GB | 157.240.240.1:443 | connect.facebook.net | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | 217.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.240.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.128.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.240.110.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.imgur.com | udp |
| NL | 199.232.148.193:443 | t.imgur.com | tcp |
| US | 8.8.8.8:53 | api.imgur.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | xeno-soswcrde4a-uc.a.run.app | udp |
| US | 199.127.204.171:443 | sync.1rx.io | tcp |
| US | 216.239.34.53:443 | xeno-soswcrde4a-uc.a.run.app | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 18.239.50.77:443 | static.adsafeprotected.com | tcp |
| US | 216.239.34.53:443 | xeno-soswcrde4a-uc.a.run.app | udp |
| US | 18.239.50.77:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | o435357.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 34.120.195.249:443 | o435357.ingest.sentry.io | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 53.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.204.127.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| NL | 157.240.247.35:443 | www.facebook.com | udp |
| US | 34.160.128.137:443 | ads.assemblyexchange.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 34.120.155.137:443 | api.rlcdn.com | tcp |
| US | 34.110.240.68:443 | stretchsquirrel.com | udp |
| US | 8.8.8.8:53 | www9.smartadserver.com | udp |
| FR | 217.182.178.225:443 | www9.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 137.155.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.imgur.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| HK | 23.42.175.200:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 104.85.2.117:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | creatives.sascdn.com | udp |
| US | 2.18.121.69:443 | creatives.sascdn.com | tcp |
| US | 2.18.121.69:443 | creatives.sascdn.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.bfmio.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| US | 8.8.8.8:53 | sync.inmobi.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 3.85.155.61:443 | sync.bfmio.com | tcp |
| NL | 98.98.134.242:443 | pixel-sync.sitescout.com | tcp |
| US | 3.227.83.44:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | 200.175.42.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.2.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.121.18.2.in-addr.arpa | udp |
| US | 20.127.253.7:443 | sync.inmobi.com | tcp |
| US | 8.8.8.8:53 | de.tynt.com | udp |
| US | 8.8.8.8:53 | 242.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.83.227.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.155.85.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.253.127.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| FR | 217.182.178.225:443 | www9.smartadserver.com | tcp |
| US | 67.202.105.31:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| DE | 172.217.23.194:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | hde.tynt.com | udp |
| DE | 18.196.96.246:443 | x.bidswitch.net | tcp |
| DE | 18.196.96.246:443 | x.bidswitch.net | tcp |
| FR | 104.80.22.145:443 | ads.pubmatic.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| JP | 202.241.208.53:443 | tg.socdm.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 64.74.236.31:443 | sync.outbrain.com | tcp |
| US | 52.44.35.59:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 52.204.19.136:443 | sync.ipredictive.com | tcp |
| US | 64.74.236.31:443 | sync.outbrain.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 52.44.35.59:443 | sync.srv.stackadapt.com | tcp |
| US | 52.204.19.136:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 34.206.73.40:443 | ad.360yield.com | tcp |
| IE | 54.73.141.177:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 70.42.32.127:443 | b1sync.zemanta.com | tcp |
| US | 216.239.34.53:443 | xeno-soswcrde4a-uc.a.run.app | udp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | 246.96.196.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.80.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.35.44.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.19.204.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.141.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.73.206.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.32.42.70.in-addr.arpa | udp |
| US | 3.213.224.199:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | 53.208.241.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 198.148.27.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| FR | 185.86.139.103:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 7.150.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.224.213.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.27.148.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.139.86.185.in-addr.arpa | udp |
