Analysis Overview
SHA256
a5a99b75b4cfbf2ee2fa04e09d3b4714e4710d5edde4d4807b9a15449ee3199b
Threat Level: Known bad
The file WIN_20230904_22_44_24_Pro.jpg was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Patched UPX-packed file
Downloads MZ/PE file
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Checks computer location settings
Modifies system executable filetype association
Executes dropped EXE
UPX packed file
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Enumerates physical storage devices
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Control Panel
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-09 23:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-09 23:32
Reported
2023-10-09 23:41
Platform
win10v2004-20230915-en
Max time kernel
552s
Max time network
557s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" | C:\Windows\System32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\System32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Patched UPX-packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\unregmp2.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\creepysound.mp3 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\Skullcur.cur | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\mrsmajorlauncher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Doll_patch.xml | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\default.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Launcher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\reStart.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\WinLogon.bat | C:\Windows\system32\wscript.exe | N/A |
| File opened for modification | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\f11.mp4 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\DreS_X.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGui.exe | C:\Windows\system32\wscript.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "229" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.sh | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\媼軍㌀耀$\ = "sh_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell\Read | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027552071-446050021-1254071215-1000\{7FA485F1-D563-431B-9E53-392B669D46FD} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell\Read\command | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.sh\ = "sh_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\媼軍㌀耀$ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\System32\wscript.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 441750.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 291726.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\System32\wscript.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\WIN_20230904_22_44_24_Pro.jpg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9aad746f8,0x7ff9aad74708,0x7ff9aad74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\bin.sh"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8273EA2FF31E546BCA2498357A684F4 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E54F799B86861C387FBD036CA8CC3F1A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E54F799B86861C387FBD036CA8CC3F1A --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2ec
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F589.tmp\F59A.tmp\F59B.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\3E5B.tmp\3E5C.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7260 /prefetch:8
C:\Users\Admin\Downloads\BossDaMajor.exe
"C:\Users\Admin\Downloads\BossDaMajor.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\E0F3.tmp\E0F4.vbs
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\SplitPing.aif"
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 03
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3930055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 88.221.24.122:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 122.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.122:443 | th.bing.com | tcp |
| NL | 88.221.24.18:443 | th.bing.com | tcp |
| NL | 88.221.24.18:443 | th.bing.com | tcp |
| NL | 88.221.24.122:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 18.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 3.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.112.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stackoverflow.com | udp |
| US | 104.18.22.201:443 | stackoverflow.com | tcp |
| US | 104.18.22.201:443 | stackoverflow.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.121.70:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.sstatic.net | udp |
| NL | 142.250.179.170:443 | ajax.googleapis.com | tcp |
| US | 104.18.19.90:443 | cdn.sstatic.net | tcp |
| US | 104.18.19.90:443 | cdn.sstatic.net | tcp |
| US | 104.18.19.90:443 | cdn.sstatic.net | tcp |
| US | 104.18.19.90:443 | cdn.sstatic.net | tcp |
| US | 104.18.19.90:443 | cdn.sstatic.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | 201.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.19.18.104.in-addr.arpa | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i.stack.imgur.com | udp |
| NL | 199.232.148.193:443 | i.stack.imgur.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 000a3f01f96da91aeb04b03a920eb641.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | 000a3f01f96da91aeb04b03a920eb641.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | clc.stackoverflow.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.131.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stackoverflow-privacy.my.onetrust.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.179.163:443 | www.google.be | tcp |
| US | 172.64.155.119:443 | stackoverflow-privacy.my.onetrust.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | malc0de.com | udp |
| US | 208.113.221.91:80 | malc0de.com | tcp |
| US | 208.113.221.91:80 | malc0de.com | tcp |
| US | 208.113.221.91:80 | malc0de.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 91.221.113.208.in-addr.arpa | udp |
| NL | 142.250.179.170:443 | ajax.googleapis.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | de0de62a8f35cf15c7b2f927795426bc.safeframe.googlesyndication.com | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.malwareblacklist.com | udp |
| US | 64.91.248.15:80 | www.malwareblacklist.com | tcp |
| US | 64.91.248.15:80 | www.malwareblacklist.com | tcp |
| US | 8.8.8.8:53 | ww1.malwareblacklist.com | udp |
| DE | 64.190.63.136:80 | ww1.malwareblacklist.com | tcp |
