Analysis Overview
Threat Level: Known bad
The file https://google.com was found to be: Known bad.
Malicious Activity Summary
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
Downloads MZ/PE file
Looks for VMWare Tools registry key
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Checks BIOS information in registry
Checks installed software on the system
Enumerates connected drives
Looks up external IP address via web service
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Maps connected drives based on registry
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
NTFS ADS
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Modifies system certificate store
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-09 22:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-09 22:47
Reported
2023-09-09 23:05
Platform
win10v2004-20230831-en
Max time kernel
1042s
Max time network
1052s
Command Line
Signatures
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
Downloads MZ/PE file
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mod Menu = "C:\\Users\\Admin\\AppData\\Roaming\\Mod Menu\\XModz Mod Menu.exe" | C:\Users\Admin\AppData\Local\Temp\Temp1_XModz.Menu.zip\Mod Menu.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{3d45edf4-44bb-483f-9e08-43c38c81e118} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{3d45edf4-44bb-483f-9e08-43c38c81e118}\\python-3.11.4-amd64.exe\" /burn.runonce" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4c1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE151.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4cf.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{52DE4CC1-22CF-498B-B50F-E66877E4850B} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{90A235DF-4CF1-415D-AD85-6AC578B5DFB4} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4c6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4cb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4d5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7C3D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID930.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2AEE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4d4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4df.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{A32FE961-D579-4E46-B3D6-0B777F8F51E8} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{FEF98C01-0C8A-4A0F-88AE-F164A787286C} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4c1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4c5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF585.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4d5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{FABA3DAC-829C-4C83-BC27-F3AFFD27B465} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4d9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4d0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4c0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4c6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4d0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4da.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4da.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4df.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9275.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{7EB8F17E-4AA7-4F9E-B908-42A28799523A} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4bc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4bc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDC9C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4ca.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66d4cb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5E82.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66d4de.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b305b7ffc76f366e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b305b7ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b305b7ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db305b7ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b305b7ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\DisplayName = "Python 3.11.4 Standard Library (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Buxify\\Buxify.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\ = "URL:discord-925090689107243088" | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\DisplayName = "Python 3.11.4 Utility Scripts (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\ = "{52DE4CC1-22CF-498B-B50F-E66877E4850B}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\DisplayName = "Python 3.11.4 Test Suite (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\ = "{3d45edf4-44bb-483f-9e08-43c38c81e118}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\ = "{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\DisplayName = "Python 3.11.4 Executables (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088 | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\DisplayName = "Python 3.11.4 (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\DisplayName = "Python 3.11.4 Core Interpreter (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8}\DisplayName = "Python 3.11.4 Tcl/Tk Support (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\ = "{FEF98C01-0C8A-4A0F-88AE-F164A787286C}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell\open | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2415528079-3794552930-4264847036-1000\{E342BD56-E71E-4E12-8B7F-C4982E05B115} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\DisplayName = "Python 3.11.4 Development Libraries (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\ = "{7EB8F17E-4AA7-4F9E-B908-42A28799523A}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\ = "{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\ = "{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\DisplayName = "Python 3.11.4 Documentation (64-bit)" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2415528079-3794552930-4264847036-1000\{BEA575AC-A007-438E-A66C-1A6A45CBA3F3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell\open\command | C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8}\ = "{A32FE961-D579-4E46-B3D6-0B777F8F51E8}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8}\Version = "3.11.4150.0" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\Dependents | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B} | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\ = "{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}" | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11 | C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\buxify-updater\installer.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\buxify.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 295540.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 193813.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 764662.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8136b46f8,0x7ff8136b4708,0x7ff8136b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe
"C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 3960 -ip 3960
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3960 -s 2204
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RobuxGen\ReadMe.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RobuxGen\UserContent\HowToUse\1-Configuring.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RobuxGen\UserContent\HowToUse\2-Troubleshooting.txt
C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe
"C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:2
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 5724 -ip 5724
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5724 -s 2196
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\Downloads\buxify.exe
"C:\Users\Admin\Downloads\buxify.exe"
C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe
"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe"
C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe
"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe" --type=gpu-process --field-trial-handle=1284,4022416562237621599,18136740405845922095,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1620 /prefetch:2
C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe
"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1284,4022416562237621599,18136740405845922095,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:8
C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe
"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe" --type=renderer --field-trial-handle=1284,4022416562237621599,18136740405845922095,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\Buxify\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x2f0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_XModz.Menu.zip\Mod Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_XModz.Menu.zip\Mod Menu.exe"
C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe"
C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --mojo-platform-channel-handle=2044 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2416 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\PopPing.mht
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8136b46f8,0x7ff8136b4708,0x7ff8136b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\setup.bat" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6316 /prefetch:2
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\requirements.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\setup.bat" "
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\tutorial.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8
C:\Users\Admin\Downloads\python-3.11.4-amd64.exe
"C:\Users\Admin\Downloads\python-3.11.4-amd64.exe"
C:\Users\Admin\Downloads\python-3.11.4-amd64.exe
"C:\Users\Admin\Downloads\python-3.11.4-amd64.exe"
C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe
"C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.11.4-amd64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=568
C:\Windows\Temp\{A9CE7D0C-2A4E-4886-9AE5-262AA02C1C79}\.cr\python-3.11.4-amd64.exe