| GB | 2.22.249.212:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.27:443 | r.bing.com | tcp |
| NL | 88.221.24.27:443 | r.bing.com | tcp |
| NL | 88.221.24.80:443 | th.bing.com | tcp |
| NL | 88.221.24.80:443 | th.bing.com | tcp |
| NL | 88.221.24.27:443 | r.bing.com | udp |
| NL | 88.221.24.80:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 27.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| NL | 88.221.24.65:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 65.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.81:443 | th.bing.com | udp |
| NL | 88.221.24.129:443 | r.bing.com | udp |
| NL | 88.221.24.129:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 81.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghaph.com | udp |
| US | 188.114.97.0:443 | ghaph.com | tcp |
| US | 188.114.97.0:443 | ghaph.com | tcp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 188.114.97.0:443 | ghaph.com | udp |
| US | 8.8.8.8:53 | vitals.vercel-insights.com | udp |
| US | 54.187.186.141:443 | vitals.vercel-insights.com | tcp |
| US | 54.187.186.141:443 | vitals.vercel-insights.com | tcp |
| US | 8.8.8.8:53 | 141.186.187.54.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 88.221.24.89:443 | th.bing.com | udp |
| NL | 88.221.24.67:443 | r.bing.com | udp |
| NL | 88.221.24.67:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 89.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | webhook-deleter.netlify.app | udp |
| US | 54.84.236.175:443 | webhook-deleter.netlify.app | tcp |
| US | 54.84.236.175:443 | webhook-deleter.netlify.app | tcp |
| US | 8.8.8.8:53 | 175.236.84.54.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
Files
\??\pipe\LOCAL\crashpad_4324_SZZSEIJCSOPQNAXJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/400-2-0x0000000075020000-0x00000000757D0000-memory.dmp
memory/400-3-0x00000000005A0000-0x00000000006D6000-memory.dmp
memory/400-10-0x00000000051D0000-0x00000000051E0000-memory.dmp
memory/400-11-0x00000000059F0000-0x0000000005F94000-memory.dmp
memory/400-12-0x0000000005540000-0x00000000055D2000-memory.dmp
memory/400-13-0x00000000055E0000-0x000000000567C000-memory.dmp
memory/2220-17-0x0000000000400000-0x000000000051C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hybri.exe.log
| MD5 | 8cf94b5356be60247d331660005941ec |
| SHA1 | fdedb361f40f22cb6a086c808fc0056d4e421131 |
| SHA256 | 52a5b2d36f2b72cb02c695cf7ef46444dda73d4ea82a73e0894c805fa9987bc0 |
| SHA512 | b886dfc8bf03f8627f051fb6e2ac40ae2e7713584695a365728eb2e2c87217830029aa35bd129c642fa03dde3f7a7dd5690b16248676be60a6bb5f497fb23651 |
memory/2220-23-0x0000000075020000-0x00000000757D0000-memory.dmp
memory/400-22-0x0000000075020000-0x00000000757D0000-memory.dmp
memory/2220-24-0x0000000005540000-0x0000000005550000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/2220-38-0x0000000005D20000-0x0000000005D3A000-memory.dmp
memory/2220-43-0x0000000005DB0000-0x0000000005E16000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\passwords.txt
| MD5 | 68b329da9893e34099c7d8ad5cb9c940 |
| SHA1 | adc83b19e793491b1c6ea0fd8b46cd9f32e592fc |
| SHA256 | 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b |
| SHA512 | be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09 |
memory/2220-122-0x0000000075020000-0x00000000757D0000-memory.dmp
memory/2220-150-0x0000000007480000-0x0000000007492000-memory.dmp
memory/2220-153-0x0000000007440000-0x000000000747C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1d69ec93538070a8c6360b0bc6f6228c |
| SHA1 | edadd8686e86bc25e830af10fcd691ddf8880bfb |
| SHA256 | 3da2404d7709a8e2b39771abe2554e3e23ee6b5a3ddb37f0425b37b26b9d0bb7 |
| SHA512 | d88a932269cc3879fefe6cf152cb6bed263d8596c57df90f5801caa79df10c568f8416fc09d8da49c07c1133450e1ab6af68a09998239c0256a238af3728866d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58748f.TMP
| MD5 | 5e6bf2ed1e370d88afa559b9e2ddb470 |
| SHA1 | ffc988ac7c51c0b5efd09bbac3873908301fdf61 |
| SHA256 | 2cc6aca7f79206d466ebf2c2ea5be9fc0181296c2bf69686f3a238a29cea4be4 |
| SHA512 | c6835e96c7318f8817bb07d0893292abff7fd59876295d2cfb937d3d10e2f20a3ce8d228916d9bed1e6830bb0f3b8e1b370814eaa050eecae1ba36846191db81 |
memory/5204-164-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp
| MD5 | 1c96ed29e0136825e06f037bf10b2419 |
| SHA1 | b74a55279474253639bebf9c92f10f947145ff30 |
| SHA256 | b10cf8cdf541ca0dd6df79e66fb4b0854dcac717aba034ba0c4961bff92fd021 |
| SHA512 | 0e74854d9de4e3944b2cff9b5de7eb19fdec1fee6c9576cae6cd81741adf84eac421cb743b1df30183f645ffe849357b6a85b5be8d7f6e2efe289bbe4573e177 |