| US | 8.8.8.8:53 | 15.248.91.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.sedo.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| NL | 172.217.168.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| NL | 142.250.179.206:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | afs.googleusercontent.com | tcp |
| NL | 142.251.36.1:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| DE | 64.190.63.136:80 | ww1.malwareblacklist.com | tcp |
| NL | 172.217.168.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | cc.sedoparking.com | udp |
| DE | 64.190.63.210:443 | cc.sedoparking.com | tcp |
| US | 8.8.8.8:53 | be.insight.com | udp |
| JP | 23.207.104.189:443 | be.insight.com | tcp |
| JP | 23.207.104.189:443 | be.insight.com | tcp |
| JP | 23.207.104.189:443 | be.insight.com | tcp |
| JP | 23.207.104.189:443 | be.insight.com | tcp |
| JP | 23.207.104.189:443 | be.insight.com | tcp |
| JP | 23.207.104.189:443 | be.insight.com | tcp |
| US | 8.8.8.8:53 | cdn-ukwest.onetrust.com | udp |
| US | 172.64.155.119:443 | cdn-ukwest.onetrust.com | tcp |
| US | 8.8.8.8:53 | app.launchdarkly.com | udp |
| US | 151.101.2.217:443 | app.launchdarkly.com | tcp |
| US | 151.101.2.217:443 | app.launchdarkly.com | tcp |
| US | 8.8.8.8:53 | app-lon10.marketo.com | udp |
| US | 104.16.94.80:443 | app-lon10.marketo.com | tcp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| GB | 96.16.109.56:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | 189.104.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.94.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.vidyard.com | udp |
| US | 8.8.8.8:53 | cdn.lr-in-prod.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 151.101.1.181:443 | play.vidyard.com | tcp |
| US | 151.101.1.181:443 | play.vidyard.com | tcp |
| US | 2.18.121.142:443 | use.typekit.net | tcp |
| US | 172.67.165.127:443 | cdn.lr-in-prod.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 23.46.70.111:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | cdn.vidyard.com | udp |
| US | 18.239.18.33:443 | cdn.vidyard.com | tcp |
| US | 151.101.1.181:443 | play.vidyard.com | tcp |
| US | 8.8.8.8:53 | 56.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.70.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.211.227.13.in-addr.arpa | udp |
| US | 2.18.121.142:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | s3.amazonaws.com | udp |
| US | 52.217.100.62:443 | s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | signals.aimtell.com | udp |
| US | 8.8.8.8:53 | cdn.aimtell.io | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.100.217.52.in-addr.arpa | udp |
| US | 104.18.32.59:443 | signals.aimtell.com | tcp |
| US | 104.22.70.231:443 | cdn.aimtell.io | tcp |
| US | 2.18.121.136:443 | p.typekit.net | tcp |
| US | 23.46.70.111:443 | c.go-mpulse.net | tcp |
| NL | 142.250.179.163:443 | www.google.be | udp |
| US | 8.8.8.8:53 | events.launchdarkly.com | udp |
| US | 34.194.37.158:443 | events.launchdarkly.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | cdn.aimtell.com | udp |
| US | 8.8.8.8:53 | 684dd330.akstat.io | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | 59.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.70.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.37.194.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.124.96.23.in-addr.arpa | udp |
| DE | 64.190.63.136:80 | ww1.malwareblacklist.com | tcp |
| DE | 64.190.63.136:80 | ww1.malwareblacklist.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 88.221.24.18:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 4.113.82.140.in-addr.arpa | udp |
| CN | 123.10.20.217:40244 | 123.10.20.217 | tcp |
| CN | 123.10.20.217:40244 | tcp | |
| CN | 123.10.20.217:40244 | tcp | |
| US | 8.8.8.8:53 | 217.20.10.123.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| NL | 88.221.24.18:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | gmhealthcare.dothome.co.kr | udp |
| KR | 223.26.138.4:80 | gmhealthcare.dothome.co.kr | tcp |
| KR | 223.26.138.4:80 | gmhealthcare.dothome.co.kr | tcp |
| KR | 223.26.138.4:80 | gmhealthcare.dothome.co.kr | tcp |
| US | 8.8.8.8:53 | www.agenziaentrate.gov.it | udp |
| NL | 95.101.74.132:443 | www.agenziaentrate.gov.it | tcp |
| US | 8.8.8.8:53 | cdn.agenziaentrate.gov.it | udp |
| US | 8.8.8.8:53 | 4.138.26.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aews-analytics.sogei.it | udp |
| US | 8.8.8.8:53 | www1.agenziaentrate.gov.it | udp |
| NL | 95.101.74.132:443 | cdn.agenziaentrate.gov.it | tcp |
| NL | 95.101.74.132:443 | cdn.agenziaentrate.gov.it | tcp |
| NL | 95.101.74.132:443 | cdn.agenziaentrate.gov.it | tcp |
| NL | 95.101.74.132:443 | cdn.agenziaentrate.gov.it | tcp |
| NL | 95.101.74.132:443 | cdn.agenziaentrate.gov.it | tcp |
| NL | 95.101.74.132:443 | cdn.agenziaentrate.gov.it | tcp |
| IT | 217.175.50.133:443 | aews-analytics.sogei.it | tcp |
| IT | 217.175.53.138:443 | www1.agenziaentrate.gov.it | tcp |
| US | 8.8.8.8:53 | 133.50.175.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.53.175.217.in-addr.arpa | udp |
| IT | 217.175.50.133:443 | aews-analytics.sogei.it | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| NL | 40.115.3.253:443 | client.wns.windows.com | tcp |
| US | 8.8.8.8:53 | be.insight.com | udp |
| US | 8.8.8.8:53 | beacon.aimtell.com | udp |
| US | 8.8.8.8:53 | insight.report-uri.com | udp |
| US | 8.8.8.8:53 | analytics.aimtell.com | udp |
| US | 104.17.186.88:443 | insight.report-uri.com | tcp |
| US | 18.238.243.28:443 | analytics.aimtell.com | tcp |
| US | 8.8.8.8:53 | 253.3.115.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.186.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.18:443 | th.bing.com | tcp |
| NL | 88.221.24.18:443 | th.bing.com | tcp |
| NL | 88.221.24.18:443 | th.bing.com | tcp |
| US | 104.22.70.231:443 | cdn.aimtell.io | tcp |
| US | 8.8.8.8:53 | imp.aimtell.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 151.101.1.140:443 | styles.redditmedia.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 151.101.1.140:443 | styles.redditmedia.com | tcp |
| US | 8.8.8.8:53 | a.thumbs.redditmedia.com | udp |
| US | 151.101.1.140:443 | a.thumbs.redditmedia.com | tcp |
| US | 8.8.8.8:53 | external-preview.redd.it | udp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | d9.flashtalking.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | tps.doubleverify.com | udp |
| US | 52.3.165.245:443 | d9.flashtalking.com | tcp |
| US | 52.3.165.245:443 | d9.flashtalking.com | tcp |
| US | 130.211.44.5:443 | tps.doubleverify.com | tcp |
| US | 130.211.44.5:443 | tps.doubleverify.com | tcp |