"C:\Windows\Temp\{A9CE7D0C-2A4E-4886-9AE5-262AA02C1C79}\.cr\python-3.11.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.11.4-amd64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576
C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.be\python-3.11.4-amd64.exe
"C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.be\python-3.11.4-amd64.exe" -q -burn.elevated BurnPipe.{413063F6-42A7-4122-A334-F3974D3F7460} {84CEB1EC-2AA0-4EE2-92B2-2B274F4105B3} 4964
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Users\Admin\Downloads\python-3.11.4-amd64.exe
"C:\Users\Admin\Downloads\python-3.11.4-amd64.exe"
C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe
"C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.11.4-amd64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=568
C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.be\python-3.11.4-amd64.exe
"C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.be\python-3.11.4-amd64.exe" -q -burn.elevated BurnPipe.{4CEBB010-2E82-4B62-83E9-3B33948DAEF9} {278E13A9-6F5B-4A6A-8B8F-B84FF3058F50} 5976
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F8843CDA08793D75DDA4B133BA50DF4E
C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe
"C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe" -E -s -m ensurepip -U --default-pip
C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe
C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe -W ignore::DeprecationWarning -c " import runpy import sys sys.path = ['C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpcqx2ibep\\setuptools-65.5.0-py3-none-any.whl', 'C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpcqx2ibep\\pip-23.1.2-py3-none-any.whl'] + sys.path sys.argv[1:] = ['install', '--no-cache-dir', '--no-index', '--find-links', 'C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpcqx2ibep', '--upgrade', 'setuptools', 'pip'] runpy.run_module(\"pip\", run_name=\"__main__\", alter_sys=True) "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.179.142:443 | google.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.250.179.206:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | tcp |
| NL | 88.221.24.41:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 88.221.24.48:443 | r.bing.com | tcp |
| NL | 88.221.24.51:443 | r.bing.com | tcp |
| NL | 88.221.24.51:443 | r.bing.com | tcp |
| NL | 88.221.24.48:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.7.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | az416426.vo.msecnd.net | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 72.21.81.200:443 | az416426.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c1.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| IE | 13.69.239.73:443 | browser.events.data.microsoft.com | tcp |
| IE | 68.219.88.97:443 | c1.microsoft.com | tcp |
| IE | 13.69.239.73:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | 73.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.112.4:443 | github.com | tcp |
| US | 140.82.112.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 4.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.112.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 141.64.128.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.18.121.79:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| NL | 88.221.24.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.57:443 | th.bing.com | tcp |
| NL | 88.221.24.72:443 | th.bing.com | tcp |
| NL | 88.221.24.72:443 | th.bing.com | tcp |
| NL | 88.221.24.57:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 82.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | c1.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| IE | 68.219.88.97:443 | c1.microsoft.com | tcp |
| US | 20.42.65.89:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 20.42.65.89:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | niklsultra.itch.io | udp |
| US | 173.255.250.29:443 | niklsultra.itch.io | tcp |
| US | 173.255.250.29:443 | niklsultra.itch.io | tcp |
| US | 8.8.8.8:53 | 29.250.255.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| US | 69.16.175.10:443 | img.itch.zone | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 69.16.175.10:443 | img.itch.zone | tcp |
| US | 69.16.175.10:443 | img.itch.zone | tcp |
| US | 8.8.8.8:53 | 198.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.175.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| NL | 13.227.219.97:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | 97.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 18.239.94.78:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | 78.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 52.11.112.216:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 216.112.11.52.in-addr.arpa | udp |
| US | 173.255.250.29:443 | niklsultra.itch.io | tcp |
| US | 173.255.250.29:443 | niklsultra.itch.io | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w3g3a5v6.ssl.hwcdn.net | udp |
| US | 69.16.175.42:443 | w3g3a5v6.ssl.hwcdn.net | tcp |
| US | 8.8.8.8:53 | 42.175.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.buxify.gg | udp |
| US | 172.67.181.193:443 | www.buxify.gg | tcp |
| US | 172.67.181.193:443 | www.buxify.gg | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 193.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | buxify.gg | udp |
| US | 8.8.8.8:53 | 193.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | buxify.gg | udp |
| US | 8.8.8.8:53 | giveaways.buxify.gg | udp |
| US | 172.67.181.193:443 | giveaways.buxify.gg | tcp |
| US | 104.21.35.247:443 | giveaways.buxify.gg | tcp |
| US | 8.8.8.8:53 | buxifyapp.nyc3.digitaloceanspaces.com | udp |
| US | 172.67.181.193:443 | giveaways.buxify.gg | tcp |
| US | 172.67.181.193:443 | giveaways.buxify.gg | tcp |
| US | 172.67.181.193:443 | giveaways.buxify.gg | tcp |
| US | 162.243.189.2:443 | buxifyapp.nyc3.digitaloceanspaces.com | tcp |
| US | 8.8.8.8:53 | 247.35.21.104.in-addr.arpa | udp |
| US | 172.67.181.193:443 | giveaways.buxify.gg | tcp |
| US | 8.8.8.8:53 | 2.189.243.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.roblox.com | udp |
| US | 8.8.8.8:53 | api.roblox.com | udp |
| US | 8.8.8.8:53 | api.roblox.com | udp |
| NL | 88.221.24.130:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 88.221.24.89:443 | r.bing.com | tcp |
| NL | 88.221.24.65:443 | r.bing.com | tcp |
| NL | 88.221.24.65:443 | r.bing.com | tcp |
| NL | 88.221.24.89:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 130.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | c1.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| IE | 68.219.88.97:443 | c1.microsoft.com | tcp |
| US | 13.89.178.26:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 2.18.121.79:443 | aefd.nelreports.net | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:6464 | tcp | |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.16.168.131:443 | js.hcaptcha.com | tcp |
| N/A | 127.0.0.1:6465 | tcp | |
| US | 8.8.8.8:53 | 131.168.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | hcaptcha.com | udp |
| N/A | 127.0.0.1:6466 | tcp | |
| US | 8.8.8.8:53 | imgs.hcaptcha.com | udp |
| US | 104.16.168.131:443 | imgs.hcaptcha.com | tcp |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| N/A | 127.0.0.1:6471 | tcp | |
| US | 162.159.133.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | x-modz.github.io | udp |
| US | 185.199.108.153:443 | x-modz.github.io | tcp |
| US | 185.199.108.153:443 | x-modz.github.io | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 162.159.137.232:443 | status.discord.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.114.82.140.in-addr.arpa | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | media.discordapp.net | udp |
| US | 162.159.130.232:443 | media.discordapp.net | tcp |
| US | 162.159.130.232:443 | media.discordapp.net | tcp |
| US | 162.159.130.232:443 | media.discordapp.net | tcp |
| US | 8.8.8.8:53 | 232.130.159.162.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | images-ext-1.discordapp.net | udp |
| US | 162.159.134.232:443 | images-ext-1.discordapp.net | tcp |
| US | 162.159.134.232:443 | images-ext-1.discordapp.net | tcp |
| US | 8.8.8.8:53 | 232.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 8.8.8.8:53 | 11.248.199.67.in-addr.arpa | udp |
| US | 18.239.47.8:443 | d1ayxb9ooonjts.cloudfront.net | tcp |
| US | 18.239.47.8:443 | d1ayxb9ooonjts.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 8.47.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.211.227.13.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | images-ext-2.discordapp.net | udp |
| NL | 88.221.24.65:443 | www.bing.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | modmenu.pages.dev | udp |
| US | 188.114.97.0:443 | modmenu.pages.dev | tcp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 188.114.97.0:443 | modmenu.pages.dev | udp |
| US | 8.8.8.8:53 | d3h83s39ga3y3t.cloudfront.net | udp |
| FR | 52.222.161.59:443 | d3h83s39ga3y3t.cloudfront.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 59.161.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d20nekq25xo9kd.cloudfront.net | udp |
| FR | 18.164.55.198:443 | d20nekq25xo9kd.cloudfront.net | tcp |
| FR | 18.164.55.198:443 | d20nekq25xo9kd.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 198.55.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d266key948fg17.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| NL | 172.217.168.234:443 | ajax.googleapis.com | tcp |
| US | 18.239.102.111:443 | d266key948fg17.cloudfront.net | tcp |
| US | 18.239.102.111:443 | d266key948fg17.cloudfront.net | tcp |
| US | 18.239.102.111:443 | d266key948fg17.cloudfront.net | tcp |
| US | 18.239.102.111:443 | d266key948fg17.cloudfront.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.102.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.41:443 | th.bing.com | tcp |
| NL | 88.221.24.51:443 | th.bing.com | tcp |
| NL | 88.221.24.51:443 | th.bing.com | tcp |
| NL | 88.221.24.41:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 72.21.81.200:443 | az416426.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | c1.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| IE | 68.219.88.97:443 | c1.microsoft.com | tcp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | help.bing.microsoft.com | udp |