C:\Users\Admin\AppData\Local\Temp\is-CL4RI.tmp\processhacker-2.39-setup.tmp
| MD5 | 1c96ed29e0136825e06f037bf10b2419 |
| SHA1 | b74a55279474253639bebf9c92f10f947145ff30 |
| SHA256 | b10cf8cdf541ca0dd6df79e66fb4b0854dcac717aba034ba0c4961bff92fd021 |
| SHA512 | 0e74854d9de4e3944b2cff9b5de7eb19fdec1fee6c9576cae6cd81741adf84eac421cb743b1df30183f645ffe849357b6a85b5be8d7f6e2efe289bbe4573e177 |
memory/5216-170-0x0000000002120000-0x0000000002121000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c53e5c5d464c115e70f867dae2d75afe |
| SHA1 | 87bacd5bda64fc9e352f5303a16f2462167f932a |
| SHA256 | e588fdab8ca0b3691e820308a0ee720a5cf896b4dbf5b489307c0d570e1337c4 |
| SHA512 | 913a36a9f86b5247f0ca01d78f1d42182c6f2041d97f7a08f0182d0600337a32546c045d2b28fdc01bcd21e5dfe9d870e97886a5464969ef363394e2e5838a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e294451d71c389afb2d6e1507fa363e |
| SHA1 | 6c6784ba91cbef15c08aae89418dfdc8ef6acc5f |
| SHA256 | ff0ca7b8f2d804e972924509d721feb720dff9e7e813f0011b9a732a3af7c9bc |
| SHA512 | 5de092f826e06b60ce0b4c62147125fece60de34a413a9249fe6dcce8d971ecb66e2408af093b253e5b18f7de483ced3a48e39266e67c48dc25d8c08546f2eb6 |
C:\Program Files\Process Hacker 2\ProcessHacker.exe
| MD5 | b365af317ae730a67c936f21432b9c71 |
| SHA1 | a0bdfac3ce1880b32ff9b696458327ce352e3b1d |
| SHA256 | bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 |
| SHA512 | cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b |
memory/5204-287-0x0000000000400000-0x000000000042B000-memory.dmp
memory/5216-289-0x0000000000400000-0x00000000004D4000-memory.dmp
memory/5216-290-0x0000000002120000-0x0000000002121000-memory.dmp
memory/5216-293-0x0000000000400000-0x00000000004D4000-memory.dmp
memory/5204-294-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Program Files\Process Hacker 2\ProcessHacker.exe
| MD5 | b365af317ae730a67c936f21432b9c71 |
| SHA1 | a0bdfac3ce1880b32ff9b696458327ce352e3b1d |
| SHA256 | bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 |
| SHA512 | cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b |
C:\Program Files\Process Hacker 2\ProcessHacker.exe
| MD5 | b365af317ae730a67c936f21432b9c71 |
| SHA1 | a0bdfac3ce1880b32ff9b696458327ce352e3b1d |
| SHA256 | bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 |
| SHA512 | cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b |
C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll
| MD5 | 0e8d04159c075f0048b89270d22d2dbb |
| SHA1 | d0fa2367d329909b6c9efcb3cc2c2902d8cf9b22 |
| SHA256 | 282696487ea5dc781788d5d8477b977f72b7c70f201c2af0cfe7e1a9fd8d749a |
| SHA512 | 56440f3feddc124574debfe3789e14d908982d4d8e9516f42fab7db7bcecdd3badd2f75e005016a7b9d87a00d5646b8df722bae8fba3932198babbe5335cf197 |
C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll
| MD5 | 0e8d04159c075f0048b89270d22d2dbb |
| SHA1 | d0fa2367d329909b6c9efcb3cc2c2902d8cf9b22 |
| SHA256 | 282696487ea5dc781788d5d8477b977f72b7c70f201c2af0cfe7e1a9fd8d749a |
| SHA512 | 56440f3feddc124574debfe3789e14d908982d4d8e9516f42fab7db7bcecdd3badd2f75e005016a7b9d87a00d5646b8df722bae8fba3932198babbe5335cf197 |
C:\Program Files\Process Hacker 2\plugins\UserNotes.dll
| MD5 | e48c789c425f966f5e5ee3187934174f |
| SHA1 | 96f85a86a56cbf55ebd547039eb1f8b0db9d9d8d |
| SHA256 | fc9d0d0482c63ab7f238bc157c3c0fed97951ccf2d2e45be45c06c426c72cb52 |
| SHA512 | efdb42e4a1993ee6aa5c0c525bd58316d6c92fbc5cebbc3a66a26e2cf0c69fe68d19bc9313656ad1d38c4aef33131924684e226f88ef920e0e2cd607054a857c |
C:\Program Files\Process Hacker 2\plugins\UserNotes.dll
| MD5 | e48c789c425f966f5e5ee3187934174f |
| SHA1 | 96f85a86a56cbf55ebd547039eb1f8b0db9d9d8d |
| SHA256 | fc9d0d0482c63ab7f238bc157c3c0fed97951ccf2d2e45be45c06c426c72cb52 |
| SHA512 | efdb42e4a1993ee6aa5c0c525bd58316d6c92fbc5cebbc3a66a26e2cf0c69fe68d19bc9313656ad1d38c4aef33131924684e226f88ef920e0e2cd607054a857c |
C:\Program Files\Process Hacker 2\plugins\Updater.dll
| MD5 | 6976b57c6391f54dbd2828a45ca81100 |
| SHA1 | a8c312a56ede6f4852c34c316c01080762aa5498 |
| SHA256 | 0c11cdc3765ffb53ba9707b6f99ec17ae4f7334578a935ba7bcbbc9c7bdeed2e |
| SHA512 | 54d8b39457f516d921bb907615ff60a46b6031e1444a443c9657e06d78c9fb0f637ae4756bb7b884e4dca2f55902372ad4ddba1d020abe02e0a381702ae270cc |
C:\Program Files\Process Hacker 2\plugins\Updater.dll
| MD5 | 6976b57c6391f54dbd2828a45ca81100 |
| SHA1 | a8c312a56ede6f4852c34c316c01080762aa5498 |
| SHA256 | 0c11cdc3765ffb53ba9707b6f99ec17ae4f7334578a935ba7bcbbc9c7bdeed2e |
| SHA512 | 54d8b39457f516d921bb907615ff60a46b6031e1444a443c9657e06d78c9fb0f637ae4756bb7b884e4dca2f55902372ad4ddba1d020abe02e0a381702ae270cc |
C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll
| MD5 | 3788efff135f8b17a179d02334d505e6 |