| US | 8.8.8.8:53 | 45.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.44.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.165.3.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | www.malwaredomainlist.com | udp |
| US | 3.141.96.53:80 | www.malwaredomainlist.com | tcp |
| US | 3.141.96.53:80 | www.malwaredomainlist.com | tcp |
| US | 8.8.8.8:53 | 53.96.141.3.in-addr.arpa | udp |
| US | 3.141.96.53:443 | www.malwaredomainlist.com | tcp |
| US | 205.234.175.175:443 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| NL | 142.251.36.1:443 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.malwaredomains.com | udp |
| US | 64.247.192.88:80 | www.malwaredomains.com | tcp |
| US | 64.247.192.88:80 | www.malwaredomains.com | tcp |
| US | 64.247.192.88:80 | www.malwaredomains.com | tcp |
| US | 8.8.8.8:53 | 88.192.247.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | riskanalytics.com | udp |
| US | 64.247.192.88:443 | riskanalytics.com | tcp |
| US | 8.8.8.8:53 | isc.sans.org | udp |
| NL | 108.156.60.23:80 | isc.sans.org | tcp |
| NL | 108.156.60.23:80 | isc.sans.org | tcp |
| NL | 108.156.60.23:443 | isc.sans.org | tcp |
| US | 8.8.8.8:53 | isc.sans.edu | udp |
| US | 45.60.103.34:443 | isc.sans.edu | tcp |
| US | 8.8.8.8:53 | 23.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.103.60.45.in-addr.arpa | udp |
| US | 45.60.103.34:443 | isc.sans.edu | tcp |
| US | 8.8.8.8:53 | blog.didierstevens.com | udp |
| US | 192.0.78.13:443 | blog.didierstevens.com | tcp |
| US | 192.0.78.13:443 | blog.didierstevens.com | tcp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 192.229.163.25:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | didierstevens.files.wordpress.com | udp |
| US | 192.0.72.20:443 | didierstevens.files.wordpress.com | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.72.20:443 | didierstevens.files.wordpress.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | 13.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.72.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.163.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r-login.wordpress.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.78.18:443 | r-login.wordpress.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | 18.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.42.244.104.in-addr.arpa | udp |
| US | 192.229.163.25:443 | platform.twitter.com | tcp |
| US | 192.229.163.25:443 | platform.twitter.com | tcp |
| US | 192.229.163.25:443 | platform.twitter.com | tcp |
| US | 192.229.163.25:443 | platform.twitter.com | tcp |
| US | 192.229.163.25:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 4.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.113.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.113.82.140.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wmploc.dll | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bf009481892dd0d1c49db97428428ede |
| SHA1 | aee4e7e213f6332c1629a701b42335eb1a035c66 |
| SHA256 | 18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4 |
| SHA512 | d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11 |
\??\pipe\LOCAL\crashpad_4172_DRFKBHZADBQDDNRA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7add1ebe22fa9e251b4e691cd4054d31 |
| SHA1 | 9af99bbe3785db121397e2f4c8405cc26c47830b |
| SHA256 | 68828e4ef9fc87b86719ec336ed48d07b1b8c7f931e89350dad2af43cef761de |
| SHA512 | 7dcb7e1df93c119bc1bb37f438623b84f60bdd194463b2306ce197a4b3c16507624db3cc269c7989779297fc24699d40ce213b73dde450b63775bb7ade9ba45b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e407d98728e3686ce0b5ae809ba916b |
| SHA1 | 6fc688c97bfd1b97247e034b7d5e31c2db21700b |
| SHA256 | 1aeea6dca205cbb414b81d8c9ba0a8e92ede5465b97df977680df1979354eae4 |
| SHA512 | 54104cb488c729ee1030cd35dba7ccd25fa1f8d5c1a85c7a4e90157c21dbecc434dcc2e53f6e095bdca047aa3b130fd913a613e6eb78aa8fd4b353c8b82f2599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d02b81c126ad498b08920d7511b2615b |
| SHA1 | d5267f5b29f7082fbb64b86dcaf706e9b8a2e77c |
| SHA256 | be58ece437b7508db1be1e4eb76e648ff32d4860562ca3bc5fe1533dfc9b21c6 |
| SHA512 | 9e5a1f6c35aff6c1c5ca4052aaede6c3f63c820913c0cb524900cac5b83de61bed775b01294774fe3d624d44749029ed1be95e9c3b01d48fea1905527a281414 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 25ac77f8c7c7b76b93c8346e41b89a95 |
| SHA1 | 5a8f769162bab0a75b1014fb8b94f9bb1fb7970a |
| SHA256 | 8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b |
| SHA512 | df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60246d58-78a7-4988-aed2-e5d7ceb3c3e5.tmp
| MD5 | 4e404b6b4cc775aec4c1ab98cdd2098f |
| SHA1 | 36b26b17b164d54d73bbc1949e6f7aabdfa9a4a3 |
| SHA256 | 856d54a9c18295a1a22d61d513e912af2b1b6db823d38c37bcb995428773d96d |
| SHA512 | 02ae65c84c314a4e9d8eb5a9194bc70a86051fe7529c491b86ab5c436cb62440f595a57bf113668458c6411bdd4de84529ca42ca5565e03b7b2889c9cdf50ce0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 004202483136cbaf55a342f6de3b1a13 |
| SHA1 | 8550cd6fd4b9ff4bc6c07df2c744fb7a5019e395 |
| SHA256 | 1b7c7ca1f340d17a571c6fb9b671aadf2f1261e17119ac3f9ad533f91b823fd6 |
| SHA512 | 9d3665cfd394378c7a263c7b88176ddaa88e65090ae268d9d73a448ba7029efd84b3a8c614ff5285293d445b4310da09a869198668312ad413fbfd298d70457a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d54.TMP
| MD5 | 630c54ea55031deb3de82045c0daae05 |
| SHA1 | 41952077b1a3282eb4d8b97c3a5da13c3942aa2b |
| SHA256 | cb276f11eba4691704bed64fc7c348a9ffd2a17797ed2d6382946fe759abd0c1 |
| SHA512 | 00807fb68330323a2773aa5a1348cc79fe5bf22641bc4c57d68cf9f739efe0f175c61df3823d986f570b09b8d162576e2a2a2884b06a0c9068ea4a01006ea182 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a339ea8ec31b78860edc8a82eef7ae4d |
| SHA1 | 366ffe87609b4bd4a06061e5ffa3c6eea7a18aef |
| SHA256 | f98e8965359e4fab93bd9ef46162e0200acc64b21d4001626d8f0e9c89696187 |
| SHA512 | fda6d4dac12241569e59348860f32ed4cf6ea7500dd0cd5bf4984303539623f38c95e7e2114ef6ab5b53a4e0e2a2ae9a318fe9925d062b122812bc429978930c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 891bd8a3b6c742e233bdd31973cc9c98 |
| SHA1 | 167830955da83d3ef59b2b3d6429fa6c0104581e |
| SHA256 | 963608878d09bcbd5754c9fbd58229901ef6933bd2f589c370f496f7b6b6c3e9 |
| SHA512 | 6634abf74d55e706a3ccbd396af9a1239d24c844fe89ddd03e98cb90285ab895d49f49b85cb2c417092567e653df1084de8c08c08ec0879c8831e70fda8f88d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e44470b762c91838a9d225a255b0f490 |
| SHA1 | bb6a59ea9478a669f254ac3182ca9db3f4067727 |
| SHA256 | e9a1fa1700ea18ee824feaa3123ef0d7f808711370763d7702a709336c237c8e |
| SHA512 | 295143dfb775431de29711c50ea3fd973a948dd6ad38264f5d9fb9a4cb28ed49675ce716a55c7157379d3c76dc9d47763129713d28cc5046f8c33d3964971a82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\556c991a-44f2-4f62-a185-8de0410a23f5.tmp