| US | 20.118.40.9:443 | help.bing.microsoft.com | tcp |
| US | 8.8.8.8:53 | 45.147.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| NL | 104.85.1.163:443 | www.microsoft.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 9.40.118.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| NL | 104.85.0.112:443 | support.microsoft.com | tcp |
| NL | 104.85.0.112:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | 112.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.67:443 | mem.gfx.ms | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 152.199.4.33:443 | ajax.aspnetcdn.com | tcp |
| NL | 104.85.1.163:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.4.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.121.18.2.in-addr.arpa | udp |
| US | 13.107.246.67:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 13.107.246.67:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.67:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 13.107.246.67:443 | acctcdn.msauth.net | tcp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 97.19.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.211.229.192.in-addr.arpa | udp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.7:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | cheatlab.app | udp |
| US | 172.67.173.132:443 | cheatlab.app | tcp |
| US | 172.67.173.132:443 | cheatlab.app | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 132.173.67.172.in-addr.arpa | udp |
| GB | 216.58.208.106:445 | fonts.googleapis.com | tcp |
| GB | 216.58.208.106:139 | fonts.googleapis.com | tcp |
| US | 172.67.173.132:443 | cheatlab.app | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 1.240.123.52.in-addr.arpa | udp |
| NL | 88.221.24.51:443 | www.bing.com | tcp |
| NL | 88.221.24.51:443 | www.bing.com | tcp |
| NL | 88.221.24.51:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.48:443 | th.bing.com | tcp |
| NL | 88.221.24.66:443 | th.bing.com | tcp |
| NL | 88.221.24.66:443 | th.bing.com | tcp |
| NL | 88.221.24.48:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 66.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c1.microsoft.com | udp |
| IE | 68.219.88.97:443 | c1.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| NL | 88.221.24.66:443 | th.bing.com | udp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.112.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| NL | 88.221.24.18:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 88.221.24.18:443 | r.bing.com | udp |
| NL | 88.221.24.66:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 18.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 140.82.112.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.python.org | udp |
| NL | 151.101.36.223:443 | www.python.org | tcp |
| NL | 151.101.36.223:443 | www.python.org | tcp |
| US | 8.8.8.8:53 | 223.36.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| NL | 88.221.24.41:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.114.82.140.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4aab618ef3d86f2fbf808c4ac50ab083 |
| SHA1 | 3f794d5499a16d7048809b46589984a065164ed0 |
| SHA256 | 4971c4c535809b9ffe1b1d9b22e7d9ade38d51a4406def14c54708a87c2e4dc2 |
| SHA512 | 21adbdb317cb85cbcb370003a09fa6f75fd8ba65b4453d33f6f3abd6449c9c0ce97a9480fd5c058885a264364b2c00e7979a7bd285b76b296c56f85e207babeb |
\??\pipe\LOCAL\crashpad_2020_WHOODOCLILPAVBVI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bcf37ffb39fc0935acd30dce53363063 |
| SHA1 | 1390b3e9e40daacc10def9f8ad62b49bb0307762 |
| SHA256 | f872406fab131ffdcc6de4520e7e8f2e58361d1f48fef0bd127fdd9a78048bb8 |
| SHA512 | 5c937bb7517eb94060b0487672676529508c545f75898b10922b43f1129ee9e9d4ec64db30ea96503d893d56d36c6f99b38259b2a5a6a27a8e7195f8430a6195 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bfff7beffdcf147adc2f7995395b9de0 |
| SHA1 | f168913b18e044316222241ccf1fb3366ae6ac70 |
| SHA256 | dafcf46d5ded1efaa92d60d8fb954a9184bb2eb82d77ff7f26596cabba45ab33 |
| SHA512 | 4cf3dbbbefe10323c90ad3e1b28f6fafac3e14f76b864cff2fceb243fdf3f91ed68e82999e495d17dff93eb5d3956d8826040bb04e4764d0a68ab41734793c6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 586fc1e58f7a3ce1373f4a1e68542c53 |
| SHA1 | a6c778a8ca748ed847a3ae24f5c48bd326d3098f |
| SHA256 | 2058812f44acec334a4f0157743af2cc3ceb96896a075c58351c125affd2d46e |
| SHA512 | dc6ecfd06a472baf3880f668413804e7b31d9efb99655ae05f5d3c5f4bd7ac08f6580b2da0aa42a3b230d334d809d316f428411dfc8b75af8c5a7f5f7b0cd4c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7caf65193db27a3b881dfb25b62ce529 |
| SHA1 | 304e35e18f36b79acae60f4a426f0ab861a651b5 |
| SHA256 | eaa4cdd8c166fc998235daec7bdc3fc2a9ef1e2207be2f4eabb8fbb564ead890 |
| SHA512 | 96231ea6ea8f879e0d2f48fd7bca3480ef78df283d135a1f631faf701215c4d9477b1a8eb59a24b8f08d060b71e250e04deaf49ea08758993b77199a6bc5cd69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc155e5b2198522d222553d7bbc1a483 |
| SHA1 | 8979c04e9b3e8e596b3ae258786faeb7168bf0f0 |
| SHA256 | 8bd2bcb24ee1e80482a2ea0bf6aab0fb78b28a7802a82b4f1ffda3055823c847 |
| SHA512 | f9134765c711fcc691acae3df4027a47a28866d0172dcdfa329eaa1b3783057ac9f52c0b5f4560e4b2dbc7841b23614a720e5d8134e1c4c8bb4d47a9e6b391f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58467a.TMP
| MD5 | 733d7aca05c645841b66b36bc56f3b1d |
| SHA1 | 3da8cf74b0cbb99d6a6bcdb8aeed3672d5280835 |
| SHA256 | 9ffc94d1f1c8eb4c3638ab3be04c37176551668d83b68fe521832875e943b4cb |
| SHA512 | c8eb75fd2a25b821c9feb7e2e1c2caf3a71bbb4516edf9e81fbbaacd8f26a3686a572ddc28e9f4db3da929d0b8863855cd974801c6eb360d2815ac490d7da095 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d40576c223534c3cfd20e6510040dea |
| SHA1 | 6ef23341646c2369f2e4b6bcfe65497a139a4b7a |
| SHA256 | 0ac24330c3fb5df7a0daa258760b06c9423de71301eb5a0105c63ec24d2192ef |
| SHA512 | 94793fd136bc8a036a1e3b387185dc483510d5a53a09eb993f8a28f967358616d16a714530109f333dd4ecbd4c5bc79439cb2026cdfa2f184f12216bb471a2d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf3da7f06cb5d9f974b6a282b01d31bf |
| SHA1 | 817125cea8d7405606c6430904068490867b447c |
| SHA256 | 33f214652caa236d5fe316612b3abcf02efa1e97b907c36f7d64a1ac441ae628 |
| SHA512 | ebae8b49b7b97571f01446446673a672b57a8ab582e3d40f42326ad9a5dc606a88df1a260d197673c33ac84d4c5fd99279061b7d3e6a0303cc304612d7d4b3f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c34f5d3d32e13bd70db36821538be617 |
| SHA1 | aebe5cce68adb532290366af3edad890ed236096 |
| SHA256 | deed9933b5882b7a815c32fc2d4232d0ee31cd2d8ffac8f07daae89c61911530 |
| SHA512 | 8add0170cad511fbbf1cf4f8e9183886bb432a38bfe48c7adf9680ce2a2e943c354a0a569df5d77131e4cc21c9e029d26dc6529b535f55a9612c609e3a9d86e7 |
C:\Users\Admin\Downloads\RobuxGen.zip
| MD5 | ffbe8fe460a26e8a3d2123d9531b093d |
| SHA1 | df7ccf2568cd690722cd6857b9824f7b76db5bb4 |
| SHA256 | b879722256aafed97ed6d3f108d4d4954dd18fc4beb5bd7a054efecaefbae44e |
| SHA512 | b70fc03a7d594f2e7a0e7ec0efca183133c03d6df307c4abf4d71d5446e25cff992fdf250f145a784d60c002fd0b8af22e0cfc659d59dea23438c1a90f73cf16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3497bb2620644058c3c920019eccd12 |
| SHA1 | 7c975417d01b5756f51020fe39a4a96d5f809dea |
| SHA256 | 31e8fba9842940340899f52b893a622e0fc7753ed73be7662619081d8e7664c4 |
| SHA512 | 74a741731ba028f92df55fc2912286760b034b9ee2faceb4431afa2ce4c4261054a227f39eb3d2a848a8e4e16ae586836644daa78ee776a8f639f890d7aeb156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b03919611a2b0968782708648da89714 |
| SHA1 | 778d1a9a34b8ffb425042ae02f56b0d823b52a60 |
| SHA256 | 6342bb9381be31a816a9d361fdcafcdcd409a7fe61cc0ade603b1ff73096da7a |
| SHA512 | 8a8fff42db26ebdf280c74b269952e26cff9f64ccb0c8edf2c1f97285feb1369753f122f5332b73e9eb9f0b5c78f4b964f16d6d6605c8738886229c009362f5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea838a292f3ad6fc2c16333ec1a394c4 |
| SHA1 | 083e336bfe3a88e7ec5ec5d074f2a594f398667a |
| SHA256 | a3d017855c19682c3bf4b098b962deea545f2c693653429b3b792eb8ef4ad396 |
| SHA512 | 996e7109df36b82f18f22863203d1ded95f74d614630af0f8177af1272491fc22bc8677c75b6aa0060c7f4c4dec822f4c586a62c6c2dad12b9dfced7e0bb28f0 |
memory/3960-426-0x00000000002C0000-0x00000000002E6000-memory.dmp
memory/3960-427-0x00007FFFFF470000-0x00007FFFFFF31000-memory.dmp
memory/3960-428-0x0000000002450000-0x0000000002460000-memory.dmp
memory/3960-436-0x00007FFFFF470000-0x00007FFFFFF31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2d6a43eb392e6091c9da5a0e967b7240 |
| SHA1 | 4c73fc5b15836c95a3e78c0c061ddbdc7eb5db31 |
| SHA256 | bcd9fc71112e574a7b8ceeb0aede71f494bf855b74b15a84f8130a1a83726d93 |
| SHA512 | 6d0a43c000cefb2e9903ffc54f46f4a4dad24c6c112e6739f2dd2d2bcb843e6976f87dbafa23c5ea6febe9296036e54f7f9b4269352adb8cef97de0169ff2168 |
memory/5724-466-0x00007FFFFF520000-0x00007FFFFFFE1000-memory.dmp
memory/5724-467-0x00007FFFFF520000-0x00007FFFFFFE1000-memory.dmp
memory/5724-468-0x0000000002B70000-0x0000000002B80000-memory.dmp
memory/5724-474-0x00007FFFFF520000-0x00007FFFFFFE1000-memory.dmp
memory/456-477-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-478-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-479-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-483-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-484-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-485-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-487-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-486-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-488-0x00000277C8440000-0x00000277C8441000-memory.dmp
memory/456-489-0x00000277C8440000-0x00000277C8441000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | ee46b7b691bb9483e2713c0a244f408c |
| SHA1 | 24feea16788a3142545bb8cddb6217ae3bd5ac63 |
| SHA256 | bc7c1f2386a6b4187bf8eb4e7077b971c202d4401754818fc2241416ed00c9d4 |
| SHA512 | 7d3508f36fadf5f7d9ad689c2150ac6a8265eff0518a444e9076d7761e573051663047fc4128b0b298f952f054d8509f278a7467a4036328b66aeaa73e6a8ecc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | d8588a7d7bb0b66fb439edf73ee37563 |
| SHA1 | a2398d543e3fbeb197e2128654bb5a1afd599585 |