| SHA1 | d6c965ba09b626d7d157372756ea1ec52a43f6b7 |
| SHA256 | 5713d40dec146dbc819230daefe1b886fa6d6f6dbd619301bb8899562195cbab |
| SHA512 | 215d6c3665323901d41ae5151908c4e084a04a1558617016f0788194304e066410b92943bd6c119339727037ee02cfda893b9baf5603b2870d9fc5ae0c77ca7e |
C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll
| MD5 | 3788efff135f8b17a179d02334d505e6 |
| SHA1 | d6c965ba09b626d7d157372756ea1ec52a43f6b7 |
| SHA256 | 5713d40dec146dbc819230daefe1b886fa6d6f6dbd619301bb8899562195cbab |
| SHA512 | 215d6c3665323901d41ae5151908c4e084a04a1558617016f0788194304e066410b92943bd6c119339727037ee02cfda893b9baf5603b2870d9fc5ae0c77ca7e |
C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll
| MD5 | 37cbfa73883e7e361d3fa67c16d0f003 |
| SHA1 | ffa24756cdc37dfd24dc97ba7a42d0399e59960a |
| SHA256 | 57c56f7b312dc1f759e6ad039aac3f36ce5130d259eb9faad77239083398308b |
| SHA512 | 6e0bfab9ff44f580f302cabd06fc537a9e24432effd94b50ab696b35f57a61772072b7f9045a9e99fa4bf3bc316f43ea25ab6c87517242e7957eb86575203bed |
C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll
| MD5 | 37cbfa73883e7e361d3fa67c16d0f003 |
| SHA1 | ffa24756cdc37dfd24dc97ba7a42d0399e59960a |
| SHA256 | 57c56f7b312dc1f759e6ad039aac3f36ce5130d259eb9faad77239083398308b |
| SHA512 | 6e0bfab9ff44f580f302cabd06fc537a9e24432effd94b50ab696b35f57a61772072b7f9045a9e99fa4bf3bc316f43ea25ab6c87517242e7957eb86575203bed |
C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll
| MD5 | 12c25fb356e51c3fd81d2d422a66be89 |
| SHA1 | 7cc763f8dc889a4ec463aaba38f6e6f65dbdbb8c |
| SHA256 | 7336d66588bbcfea63351a2eb7c8d83bbd49b5d959ba56a94b1fe2e905a5b5de |
| SHA512 | 927d785d03c1ee44b5e784b35a09168978b652f37fb73a1a2eeecd3583c28595fb030e8c1f87ab9a20beac4622775777820d1a2ad7219ba8b9ae8b6fbc4568a0 |
C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll
| MD5 | 12c25fb356e51c3fd81d2d422a66be89 |
| SHA1 | 7cc763f8dc889a4ec463aaba38f6e6f65dbdbb8c |
| SHA256 | 7336d66588bbcfea63351a2eb7c8d83bbd49b5d959ba56a94b1fe2e905a5b5de |
| SHA512 | 927d785d03c1ee44b5e784b35a09168978b652f37fb73a1a2eeecd3583c28595fb030e8c1f87ab9a20beac4622775777820d1a2ad7219ba8b9ae8b6fbc4568a0 |
C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll
| MD5 | d6bed1d6fdbed480e32fdd2dd4c13352 |
| SHA1 | 544567d030a19e779629eed65d2334827dcda141 |
| SHA256 | 476aa6af14dd0b268786e32543b9a6917a298d4d90e1015dac6fb2b522cf5d2e |
| SHA512 | 89362a7b675651f44649f0ea231f039e0b91aba9f84c91545f15e187c6cbd07bbf3648a4e232dfe5122cf5636e67c458f4f7dab49ed4de3f3a303aa396c41d1c |
C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll
| MD5 | d6bed1d6fdbed480e32fdd2dd4c13352 |
| SHA1 | 544567d030a19e779629eed65d2334827dcda141 |
| SHA256 | 476aa6af14dd0b268786e32543b9a6917a298d4d90e1015dac6fb2b522cf5d2e |
| SHA512 | 89362a7b675651f44649f0ea231f039e0b91aba9f84c91545f15e187c6cbd07bbf3648a4e232dfe5122cf5636e67c458f4f7dab49ed4de3f3a303aa396c41d1c |
C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll
| MD5 | a46c8bb886e0b9290e5dbc6ca524d61f |
| SHA1 | cfc1b93dc894b27477fc760dfcfb944cb849cb48 |
| SHA256 | acd49f2aa36d4efb9c4949e2d3cc2bd7aee384c2ced7aa9e66063da4150fcb00 |
| SHA512 | 5a4d2e0fa7a1a14bc4c94a0c144bfbfcef1ecabe4dc15f668605d27f37f531934778f53e7377bab0ff83531732dc15e9fc40b16f2d1f7e925429681bd5bdca73 |
C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll
| MD5 | a46c8bb886e0b9290e5dbc6ca524d61f |
| SHA1 | cfc1b93dc894b27477fc760dfcfb944cb849cb48 |
| SHA256 | acd49f2aa36d4efb9c4949e2d3cc2bd7aee384c2ced7aa9e66063da4150fcb00 |
| SHA512 | 5a4d2e0fa7a1a14bc4c94a0c144bfbfcef1ecabe4dc15f668605d27f37f531934778f53e7377bab0ff83531732dc15e9fc40b16f2d1f7e925429681bd5bdca73 |
C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll
| MD5 | bc61e6fb02fbbfe16fb43cc9f4e949f1 |
| SHA1 | 307543fcef62c6f8c037e197703446fcb543424a |
| SHA256 | f2805e0f81513641a440f1a21057a664961c22192cb33fca3870362c8f872d87 |
| SHA512 | 0bbfe53e1dd933a3080d9775ad890fcbd73f9820885efa6b69e9664261249f34eaae3870f74de8511734fc9a0114f36e1bfc529a032d303a8e3e583e37a506c6 |
C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll
| MD5 | bc61e6fb02fbbfe16fb43cc9f4e949f1 |
| SHA1 | 307543fcef62c6f8c037e197703446fcb543424a |
| SHA256 | f2805e0f81513641a440f1a21057a664961c22192cb33fca3870362c8f872d87 |
| SHA512 | 0bbfe53e1dd933a3080d9775ad890fcbd73f9820885efa6b69e9664261249f34eaae3870f74de8511734fc9a0114f36e1bfc529a032d303a8e3e583e37a506c6 |
C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll
| MD5 | 4858bdb7731bf0b46b247a1f01f4a282 |
| SHA1 | de2f9cbcec1e1fa891d9693fb3cadfdd4cfe1f60 |
| SHA256 | 5ae7c0972fd4e4c4ae14c0103602ca854377fefcbccd86fa68cfc5a6d1f99f60 |
| SHA512 | 41b39560e15d620733ca29dc37f55a939a653f99686ac86643ccc67fbb807ad95d1996b867319d98506f3b8a30772fff3c3317bbcc205987f48031923f674d9a |