| MD5 | bf9e5cb4e56720a2c1b555d0c38aa237 |
| SHA1 | 7834079ec67297a83a9ce3f45138b97b94e93074 |
| SHA256 | 40c28d6b92299a89b44d1a401b5ba09fc377d21303eb7cf2f6c0cd1dbfdff6b7 |
| SHA512 | b454785dc7506cc3541e854cf03f5b2fae618b407bdcaf8c48ad5e07cb03a29c1b1843c32f6c2d737a8fd3d9df132c199326a5f894e9a94cdd02e71c303ecf98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2b278f355ac465cb40682306d73cc37b |
| SHA1 | 3b005a1c99d5dae97bd467e2591e62bc86b6ed31 |
| SHA256 | 57efd6d1d3bccd6e5bef9074d8c92f41363993f138ffd52c386f1ecdbf107d75 |
| SHA512 | 44a3da30329641eac397c6dc9046f19c564ba6292c5a27fe785a40bb75c11dc2ffa80048ee89864e7ee90d4d7ec232280bda6e02ab618e27646edbb6431587b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22b71f4d7aec32db83879a851f765219 |
| SHA1 | e8bd836b7f79c69d7ced7415edc20e05c655f964 |
| SHA256 | 9f560f32ebd412a15e8cc8b9c1d167edf402e40a505a7983ef3a22c43be5c310 |
| SHA512 | a42abac53440a38e74029a87e3a981fb0d5120a6ed9b02313cefa994aec3ecb04b44668a2328a70b25a195f7244d3108e0388b8e7d8333fab33bdee924c7c1bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a08b22ced5552309e556ac5754871b07 |
| SHA1 | 23b44a7b17be5d934cceed6a1739044a27b46bda |
| SHA256 | 2d9c986e6c66e2471f3074744b4a81ca26fa2465f21672e580b3c629fe719e69 |
| SHA512 | c0c82b99859ba217d6bd453788077f83b0b0b16a3b2952b92c33a654d283d97b4b5af0be5ff0b229c599cc8ffdec460d508a33c098aa9851dca76c577ba978e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d3a8b6920c11b306dd4b8003a06209c |
| SHA1 | c3305cd4961c0cc8d7bf22d8cb647c4458b6d7f9 |
| SHA256 | 348591a6f33e78d4581a0321f6e024bab7d57cd02d75159756e65102fbb68941 |
| SHA512 | 2051af4999121369b2451c10c40e90b74329605828bfe631b1f252963aa9198136abeac5299fe5c55a6ac2865883d43a0fe07255451cdae1910b3d641cba01f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac726192bea0062854d1ed8867b6f3e8 |
| SHA1 | def56910ffc4673917e6703fdde360cc76984f3f |
| SHA256 | 23b8b12fafd10e5bd535aee115bdf021af20194a26dd4839eb4aeb0ccc079cfd |
| SHA512 | 1e2b62a57fb2f1b8253bd0e97b494066b543399493a49586f229d557bd8b202322763eed46fe32acd858db60bc128c53a3a9d72faccfbea8d248eb01c5c47df0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e7fc33dc8876992d6ab8f8c63151bca |
| SHA1 | 010a632a594428484e6bbc764b619f646d911d35 |
| SHA256 | 9d428f831452d4f9d901c1797e0684c655a1d06a560f97055d583f77b4463a9a |
| SHA512 | 514794323b8192e9a8275ba2c0bcf6b8c5ff452f27b265f2210be308c7fb047a4cf6ae894749befc4b7550fa7aa2635df6973a4ad66687374b68e119019f386a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_be.insight.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | e86965f9a9a5c5597743b14adba3c73c |
| SHA1 | c4af1e9476d80626993c9a01de01c70a4a54bb72 |
| SHA256 | 54d64df56a3f7e16ee603e1d679719a5151a7af77f9f34f97687b46532bd8eba |
| SHA512 | 161a207053eb26b4656bb9a0c65202a6b4131bfe2385db3b4be4313a01395b98f1c9130dc64c4e1dc302628ce1f2f11bd03dc75151d00617d95220350f4bacef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 2cffca58146d228b9f5d09ff8a3f9830 |
| SHA1 | d98c40c91f07513ab7434f9060f09d1d070a7367 |
| SHA256 | 90425d0ac7c4798b1c923212a5da989b119b32ec3b89dff50cc2e3867a968b1d |
| SHA512 | 23b16d327e10d7bc21953c11569dc6c681c1ad474c9b5e2270907a78733b03fcdcf3abfd45a647df933f732df3cd7b6431408b02320d1cbad23878bf45a56298 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 8f376c1ed91325215f29632881530838 |
| SHA1 | 995e96ace35882b4d79645c96c188856b9a36b16 |
| SHA256 | 7a9b16716c88f86b0dfed9b091d9729234615f5f254e8a7e887c2676e0a04fbd |
| SHA512 | de00ad653c65d7fa475e6695e41a9be32380cde75353411bc67925b6c1a198d6782339cb4ca09dff16b6a1f118492311303cd460ed0e846058902910e64cf2ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 3e0dcc540b9405f542fb47c80048dba1 |
| SHA1 | f6b65b42a1124d78bc7a675cfa4a1ee6b54d4c7e |
| SHA256 | e0ab4deab29d83ba39ca8c1d7065e8accfa04c8a7f1e36fa3cf94c97d088c7ad |
| SHA512 | 004c297ec750a3186f772a6865c046ebe1454bbde00541ea59d6b97f2653e7aa4b4ef640b4104bd86e73f736725ad04e1853cda524d25156339605f83a428f7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 40b95a073cdf033a389d6c6d568d189d |
| SHA1 | 40d522d77effa87e8984b7375eb5897887ebea59 |
| SHA256 | 41c37414eaf02e7160ef313df7ba3f215963944588280ba15b4cafa9a6464289 |
| SHA512 | bd551b8ba288a3bcc804e54f89fe7193f0b1ba46e68edf85005f031bb5b7eca51b04df5ecd6507d627f9132dfefc9ca11802e3b07b1c198231afb526c9605f41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | fd2b58574f9637ba7ef639267349d848 |
| SHA1 | 6eda5ea93f549ceb5693f6f1c038893fa56a510d |
| SHA256 | 75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec |
| SHA512 | 9de7eb0ddaea236cbf912f4b87fa94c424cdea041e756200926c7e28bac860f69e0d9104a790678d1858cdd7101b25d1e25164a89f81a758f35bada3765c6893 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 0550db1ba6da662b396f963c7bd29ae4 |
| SHA1 | 764371ba288eec353cd4c004e2d027c9ac56c2b5 |
| SHA256 | 5082bc6bcccd572381b1ce77dacf2338e16aa99d0107e13f5b202bfe66f5bab3 |
| SHA512 | b0c18621913fb2584659adb9108429516e7c792001291e60d58f9fa56b1f69c69ecd8d0e0590a863302b13883a2e3682773131359f9eba217e777824684281cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 9879ce007ef4bc916323ea212d059fba |
| SHA1 | 22d47ffcadfed7f1c2bbf6a189d951460619e589 |
| SHA256 | 8784120f465961640ab18d2670222e1ba150093ff278e05489e40d067ddb1ae4 |
| SHA512 | ef16af5299759698efdc2d704bc174960c69840d23fe1f06c78b3b952981041a156023b61cdc69f7e0171a402580de4b86119498219c3a0dc3967736f03000cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 80ae70fa1b9e76d8c20830f3f769b18e |
| SHA1 | eb322c33ef1816081ecf21d222caae0b9a4fe4c9 |
| SHA256 | 55c5f4175f6041d6241524a7e5bb3001c2ab6976bacf01e30144fcc04c227334 |
| SHA512 | 18ca85fc4fd338719bd5efde3b133482011b693a1cdab1462110796b4337fadac3db08bb6abfda2d8f4a52e9b2498899eb6d6a10298062608f686fcfd4383ab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | d341c3738f75f1da6a1e71712eebcbc7 |
| SHA1 | 2753e989e2cdbe6f51f456fbb363b9d670f858a7 |
| SHA256 | be0a6843f56ec10f00749bfd6432e07a70e644c21fabcf3ab2c31a7c0794fe33 |
| SHA512 | 353d831fdb002a1750ce4399e582f579575219037c3e61c70ab28e9bfebe82200450469f90930b3e022fda0dc7cab07c1450f6fa727417c178cbd12611a9eae1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | d94e0e0a05b178d5f668021e14c7a1d9 |
| SHA1 | d28e00ff7663ba19bc80a379643ef1cb20b4d2a6 |
| SHA256 | ce471ce8016410f68616f0b1f122fc43f2dbaa7fd747877fe19955f492c630e2 |
| SHA512 | aa62a9b26850343db5b05ba623b1db75281ffefd7d5b168fd1a4a85c28655b1f3f900edfab3ac57ee7c4ace83769265c9a44d7b19b1b0e9c7fd3e11dc6267831 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 20b4214373f69aa87de9275e453f6b2d |