| SHA256 | 2210c60cbfec62e2bebd2c77783511100072459b3d0cc296216eab8e72d8af35 |
| SHA512 | 7c87e7b4ec1d643ce2672ef9badefad6832c6fcc4053cedad2d34c52004aed4e0a589e2f839ace7bcdb0f409fff836ca7ce20dc882d9982568176d4b1c830bb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 79673f8e0c99002a22e8709a0cf821e5 |
| SHA1 | e8f957bc8a97ec2f61ca0d555211e3963c6edd53 |
| SHA256 | 9fa810664bfdf27cc9087b293533082fec88ad93364ef3a01de1e262987bbae0 |
| SHA512 | d95a31ff43a79a92e8cf3ad768a8062d8e7685f755e7d53507b847b482cbfd66872fe54142ee6583864641977518e5318658207bb4f6f0d6418819175ff896af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 042ad9172ba0695ff87f4012529ee17b |
| SHA1 | 15c32e38be04e224e49cab915e773679f1ab0328 |
| SHA256 | 3d4c0de1c98a116c766125e14d91b51620c17bacfbcc529b7284393114fec576 |
| SHA512 | 891cc54064c05205b41ae2670ec8ac6e21d18cf0ba76caf8cec5afc8b019d4ba8dc0de5fd519d7b64c9eec091c70e8589d58c69cad8bc9dfc0ec0a203cd3cd8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09263aa3446347c008b9a289f88d1616 |
| SHA1 | 34d08a964952d2d22527c84c7a02780d8313d5d3 |
| SHA256 | ff6198c18a251c7d2254471aa76c5eafb4446e303c41959aa50a55eb3fd2221d |
| SHA512 | c4025a96be0f80af478ce4be33f8de0f5712a1aaab3ac28eb2b696a38e07107cd53cfc2cac6abfdf9ede8c840f955bad21680cd903f4a29fda6a5ebfa9e858ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3004f1ad7ce91f236b1494d4bd2c82c |
| SHA1 | 27522993a03cb8b5ee4e4c96b6d0e6e089fd14b5 |
| SHA256 | d95ae91e22290fa303b6fbd0d54fbc6bd1fe8d8e8498dd2b7c681a86b5bb3eb0 |
| SHA512 | bbb4776c6d3b8fe5013e1743707bc9e99f91fbb145876731e9432e761710a8cd849d78d570357c4b433dff4978e5493100cd2614662f7f7c5be1163cadec2745 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | abca80730c6f47066107aa38d0ba68ee |
| SHA1 | 503f456597a790873ebf9999c09b916b8cca1c98 |
| SHA256 | 6a3313a4940993e4cbf6b417c78cd18c44c0d06e807e7403e1d20b26e4bc212c |
| SHA512 | d12e66ebf7bb819d506dcb8b04e99684ca9a7d256b18503530ef9debda90541d7162c1ed3ed67135c5afc09517171943414cec4100228a8af23336311de00c57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed7eb31db89502a593da5ffe7a878319 |
| SHA1 | 3ae2d5d48331077438823fc54891635a84e1e5c0 |
| SHA256 | 8d3df8a8a656e85f20cef3da648f9f4bb2f605f9ddbb4a11b3880fba2d9684f8 |
| SHA512 | f921a70cfa7ca4363df47c7dfd2f81df38768c3e4704e11ded0519b131b2ef5f1ee16a72747536dfaad038118b43e2cbfc37ba5af0428d803e3f050d61c99a5a |
C:\Users\Admin\Downloads\Unconfirmed 193813.crdownload
| MD5 | 6d844c1c50dab0fba67aa1011e9406a3 |
| SHA1 | 90af03d9e6f5b15cdded3373149be17d6da81cbe |
| SHA256 | acc163a07a3147cb8073b31c7f9cd30cbd80393509db163eb51d54812365e3e8 |
| SHA512 | 91932768a3c15f02ae2f9841cf63299a432dd9cdfbf79c040ee8ae48318dfd51557a82c0ae64d36ec8c195a8cd300e82cb96a40eb6aa005da199ec19ffc33030 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 92e27ae6380c546c35a6d507feae5945 |
| SHA1 | 4af413ce6ec6bf36b79672926beadd20ee67692d |
| SHA256 | ccc9cd87d4ab794b1305e6e4c0adbfa65c143c59ad739dcac6e8d5f66f79cd86 |
| SHA512 | aca4bb3d982ff266c4588f8874c14a7362575ad9ab1f67ce69d310a409fff0823d98b6d15000b52be07e91c1811bb1b1cdf845e96efc3265f371fa0e64a8d26a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d598a95b8867f2c42d9233d5b858953 |
| SHA1 | 4a3fd8977cf33b51ffb8e13ec99b4af603d25784 |
| SHA256 | 6d63e1af7184842a10e6aab23e8aaaf76cdf70f86f629b8d0b88320110c294ed |
| SHA512 | 6cb59298651a75482910aec6a18e1c97786c369fc010b04c98d6360d26334422954bb7133c46c3e13bbd1f31dce37f26cdaba552555ff33f63857aa7be38e715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57d113b4e535d364912ce86906506282 |
| SHA1 | 563bb05453e5339ad7e52b21096d8c060916b64d |
| SHA256 | 6d25350f67b5c752b53f3463d23d7585ba53be79f381ca2b4a8d8ffde7b5586e |
| SHA512 | 53dda1a37a1fb2e3adbbadfa133a94eaff27eae9e90d9069e12319919bf041566f8f58e42192c6bb66fa6c4870a95a9bf8e7f76f99cb1cb00498bfac3f0817d3 |
C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs
| MD5 | 6d844c1c50dab0fba67aa1011e9406a3 |
| SHA1 | 90af03d9e6f5b15cdded3373149be17d6da81cbe |
| SHA256 | acc163a07a3147cb8073b31c7f9cd30cbd80393509db163eb51d54812365e3e8 |
| SHA512 | 91932768a3c15f02ae2f9841cf63299a432dd9cdfbf79c040ee8ae48318dfd51557a82c0ae64d36ec8c195a8cd300e82cb96a40eb6aa005da199ec19ffc33030 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 574aaf9a8f37a3136f85a81e5db0d782 |
| SHA1 | bda311d539c1ecedb9d8fbcf5a5fe4013ddd108d |
| SHA256 | 191790fa1d992b561a6bae58ec0b3ab3f29376a7ed16d3e4cb99e78b2f79f9fb |
| SHA512 | ebe8170452f3707fe7ab1df5e7a5b9a46a979ccd0096b0e105bde141119cf6a02d044a8c0452bc7df007ba499d381c6841f23422ca206251a86043f3a25f1834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab90515402893e22a0aa7b95487c0a28 |
| SHA1 | bb3ec0f5f322439eae646aaae731191405468942 |
| SHA256 | a58e34fd5abf27082fc31e2814ee0507ce6ca88d2897af34da476d4aa13f1ad3 |
| SHA512 | 0784507e453b07f0b262e4ac452a96d3ab2b81c5a0a2bfcdb92ec658268464dd05f03c5093cd45bd9da5bae7711e3b3dc80e8b505d57dbbeab56bfa1fec8d079 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5264cb9283e52b413b6e63c6e96142e2 |
| SHA1 | a6eab287f5d98d4ab0410e937f965d3825a16af5 |
| SHA256 | 895bad723dea006d0753835de4beea6c83fd4757445c221613d251cd66007314 |
| SHA512 | 088bb9c0cf821079bac1379bcfbaeba66e8f55adea793d733e079eb4c52a5db7f38d02cd367a2c6638d738c6ec139ff28d8c25dc1846909640d7b7b2e096dc31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4386afb2bcc3e46020a4e7c9d76abfed |
| SHA1 | 1ced19a68be967c9bfa3a43c9f862183597acc3b |
| SHA256 | 73058da9913a94b797ef66b731708ac07f1933439d591a0e7d72b941cd2ba35a |
| SHA512 | 919e7919fa76756bd15f0fb49a5a4dcffd485e8cd303b4ddf02cf871d61142acd381a2837ea642b9e82fd324bbc30f2ecc0e4c137cb0b831b598a10737c39f97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7af65ccb944cc1b5317f1f0ced64c314 |
| SHA1 | 640cfab599a9fd28ce35cca1e8d50cf8fc86de87 |
| SHA256 | ab810a900a7953cec7c17bf14d2efa115865a5f43ff92271e09a9b72353d7c67 |
| SHA512 | e6da3752f1603355168f36a6962472b30492c3d1d28a6b4d32b69ca9322f5cbe00621771401fe534341d0fed98924fb3078f19692bf2059a6dde0b7a6cf3c036 |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 37746e51af870d294f2ea302b50aadf2 |
| SHA1 | 40bf0907be6a4dae8e580cefa98669baa3825884 |
| SHA256 | 859cdf5755ce52af4f3820132fefd5bb4daad3021888ced0760aded78bcc1155 |
| SHA512 | 4e442c13fdfca589ffeff207c832f7a2f095b7e3af480260c4ebe42e9a97cde32d0da353ad44d66aebff3a1af55313726fdb1920619917deae617c06908ebc1d |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsqB2C3.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsqB2C3.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsbB302.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsbB302.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\Downloads\buxify.exe
| MD5 | 56b147a542a03d2b4112ac4f7ee12112 |
| SHA1 | 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c |
| SHA256 | 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed |
| SHA512 | 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e98ced93071795eeef4ec960b05ee4b |
| SHA1 | 5f4a9040dc27390161019f4b6f8aae9352e16ac5 |
| SHA256 | 8ad6e7efbedaa7862e3cb85ab1318f94ddb9570e7a007e72b4709616a3453e23 |
| SHA512 | f7cbde677bc6c17e22b69e09efb50dbb4db7b69957db74137016de838676d438764cb6cc66ce1fdb0266bfa11084566a4456d86e42c3eab3f94802b492d40785 |
C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe
| MD5 | 9d3c0be9a45c45e142e212b001963871 |
| SHA1 | 3f8829470669028c8e05e11ca747d828d9b616c1 |
| SHA256 | 12a4049d1f9e20c6fc1bb11821c44f95107784b13b0dc0653009c512140dd88f |
| SHA512 | 4b998894262c3ca5466718feaf6794d8baf15a28d19ae3013276ede1ffc184a1efb38340128e9f00e2c808c258461271909112422b972a62af97cbc0e4f05982 |
C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
memory/5528-1624-0x00007FF821390000-0x00007FF821391000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\buxifyapp\config.json
| MD5 | d04cd3faaa3c10bb92f5d95116944372 |
| SHA1 | 27167c22c85a323d5f323c57dd1c47663aa14a1d |
| SHA256 | c528eac3bdfba5a15496d48f7a5033034ecfcd18503325237e75b635c4355894 |
| SHA512 | 3e7ef2078e2bde6b503d37077965aac936eff82ea0bd4ab604707eb8f582b8923aeefd29eeb1161a11b7f9311552ad1a0177f08e27fe4f65db15d03fb9316bb5 |
memory/5528-1688-0x0000020A1AEC0000-0x0000020A1AEF0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Buxify\22d73478-5493-4a14-b145-7385227ee130.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\Buxify\Network Persistent State
| MD5 | 385c7a8b7a5621b673b67e9a4b21e70b |
| SHA1 | 3b94c5651c48411d027fed902fbebdb52fa87b1e |
| SHA256 | 39157d88e5ef5cd53fe7bea624149adee01fa3f4f4732171a056b16ba20400ed |
| SHA512 | f9b421334535bc8c8dcae8e27d023c3309b63b13551cf286c7ce7c484d9ca981b656ba4ec80452d77a60799166270df7366d17410049ba02f278e5e93d03a503 |
C:\Users\Admin\AppData\Roaming\Buxify\Network Persistent State~RFe5ceb42.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Buxify\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 8975a973899494033c27b93c593d9d4f |
| SHA1 | be89574a2dcdf8754c7d2c080e4aeb1c0eaf41a8 |
| SHA256 | b869cc4db64bd82dd5ce5d4804296f7b95e02e94bdb9f56814362b1a032fb2a2 |
| SHA512 | 5abf39307ba5be50214603c48af5f18473c8d3cc36e641609216c79227de9fd27ad8d5e86e044a2c72b0e2849e731ef4d04ef102b12385f72d3717d171e5888a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | f0d11cde238eb54a334858a3b0432a3f |
| SHA1 | 7c764fe6f00cab8058caeba38eb7482088a378f4 |
| SHA256 | 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96 |
| SHA512 | b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 8c40878b03ea1ec6600c6f58f80bf430 |
| SHA1 | 0b376ff9ae6e3d2373b7f87ec913320f58d18d78 |
| SHA256 | f4e198e26a54aadb5843d037641c73b54b4da943df8246055310abc75d6085d5 |
| SHA512 | ae92f49af5b7afaf5c9389f23a15635b52532d742be147c34d3a092a21e1c9f816488ecb221d39b5c957b67c66e370081d878fac65946d98ed35ff046f1fcf0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | b90bbef154a21a5967b29eecd2e04109 |
| SHA1 | 6d35b11f277ba398368a4a37655a8580186cfea5 |
| SHA256 | dd4a94de1eea796e9e19e63102282637086c529184330ba932c57dbfc4aea400 |
| SHA512 | 84b4eb86f5800390d46eb7d9506e1809f6d7550875a80177dae3bf57e5bc1c4ee90742ad7b3d3181830ec1d2d5a75ada81210568ee4032f02f429dc704a97ab6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 20b4214373f69aa87de9275e453f6b2d |