C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll
| MD5 | 4858bdb7731bf0b46b247a1f01f4a282 |
| SHA1 | de2f9cbcec1e1fa891d9693fb3cadfdd4cfe1f60 |
| SHA256 | 5ae7c0972fd4e4c4ae14c0103602ca854377fefcbccd86fa68cfc5a6d1f99f60 |
| SHA512 | 41b39560e15d620733ca29dc37f55a939a653f99686ac86643ccc67fbb807ad95d1996b867319d98506f3b8a30772fff3c3317bbcc205987f48031923f674d9a |
C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll
| MD5 | be4dc4d2d1d05001ab0bb2bb8659bfad |
| SHA1 | c0ed9e375b447b61c07c0b00c93bb81c87bcfc2e |
| SHA256 | 61e8cd8de80a5c0d7ced280fe04ad8387a846a7bf2ee51bcbba96b971c7c1795 |
| SHA512 | 31389e268fe3bf1175fa3c251ca026f77dc59361b8425c9826f31d18c5174e6de68c6092aef187f2bd2c92d89b3093a660b2fe6189af369293c1117c856b5cdf |
C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll
| MD5 | be4dc4d2d1d05001ab0bb2bb8659bfad |
| SHA1 | c0ed9e375b447b61c07c0b00c93bb81c87bcfc2e |
| SHA256 | 61e8cd8de80a5c0d7ced280fe04ad8387a846a7bf2ee51bcbba96b971c7c1795 |
| SHA512 | 31389e268fe3bf1175fa3c251ca026f77dc59361b8425c9826f31d18c5174e6de68c6092aef187f2bd2c92d89b3093a660b2fe6189af369293c1117c856b5cdf |
C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll
| MD5 | b16ce8ba8e7f0ee83ec1d49f2d0af0a7 |
| SHA1 | cdf17a7beb537853fae6214d028754ce98e2e860 |
| SHA256 | b4cc0280e2caa0335361172cb7d673f745defc78299ded808426ffbc2458e4d9 |
| SHA512 | 32de59c95d1690f4221b236376e282c8be1bb7f5d567592b935dcd798b36b80e86da81741c5845fa280386f75f6eafc9bbd41035362984150b134d24aede61eb |
C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll
| MD5 | b16ce8ba8e7f0ee83ec1d49f2d0af0a7 |
| SHA1 | cdf17a7beb537853fae6214d028754ce98e2e860 |
| SHA256 | b4cc0280e2caa0335361172cb7d673f745defc78299ded808426ffbc2458e4d9 |
| SHA512 | 32de59c95d1690f4221b236376e282c8be1bb7f5d567592b935dcd798b36b80e86da81741c5845fa280386f75f6eafc9bbd41035362984150b134d24aede61eb |
C:\Program Files\Process Hacker 2\ProcessHacker.sig
| MD5 | 2ccb4420d40893846e1f88a2e82834da |
| SHA1 | ef29efec7e3e0616948f9fe1fd016e43b6c971de |
| SHA256 | 519c2c2ca0caf00db5b3eb2b79dfe42e6128161c13aeb4b4d8b86fbffc67e3d4 |
| SHA512 | b2a000b33d4a9b2e886208fc78aeb3a986f7bd379fb6910da9f6577603aa6e8237cb552eabca70445f37b427419beeff0b061090cb952331b8db322ce2e58bc6 |
\??\pipe\LOCAL\crashpad_4364_PUIYXDFCLQQOJDXN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e498444011304c645b36e1ee66e9ca87 |
| SHA1 | 31c7b34bd920c7938bde61d7ca3597b624beebdb |
| SHA256 | b0ee5be38f96298e49b4400ef42d54b7c6787c459ed89b073ce0dccec454f238 |
| SHA512 | db7a7a959872a8a7360c365131887e093bf367b0ca1c1b693fc8845772b32a99a89fcdb69a97a7cae8eb2a8e9586c2f3391a651222d2b86ad6f0671e611c0355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 3f775429c3d783de84734e52a60b39fe |
| SHA1 | 9d3740b7a7bbd8e4ea216d25a55a8e8b74697f06 |
| SHA256 | f10a9bab22a1377ff64a11acd2d7c29f07cb016311cf5f054adfa0a233c05e42 |
| SHA512 | d94b3542bf26ad11c2ca37ba786cabc9489a848d398b3b0555d4d58029013d36c97d42a1446765fb3c0c15b07b2c66f7d33e8100ad5a13219b887500e1134bf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 0269b447aceba7d989e566aaab48daf4 |
| SHA1 | f32439d0ea286259f7c2d5b48a846382049a661c |
| SHA256 | b5d27401fd5ee067ad61d2ecde7496c657793330c328d4421756e2488462510b |
| SHA512 | 606099a38be37b10a0b322609da54cd6a0cc1b9cafb7db307bfea740f2da5a4854efeaa91237d566eeb7f101b1a901dbeda7922276b7a6116da40fa1f341cef8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | ff35bd5a03cae9c376d02b830fafea27 |
| SHA1 | 375247853ace81e30cca0c5e1483552ced415816 |
| SHA256 | 9ad6c263902bca293f80814b0df09ebebdc55c9681f370d7d8a546c6bc54d2fe |
| SHA512 | 35174766da12d308fa0b5dac27c7ee7b50aa46281be7f6ecc2d209676edaf59c4d5a5348876cbfe07977eab654c73bc64ac7b3a21ade1933c3eac435d5f6035f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | f53cc2e80f017384dc5ca5d7682bba88 |
| SHA1 | 9310baa35ae32d3e26c350ab43b42c8eabc4d817 |
| SHA256 | ebc60a345c8c88e4248ff29c3882cd930ec4ece9e73cca49e533c9b7396631d4 |
| SHA512 | fb2deb2e7ad73417fc57d08e59c94acf532a1acb91d133e02ce8814069a597a7ca6ecec68becf2f67a1b7be4c690b58b599b2bfb0c420f69b1f498e85d303806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5f9c2225a66827595d61a90b6ca1ab1 |
| SHA1 | 1a47df687687d07662eb6e9831a5ced88a5f1083 |
| SHA256 | 93ffbade68d4961cc0341f9cf67b27c8b0068fc7047f701c304108e9acac0afa |
| SHA512 | 864a327ee371c475a28f36c3fdc290f04d37726dc1627ef9cd92edbfedd0f7f8a3df7fbd3c3a27de582693441029b55d2ffc8f38066418fc50faf9f8566fcb4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 487acca263d0f828d3c3f3636749a638 |
| SHA1 | 8fcdbd3e7e836f54279c35e6cd8c6a95d4b761c1 |
| SHA256 | 1b23dbde95bb41237bdfeb5bff2c80850acd5ecdbf2a9dff6239bec53c1f2806 |