| SHA1 | 05d5a9980b96319015843eee1bd58c5e6673e0c2 |
| SHA256 | aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820 |
| SHA512 | c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 907249cca6f76225195f5caed55b2d5c |
| SHA1 | b3e75076549b75d0f053eb89b8d4cb01b3702b87 |
| SHA256 | e2951bb64228a8e8247c8c0af34e49c539e47306bb36f35af3f4cb7a581dff68 |
| SHA512 | 937b63dfdc3731ae8379618d5a694312be4417048dcd7c86a3c12371375f101afe8fb7a9ae18440b904da926ff3e7af275e5648add7941f8e0067c16f24fa3fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ddb586fe14b50b3f82f233d697774609 |
| SHA1 | d39b45ff8d5be7e83c2d92a3ea22c6d80bc46064 |
| SHA256 | 111e31a60843bad7be1a940b0fac46ee2e60c5f0466b83d2db99554eded85d00 |
| SHA512 | e34b3146df9c289a3b1c0fadbdd22bd2a59c54ad5cf23a258b9edd0f6b09c771c8e853fc99b6cc0768c3f2fab17d85e882a910c2d92f24994e085994630bc9e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41503386ef8d829a259ff2aeb9af2c47 |
| SHA1 | f1358e71296aa24c8f3724e053af223a7196dead |
| SHA256 | c760a0f5a444eeea9e65a823a2380cf93bc563360109398fc682b1c94df9b548 |
| SHA512 | 25caab48d6f76a7fdf4488163b59764f15565f87b054b880d8e9ac8cce2bef82c759654ed58f0e18799b8b2f31a72d7a6c9f9e8fcb594251c4bf6a31bfcd25cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f99e7f4a09949e373e2c555fe86c9af |
| SHA1 | 475087510c2748be2a33dc62626c26291eabe8ec |
| SHA256 | 3dcdfbe574c05b205310ac4223e0478981613ae9a2cc17f3baf27585c84ad997 |
| SHA512 | abd3a7a4d35df227610181dc6e25ceae349054278b9a1ed2854136543e9ad65231855afca9f3ed291c2255ee13f236a231b1364a632cac4b3c01dea5e4fe7481 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a085e.TMP
| MD5 | b64244de41387e856ff699b497d8bf83 |
| SHA1 | 95e954895bad19e3ee59d1ea5b9484a013f5cce6 |
| SHA256 | e3985a65e7e816ed801aa8c3d80d15393bbe81c8ec970e0eaa26370f95afe916 |
| SHA512 | 7ab97d811464592a61496d34c6413ab5500a7c5cc778493ce71260be80cb6382461a514f940d035bcef8cc96a95e7b20dbe7814943cb88efcc7f95202b23ab9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a54cde1973b29f75030d98994a9a6f7d |
| SHA1 | 3f877dc3fe4b7fa0843db34b608bb075eec944a6 |
| SHA256 | 0474a37958347948d4168e787b88e4799ff5c13d0790d6774163216401ba393c |
| SHA512 | adc01585176888a3ff77c66b9b7a8dd8384e06b5fe1a7291d45bd94de10c8353c53e86f8f59e090b44959ea085b0489c9d18f42573fdf3328f80ad4c28c27c1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064
| MD5 | a9673bd087b4e5e2cd21862f8b7d8054 |
| SHA1 | 0854f56b37b3c7c3938ebdd75a79be32c94b281d |
| SHA256 | d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2 |
| SHA512 | 3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 593904bcc8b47cee7de964e897fd387a |
| SHA1 | 7048838ffcb7e2687d9f1aa92e11daf60f7e0b94 |
| SHA256 | 2af48fcc4b4dacc88e9853caa62677b49d9ff5998ec6cef11ab49a33f1ac51bd |
| SHA512 | a37269c1e9ec7d3b440d687ae0f9e8bbe9ef5ef5a7e1409605be6851a1c07b126b0e0b5038a08572fb89feb8414374230c6cc1b5152ca30b687f6a0f5b695a39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\841ddf9b-f4e3-416a-b38e-f4ade7e6b6c9.tmp
| MD5 | 07deb66b8702613eea7bdf7510c14558 |
| SHA1 | 03fa671740ca5c36fa9429deca75aac1deb6dbb6 |
| SHA256 | e0c9e421d789977b634cfc6c71a1118d338d6989a65917aeab5febcb9e9b6600 |
| SHA512 | 09013aec71f8043913251ad54e567544a7fe1f943830bc19df5048a16ad94b56332312d0b488624045dde338ec935b96d60e9de3bda37b6a33d2b1143fc2ab9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27e642d6fe75e2a55c77e84a48a1c0f5 |
| SHA1 | cc5c169c98bcf968038abd1cb79bd8030005c8a3 |
| SHA256 | 2a85cb18c411b7a780cf57e32ef8ad62f91ff3e29708ef21726933303d95ce59 |
| SHA512 | 2f61223fbc9ce21f50c8c530de8ce72f3bda1a5258b1c78b1d8fce38e646a8891958955c37d95730d35af2b3cd7988ff31c688da8bbbd314c1beb7b4af3c1b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5a823ed03f3b5bd9039336e8d2fd29f7 |
| SHA1 | d7f2495efae9c3bc4a4bbe1ce4d6523868a0a5fd |
| SHA256 | 80b749b5590da6c26159832878c47966d1cbe48676a39677ef770e21b41a644a |
| SHA512 | 1293aa4682dc0622d78b9337f1e25d9707f6425a0ddb80fbe58d8ac84a0453ddc847455e253bbd50a5d3602e94516daeb7f1f0cae8a507d749e462fd11e7d6c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a4ac9186e2228f570840e16e855da7d |
| SHA1 | b3bc16e123101ec3f47d2cb5187c00a8dc20ba1e |
| SHA256 | f02f5359354e9bffffacf7da4e9d5fe6ddd93443054c3f7b39fa212b702a0138 |
| SHA512 | 31ce660244ec491c22838835082e71ce0d61169a32a2933739f85473f8c1e531a8b4dd967c8d4d174c4c3082ef01d4cbed3aa363d5e2e8055df5bd1b2d061c67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e80ed44d66a14ef282fea3c11a14f25c |
| SHA1 | 5856d48112fa4fd21d084dc1a3874853a702c498 |
| SHA256 | ce6721aef03171b3363bc409bb925329cb629b076afc571b618e9400a2339ed5 |
| SHA512 | 5455dbabf07cdb9d35b0e9c1c747fd02c3a246841b44016935746dbf98e0b1ff182af36c6d99561a365eb62d76a3201a2ab0b1fdb9db1de7dc13ebca81bb2bb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 1825a5ca8f994c1798020cd93c021635 |
| SHA1 | 41acf18895ad47148f5bb97318d7bb772b693ecf |
| SHA256 | 3806eead6ff35be4688b1366e79aee719c4abbc9b2d05ce34cec9c12a41f50d8 |
| SHA512 | 65e8d3cfbe6964b693ff5f3e05935637e8184d4b180880fa05b863b26367bf17f75191cded95530c2209b88e6b775504fc65fadb349b11da9668475b7cb23aa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e94390cbe2da6288160fae40191b4862 |
| SHA1 | 84217998ef72be5696235a3c69b15b9259545bff |
| SHA256 | 481edc4d8a1d5ab54416177e986a2acf1e5b2bb37122860d46c845c856a9cdb4 |
| SHA512 | abc4cda85847e6fc12bac912b868d805ca881542566eabadb9cc6173368e647014c1774c65fc674dbd7b50598c0b84d7ed770e37c8f0250b1248bb2398441894 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4da8325322a7dddc80ee354078544f0e |
| SHA1 | d22af86f1596ef89fe9ed04ee28ac0ff0d3f2fb3 |
| SHA256 | ad0ad91b074d320a670b4ee7c473f61f2d65ded200a09767fefa00c9e3766ba3 |
| SHA512 | 8644df8e5b6a20af93724ac99faaf7a595e35aa082bc75689ef7306a541815947ebaa0ded8be180b0d1e32028347654ad711d693497534a058b552488da87466 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7eb9ad660cb6140e9f1c9440cf21bfef |
| SHA1 | dcc1ad54417a4d771129a3600efc923d67bf2f6e |
| SHA256 | 58588b76343a46107cfeacc9551931f4172f31c5807997e2e3b028e6d0ccd786 |
| SHA512 | a58d28f0a8c5de7ff6b5faac27117e83ea2a561c04a85bd5c7fae3557c39d8f984e254b6d0bf9ac53a6fa1491d936fdb799d4fc1cc7b3ea3dd088ef20a887af9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90091ec437a9231579cc8f705e163a42 |
| SHA1 | 002b01351d9a101b31cc104d4e7bf2cd48f13bbc |
| SHA256 | 9c9f1898250fc0ca043434d41ae1e2e87b76700fa1b8b932a0d9b895f0641e50 |
| SHA512 | 94f9fb98ec02d925c90af5777ac3c983c14d353624d821ca808b2b8b66c6a9b3921f7af2351f59751d9da892e8f56abbe3ea29ddc95a68a887c2dbad91cc6eea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ca912f6c0acceecdcc47feb48c8f1374 |