| SHA1 | 05d5a9980b96319015843eee1bd58c5e6673e0c2 |
| SHA256 | aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820 |
| SHA512 | c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | b3e399b1c11344ed79907ccd5f721be9 |
| SHA1 | 28933ba1392f17e5eb994e9f29aed2ecac0018e5 |
| SHA256 | be611e15aedcf8a20ef161ea69024afcd2b7fb51a7be1bc0a9fd970a6dbb8a99 |
| SHA512 | 68789ab1a9510b8fff81f130f43c07e62b3b05bb2ff7a9b699d177b679afb4b24606cae5feaa4cdc8cd78ec25c2fff45bb01048ac2918bf28d5892089bc78f26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | 00fc4cf3b691778c6bfed8be9da3b879 |
| SHA1 | 9b58a7f445904655bd9c4a864c25f55c60853a3c |
| SHA256 | 7f179acb44d81c660581e34cef91a8651639653a54bb28d44526f3c6f4546d46 |
| SHA512 | 7acfb45f8710615b116f9b64e1d92730de5cf78306fe71c0b5495743f1585b2140e934cb384f2a399264bcfa9a39d82bbdf95a1691ce44aa41165b5cd9db4fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5032f56efd7a9ee2f268795258a803ef |
| SHA1 | 4c61c877aa9545067b9ab18007bbc03a51b6509e |
| SHA256 | 804260d9812defc3a2201c1b4fbe383ae7c7dacf1f5f0da81c823a53fffc715e |
| SHA512 | e191830d6bc710f78f2b70fe2672a089b3c0785cc8efb5159f77d72dc29db7da056b88e4b26b074c27a88040efd1013b689677ebbaf535d411007133ff2341c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb23a38983a1b04311dce65f0a42ad77 |
| SHA1 | b3f495ad240be2da226755cd76bccecfe5dfc746 |
| SHA256 | 21037c8851b0cb87f4902cfa34bde8bacd0b5b3c06a6e0545fc82608cfeb862a |
| SHA512 | 8a6d2f5c94409b22a16359c5bfd7f84105a567b6b721bb24d6e37037035c143f85cf5aa4b045be1658ac1011e2930c66ee47ae762bf76fba9b97525cbbcc75a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15398c03f2621dc88a72c10ef45a4548 |
| SHA1 | deae3bf2424e382f7ec00c6a6045bf1d376fa285 |
| SHA256 | 5d595221a5b43403273df8207ee43747cb1fccdcf869422efa3790b0f5239847 |
| SHA512 | e4bf7f58ee1aab4032dae153befaf5e6086df21338bc2c4455d099d6d5b6477951b60fc9ec0e735b24aae47f43a4e94a6ca181319fd7fd99f53b55befa96d6be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4818c7b6bd6e7aeaa8c80902ddde3abe |
| SHA1 | 68fd199f6b2301cfaeb2660542a92e469b7f1bd7 |
| SHA256 | 75d9e79a988214dd3f02470d5a1f896fc9d94a1c2b04369b25969d3829d7d5af |
| SHA512 | 11286ece462993d693a9521ff873b4efd68825850904341689dab72188e1506922cca3aeadc24f54caee85df47ddb31b880e8c2e6ce8bf5cd2a7f763406bfeb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ebf273f60f156810fdc81312484cb85b |
| SHA1 | 6d3cc779543bce81e610efb6fa0601530ee341ca |
| SHA256 | bae7909a3fcdc06ffe24722608149fca6d4a4f10877996c58371059354cb8468 |
| SHA512 | 6a7fd9d1da2d471a1d6dc20460776179c00450f9ca3ebf68fcc638d70419478a17045514c73167b7d4686ca06d3e631ebf321f28b1f936487dc9e09228cef08a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 537aac1642854a4807aad4b22ef11638 |
| SHA1 | e83644189aca6c60f2dc72bac01cd9b4cf2c94e1 |
| SHA256 | c68254a195996a14da0f77639ed9a4b11b6ffdac0a1deca0f2383b90447c358e |
| SHA512 | cf270678800d0f07652967336ca3c9565bc673650f487cd433d763ea72013d261a8239c3e1e69d52d1410fd60db62319fd8feecc29260ed90bff85bc05ebbd71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb9be6f55b5e124faa547ff262b4e4a7 |
| SHA1 | 1e4e21dcdbadc7304aa562a2ef8c74f76fde619c |
| SHA256 | db16c7261c5cc9a8a86cff2acfd82c26c62f57aa855be97182770a849b650991 |
| SHA512 | 8df0a0250696d63485f21547d8ba7334b503fa276d50d1c3b7193fda55823ad7f466e9a66b607995e097e9fb1bb4a7b930e32f6ed62c87def67972386998ea48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a
| MD5 | 0afe526e91593672bba758ba7f871adc |
| SHA1 | 0d21dd2b22935b9f94edf4aaeead88a03db6e8d9 |
| SHA256 | 9eea6d55023b85804691af30b0e5add526eacfb005769f3d6b40d70dd33b24ac |
| SHA512 | d04967b65b7da6c119fc55ca82442afbad89ec762bb057149397ac76fb8900e9ac2eb553a589875c7f44d1c32891e182eceaf513997d0048cac1b1a6e6e06d59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ec22e8f797b836db114701140ab66358 |
| SHA1 | df49bb473099e46ae1f41401a60fe70a75123256 |
| SHA256 | 04781109268ff6a45ec46d587d5a8fe329f957c1e6b611c555a13acc3ef0fc32 |
| SHA512 | b48c0a2d79e5816289b19cee026f9b99279632f07e0aeb3467d1baa519bceb32b8db48a0229e7f8ef85d2d430c16da68de5c265ce4121a9302088e92dde3f972 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 4709c4f9967219e4f5f3daaf9721d51d |
| SHA1 | 10dc7726ebf51da76c9c0b973ec83e503cbe9f4f |
| SHA256 | 3354df802944fb4c9f54c707835e3f1db5aad1d59cda21556f3e82857ceaf9c4 |
| SHA512 | 268bd2ed5d23a6498b5b1b40bd1a80b8ffbb4f59a84ca10e03d6017659643bb0354f5fb2fc7414b0e48b83650e8a3653048d0b90622366490a6bbbea07bee5f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a
| MD5 | 290da880446319f357ede673218d69e0 |
| SHA1 | 635c93664f99e9e35fc5b92bb4120fbb6391d308 |
| SHA256 | 2912d2629316c97078c51767e4cad121cdecd2616794de1db36e3c3377c72ccf |
| SHA512 | fa07e459d797367bc9d3e55be6e9035e190427518f54b03021ba187f1e99301c3c5ca9efcc37c31e0ec81cc6920b51507f6bdb7fca22f5a3419073e4d442e338 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c
| MD5 | 0db13293cfdb507caafd2066f1eada49 |
| SHA1 | e031a29843d1a4e9dc30ea13a06b1044e6b6f37a |
| SHA256 | 4c171deee7af6f41c9d6781345e4fe0e66ee58947cd3493cb95a75ea372e9aba |
| SHA512 | 52f0f3768430af146ba545e65230230d8bce1e3776717bc34662ae5d94efdc4f9641cc980f4815399c9ffd267869bd3cc6e91a37cffd68987458e2ac63af5c18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
| MD5 | 211ce3ce8b4b67ef8cf316ab34945a49 |
| SHA1 | 26aefa04275e8d0ef8e1e856b4ddc53e5afc18a0 |
| SHA256 | c166008a7aae9c0aa03dbd124ce640f7fefd234b95b9bd95d9fadd2af4ac841e |
| SHA512 | b53270d69470c6c2430f465569a3543315175c2627d6cffb3db00af760eef682af755e1bfa4b1d5530b9eb493137895c3539ee120ad2e1a25be4ac20600f81f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58417987252fa4a823a4fe35cf7a8ad5 |
| SHA1 | 212b3b96bde86abc8f56b40a2363123bd7b42bfd |
| SHA256 | 084fd0058a41ac4ea6b9c1954456715cbd8a7fb1b3c60cf3cdb3aa82e3ce5ac0 |
| SHA512 | 592bb88c3b10d111095d6e150bc1f2f8dead664461a70a4f720656a809aa4247a1287476285125bdea899f82d56046d4334beb746955f783350a6309207843f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8421c0602ba9e680621ff930631c59c1 |
| SHA1 | ec22c7277230ff168f0674c8471e47cc352260a0 |
| SHA256 | d5f1ff593bcfa3dab6cf819c53fced024cfcae6f7bebf514020ed661a1024e97 |
| SHA512 | ec2adbd6c9143a4be09f4b2601031778fa42b631156137995513a02cd2e019625dd666f35a0fc27d3abc796bc4bb3ce5afe46319ed87313109bcbd333c790204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b4d8a0c0abfccc2acfd11644d8676ecd |
| SHA1 | 9b17183ce693f713ff8d02ca790a75e75ca7dc37 |
| SHA256 | a4782f05b1ceeb2ab87e38b9c2b24e69e17e2a75b01301e8f17612378bbd804c |
| SHA512 | 30e85e8074e0ba5737612c42521d32e49915d7ba4f34d3e6e8d80fc700bc6e39fed4dc231b048f8ef87ce15843b0c5f337b3be54241c8e46fbbbf6ae1ffc8362 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 60a201616e495c6ef9b86f8b4f4a078c |
| SHA1 | 7b7ae98572940f527d3f1e125f506618f1d21ac4 |
| SHA256 | 6141a2abd906724331e3e30df2f0c81456ae70313e3831efc1d725ea235e0508 |
| SHA512 | ec70cbc4bfcd2fea0cd4c6561d951d091200ffb39b3b3c807a0f53902e6172eaeb624c6b1e2b58861a077390e3f694a4b5c77a7455097d09c79c0d2a46176cd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90826679bc4f5bb723a2268f72b97863 |
| SHA1 | bc2c0c27693453f5bcc4f815b9d50989ac283ba6 |
| SHA256 | 4796f6c57bf39d82c143445a994665e0f58e400ad7a934dc7ddb16304e5e126c |
| SHA512 | 7db72eea962262bd60db58ec2b2b99fd6806b2a516affdd2935123513371deae1a08f801669b6c86c34d13de501ea6232c638c1d0cfbe35dccb7fc14a544a29f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65dd21f7184700857e0ea54ebabc50ae |
| SHA1 | a6143aab77eaf29095de1f088022125aa5562938 |
| SHA256 | e55c3b1fe8c965dea9426bb16ad408afd35569144dbb6d86843dc55f626a455c |
| SHA512 | c0d0ee9c4cdb6e276940c3e6f2e01ec0a3e53a9d97a5ec21aaf60d5c3e1fb8d700f8b283c52ee974ca1acb3f26aff5aef36e341961cf5827e13b183c4a4ab7e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e1834dc0cbfb257de58d8197cff517b |
| SHA1 | 482ebcf51a64392e749737d84371c2a1797b6ed9 |
| SHA256 | d498cc41d7131eed315f227b351a93b90dccc1106c73de125da8deed212d3288 |
| SHA512 | e72ea086ba4157c97aae847fa6980028f88e99e8a283acb24693c9fcd29e1348352e37b7523a4adaf766fcac1b0a50a67c68a0a62a1100aa78c708235f297805 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ba54dc47a8c9fb427b37a528b965393 |
| SHA1 | 3769eac5c6389e0cf6097a1969b0f0ce0c74b2ae |
| SHA256 | c23829e27337f2d759a8c8ed7e6ff55bf757b935204a64787de68602fc7c253e |
| SHA512 | 66a52524740db27abd7f062efaebc3b8016f3fc506be4bd1e01ae165332c5b905c59ade1b9ebccbb7418a7ac26e52505e3bd0bfc16c9fb9bfc195973bd7b47d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7abae9ebeffa495595747bc4d63c6297 |
| SHA1 | 58e69e87abb0536292e9c92a14fb46351bc7fa1b |
| SHA256 | 2e6de0c4f51156ab09144206064b5e9552087e73b1ff36d4a873c5302fc0080b |
| SHA512 | b56b868479791f04dbf4dbb88e30d9b734b27d31a7bd1e45873e89a31d0ed3fa1ca1c5c17f7b1272eed65853c2498ea824b4a8c81e5d138d0d0c0e3d61472893 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6a44faf773bac452aefd904ba2ac2ec1 |
| SHA1 | b0c594cf4dbd7dcc20c9de46c7509b6cb790e8e3 |
| SHA256 | 587934818fafc3417b9b6bbd6f59562799d420fdfa1b9909d696fa5fb739affa |
| SHA512 | c141736335ef192290ce97a21e4aab368844341eabb09c49961b4f38f1dd21285a96fcc97f97e06d249e5311af241910abe10ac9aabcff51a6ef476aaf15e877 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9c1c0db40c460327ba484179ded8f86 |
| SHA1 | 91b5d246f223e217f6ae65163408cac05c4510bd |
| SHA256 | aa0eff33125d4ce0f6a41e8eb43e2ef40efb64971d79e3e5bb9470f61a646fb0 |
| SHA512 | de0737272fd5cdc9bbe070bd5d9ae809a8629f6b184397f5a9be84a34119eb7d01513d404575ccdd48b465a462c196797622d599844eda6a0c53326a2a4795cc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 9f00ab18e2c0640ee86a59208b8a3a07 |
| SHA1 | 87fefbff76b5804377b3ca3167916a984dd5d038 |
| SHA256 | 45eb525f4f9ffe500e80fab3c2283a4feb36d5931475c3018b7d68062bb63262 |
| SHA512 | f94b8cef67e8119176b6fbc269394982cde4a6a6902f959a21bb351a1a351aa26511743130b79282c28a39b3eaf744faadc50e7c18c74db72a27c9f40f758edc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 41826acd89473e035708a8f1443f298d |
| SHA1 | 4a526b3e52e1f5d2712db558c95146cf297f1d1b |
| SHA256 | c6ad99195510260ef1e49080e48562aeef5960fe2934da2d7eb69c8a10c169f4 |
| SHA512 | 14252b56106dc9edf090f41fedac372286a46a35bfdfb01f440154368d57e52f0e0492d31cadb1abdba345c10f06876f6ac6394f273496bbb5f3ee91e4e4bbca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | f0b2209a63f446233372ba5d1bbceff2 |