| SHA512 | 591e75af80495df9705279a96254d80a6946294f4b2b7e72d1ae55756cff0a0eed5aa3caab401d3f4ef8954b94d5e0528c46cd75a9a4603fdafe680e619dafdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d72a2d31fd4db3f3f80a585946f88a8a |
| SHA1 | 0ebe43477d9983e98d50cc051efe191bdeb0d67a |
| SHA256 | 1f75af70a5d8f97d6c18663539e3404b92f26fa5019cae719fb03eaa55151865 |
| SHA512 | 40dcf971d3af183078e2ae57df440de2fbea429a5ad559bd909654bd6e3f38f6edda28b31fd4259506cd747ce1b7149824dbac929abcffd522d22d43297d3b25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c8cf8f40219d4d710c331dc12295e9db |
| SHA1 | bcc88586e2d0d43ac23244bc3451ac0f4ed5dd69 |
| SHA256 | 3fda6008a2171ad0769042113f3ed75139b13d7f379619137d13a97d5c8484cc |
| SHA512 | 6462c7188034bb8c8a59f4832a7b4eb9ce543dab5e73523d28bab8ef5c29a127879c0ef372466c7288b4b91fe266783bc71662e95618ff92e93ac4a947c6fecf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b01d8add84d0e8f1c3cd848dc26fd64 |
| SHA1 | a3a65a81749e2e6d7cfc22d48de86ceb526ff2bb |
| SHA256 | 2a0b52f5fca5a664eae35872db28de1387fa5f15fddc21e0c11ba5b026a9686f |
| SHA512 | 60d6df5380aca30c1c11a8c65100f9fe4b477f7b794a25a067796bea4698f16f616ce38021cb907a4b2cb7344d04f185f8170922087beb1fdb5ba6483487de1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ef5f01575c9d7cdd70ab201b69e66c8f |
| SHA1 | 1d75dc48e069a6fdc14a27903e898a18227f8eb9 |
| SHA256 | 9fdf6e44c0786addefd04b8ceb5bae1710339c7f7344a83bf96520ea24efed50 |
| SHA512 | c4105376ed194aae45e2f6bd683a3b45cb853496fd9b23e39e238d1b7089789ddd5b320ad2d2f0e566dc361a3d14abde9341ce3e3d8b156004b815b4647ad7d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f67f76381583fb6da0f8d85e79d48df |
| SHA1 | fd82be866795c7806455060f40f2d3f762b7e35d |
| SHA256 | 304895471e822e62cbfca6fdfe2e49cfe017ebb2e1847a3f1965aa5db4feb3a3 |
| SHA512 | 14711be0ff63197e1f42a6c9988a7ac3c31720e70b8336b23a687939ff9f52581958ece5c894e4a049316689dc4554a87dd9c118dc5799269a22345840962528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ef9019619c2cc1a061e2e1ce13e727b |
| SHA1 | 86edf2b4d1f613eef3d76b4acde43ca9124dfe62 |
| SHA256 | a9a87fd96cbcf0d159dc6c8ba829215b879467b91026bcd85162bfad402ef39e |
| SHA512 | 2bee8b359e2a22ff0f035d2f2332ea5c3ec3026a888291f6a61c86dacadfa8423245ce63af2f0025fcaa0a3399bf8b559b755cbbb30bdd74d2cf55a5e8ce5f2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 72e7d779f58c8579ef559fa15a519ce9 |
| SHA1 | ef759631f6f369075f3586272077509dac65bca9 |
| SHA256 | 8b503591eaefccdc7862fcacfca58354bf8f0e6524b5143e15f8a0523db90509 |
| SHA512 | 4166e61ffa19e87a60f6b1905139731af79b844c8488c316983774e75d4fcba7e81d18b144ec1dc4f7062a093d2857c0ba0ace39d53e231fb3bf3d1241cf6109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 42a49e60065f2a0a935a40b91ee3f254 |
| SHA1 | ae61feb85fc74f68899dee0a8900facf9ca75e3f |
| SHA256 | dd26b9c0b152921ba3fd45dcba60b34aa16ae4b5556b0a635fa12e51a19a77ee |
| SHA512 | 37aec1f3c180d1722b37c8b3d39f369b387e5efa569c7d3577e07b2f5ade243ca61678fb709d4f7ed3d61c43e06b11e768dfd85c6423b3bd1f354332f310ebfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e20d3342094c14f402e4ba17aec837aa |
| SHA1 | e092759f759f59e387e71f076ad44794a1403a8b |
| SHA256 | 6b7e01aac61558d747e2b30e1a8f1fda53736587f20101a6ae91cc4f141222ba |
| SHA512 | 91b7a1345b0a9d64523e85a9ff652acac06935a364af103a06b78f8eea4928f7b22d89cabbe0a7a7aa62b5af35de1f67620bd661297d9d0585ef5af10858ac3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c9a7d71bbbe15b0e3bcef5e0e616d3fa |
| SHA1 | da90ca0fd42ff9480c596a4958ca7f78824a5842 |
| SHA256 | 68a48f0301474532034ad445b030ee3a6a230c23ecbc54b92d69128db2fb26e1 |
| SHA512 | 65248b30c4cdae3f8fb10a5057e9638681a7fccabad8953d8698fb5d22d6827c06d25dba9d11b6263efd86c2b5a9553b49da6a78b68bcda02da2fc3342a6e180 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5d3f69f0eae18352fb7744e33e5a2c85 |
| SHA1 | 9a7dc2803dbf4ac31bf38d635271955ee00207a9 |
| SHA256 | fec0a578be20af4d804cd4bb32507718d89fc209b4c012b4597e8b6c06bab5f8 |
| SHA512 | 7ddc8d9eeb271ea3437a1891cc68d04e7371401925efeed706b28a0d1cd7993e14c8dd9b1b8810e0adf61a901e5e62a7b80ce1009ce4d2803be5e9546a0772d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95e491184ff9503d08e1af23ca8aa4ab |
| SHA1 | 6b4d93bbe24f55237e9f42bb95b13dfef9d67f8b |
| SHA256 | b5356c855d9c7dc4bc149b996214b7a8f8f21e5f083b603a2c81a0b8a899d4f5 |
| SHA512 | 9226dc6c12aa6b3470f054b7025df413586dd1d839b85a6f73622a43b33c2a2dfc57442be2f7b9cad05e6805d1fdbe6eb4171e06e408c5c85831798df8cc371a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2a175bc30b85a67ee91093bb7c7e50c5 |
| SHA1 | ef0987961374fd466b63684e5f5cdd7432088b98 |
| SHA256 | 89499d976c7d587e600e60eadbbf168932e33265640f7afe6b2847f07325a89a |