| SHA1 | bc050e10c8ea750473792d9bf0f91c92a49f1c2d |
| SHA256 | 8f28e29d77ed723004dff8ecd61fdb9205666f044c6d945afc4c0a61f8bf6a03 |
| SHA512 | 7d65b3f5c394abdb17486cf5370e5d4957d217801e7a68836bd89532f97afedbe5dd4d00264062be1284af84bcd69472a93225e67b216f0da493bb6ddf249a15 |
C:\Users\Admin\Downloads\bin.sh
| MD5 | fbe51695e97a45dc61967dc3241a37dc |
| SHA1 | 1ed14334b5b71783cd6ec14b8a704fe48e600cf0 |
| SHA256 | 2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6 |
| SHA512 | c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4c1aedc0bf22cc344838e68d1d7b384c |
| SHA1 | f041777dc185885f5fc82f35e7191f78de30dc00 |
| SHA256 | d3128eb2242429e1e6a5ee7254fafc76620a9dc6556423549975b5296a2e1601 |
| SHA512 | 62cc025a83dcddc31f5683f91925d05e27f325a2dce0ba74d5d8b51dd13a23402b3596333c1febced9d99394cc3f1352a81771e4c095a7d6ce632bdcbcd4c36e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc7ec737620400e0c0f17d19d543bbf9 |
| SHA1 | 2103f37b1584206ff7e64de371b4612d0b279a34 |
| SHA256 | 3926642f55b95e29c3c788f2d998198cd15794ae20da32b3e4423bb2acff4777 |
| SHA512 | fc036f19eec372d181fcc651fd8e89811a07aa961f465fe822443e6a8a29b7c9270dba1119dfe17195fb94b341ec1e9c8656b746a2966a1348fa8877d5c60941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a19759fd18a5a40fe6cdc255036d2026 |
| SHA1 | 61ada6dbce6949e58a712bb2cc957630d5c210aa |
| SHA256 | 88a347ffc90e63db8f22905c2ef413e3b893aafa4c80ec9d5f258646c27b6ddc |
| SHA512 | eae2788bb5a764e83972633d0324b0fd88d2df4c2ee076829662e031f0ef1096218553fa14e0cc108da8237fc37016ef9c13e4c6482e86c7129e93aed5138a94 |
C:\Users\Admin\Downloads\bin.sh
| MD5 | fbe51695e97a45dc61967dc3241a37dc |
| SHA1 | 1ed14334b5b71783cd6ec14b8a704fe48e600cf0 |
| SHA256 | 2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6 |
| SHA512 | c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4ae7117893bf21a31ea9058a25560f04 |
| SHA1 | 18cbf124dbee5fc3f9b5c1bae2e6c338a2dfacfe |
| SHA256 | feb163c1b56e18fe90e542e0ac71cddd5cab49116e1acac7a78eb1d50526a7d6 |
| SHA512 | ccef8cc209e6e888e89fc0f4386079f3d6c406813560e59a74217e5061119719733af9a5c1cc629f601d0b5cff10f68f469743d2a93849633f9a44ef5effb551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a090e599b83b50167396f124db9bbb08 |
| SHA1 | 40a4e5b4ec99b6c4a5e79b723de5598e3c24d52d |
| SHA256 | 555270dfea22ee7985f0108d94468ee91677c2a25bf9f26ba10efe620ee7427c |
| SHA512 | 341a1b81f227ddbb40080ca376234a89161e5d4e24ac84203be11e8263ea6e08f840eb9385a940171aaeffb346612880091ee76b3e431116cdc8e16656b3e854 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8858663fe92eb6e579d3e19a2693ad5b |
| SHA1 | cb8e4e54c0fc3535ad75d98bd39fa914530a41f1 |
| SHA256 | 87dc7749a1a05602f9578db2649f00b8bb3229592e4910f346f63aad1e178232 |
| SHA512 | e926c1c466efb4dfe510d1f9b0240ba33e4fd2adfc33fec06271e22ba33d1264876007f6f050fa9e150c1aec93af5731f7fdf514037e5b7511cb6d6aef086f9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 54714ac2d30a4fae723250f07fbd35fc |
| SHA1 | 9a4c2ee1b339f95b03f6f930e6a12eb75af3339a |
| SHA256 | d29e8e7e76eb20de678f690b3dd988cc0e5d781ae5d001aa634f2aab0d70b23e |
| SHA512 | 5ef3a51e1bb025ccee1e710c21aa6cedf58b489dcbf3d84dc0a9f5ffcec31c39a968d627d1f93a066e20dbe010a9ed646c7aaeea142eef39e1b775c9b0abab4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067
| MD5 | 44d537ab79f921fde5a28b2c1636f397 |
| SHA1 | b2879f9e1d0985a96842bf7f55a2b2cc4c636d04 |
| SHA256 | 3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be |
| SHA512 | 08836d89ba7c7b7645c9de36e2e856cdc31fbb1c3a4a83045848d772720b98d352fb11182471161ef07d01739953a6320355ffecf25a06881bb1111ba02a73cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 306738fbac4a360f69943c39a6f81cea |
| SHA1 | efeac46a7c603520684b7da15debd84e2a3caaa7 |
| SHA256 | 26bf5800651788ca15e178e0cbc8e6afe2bff5ee3010e05a157ef03b25ab3af7 |
| SHA512 | 1e28f9542882b6f47dbe6199ddddbe3bd68ee937c870e710a9bc0a73250eb41b7f347e22e4318bfd304773b3e4f0b1c5611267d2e6c3449681337dd7e2505e67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cbaf78371818d64d1173bffe9e2b2500 |
| SHA1 | e575ffbec0a7d86b9ec78c3ad21a9390e12eb21a |
| SHA256 | 3d2689100c343e622390ea40f95fc14cb8dad4a3c35c25603af1600a88dd9ad9 |
| SHA512 | 062f7f16a9fc49ad568168bddd27eb1209e6edf017b41293f5f5475e695dd27f0382581cf728b53ec97732b9002a6d9e88c1d7d65aa74a857a12b7c2e6bee262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e04fe38909bfe09f71b0b67bf4b93b0 |
| SHA1 | 3f30e370c694b9ebc493826e47ca2ad7a99d2b3c |
| SHA256 | 85b538fa2202cc83dae8f7a11d981912d64704ed44acfdbf9be244ae6ff6d6ab |
| SHA512 | 1f3c0fab332e5158264701f74aebdb72f73abe4b0d38604c6407d1d5a94698fe3793e4e8e198b7c3d12bcb53c62bf1d9f29ef499f11d46db38470efa9c410fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09f16a60eef5e50f6e1e53bebb064727 |
| SHA1 | b71497db2ecce553d2f3376624ebb474f078f5c5 |
| SHA256 | f7d6ecec088212d5e2db84ee90b5a24f11eb88ab002c150de1b72c67750b3879 |
| SHA512 | 72efa4a862caddf2d0f8713bd043bde0086f94250b1697be23d905e82e814c74c547a79fa5112ea0d923190cc57a25d96baac0f6b232f2f7cdb0f5bcf36d8322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e66bec850ff47e6adbc88337f5793750 |
| SHA1 | fd059e24bf22dfbc0d259d801ec23dd3a8c3820c |
| SHA256 | 9262890ec2eced350e90326989ec7bb3c64158ed622aa11b6b96dfc28b5cf771 |
| SHA512 | 871d154e1b87820f4221f1561b73791878b1c2fccdfc2825f71e51873b90c5f55aeb0247f4d9d36afeb7874ff6243c2dd0e92ffd445b6d501363d79921af710b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a6bc844724e83787f12a6d8c086a059a |
| SHA1 | 1c43db2625bc3ec0f3a6a7ab7f0855f66b200b2f |
| SHA256 | 5fdab7d4854d72c28166bd027fadc2dc8ebf048516fc8d96031217da0c050001 |
| SHA512 | 8580fac5cd86fe5d01468ad1cd87ebd8cb2ef848aa77dc454fbf52440ee3d82da9f57e0e94b63a0bfd0d411e3c7a6818c0fddcc4dacd2e4182ffbc8767c31fbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f102b3711cb09ba5f0fe90e26bded2b3 |
| SHA1 | 09e794037a1d83c25312dd123939f17afa0f7113 |
| SHA256 | 8d940e8f3fa31af59788bf281bddb3e3f44348cd343237f9eaacd252f018f99c |
| SHA512 | 3959b90affc564633026ffa2d059be8c1b432bae3ddc2d03a9f16e2462615b6195db57bdd6af436c35af7893b9569e69adf5c94f8d9f470949fa343296d4d872 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | c2e3c144f359749c9e9808eca64257d2 |
| SHA1 | eca75b3ce4fbc041f8256689a81c7dc2bc5cc2e3 |
| SHA256 | e42091356819da9dfa73cbbf17d2e9e88da6eda201c38627165d29baa04de1a5 |
| SHA512 | cd717f7115dab4fd4ac7ec6a85915e6ba803ed9fb10313d8315637e95b46ff3859e4bda3247fb11137f53c94ef4dd74a49f5b7ad51acd1a6a201161d2133f3f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 58d4ec17141f90f940c0c8cf1babf0c4 |
| SHA1 | 188d4da38593a7fbffa950c4d7017a40bca8e8f1 |
| SHA256 | 07a29e19ab31e312a9bbe223588b66408531bdca831a97fcf79fd30206010d4d |