| SHA1 | ad1f4f87cb04a5e0c85faa5787c03c7adc8d6278 |
| SHA256 | 9ecdc0f25d7862ba9ceae6b8ee227abb598d92f959163d342715bd322a87b624 |
| SHA512 | 6942d20fbc545997ae3eb78cdbabbd16ed87795d2eed8cc5d188f9df6f3f64ccf893df226f7e213b608d23b0f9df5578ce3ec4e1683c8894b4a777ef3f5d9850 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13338773711416479
| MD5 | 405edc6e85a0f6f5c934d8dce46e9c51 |
| SHA1 | 4288f7996d5c2c181c8366de47d373e4dc052e8e |
| SHA256 | 20ce938a2c088f1556b6f4486e35287c135df6ae3f444690fb59e49fa0152e71 |
| SHA512 | 666be72d0b8f4eafe6f75be6a9d6384925a4b476e082c013bb54765b9b6c6e506543fa6c6c26a1a7a136e2e63c9a3eb68217d639d859cfc14d12db86fc50cfea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e703f2cbe99dcf636fa9d75eff3ce893 |
| SHA1 | b98462d6aafd113a7657556f988845fcac2b466c |
| SHA256 | 5c2b9ece79783b322269b565c8394838076922b74ed9071ee9565cc97822ff67 |
| SHA512 | 432834e6a6ffc5ab3bb631a0a32ed38e22f88e66abae8b1b388f75f9e7dd0e14041d99c8446a4bf0c96d6af5b3e2bc8b48d56d856c5cd94ddbf9ece38a0339d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f45d44477935ffcecb1de75b08845a73 |
| SHA1 | 6e6d64f37986f65cc78d70f9d5ddcb628b3c8b75 |
| SHA256 | 135525dd382b88733e90863bcb31d14bc18c604e0f5adf1d5b4c6520a171796a |
| SHA512 | a79a6b340c03815ce610622c1abbcdb8682b6b0897cc3830eba62ab3dde341e178e4c73a26988cad34ff71142f2c17c626bd6f3f90a90a89d601b833d5e7976e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cde100a2abf236dd4166a311da918662 |
| SHA1 | c5f02c46c97a90fdb782b90f045da17fc3528806 |
| SHA256 | 48ab770e424f62bc6531bcf1545841942bb4204fcdfad024c4f30b032a79a46b |
| SHA512 | f83f5a11503ba8e32cff597368f2afad938aea3069dad23fce4fb406f22d1766af4410353e9b8b313fa39060868974cb506aeddf4140a5f24df1ffba71e2b55c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de9a51d7f62b8dbe09752a23008dec6b |
| SHA1 | f0c8746afcf31b80a8356a5dd742cf87e6e95dcd |
| SHA256 | 8b2a068e04678fbf674377b2ff1e40587f9c81c3a7eb31c755ab9e12d9aecffc |
| SHA512 | 74ed17a612319d94a89bbda206758f6d09c5ca3ec0ce09ef5d4236b23e5d87532ac59805038ced3f4aa08a5e8f9653ec04e5e4eca6f95e0cc4515073366557a1 |
C:\Users\Admin\Downloads\XModz.Menu.zip
| MD5 | 2b1127e88281f75a58ae927ecfa8261e |
| SHA1 | db5d75cccdaa94848198738dc9e80ea0d83acc46 |
| SHA256 | 79937efc724f7f57b8aece3c512e4a8993309e1f0d8b72221203e5de8e8725b7 |
| SHA512 | 4458b8306a71a89b3b890912ee15dce2e039e205a7ef65f1fd27d103823d07d07876acfc40a18eb3df88621017d1545b12e28b0b2b4ac67de0eaa7641fba38c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dce107641d9a0193d0cc4fc6bc698ced |
| SHA1 | 65ab4aebeac273c1ab7f48907b6b4a315a8eb219 |
| SHA256 | a6f9bf887ec840eff504b78f04dbe2e500ae9286fb9a2bfb06cdf1bb73feda1d |
| SHA512 | ef77a18c5301857b20445479b88ddf3004f6b06c8fe6df513f228c129e02bd8a4ea04fd0e793a971941edb08aede9ec7879e186676a177de9971a63f77d77628 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 379c542875e1224cc36712fae282b1c5 |
| SHA1 | 8e8e705ddb7aa2500cb2ab823eee510e91dadaf4 |
| SHA256 | 3af5b8d041a2a01f1ba55b48b923529d5680cf96d716f0723e53dbdc13a65f73 |
| SHA512 | ded514402d728eebeb6e307f3e1222297870855a0a018b8414272945a2230ce72ced817c482263ad1a0e9134eba31d055e993acd5a1373fac983ba1ae725d28f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 502189a4dd7bc6a6bb6f9c610d316f86 |
| SHA1 | 4b47784ce2eb63f195f0cf1849f88b2bc6aa7c89 |
| SHA256 | 79ed446b768ffcff1390d6f58cffb56784005a30243cf18e97d42beecffeeba2 |
| SHA512 | 6a9dbbf38b41f66bf06bfd3f0aa47b57f7ff3dfdb5a64f50afc1e42dbcb12ea81fd52ecf073b40cd2aaca614cf8266ee618f3ef4e5db9102bfebe545f8262f96 |
memory/2712-2810-0x0000000000E30000-0x0000000000E31000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
| MD5 | 1fbf2fdd728f165ec276f054c9af44c0 |
| SHA1 | 48c9bfe6e9e8c7d81e755f22c0365d02319c1428 |
| SHA256 | 26adb5392d8b83331f76344fda933c672e7951dcd2b960746e6f004b57d42b45 |
| SHA512 | a325c97d27b33c853046ee8cbdc639bbe2b16b4e1cf9a79ebbae06ccffc8a84bfc88b8c3d38f78c5841b892d001a69158818898197fb6a8ff0eaea3679ed8bcb |
memory/2712-2997-0x00000000002A0000-0x0000000000581000-memory.dmp
memory/2712-2998-0x0000000000E30000-0x0000000000E31000-memory.dmp
memory/2712-3023-0x00000000002A0000-0x0000000000581000-memory.dmp
memory/6064-3026-0x00007FF821390000-0x00007FF821391000-memory.dmp
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/4984-3092-0x00007FF821600000-0x00007FF821601000-memory.dmp
memory/4984-3093-0x00007FF821610000-0x00007FF821611000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 89c622ecfc35b53fc0e275b8fdced4b5 |
| SHA1 | a033146e0c8d5dca32d18f2a7588c59b99c8d3cf |
| SHA256 | 5874f5d74604e01ebff8e2c46098c4501aaa5580624789bc9ef4c5b26f9fdea5 |
| SHA512 | 56a1de2a7ae2cfe56bc577a82df67309f53ddb13695528b6a4b34f2396c0e5d4a8e8b4833448c9d42d71bde05dd864be1773a25fb3369ded404884a5dded5e6b |
memory/6064-3132-0x000002D444F00000-0x000002D444F30000-memory.dmp
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Code Cache\js\index-dir\the-real-index
| MD5 | 645bd54c2f1e39f372d12ca9243b8f92 |
| SHA1 | 949626ceba17e72482244880208515c562c3cb7c |
| SHA256 | 0e3a8f82171d2d3822c54a95edc69eeb10fb173abbdbaa06e63b8fae89867d6a |
| SHA512 | 2530e26dae6627d768c2ce263cebb2292e851488e483a74eff364c4e055603ded62de795755b413130a4b0406ee7c465f8f070ef218c2abb05392eb2b390cea0 |
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Code Cache\js\index-dir\the-real-index~RFe61bab4.TMP
| MD5 | 3b6819df7a5d9910add256db296bacf3 |
| SHA1 | 158fa5da2d4d43e348e959aa8c27a241b77f4ca0 |
| SHA256 | 049e99820e30e5c7596c353a4d28611fbe2502be04f794a06f0c472345684ae0 |
| SHA512 | 89c8480bb5c062fb7c24f4deb65dd07fe4bccee6b41bf9e3eee9955fc0b4473b8738da563ef6a631eb315a5a450fa0ccefda4397bb8f9efade35fbe650b3a7f8 |
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Network\Network Persistent State
| MD5 | ec11ac7fe5054b09234d67f49400f973 |
| SHA1 | b2957d07db5b3155a66a4f9af11b45909bf39f33 |
| SHA256 | 6efbea7ea08c6d080e6439f035181ec187c708b0d797f0b4399f6264eebac1ef |
| SHA512 | ff477afeb62d087bd93602df996c7002c5e469d6d8d68e5e0e8b045e5fe062ec81bf444698dea3363cb1387118f361f9a65e557201c1c4a57d9b99ea57f62f06 |
memory/4984-3187-0x00000221CAFE0000-0x00000221CB010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 873c4764c2a7befb6d4d78650fffa6cb |
| SHA1 | 3052199d1a09e6aa9a48667267a1a65e01925785 |
| SHA256 | c6396cfb3b709128efd82810adebff888f1af62d634f882abf05b09cde839b15 |
| SHA512 | 385d88634055001bcb3526b0878f2a9adbc02b77e60d0c72a3cc9d81c0c8e59aa7ec04f15e7d80e34ec416c876631288171c8924ea91482b12f7b8ddf37bb2fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 58d4ec17141f90f940c0c8cf1babf0c4 |
| SHA1 | 188d4da38593a7fbffa950c4d7017a40bca8e8f1 |
| SHA256 | 07a29e19ab31e312a9bbe223588b66408531bdca831a97fcf79fd30206010d4d |
| SHA512 | fffa1a79c33b2212974a50474a1798a20e0667befa77391f97124347bbefd4bb7785e747aa02482240cacff1a5305c4d92702c7467554a0f0e7660105e8b9a24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f5820a981b13d1d067720bc04092caa |
| SHA1 | a8d1bb89b7fc2b48d7f4b351c5650d18b84e7948 |
| SHA256 | 2ed7e5097ade8ee7abc4160e34360a3a170af047b62cc603dcce5eebec8360f3 |
| SHA512 | 6142dbaf4396f787afbe1ed9e64fcb5e68556e342d67025697bdfa8d537e14c24220cd1cf6fa2169c729428f85bd4bf56da19126272844e3d89f33718624beb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c950222bbfe1583282947f45a27e4169 |
| SHA1 | f565c9209a10908efd07631ed4f5730c588c86d0 |
| SHA256 | 52a9399a6f611770ad9e7bebe65dccde1b4f76a1e5f2f83039d756474a6265fa |
| SHA512 | a2dc0456518078b00e2909698c49f70a0d4f1a8a9b227b5650691f2a0da6103700c6546a28f81ce0e28675348237c71533f08d1a711269303c179eab3c4f08c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 14de824a790ccacbf9ea3c6459be3155 |
| SHA1 | f70db6710c820f8381330b6f2284248417b19067 |
| SHA256 | 25e1c858eb9a203ac2a071bbb6e9f1c02b36a21d1db2c1b0f9063075996a0d39 |
| SHA512 | 8fccde2425c6c4539e39b23bcf3dc2e26a5bb76cc8e5ca940f5e345212bff841d885bdc26d6d13577f50c0e056bffcf2fa62261e6e5e48c456b2c29a1f46e311 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 94a7f25462056c70b9cdd03dc73148d6 |
| SHA1 | d25b6fa62bd3d7aec1da8f5d69e5ffd954540149 |
| SHA256 | 8f2612b508e7d1cf9bc92ca5699bfaae2e15e4a3f9448355bcd22222a0c36386 |
| SHA512 | 449cacc8206d09373f2099f9247bb4d04422980c4b909652c94cb0d72a78cd1e09a63aa06e46230c409585fe0f2dd4698e2bab6a02880ebf6548b972607000dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93853efcef6972acf6e9eeb0d6e3ea84 |
| SHA1 | c8e8603f880cc84c042ee46770271a5a90f4dbea |
| SHA256 | 75d671ff7fbbbab38b538526ed7c825b4f7083b6e560336a602e5b01a32eb7a2 |
| SHA512 | 7eeaa3966fb16a460135fb70977431e5f03c8d940ea295c86bf933374294f9b550171ee0730f9700c1552a5df24f88571a535f901e8fc3ae4a31fde56ebcf840 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 48f4ce66af9bd6c1de79f4529401161b |
| SHA1 | d38110fe6f74f9ef8e916171f24880cd363977c6 |
| SHA256 | 4307affcdc3e619f532246fb92070490a8ee4c784b3dbfaa53b437ebd34abd78 |
| SHA512 | 9d5123c0b871a047637f1d60e5d83ce3e05ea515cd4be4030e3d707bf5d57411e57378b3994175191e78ed99a371ae9c07dc04a89ede099037095a47312b4b4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9043e6e0626de51292ac5bcefa2132ea |
| SHA1 | e3a4d85ead25a9cf20bc3df6809d3b678115c290 |
| SHA256 | 5329cb96b501d7e2fc1e3b7ab7689df83b07dd192cae6bf6bebd900d24792e4d |
| SHA512 | 90f7b21e9f25e8743d774391277f2a56fa959e101c279db51847ee09c09545a50ee006e8a234fcd4fc5427ad4c32fba0537bc01e86a4fe446a4187b4f7242028 |
C:\Users\Admin\Downloads\86da1240-0019-485d-b794-bf9ee11771f2.tmp
| MD5 | 1ce9b61c455d234cfb84eedbde3ea184 |
| SHA1 | eba69e786eccf5c00b1efd7f948b4f841ccb61e2 |
| SHA256 | ffac03c052d4778415c90ea0135cb636b80167610ac85b2fb9292efaab1e01ac |
| SHA512 | ab56e5d4976555db4e7c85b07c567087d9a916049c096a30024d9b99831978cb856ce21dad55402fac38a1a7a5f8d17a047163aa01217c10dbc12b5e2cf8535a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5aa828749d52e769a9d4793f5017f398 |
| SHA1 | d43dc347894a60489b0d786825ab436e9b425de6 |
| SHA256 | f21de4caa4fdd948da6efb7206115db822fd133ee58eda950eb241adddc9d60f |
| SHA512 | 94ae21d9c954d630dcfc3db132e6548de22a2d378278262783bcf458ad42f32a9ee070b6ecfcd9ca7ad48fcdbfa99e692d4421006e5d3ef6fb6aed317989b866 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31c17227f98f5804ffca79da48ea1afb |