| SHA512 | 79f5bd493444db1d9a43ea7278f8a0f20e6fa4f8f70d65ba2231d3d4ab7bd87b3214c6777f6bf4cfcded04df946feea2e082fb4896fbc4c6f906f431006b73dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ceaf1a8ce9cf274d1f87a28ee55ddb7 |
| SHA1 | 74dd2216224ab2428da5c9a41550a67a926a7064 |
| SHA256 | 9a315128f57c513e93963860063a9e98f450e3eed5ea2aa7fd613c10b1b31e4e |
| SHA512 | 1bdbbad1d20ae8592fc357e55379e6129f7f6ec5214c488e0260e964e76c93c9396fdf521d149a9fe1aa34ebe94753da50775073b5c93f9376c6c241df0df2a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 42eb5025211a0f9dd705f550bc268044 |
| SHA1 | 32dbf36a5a8f5a3abe4d45ed6b337f263f1e81bd |
| SHA256 | 6bb3c547ca4feb376fc7d647a7bd66579f00241da0b66cd97dccf7887bc307f6 |
| SHA512 | 7bc85126365f312a767c2edfb24b008aabb0584592c4ef7ea3c2904ee35e4272ce3e86cb52cd76ded130018557f6cfeccb7e73baf50f380c4464cd4511cf27b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d45f813a5846d1552921649ead0aab62 |
| SHA1 | 3f90e45cf6ad82356ae25a95b333d6d13173384d |
| SHA256 | 270bbec59fefb28532654800e5b6a00aa82f91e392935f7725af0a1731a59328 |
| SHA512 | 2e91b2967c587d12842d2e123652ecda8b23e61e913a77b82fd5d76d356dd9d09ce4a5669e8b51c9f161f8f51aefd506f33f1ceef60a9512fc2ebce4b7cb3104 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e3123177d3c561b171f14d0a9523388 |
| SHA1 | d0a0e14fb30bfa2cf4b8fbe8392e99e6c0a7562a |
| SHA256 | 0ff850ff3750f45971ae629050ae59e2bbf47d5eb7fac669d048b5a450f7a435 |
| SHA512 | ff116f6afbe30da293dce2f16937033725f9e0b99a221b895fa2dc93b64669b13c51eee3f2e79bb7eb456e033b9b93163179978b0de86b6224a37fe4fdaded74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b772a81cf529e7f62019a2668fb963f6 |
| SHA1 | 452c558aba095922dcf9ace1138a6b3b9fa8ae4a |
| SHA256 | ab35f7c44b8d081897af948ea64a06039342b39749679f741dd62e6634dcff3f |
| SHA512 | 5ce91711e6e14a05518a03dc2d0ca64f43862da5cd8b3b5420460c699d04dc9cdf92e0cb1b91bafc2ce3aff5c81aa35f4bbb6e9bb6c3daedfda65f58d625b3f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be982b0ef92df777f60b4d7ab22cb5c3 |
| SHA1 | 4505e93410bd820816471b85998c9593fe0292a6 |
| SHA256 | 8a89e6ac1460a5538635c42026ba4a367fa6ea8066dda3d2a6d5705a7ca82c94 |
| SHA512 | 43926aedc85b27a379e9da80b57b13dd3a83b0bd391dbcd34742fc8bb467e13410a0a90b2361247c057651b71074149a2d98f8a3a1ac9098c041fb3afdb5b09e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9f9fb3da1b5608f80942692def1d53c |
| SHA1 | 4ea26cbbaf69e19c9fdf7f2ec74922197423f6ff |
| SHA256 | 48a67017f39e3ccfa7b85aa76cc263b7b004819b4af5510c55d53fa657c4d22e |
| SHA512 | d382a3bb085fa67dc8c5833fae06761c4059715ba8834de61354b2b890f99ebe19a8f89ee0ad4b9b63446fca8cd34705667b09f1efa79064d004525ea5456614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a42c7183e1fd0f8c1c9afec1a4c5cd2d |
| SHA1 | 10c7719c6e76c3f2ac338a53929f706a0b82d09c |
| SHA256 | f7230d77b47b72c1418a2ce18e31744174b3adbec949e0d6cea229b870c99967 |
| SHA512 | 695d48f3c79a006d3ea6a4e7e9c0228ee430799210d6ee276cafac7545ae6d40246279a0d3a1c21914182b3d055787f418fe835ceaba73c80cccb08c78b3ff62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1eea5c2c30395c0251d76511cc3213dc |
| SHA1 | 0e551d327f99fa754340b0aef0842577efd5f1e6 |
| SHA256 | 037a88f38070c6c0de3e07019cb503e3cbe55f319c9a08ffc24296754018d310 |
| SHA512 | d44332cfbc2261f194df162ea61301d584e18f51a3802e46fea62f23aaf9919d35d307ff527ae15aa8e7fc5b5e3bc75cef6570417ad17fb248f889e562edb0db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 83d93cc4a7853894592b35f8af1a0e24 |
| SHA1 | f55f03cc4aec2f3612eb5afed222199bb33feef2 |
| SHA256 | 9e40e966418cf23946d10857eb40007f368776d00687e93448a214dc71ae6c74 |
| SHA512 | d974d5a9b2cf9ade703dd4dba43a086c7b78b2723198880f341f6cebd0071e63822f8c9f22ec98f299e2da9609171575076bc755515e34b453f8347579be4a5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 622f86b6b7e448ba93de7f4c1a2f41f4 |
| SHA1 | 7a91f2fdc56b0b9ff05856c2ee2ba4d8550a9076 |
| SHA256 | 837eaa21de5d634304dbfaca6b1dbf6af1924225a808a0757b893b7df39305d4 |
| SHA512 | f4c4a87e5ca4ae0b2e9e5c0b1c2c55f0b7225f72f91009788b3830e9b9852042ef50327bb348ab42ffb14d6c90e1466c51bccf1e6478ab84e65682e463bf92fa |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | bebcbff6c9622632280fe07ee68a3755 |
| SHA1 | d5121e5d8ce6767889c406899538d95d6833aac1 |
| SHA256 | 07effdd26d771b567cc8adc26b1a74e8a9f59fef317f0cd13841859d9cdd4be0 |
| SHA512 | 8803f46a57bb691f3128f4c4b4dd8d34799f0f4421eb7da427fe695315af8dca320870f54aa808af1f4d97350bbfc2956f586aff04c7993bd5158b668bb301a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 76786eb44a4949afe5dc69628e207131 |
| SHA1 | 0db780a7ecccf0a833244a85c552c9d59c1a93dc |
| SHA256 | d6c09cf817b2ed7e5f94ea48c9950b39e13a3792a769de2dccfe5dde677ef3a4 |
| SHA512 | 9df048a07f417818df489682aee13e38e76c66594c4e4a53e91c60fb086968248cb8af3b4ca00f8cfa4768e62ed4d882a32258022c7eb7cf0d2b680aa1f201d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98fe4ed24a1ff5235d3e1bb37a21d1be |