| SHA512 | fffa1a79c33b2212974a50474a1798a20e0667befa77391f97124347bbefd4bb7785e747aa02482240cacff1a5305c4d92702c7467554a0f0e7660105e8b9a24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33f3ce0170937eaae8c006f0cf8d2609 |
| SHA1 | ea9ca3bb0267b552c1fc12aba29bcfc5ad5a2025 |
| SHA256 | 9f99e0ae4cf5f21408a032a39ed604aca8261de1339c6ccf82fc653dd8d94eb0 |
| SHA512 | 4dc46db227aa743c522a186ed16be05c2358f09173117263a256c82f5e2fd6ffdcd6e6bbadef0f684991fdbd9a6c6a87ced403dd84385767da44400bed6dbcd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | f0d11cde238eb54a334858a3b0432a3f |
| SHA1 | 7c764fe6f00cab8058caeba38eb7482088a378f4 |
| SHA256 | 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96 |
| SHA512 | b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fc69b565ff77af8d9b76dd0eba3e10bd |
| SHA1 | 2de3e07c699153a8e5102b9574ea6b46bb901562 |
| SHA256 | dacbabe3337d1a6fd50157bb640cf91cacfd72c98b7bd99157bc6cf7140e4c82 |
| SHA512 | b682bbde5de7340403b4d56a3eefb862dfb4066c5eaf552ca9a7a1fb3fddeca28ecfe3f8ee80171c2ecec0107d05ec9f21450fdf93e4b96be04c1a1c1574ad8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4bd022d9420dacf3172696e05e7da21 |
| SHA1 | 90dc1fe97a0305e98d777e85b6727f7d0b646aec |
| SHA256 | 5407e0015051a8cf8947f66b8484f6d5b884600448a473d572cc3b169abfcf75 |
| SHA512 | eea85d58caae60ff9f175a67a092edb4fa3ccea6154c416738c5e7288610fec40e2ec7de9f0ae3dae7ba73f7b59eb5ea5513c5e0d06ed86f116f9bb34422b01c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_be.insight.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aafa076e0c014e129d24c007cbda0cc6 |
| SHA1 | f6b249b851ae9e4cff46a9d380b9e89d5df2cd3c |
| SHA256 | 128f6314e28fe84bd1e5ca895ff98c8aafcea026710a7669d4b04d2c43bc5fb6 |
| SHA512 | dd5d5d364ddcfe3c7aba11b0374cd3ff6e3a882c81d7a2fb7789537a535e697c8423120018b786232d7e7eb6437ca2f24d00e8d9f7048b745468e3aeba3fcee8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c1bba85cab68aadae72144a9433ec3e6 |
| SHA1 | 6d3befc703fc9f81a3ecc136dcf12c598f41d44a |
| SHA256 | 0ca38b496224fa7cadf3177f3a1724d12ec816ad192d6809fbcca37ca261d99a |
| SHA512 | 2203d394b089abb5b95438ee4dfdd22275cb5793a1de2fb918e27ab1845dde8f54aade5c4d9b92db7da3c0381fa71ddd01340f49b7d67637b0a8a4935cd8d05a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a9d83a317f13c78c3bbd04ae2d2d7f27 |
| SHA1 | fd38b85be9e55cbbe8b41eecc3c61ed37fb9656b |
| SHA256 | f67eb2034d3c38c1cd41c1037544b94b2e3b95f6ef2492265bd7cda15f4e6eb9 |
| SHA512 | 0b3a4c4bccde0dad025d7e496538220f6d007cf57f1a1868e6ccc02530efc4399d7892276264407a1847c0c32e8d0f5c10d19e0e5ffc3dc5ef06b9a332dd3b63 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c3c78d2e49231c54d76e99883e963768 |
| SHA1 | b57d10deae0b72a7750b9c000183831074dc9005 |
| SHA256 | fe8afeaafc29fdb51593556d112e19d1018f0a5706ac51725bc57f50d6c81899 |
| SHA512 | 2f0c338ee79369b67a06c7add18a730a3832b27060185cc6160c8cba8e90bff495ce58d1df5988691e758fcc0381e0f7b6570e9192da66d511d7d05e3106e79d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | df519e8082e4255b8ded24033be7ff31 |
| SHA1 | 187242189c171cbe1937e0b2dea2d743a3cf40a0 |
| SHA256 | fb2c934414889228e331c6ef8ecb9e0d91b63a2120035d6e0a2a66d347fcb7fb |
| SHA512 | 2cff347a871e880ca637b1e1d77baf42d5ce141579f256f7f81045d89ac2cffaa3123a8f8a4f1e3590205429f151b87f2833ec9f3c7b034bc5de71cc097e580a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 080a8d078c24c45aa0cdda4aafc8a363 |
| SHA1 | 9efa4275c37f45ea2d1ce448a56e0be52589a349 |
| SHA256 | 296e0ff3a55afc6e04fa5cb9b38ceeedff10cea9821433373f1e2820deaa85c3 |
| SHA512 | 1c9caf7ac79ee84b40ca3884677f62699694950cd8e34e1781e65a3879aba770b7ecf5c02c2318df97b87dac663c85342ba8189353577d5265b2e360a2642a98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7589eac6d25af3bdf0bd794da4e4ecb0 |
| SHA1 | a8eb6522bc8dfd65cf0cc2f0adb34fada34bd137 |
| SHA256 | 8f4ecc38b22269762fc5e0b752f1c194d41353235458c31831a2cfe987af5d68 |
| SHA512 | c4f2e91fad6cd453121ee0f0df1067f0595fead43679caa1471a69bc3eb2da725cf60e2149d4d85821f268dd157372528b43239e329bf2ba09704240b4250c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7054c7b6ffc9b6c4_0
| MD5 | 412e01d7d0c9cad552122c8485701ab5 |
| SHA1 | 6c88d657868e10e6a5925beb2e56350ce55beaa1 |
| SHA256 | d6b8d9f805a30bfb2b6f2efbda40816175594e5613dc8347b11371516ae701d5 |
| SHA512 | 100852964739b63578ed5f060b7656ff00af6cb56716ab09936069f072913d481c66783a26d0678683ddb96a85cd4f82a47f2fd0df132b5eabb4dc93ecba8116 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | bba318c5790199c432038ef280f5c1d8 |
| SHA1 | 633d1820f84620c4f951cceb275376652a4da024 |
| SHA256 | a1b68c72bdd223103d4b244ccaf3a949d2a8ae8bea5ec08a0e29b12cd432a529 |
| SHA512 | 470220fa7e7833d7ad045b801ff5b7c156a3c1a74fbb2a79085817fbf5017149c900408b8ffdcf52104336e75b86937d3d18b5b1acc0aabb163d7b43b15d4561 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b78572c02a866be6_0
| MD5 | dc30db9a7ac01064e2ea5a7c0891dd97 |
| SHA1 | 4cd932f6dfabc7ab8fc1f37b829a13e393b43952 |
| SHA256 | 0b374ae0681fa0eb0ae6745a5d55854da41a9f0cb914f009e3d32f9a7bee7dff |
| SHA512 | dedadbb554a81958f929f3ea22171d71acf75580fc06754b49e3b2b1675c7effcf49a593a891437cffee67ba8d3c5f025e71bb883f046fcb4c76f007d8491797 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | c8736f89abbdb62a52fdaf20009bc4d1 |
| SHA1 | 94a012fca23d618f590e01ee155764facb86ccdc |
| SHA256 | 0bf7a595c73f1358f6d76ce5f27b0488eaa6ed06acdfdae8c2a5e5f4eed351bc |
| SHA512 | b765b552af812281385547619709dd1b837e66b40da9bc9bcaa91c591cbe9f7b11b88f4a83fb78493cc94c5eed03a98c937985ea0ffa88d063c737ebdd4a033f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b1a3ae830df47d3e697f7342061d31f8 |
| SHA1 | d671fc382355fe988f6331c72b0be9172d17a441 |
| SHA256 | 4128549a57ba5f88946d5c09f8f71988d3223dc613b806c6081d14907a9247af |
| SHA512 | 9542d05c9b18905bf5a18da45e830115b9f941daef7be128b47eab510bcc60de9b8b79248f41ef3a79b3c31641e744e4f0146a26ac83b53d1f3f8080c8befdb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d2d5d6bb90c476784f2a602f3841816 |
| SHA1 | 0f3fb66f2a170ffb0181b37511450c8e346314ed |
| SHA256 | 0bf9f19fa0d78a44923d81b0ad573e7eedd3db04bcac5fa1f09012c38603be47 |
| SHA512 | a208fafaf32b24d26facdca3549fc670230e0199b46e6518a38bd16337b9730e9b0a580f90ce53268c77f8a865baa003dc83fbb9cbe28c492d200933c2878109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bc7c204e1ca8063ce3a1d9f37c5ea14a |
| SHA1 | dde2030039083ab91d603807e870461b8bd20179 |
| SHA256 | 20bb97ccb49edfa8b677619107bb4741c16e62c60e1873661597aa50e4666fee |
| SHA512 | 54a9826ec3b6b8085ee05179cfd55839d47ca55c3e271c1ff16141c296790e19354cbfe62cbd416205af651881b2078681bc9800a38a95e1725b39f6548857ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b59fb8d6910039d5d50f66b0a18e540 |