| SHA1 | c04b9c4abb47dca1ba7c682d3cf396fe5a297dbd |
| SHA256 | 4bcd8f45a9bf558b8fe40cf9030a9fc3615514f2a1536705bb76d9fd91e0e167 |
| SHA512 | 24009d0d9ce705d8ade256ac7326fc6e3159edf1c59e5fd5eace09090c56925a2727bde76693fa3ff30c26b2086bffdcb09fa4f53f10094f643e154cdbd00b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 14b2ba82ecccc4d96cbc734b02a4e045 |
| SHA1 | 5d14fbbe9a0f1c9e52095ab5f3cc0f93625b0ec4 |
| SHA256 | d211d588e4ffa7e904811882cf1adb03ad265687a936d3da29bdbe18b314b6af |
| SHA512 | dad1fa8be126445163a41c559eddf4b982dcb8c3a4079daa0a1529569a2d406dacf46745e53e40595822e0f4301cf74d9f9cd156b9527dcf34977c69a8183da9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9441125ed37a39b89ae2107a543ac722 |
| SHA1 | bce50ad31a2e66252e6f20495596d172a2571928 |
| SHA256 | 655f3458ccfe95c51c740d25e0a1cfa6a095f529f80d3096b9e18bb57302c988 |
| SHA512 | d21d70f1086ac0c097bad8bc8392426ee0e6a0c4e2ed98cc1aece972ba93bb0bc02516e4a20de6b43a3788554ab050f7ac17fef1aa2aec701b201027b630e1e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 82ebaccfaad136d65261404efb89ec70 |
| SHA1 | e0cbde23d6846d6bc09374a60ddf1a1ebc0c491f |
| SHA256 | a2f4a6513270fc3f4c30665fbaa536e7d58aee362800a8032c27fb62acb0abd7 |
| SHA512 | 81e9eb54500608ffc243d468d9328869ae723235b2eca64bccd3c841c29598223d0284b9154087544af528d5648a8956d4dfe1d4065c8def839a7c50e0870367 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5a92b225f923420fdcb7af6542855d6 |
| SHA1 | 87e7c145b01ed70d9cfaf9788b6232e02ff641d6 |
| SHA256 | 3b6b3eb75232cac950f3a4cd04e566502eb5e0c8ed1c65033db423a7f8b2a66a |
| SHA512 | 58e173cb180f9314659088d688d9a652c5fcd236cb78b9a110259cc9bd69530a9660aeb86e419b9f911f6473f6fa02e844dba6d6cd5dd93a11ac56edaf04691d |
C:\Users\Admin\Downloads\Unconfirmed 534839.crdownload
| MD5 | 0558ac0dd92c7158328a5ce84c00c890 |
| SHA1 | 37ae948115cbab3f4fe7798fac1b0c9b1dc37a9d |
| SHA256 | ea65507010632089666dffb42e40bbe2d61691e4f1b87a1e71e6b9056feceb8b |
| SHA512 | 735e371dfbcc7ddb4458f91ad08dcc3772643c5f7adf0501ece654b44131cb2dfca50fc3315eaf3b8bc32ac3a309f35453c8feb2c0c7b3e19975c6dfef74f03a |
memory/5584-3899-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3901-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3900-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3903-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3904-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3905-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3906-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3908-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
memory/5584-3907-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f738ba0c5c7ae233ade88a2ab4f35c4 |
| SHA1 | 705704447d0657647f78179a6e2dc7a7b28470ab |
| SHA256 | d7d56291e884f3b1ab7e6d5f869b93d89ab2ff96e8c2ca347f05d0fc0bc1ef03 |
| SHA512 | 36e026375cc7e6b8f146d1c1b1733f1af65537fe2c3b1d0f47a4da5e75b32d983d3f3ecf14d39526b0215d4c70d26ed3e3b19a29c484e9c4f3a9cfd798a8b018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9a763069fde4f43eb62de6c6a966317 |
| SHA1 | b51377ee85c11c842edc027490042056e4186115 |
| SHA256 | e26cb5dd4adcf18c41e87187814ef68693b3861119d9efe54716ff98859be9cf |
| SHA512 | 4af185980e0227e117c0107d4bd88656ea67bf694607da701166709d0f3dd20e7d58b0b8d573ee113c3464cf8d86b1f435d452db6785c68bf3cc6cd9015c017f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d55e864d905aa56e77f8bc07401ec5db |
| SHA1 | 462d2f94c7740f794742970101596c077c79ccb7 |
| SHA256 | b6555bab6b1fb4979f96877c7def1d0bfc4f49b326a64b5234ba6e7d0f8d3508 |
| SHA512 | cf922f8916d77e46aeac5ba803e8c12b5aec530d933d7301794fb3fac3f9629174f1fccb92c29afc9d57b5c6754dbb14ed90254501ed43faaf1ff17e4b2c1b9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 519f72d5b27803eae816344ac0e8f251 |
| SHA1 | 478273a496f8903e2e045763ccd927fa5341a67e |
| SHA256 | f068340f642b96984686dd40c0163b7f51229fe91bbc8a25f1698ad944f61ba8 |
| SHA512 | 96b2cd312c660147f2c853a16043e3355b896ce0ffc6ef5e73023b85542d48316348a29514921f770e0d517d4ca7f9ff3cf32475d4aa9043e853df06caeaf4cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa275f2d4f1e73288f9c823185bfeff9 |
| SHA1 | d63fe33b482abc825491361a01406b8665e717ef |
| SHA256 | a15852bda7571d063025a45b9f5f8dbe399ed7b410fce21c39458a73ecb0de26 |
| SHA512 | 142aa2954aab2d3f5704ce3050b96c3219724edf91f8a4706b07f68ba9c24f2ecb587b307e443abf5dee9e5c96e73a037ad09e70e8afc104e40e6b0d1b0b502b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0cd54750f900749f2603074fb98eb3c |
| SHA1 | 0dde4eac75ece82bae8104cc98be129234266e4b |
| SHA256 | dff794889b68554594cff8629389d7d285092f591c141e1c04ca05b53cc0ac44 |
| SHA512 | 1b9c3fddcd443878971a65d6ce86073d49e9acb70e4a89d3a394508d54ad1e8b1b537f29733f401e43d3347fa20f318f866467c58a4405ef873a4c3cfa53a750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 01b7d1e83cfa5c4c0156ee81d4f0ca37 |
| SHA1 | a61c8e16ceb31ce8fa8ac3cced756e5835a5913d |
| SHA256 | d2fc9f0bdbdca42d071943dae0eb3aea9d7ad4e0d1a4345dbfca2e06559d6994 |
| SHA512 | 0c8cc2f601e212dc7e7176c154098c3f9856e5ad15ccc1ca746878e6741229f86f19e873b22023234438bf8ee558dca96d61f089e2aa000916ab0f42ecbbe6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 352513f1d4c8f37357453f7046bb20f3 |
| SHA1 | ca40014339711cfeec178ea74b5dc07083c2b662 |
| SHA256 | ffa888d0b8efa1c4f5931a97bb3af7d4260290c11832a78c0fd2e171f997dec5 |
| SHA512 | ae22ca0849b5b7d7bfca3ffcd77f7bbfa73f78c5405f00b2a6017b3ca062dc04cc0f75e176af4576fbf995cf771cbf71b7ae9b28f5b5b6d6ddc0dc7811ccbcad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 86d10c2e3a589632af3fcaa3aa05aabf |
| SHA1 | 555cbff4f5778f4c9194d972a3f24b0e1f6d9704 |
| SHA256 | 477fbbeb8feb0dded9ba440177aec2a2c8b10e664bbcb0ffe06e72f605c630f7 |
| SHA512 | 8f40f0a22fcab8f281581ab9d289dae775cf6d873fa1a582638bdedfee2d2c04f6c1fcb9f2870df2a3421eaddab462b2d2582f912a9f0584a93fbbc29cb85dd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d85e304a6a8a044c68fde2c2e41dff01 |
| SHA1 | 42903b1a98219c82742bae40613ce16acf6cdf62 |
| SHA256 | e84d74924468d11bc6f6d6fb02f20dfdcbffcc340827b556c2226b2f27c8a67a |
| SHA512 | e891ff712277545748c7edc9fc48411f410c9d21e739bf375ffd76b92bae03962919c5cdae491bdd78d580ad46dae4e706e6418b89ae93e086f7e8553217fd1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9
| MD5 | 03b690f9597d934ce452d63e24ba89da |
| SHA1 | 4d27ec9879394a82b58826aa1be10cd531762e92 |
| SHA256 | 1658e31bee86090f4836e2bc3c9b99a3c9eeaaede5fc04f3eb224c700ad2a1f9 |
| SHA512 | 88d784bba822cb3e1a11a743691eae0f1865c796a65bfa354b2a6ae741183d02b71be22c8e5ca29c2014eacccfcf4380afced14fb6548962e740ecc4a3b2fecd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27d5749123a8826b906ef3054ee77f54 |
| SHA1 | 3695b5c8377afd41c56fc98f94cddf2e6ef31074 |
| SHA256 | 9a7071fd2453a532a646bb52626698455f9e4d452636713b1637eb1a0e591646 |
| SHA512 | daf3c3ed3de10d8f6d255be70ea668ddb89f26f04dc40138d1e745364b751f737696546782c2b3756cf96fc83ff28af85c350e8562a4cefd89de739efc20840b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9af98aa844479c18686e920d896ca0b0 |
| SHA1 | 1dcbd1b71c6aa2081952419b34346964228a7c45 |
| SHA256 | 2141a3b7f93509825ea9aaf9b648dee6b7f40ac8d3eb462bc83b02bffb05991d |
| SHA512 | b9fd218726e832c9205ab17add66648d9f416cc5cc1636c2e463450608552edca3a73c69fa84904f51792e95457110f72ad534022ed59d83819e729ec3c77b58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1d5630f8b15cbe1e519d030bf09abf16 |
| SHA1 | 525bb86313febdbdcaf5bb467d96f8e279fbdb82 |
| SHA256 | de4f51635d974cf24886025d4659b428be146244a7d49ff7b9226115c7f2b846 |
| SHA512 | b2ad894263dd750d2edfe016f9ef24fd9ec4cbe15e80e74639613f75cf1b6d2df90c830ed4c3d09f53b6be44c9c4752e7a01415e5b384008b3a46ab5a98e323c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d57686dc4c1f1b98ea1e61b2f758d2cd |
| SHA1 | 0da860d067be2f2f0514980194a0c94b147fd004 |
| SHA256 | d919baed560478b6c39a31c1949f0cfb6fe97481136a7ef6523c4f3b29986248 |
| SHA512 | 7d85b9e82619554150c96f82682b5061fb9294d324ec1116b27626bc7b7bcf8f0a1b71435496bfeacb362cafe8fac84c2eb536af326b5bcde257397e0d7ddfdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 54eb37a6c5fd08cb945d57a176b7a573 |
| SHA1 | 5bd383bf9e480ef53c6d190e0ffdef431be37919 |
| SHA256 | a16d5c9aecd3b653b33b406590a2f0770c08157e81925bd6880f96145187e66c |
| SHA512 | d6cfc0bf905ce17dca142f0d818f81f8605df41878f548a1f22ff091d65a4625ed228e1ec1eeaca297aa7af5deb7fc1fb0a2f63d87e594be50e38ce7b8cec0be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c10c95c23492af9740d9237f280ece6 |
| SHA1 | 3db80c20974a4a93931fb11e9ed742a3274708c6 |
| SHA256 | a96182b1324d54312b4c1e3643911dde37a6949f29a19c3bb372570e6b4eb01e |
| SHA512 | d3ee81b865026b38d2629ca98be640bdd20447767450e916a9791f455602f3ab476d88d1ed21234d1305cb40c20bbe1490f3ce66cc81545cecc820dc620f2e73 |
C:\Users\Admin\Downloads\Neptune-main.zip
| MD5 | fd68d7084d53a276f8afa9138983f4d7 |
| SHA1 | 6f093140fb290b534e42ff65a402a078c2eaa41f |
| SHA256 | ab9fe01fa2599af1915961f7af7baf96fdafceb643e5ada593c976ab8d68a2cc |
| SHA512 | 818c9415897646ce831e8c3ddd541c09a2fd771f547051e7b1c5dced1046a2f2e4948b78ea44675f21c1ee5d9df9e5bab046ac8cc47d1782869da4aed87b3a6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87df56f184b6e04aac067ea7f4d9b719 |
| SHA1 | 5bd91e3d1654db8c91ca93455a172010fb2ec717 |
| SHA256 | 292f269955172f2fe3dbf136cd138cc74c68021b01000ed9cf0679bf53027810 |
| SHA512 | 2eb16d500f429a3b28c9159132d1e5c4b264f0e122917ea2f70967f623282908aa21e1f20f067faa1088eec78ac37925729eaf0699dba2883ce4a70b1f96f9e9 |
C:\Users\Admin\Downloads\Unconfirmed 295540.crdownload
| MD5 | e4413bb7448cd13b437dffffba294ca0 |
| SHA1 | 59dcc42113cd01346f7498a07c1265a4428b8864 |
| SHA256 | 47be821c0f1825d90fc40f83a3ee3d3a691a3e16c8e21ac0cd56371362aaad50 |
| SHA512 | a48ee8992eee60a0d620dced71b9f96596f5dd510e3024015aca55884cdb3f9e2405734bfc13f3f40b79106a77bc442cce02ac4c8f5d16207448052b368fd52a |
C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.ba\PythonBA.dll
| MD5 | 6382ca6e9024097c5b662b0147c67e7c |
| SHA1 | e1134801e1d2834c0a2be3f7d30bc6610760689f |
| SHA256 | cbac589b8142d3c1df2353471e928b2823f59b66e06e521619052dbe6385055c |