| SHA1 | 3908917e1d7fe36a2857f8a979efba43114f98fb |
| SHA256 | edd9df84f5391f05eb6399af5db6fe1d41de5a585b96b4ba949ce94189090e07 |
| SHA512 | f653d429d025f75a50be0b16913f114072badf0c25a54ab5cfdf2ccf461d5b22cafc0eb3741d29930668599af448f7cbcc0e88c0df95e1e6bad5457565891c68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9e93d7f6d942b26c9ada3a625d86cff |
| SHA1 | b518c51b8830a231aebe6c2c1faff29070cc107a |
| SHA256 | 34ab6d1626f952c99450e010aca7293be60d0fbe15ae4d1a28fc3339de21a690 |
| SHA512 | a2440ada1a2df48c7e4734659ec0c8057d9436327b491045a0e28d873eb3c468a922c623c71b660a1bca183c2e89931777ba430571f11c9ab192c0263a595e66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 457d1ac0889cfa609134e005645ffd43 |
| SHA1 | 8a4058c22b396bc1587170bb36ab130a9ec1c013 |
| SHA256 | e51fca4b319433f9e66c0360c31db0ac841415c2486d5b4c7ca1078ba2a17e56 |
| SHA512 | 0b6cecb696c69f04ac7d3148e7d5b4d641c1c76cfb3c8746e1c93dbd38fdaaba0c24180d61c84b74147ecaf3a46fb6e429324200101141b9c1ee72778506b3cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | d716b6013bc03f1e4fe2d5cd719c595c |
| SHA1 | 01347f66988db64e410b5ce8b8a8c353ff059296 |
| SHA256 | fc8a8b1cf010979eb77a33e4c8fcc744a884fed8147a326bcb39f7ee9aeeb32b |
| SHA512 | cad4f0b076fe741297b4d1845013cdb7e7f092202f1e8b9c23532623d7b73bfe8c7c37af5078bc6d571e4b7276e6510a340838d34e84c470f6405281c7f2e9ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | bfe589d7b7e3f06cee5351e805ea1af2 |
| SHA1 | 0880735ee4e30ac4dc25fc2d4d03cd5a45bf9c1e |
| SHA256 | 2ff2bcbcff531b220ba593814fbaa833de9d1f72d1a8036d46b3f5b766aec3c6 |
| SHA512 | dd183e01261385f2d1602561f51253c37e785d7ca8572d1a1a059a6d9ff723baea014fb3cc2ac39918622d0d3db7dace315d472ff1c403fe21c60e691880a1b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 04cb676d26899df8beca1fb9da675b11 |
| SHA1 | ef369339c3643b564d8c5234dc24060c8f027700 |
| SHA256 | 0112d431af82a350fbbf05dc09f67eb57639e82959d31488fef908cfc4df60c2 |
| SHA512 | 55579fbad58fb0d45c6b077627954acac1772bfec2ee6b91f03e9ebcca046eee4c1fc5de4abadf4af117a43be25a10384f08689daddd7a2ae88cfb6f7337c5da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 99ebbe83e525652c9732d9bb94fd6a89 |
| SHA1 | cb70a4781886ffe5c013d8c23444271a61b0720e |
| SHA256 | b1e3b57191c27079b513a300bac829cd5bcb46d0a644470aebe9d2a6ff70be85 |
| SHA512 | bafdfec00e1b0dca441e52d05a414f9f90a1653194c4b29e26a06fad566afb53a17f7c5db40736eae652b4fd2021fa287f2ae61d788e89bbb0c8e01845b87287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9155b6ecee9d06b73ef2c2f81285f25d |
| SHA1 | c9b87dce5ed542cdd43d15565ddc295d031d2be7 |
| SHA256 | 787763d5408d570c1ae8eb42c293fb0b413f0ff0c5faed1c26ee8e404703b4e7 |
| SHA512 | 2b8b10e96da0bede0d47386c4814b66c33f563499ff222f59b747638b2074673ded420bd38b017d20800d5807285e988652734fb80654dcc7435d564a4a97799 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9fa752b3-eb8d-460c-8437-7cc5261924b2.tmp
| MD5 | ff33f158c230234720ba78ac8dc48bdd |
| SHA1 | 5da01240038bd4109280884140724d892c416a86 |
| SHA256 | a08811245a08f6d2f5d3e35a964a388ea97f8e6cdf2c1066c320f6b7bfb020b0 |
| SHA512 | 21978e7f0ff6bf3c8180ebe05585f84f01ee29fc765284fb6413e9ec1743e13de4f0255534a3c2d6a6c26598a581bb9c103e955242d94e703a00a55fdb9f28a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ce37e9618de4204e0706c532f8ab153 |
| SHA1 | fa2f2faadc0152c452ddc11d98fcc099d41681cc |
| SHA256 | 23bca670e6c96e9bc7c86d8c493058353bdb7cb18b7c2c94e0248f990085a7cb |
| SHA512 | 1974d9ecf7f53a00dff915a385a8be78563f8b5a5715f94c2f65117e831d99ed1aa987c4ecc61bfb728a0c42458fc7e4a9924e4b78403c6e07f83b9f013667ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 865b23bc7d60eed5c41c50c17524d835 |
| SHA1 | c1320ab752a4b7c2d0eec7d47d9017ba8e2cd806 |
| SHA256 | 055330d561959cdf1c32db3ded06fab8d9b2bfb1cf48396c04eb84087f45df84 |
| SHA512 | cdb1263a547677692a523fab1133faba166b52c9e5fae819c23890f7e61862c5f5e5ccceacd5555fd254ce71ac755bc7cd87bae23d47ecf0fbee90881e059ff3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05755358d15710b091cb8c0a49d73840 |
| SHA1 | 56d60c297d8432ea39a9c0c399db036df5e3e9ac |
| SHA256 | cd1b9236772105701b2acb623d5460dd5b6ff98eb9177cbb2b597c2f0f6de295 |
| SHA512 | a5f3f841d13fd67c9f1a60d74ac0478b6c9cb0f01438f91553dbaf3b3b152922bdef19ecdd9bfc4d8cb66cb2e8cb0932b3000e9a071fc00b61a7586799952693 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8936711d0d9bad3d52ea183a92b043e3 |
| SHA1 | 3fac1be1da5eb50f29b0192039bd035ee87ce797 |
| SHA256 | dd554733260152fd10dbe3a74d2cbcbd087d774f2075ebe58806cd756b58e714 |
| SHA512 | 3afdb1a238bcdb1d3db5b03fdfc826aa657bf2f1e8ede06d6ea327c39204116845c9e38e43f8522954229499c806b448aa1d6e76214e7756781f79ee09d42419 |