| SHA1 | e1f148ce8f32acf7efda924c440755ee8cad1c13 |
| SHA256 | fac3f9c1ad73b568e7e6621450714c2ac0d6a27149025a51c3abe76b05f58c6d |
| SHA512 | b7f92a9d99f03005932e5914905748eabb113f82b549af94c9183d3d26d7dbbe195e76c02602363cdf62009640d01726c492f786229761e6588d90e4c674dd8b |
C:\Users\Admin\Downloads\Unconfirmed 441750.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 89ecd854806be8f42232553fdece1550 |
| SHA1 | ced531f489683dfecd903332d3b57d05cf6bd766 |
| SHA256 | ca68f51b691cea119a58c1fd483749f83c9b9aaad54bdd85719a4f0beb099fce |
| SHA512 | 7767b834479d5be951aab848705881fbcb3c7c2573363659de7c9c8fba2d9b47d34c32d04a0c324dec93e2ef370e7e5da5787d6d493ce426151099f78eae1aec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f0fb0353c3e0f72df1ef522009e2aff1 |
| SHA1 | 9e1eb96cc96de5e13307ba23a8c4ddda2c116b49 |
| SHA256 | 07561126fa97569f16072b042b7187d2fad0ff96547bcdf0f41aca6a8bd0dc3c |
| SHA512 | 64504ba5537222b6ce059707344fb5b3628b5872c965cfa8e5a3464575e45f0c4ce71dfefd9226aabcead305f5d6fdd17069077132bc74dafed5d5a082154d19 |
memory/5000-2693-0x00000000001C0000-0x00000000001EA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/5000-2699-0x00007FF9B3860000-0x00007FF9B39AE000-memory.dmp
memory/5000-2700-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp
memory/5000-2701-0x0000000002240000-0x0000000002250000-memory.dmp
memory/5000-2702-0x0000000002240000-0x0000000002250000-memory.dmp
memory/5000-2703-0x000000001D300000-0x000000001D4C2000-memory.dmp
memory/5000-2704-0x000000001DA00000-0x000000001DF28000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b39f2438ef501e08c4f28b98b5dadbad |
| SHA1 | eb92e874446935b601d875d21e348f42f8e1f66b |
| SHA256 | ff12c9bdf016e1fa9d14dd674068099f59a7accf91a5f6b8f7c1ea20a2e16ab5 |
| SHA512 | 84aae2f97345d260cdf104ae4e757d4fba08461fced4605b037903f4d272a14173a4cded6b10090f97d93bda4ba9c142ab596fb8b3221df98d68d02905329d30 |
memory/5000-2723-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp
memory/5000-2724-0x0000000002240000-0x0000000002250000-memory.dmp
memory/5000-2726-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp
memory/3900-2732-0x00007FF9B3000000-0x00007FF9B314E000-memory.dmp
memory/3900-2733-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp
memory/3900-2734-0x0000000000C70000-0x0000000000C80000-memory.dmp
memory/3900-2735-0x0000000000C70000-0x0000000000C80000-memory.dmp
memory/3900-2736-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp
memory/3900-2737-0x0000000000C70000-0x0000000000C80000-memory.dmp
memory/3900-2738-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\baec058c-93a2-4c81-8679-5200240315f9.tmp
| MD5 | a5f19205374e2549ecaa4782d3c03e8c |
| SHA1 | ddfe6923bfa579581a3d13f0ab031f489fd77cad |
| SHA256 | 4f61db7f70c3c65b3aa62d2b9739cc7ea753154d41cf7ed5f4e5b19554a78552 |
| SHA512 | 7e97b2fb2cd6525cf9fbb5a28142d198c4c0d2ec06ec27e4b541bab161acf2915bb69565e4c79023b57755d16a4e9afc82f7476759d44b56a292536802dcb9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dbe70d2e1ec77a859711b9026cc3e87e |
| SHA1 | 21144ddbfab61bc7465a9f8ceb1ae8316a2b8c38 |
| SHA256 | 1572ce0e8bf18d480f80a08e95df86f87d845af76914daf5351dd204d4a6b6f8 |
| SHA512 | f22273634f5b32d7f41b2820f1f2f7e442b155651ea0bbd1436cbcbbbe5a26072c3d58853c9689dd53a62c91f4d9cebbf5e95ab3e58dee3b1046a4b4bb5dbda3 |
C:\Users\Admin\Downloads\Unconfirmed 291726.crdownload
| MD5 | 38ff71c1dee2a9add67f1edb1a30ff8c |
| SHA1 | 10f0defd98d4e5096fbeb321b28d6559e44d66db |
| SHA256 | 730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a |
| SHA512 | 8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4149fc03d651d2fe10d1353f2541627 |
| SHA1 | 245fdcb7f563b8ccc9eb0dcf8002ba5d1489309a |
| SHA256 | 0783eb3ebd50943b501c1bc90e75819918be36a89e8f4497273dfc81e321587b |
| SHA512 | 27bc1228e6361aec79c28f3326e312c96e4b6ce080fbe150bf226ef768858783871498905c283dee8203fccdca10ec7529eeb7a79fb23857d105a759d2c8675a |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | cbf8f2f6547d366e97ad3c300245a0be |
| SHA1 | 15acbc163ccb93943074745c8447d6f59f0745af |
| SHA256 | 9207e30ee4ee85d861527aad9599e017bdb7c16009299cb06171448e7b4b9276 |
| SHA512 | 1b65613d425d10ecced82f01c715ed19d9b5ce0acea9411af3ba4aac1853dd03f59ad3a21965dba9c2496e70421f02315b36c367b0cd1d3fceeef523c6b0c0ac |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.dA4100
| MD5 | 64a194eb1b021e86dae01c1bf67ee959 |
| SHA1 | b15ffec42637d9018a3ba13795e5816c756631d2 |
| SHA256 | f4b7e71ad5fef2f7c1f97ca57d693f05e8906e610525a5995a412b2d09e5ff0b |
| SHA512 | 487f914f0978ea37f2c1c874f19a28595be86dfd169b717d36d8c5f8211132517a393f0c76a3b0942f6402b6b27d79e035c9136929ae11a75228eee00c045ad6 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock
| MD5 | 2887f2fda9d1a45299b4c9ccef101ebd |
| SHA1 | 61c4bfc4099cdd2565fbfb4c550d9b7e8e9429e5 |
| SHA256 | e079099ffa7f60a1b8721a395762bd5ba47c96efd80514b8cb95f08fa1269ff4 |
| SHA512 | cfe539f6a20e7b33080aef341bbb4a1d6f1e5cfba94ff0356fd6253b5294d64f230c111e305aa7d12348c36c6bd11f0f3ec18d5602a7c35b57760e16ec22aee3 |
C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt
| MD5 | e20f623b1d5a781f86b51347260d68a5 |
| SHA1 | 7e06a43ba81d27b017eb1d5dcc62124a9579f96e |
| SHA256 | afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179 |
| SHA512 | 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 4b2e6fc105037c73fa198698d4468de4 |
| SHA1 | e2a4c007b9c77de7e8a10a82331718363b6f1307 |
| SHA256 | 7387f7b94fdd60273ab43f17c13cd0d56c51701063f341064a83b8f7b6de33e6 |
| SHA512 | c7d524e8f9fa42ac8ffe45f2e61047833f20e7c729dcca48366cb278058d63b936527703f97b74b05ba533dd49065c8892c876d00c27cfb942bddbc3034c792e |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 610ba8408066f9b00f6d23c1ab991eb5 |
| SHA1 | 2c6dea4e3871c3cfdaf4d3b9f7570f410676cc60 |
| SHA256 | fb872ab0d1f91b1a1876aa719ca5d39876178c7920d53d2880b63e0946f98716 |
| SHA512 | 4bf5b9fc60b486ac5f3303c68f67bdfceba76f2c8554d712225d881ccabc3a10811d1c16e061dccb39e714ced314982416489111740a2dc46c8b4c9a639242ce |
C:\Users\Admin\AppData\Roaming\vlc\vlcrc.4100
| MD5 | 478a4a09f4f74e97335cd4d5e9da7ab5 |
| SHA1 | 3c4f1dc52a293f079095d0b0370428ec8e8f9315 |
| SHA256 | 884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974 |
| SHA512 | e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1 |
memory/4100-3059-0x00007FF6E8CC0000-0x00007FF6E8DB8000-memory.dmp
memory/4100-3060-0x00007FF9B47D0000-0x00007FF9B4804000-memory.dmp
memory/4100-3061-0x00007FF9A72A0000-0x00007FF9A7554000-memory.dmp
memory/4100-3062-0x00007FF9A5200000-0x00007FF9A62AB000-memory.dmp
memory/4100-3063-0x00007FF9A4EA0000-0x00007FF9A4FB2000-memory.dmp