| SHA512 | 0a38306ae961a64eb0da531ae3f7b6f438be94320b0e11caf1b05a700d49632556405431b175606d3bff13f89f658f3af00037c1cd752b659169086ce247d6bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a24db23701870264b746f2085e888ad |
| SHA1 | 5d8986abacdbd7a13eed8199c3d888cf5f9470c8 |
| SHA256 | 6f23720822a3924ae6d4e6cd10a0120d3e45df3914ace05dc4877929bbed6dbe |
| SHA512 | b8e42172fd4990678e11665f612b334660f2b9cfad8850e495a4de7b9f89155b4c48ec4d8e6d356b54e44bf270b4169ba2e97f1c5feeb5e433f2c5de03153ba9 |
C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.ba\SideBar.png
| MD5 | 888eb713a0095756252058c9727e088a |
| SHA1 | c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4 |
| SHA256 | 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067 |
| SHA512 | 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 76c51a206aae9bae636f464d445af26d |
| SHA1 | 09a64f8cda147360e84ba2a11c38b95ae8f799b4 |
| SHA256 | 311c313a74551a793475b38e699825d50bf43515e7aa6f6daf6066866fe05e21 |
| SHA512 | 3a4efe31ff8dbe002d727691a913f28c9e085ee8d47f5dde971987d92d6b65c79cd15be66732e95f855dd8cd7e1fadfec1db0f01f2701c96441469d2d1d519a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 354d4ebdcf41e0363baadaa856b884f9 |
| SHA1 | 4d45d20b7c38ce8ee25ccdc5193f18eabdcc62b7 |
| SHA256 | 2ab543a7561d07a3f6ed54356439c02abcb2935f796c5b5a0ca195f50f81445a |
| SHA512 | 0eb21fc9190a123f0f4f4b5868f6d5e5219eb58ce76e489a894bf5c977f12101bcd372a3b43630180e4157785a6ac58363fb9b171cf3540ffef619b973b5efac |
C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.be\python-3.11.4-amd64.exe
| MD5 | 73084cdc98f16f144aeaa7ce8966a76a |
| SHA1 | 40e8d66a0d13454b25513c8444c763cab00f2ab7 |
| SHA256 | 6846e876b507121739c7325d83c6cef655748113f0ef1cb61759552dd76c9db4 |
| SHA512 | d674aa9c8ec2736fc4282d6ae7a15c87ef714c6d8f0ceef5213c6925abce8e152eed4fa39525b5aa7c5bcf806fe7bffbbbbd74e71f25fd9ff544825d407abb71 |
C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.ba\Default.thm
| MD5 | 4a006bb0fd949404e628d26f833c994b |
| SHA1 | 128bf94b6232c1591ee9d9d4b15953368838d8ef |
| SHA256 | be2baed45bcfb013e914e9d5bf6bc7c77a311f6f1723afbb7eb1faa7da497e1b |
| SHA512 | b77383479e630060aeaacbb59e4f90aa0db3037c9c37ebf668cf6669f48b9f57602210c8e0c20b92a20d1bae1a371a98997b35f48082456f77964c7978664cd4 |
C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.ba\Default.wxl
| MD5 | e2e4ed5dd48af4eebe15726c7053749f |
| SHA1 | 8d7eebbd2d8544724ac2ff0da71ac1ff62121347 |
| SHA256 | 0111a0f259f5f498055b4c1218b30c21d4a8b7d893bca04ed4e18fe01d3563d2 |
| SHA512 | 64c3010e4dd0fcfb2e236ea1ed464d1928dbe2f5a13dd0a71b4c446a7b986118955d37055857c5fb44a45500a598112641d6979d78883be4c444e7fbc1292e05 |
C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.ba\BootstrapperApplicationData.xml
| MD5 | 29f7c1ae17542f2947d43086cc8a2c61 |
| SHA1 | ad26076b5e86cdeb2e9f68f136577ffd40b9f824 |
| SHA256 | 82fdb1fb8ba06ea22ef1e0e790dcd66b51eb04085b3a8fd104edaf1c8f008340 |
| SHA512 | 30ef345fb2d7ceb57b637d8afdc3c417b4f10d2fbfdcff0a352e830bb49c2d45baffe13f7637c7b4d41984ea41a91861dd86b2ef7e45581aebb98db1fbcb6b35 |
C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\tools_JustForMe
| MD5 | c6becc684cf5071c79ca71213b27f1e7 |
| SHA1 | bcead7c4184eb3eab3734f5aa0f4e90224428a08 |
| SHA256 | 3be39c326e8d40e101d6c12995e89a9c15a9e30e134d0f4ade131522ecefc081 |
| SHA512 | 7674dec3fe56cdfe98e459d12253fc50ecc34b464f142b7c643fb1972130a9c1d22f15b21f261b52582f866a1743046352e1bd3916e7b32805f77db64de73591 |
C:\Users\Admin\AppData\Local\Package Cache\.unverified\lib_JustForMe
| MD5 | 61f515a5767b0b86b7f025470ea59cfc |
| SHA1 | 3ee14100438adc5c905ee9c9bcd7fe4dcb84d5c7 |
| SHA256 | cff6cefdd631ad4cca3b97e2d2c7f64f1f069fa9913111d3dbafc29a5a44c459 |
| SHA512 | 8b7c9cbde146d2faaf66e54dadc3f8264564bcfd0cbcb2f5ee4e1dddf771e597a9b2e8c82a7eb11003589aff84773f38c1d24197f01721383c8a2532598213ae |
C:\Users\Admin\AppData\Local\Package Cache\.unverified\doc_JustForMe
| MD5 | bf152691c485494abb104bcecf66edb2 |
| SHA1 | 3570812d1a76cd971432b099cf30c4a6877cb376 |
| SHA256 | 4cfcc529e605fed113d85b880fc23d23fdf2cc58e8766182181b25c14cf6aedd |
| SHA512 | 8ff33d7f6dcf4c7d4caeed465447a9dfe42ded635bfa89a3c0319ba3c09e95881bf658259e6dbe81418ea44e4a0e8bade7b9681df3ff3908cbc654f79bc5410e |
C:\Users\Admin\AppData\Local\Package Cache\.unverified\tcltk_JustForMe
| MD5 | ec2aff78b2405d86280ed36a83a08b93 |
| SHA1 | acdd2251f064ac5921c7e7bd3a282639504907bd |
| SHA256 | de0e7c2f063a5d8f3b32815feca509effc788252604759c7b686478344cb2447 |
| SHA512 | 71f9d60a294988b58345d9736f0315bcf90be84ee383aab517c6feb4b52ef7d9f72b4163b93a6396ba00248c7d009d677573f992d0ea2b20eb04a1cb66477e09 |
C:\Config.Msi\e66d4bf.rbs
| MD5 | f9fecb991909edf8c72c3d6a05a26c34 |
| SHA1 | c121d320bf37ff9202db51ee66cdbbdd38fa1b4c |
| SHA256 | a1e0482980e2b9166fa8777da91924754fe148a26ecfbb606ced928f85087101 |
| SHA512 | f4ee29d47ffbc5efb7d572131b26574dad224a362cee189b11b7cf34a8778a8b9cfab94fa2c48b418ab2b5496c9b56ce8a1dd94d9a35062450a11515b776dd57 |
C:\Config.Msi\e66d4c4.rbs
| MD5 | 6b4edea31a140280113aee8b23cc8f2f |
| SHA1 | eea01b28ef524abc9936041b63edd2759e68e4db |
| SHA256 | cdb98681a1e56373e3041436dcca2dd6fec7eb4d09fe4c550a3e3430a0addaea |
| SHA512 | e7b2eb27b6b0cba54072e3ef060a63f8e6c5e527f06fc5c88f0b8ced857f4b06f80183dab34cd76e22741a3faee6a93794675db87f77912844b964bfdf1b4fae |
C:\Config.Msi\e66d4c9.rbs
| MD5 | 0cfb4a5bf1026a5675ab221155752f63 |
| SHA1 | d1d43a29f471694a3b8840c5ba9ea17636bfec9f |
| SHA256 | 63eb0afe2675419e206eecb9c17275c9485f945fccb066b8756bf9ffd960e07b |
| SHA512 | dcbda8db5c8497ce0e3de5d98829f9de5e6265463ca41186688d75924cf36e1f4d12e4c7f345ffa458e5a85a7bc727191719f8ca4840badd73d02006d6fc663f |
C:\Config.Msi\e66d4ce.rbs
| MD5 | bcb1a718b441c15f4d208abec927912a |
| SHA1 | 2d4e375cc80943d5a726327a0027bd0f5ac273d7 |
| SHA256 | 0761e4393335cc0b32a6d9a11fdd1189459210ca3760554a43e989ae69232da3 |
| SHA512 | c67896388f108abb60fd03945158584fd24411b395f619c3388ff38ac51fbaaecaf6fea63ab5a91f38c617e0027fa55014297a68cac1cb24a30ea5055f32020f |
C:\Users\Admin\AppData\Local\Programs\Python\Python311\Lib\test\test_importlib\extension\__main__.py
| MD5 | 47878c074f37661118db4f3525b2b6cb |
| SHA1 | 9671e2ef6e3d9fa96e7450bcee03300f8d395533 |
| SHA256 | b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216 |
| SHA512 | 13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5 |
C:\Users\Admin\AppData\Local\Programs\Python\Python311\Lib\test\test_importlib\frozen\__init__.py
| MD5 | c3239b95575b0ad63408b8e633f9334d |
| SHA1 | 7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc |
| SHA256 | 6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225 |
| SHA512 | 5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25 |
C:\Config.Msi\e66d4d3.rbs
| MD5 | 70e51a3832de20e0d1e8cb782acb68a6 |
| SHA1 | e8e80485cc7e97d880ffb37c13c20f0164af9225 |
| SHA256 | 7eb6b143052b21278310021368abd3454b6a2b4a81f747f706b056e28ff0182f |
| SHA512 | f8c508508d830753c4a48cbcfff9479cc48a1ad6d0d80f14e9ab930c53f63593dee9b741e8d07dc53869b24c94b948a90395ab95465527bae96b4876e82eb4a9 |
C:\Config.Msi\e66d4d8.rbs
| MD5 | d5edd2eafffb00d34cd44e4e5c83e86f |
| SHA1 | d60ba74c6cc8bf0b6acc02868ad593b8ac2d9330 |
| SHA256 | 91fc27aa81553d0a3cd14f7cf1a39b0a7914dc286c16dedc0e41aab4e95a5769 |
| SHA512 | d402659ad66c120d127b63b33f340ec59c3dc18b3697d8b9f93ca898d0bc5dc7586e1f01e250036bd787e10149c6d09eab2df97fb6195ae36cda16bac1834865 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b1ab0a3a-1825-49f8-a807-228c43f20eea.tmp
| MD5 | fe202402b4182478097b681b3ac1a4c3 |
| SHA1 | 866b60f162c223f676542a33f6972323eec6ecf2 |
| SHA256 | e5a5467ae901baed51b1d74ac8ca279789bdb8586158e25d06bca0eb5ccae1f1 |
| SHA512 | 3a6deb2297feed4234510b0cf0ed45daa711dc7b9906bc7958d0bedefbae50975a38af66f3f00629e2d7482eb5faa121d92f98f11ad5456c750b8ccd1c6aba51 |
C:\Config.Msi\e66d4dd.rbs
| MD5 | 5bdaf5ebc614c14b7a1795c5a244083f |
| SHA1 | 81f6e366097cdce92a5cc7241a82b1b0a92ee710 |
| SHA256 | 899a03795327935e291c69a1bee339b28502b6dda223e7cf69fae99ff50f7f0a |
| SHA512 | be628a0b56ad36bece1fb175074e83ac57ed385ee1c350b6297ed61261f016efa702659511e50330ed617a646783200b968b68163ca7a471c0294c81d17a66a4 |
C:\Users\Admin\Downloads\Unconfirmed 340364.crdownload
| MD5 | 553799f90908d9015d91ab6de3ba31bf |
| SHA1 | 14324c9b660cd036f4ea3da9ad99f2d5c700b677 |
| SHA256 | 7f5b876590074567abde667afa2156aeeafafa86200d487f40f6a6da6531b993 |
| SHA512 | 5d8a28f8d7bfe2ae0e5734ae894c0069be1981069e5287e1714e8590cb75f059332bd1017b53e481af6b2d4c7769597a6516834abfef2dbb71a804f1af7f49ad |
C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe
| MD5 | b6ef5717317f6300d663ed9559ee9967 |
| SHA1 | 20cc528f0dd7d148beb1afc164ae1f5efac09725 |
| SHA256 | 4fb049eeddd221e5470cd33177299dd13f85eba25beef7aced7a0890ad85181f |
| SHA512 | 68ac3cea6930002a2deae17deae2ea847403987367cbaeb7a0d324a05d162f63b740f2a1c2aca13eae818b1648c328a87c2e626c59468b43b70e6e6da74c98a1 |
C:\Config.Msi\e66d4e2.rbs
| MD5 | 0a68e5565b926f025b04be159c9b1c08 |
| SHA1 | 64b31c964f5f3ba02be880750c38bb502c89eeb4 |
| SHA256 | 3af3161af23dd230005068c81f5a11c610b54a951e8fc51b09cec0bd8d40a358 |
| SHA512 | 56eb4208f80d4951e98136970f4a1e1dd04c166d221d20c1189e767e4b1279cbb57f83810cd87d4cf2779037e1e433725af58303885c9294a04812102c92d8a6 |
C:\Config.Msi\e66d4e7.rbs
| MD5 | 4a9b52e3ebfdc9b67642ae9a92fca740 |
| SHA1 | 107937c458e2f4f4183d6138201bfaf64e1fba09 |
| SHA256 | 05a6ddabda883a1537dc0cad3ad98080d8b4104db9df1c63451f83574822c4d3 |
| SHA512 | 848f4728c6a2148d530766b5069586951191a86b3ac06dbc89aacf7a3636c987c6ca2f7d78b9d6e90c2a88af822ccd119ded53ecff24c92b4dfc953e358a01a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e238372bf0787c6e7297bfd0f8eda250 |
| SHA1 | f6f7707aef01755b07efdbc4644335b4076f13cc |
| SHA256 | fa313d6ca3bd0cf9101f715dcca6b043af8a4a1b4ea9376ef2088d79f2022466 |
| SHA512 | e46ed3259108c8465b2b6f7415c6c93fbfa2251ae36fcb1dcb9b3e61e8200505ad62a629f25820576dc32fc8b0ea393e14e4d5af697baca22aeeb55259a0d88b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a8afdad745070aa6b9b2780cf79f123 |
| SHA1 | 64ba393f914ea36208148f844d2432c772bef273 |
| SHA256 | c2bcf73785b0dd376bc1faa4f83fd816545d5b00d141aafa7ab3e0dcb40d58b7 |
| SHA512 | 96c9451f40dc8659833e212124265636f8a8d92a81317772a7b7c4c48814046c57918e15603c9a12f0820a780491fe43fcf4144d171ff18fd91566fbc94d98cd |