Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/pz52b239zbc22xi/VantaCheatsv1.34.rar/file was found to be: Known bad.
Malicious Activity Summary
Process spawned unexpected child process
Irata payload
Irata
Downloads MZ/PE file
Loads dropped DLL
Drops startup file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Adds Run key to start application
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Detects videocard installed
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Creates scheduled task(s)
Checks SCSI registry key(s)
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Collects information from the system
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-14 11:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-14 11:52
Reported
2023-12-14 12:12
Platform
win11-20231129-en
Max time kernel
1179s
Max time network
1181s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\tasklist.exe |
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScorpGen2.42.exe | C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsDriverSetupO3ED1v = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\WindowsDriverSetup.exe" | C:\Windows\system32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | N/A | N/A |
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | N/A | N/A |
Enumerates processes with tasklist
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133470293693414236" | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1\0\0\NodeSlot = "8" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Applications\7zFM.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1 = 8c003100000000007e57fb58110050524f4752417e310000740009000400efbec55259618e57ec5e2e0000003f0000000000010000000000000000004a000000000013882d01500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1\0\0 = 4e003100000000007d57678210004c616e6700003a0009000400efbe7d5767827d5781822e000000198d02000000020000000000000000000000000000006cc48b004c0061006e006700000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000001bbdd9c8dd22da01994f62887d23da0110834067842eda0114000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\1\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481231979-493974313-2053705388-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 573350.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\e59a28f\winzip28-mf.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\winzip28-mf.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\e5a15db\winzip28-mf.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\winzip28-mf.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\e623a73\winzip28-mf.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\winzip28-mf.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 842566.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 905671.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\e59d046\winzip28-mf.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\winzip28-mf.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\e59fe6b\winzip28-mf.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\winzip28-mf.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\e59ff65\winzip28-mf.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\winzip28-mf.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\e5a14f1\winzip28-mf.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\winzip28-mf.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\Downloads\tf.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/pz52b239zbc22xi/VantaCheatsv1.34.rar/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf3323cb8,0x7ffbf3323cc8,0x7ffbf3323cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8308 /prefetch:8
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\AppData\Local\Temp\e59a28f\winzip28-mf.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3328 -ip 3328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 2124
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\AppData\Local\Temp\e59d046\winzip28-mf.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5432 -ip 5432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 1940
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\AppData\Local\Temp\e59fe6b\winzip28-mf.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\AppData\Local\Temp\e59ff65\winzip28-mf.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2476 -ip 2476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 1944
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\AppData\Local\Temp\e5a14f1\winzip28-mf.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\AppData\Local\Temp\e5a15db\winzip28-mf.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5248 -ip 5248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 1924
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8672 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10204 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\tf.EXE
"C:\Users\Admin\Downloads\tf.EXE"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=6484 get ExecutablePath
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=6484 get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1924 --field-trial-handle=1652,7759661200187433275,220204205879633880,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1652,7759661200187433275,220204205879633880,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=6484 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe\"""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe\""
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupO3ED1v /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupO3ED1v /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe\" /F /rl highest
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupO3ED1v /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupO3ED1v /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe\" /F /rl highest"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupO3ED1v /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\WindowsDriverSetup.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=6484 get ExecutablePath"
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Users\Admin\Downloads\tf.EXE
"C:\Users\Admin\Downloads\tf.EXE"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1676,6436650794560310808,6512769194723128267,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1904 --field-trial-handle=1676,6436650794560310808,6512769194723128267,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=8304 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=8304 get ExecutablePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=8304 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=8304 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11840 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\winzip28-mf.exe
"C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Users\Admin\AppData\Local\Temp\e623a73\winzip28-mf.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-mf.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 10084 -ip 10084
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 2044
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\VantaCheatsv1.34.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\VantaCheatsv1.34.rar"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\VantaCheatsv1.34.rar"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\VantaCheatsv1.34.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VantaCheatsv1.34.rar"
C:\Users\Admin\AppData\Local\Temp\7zO49A1A2E4\VantaCheatsv1.34.exe
"C:\Users\Admin\AppData\Local\Temp\7zO49A1A2E4\VantaCheatsv1.34.exe"
C:\Users\Admin\AppData\Local\Temp\7zO49AB8CE4\VantaCheatsv1.34.exe
"C:\Users\Admin\AppData\Local\Temp\7zO49AB8CE4\VantaCheatsv1.34.exe"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1708,2546169826375954682,6545879400250245996,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=6544 get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1088 --field-trial-handle=1708,2546169826375954682,6545879400250245996,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=6544 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\net.exe
net session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=6544 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=6544 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1744,13796380401496167456,14601276225824665177,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1932 --field-trial-handle=1744,13796380401496167456,14601276225824665177,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=7488 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=7488 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=7488 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=7488 get ExecutablePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\7zO49A16985\VantaCheatsv1.34.exe
"C:\Users\Admin\AppData\Local\Temp\7zO49A16985\VantaCheatsv1.34.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,15709775281243914330,17570300805189962561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12176 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1764,699157846149622754,11697231337303722314,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1952 --field-trial-handle=1764,699157846149622754,11697231337303722314,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=10180 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=10180 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=10180 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=10180 get ExecutablePath"
C:\Users\Admin\Desktop\VantaCheatsv1.34.exe
"C:\Users\Admin\Desktop\VantaCheatsv1.34.exe"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1596,2666753420715820406,3567455578356152844,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1916 --field-trial-handle=1596,2666753420715820406,3567455578356152844,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2852 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=2852 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\net.exe
net session
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2852 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=2852 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\Desktop\VantaCheatsv1.34.exe
"C:\Users\Admin\Desktop\VantaCheatsv1.34.exe"
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1664,15643844093208355448,14483473504984854137,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe
"C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\ScorpGen2.42.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1912 --field-trial-handle=1664,15643844093208355448,14483473504984854137,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4636 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4636 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 172.67.144.62:443 | the.gatekeeperconsent.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 62.144.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 172.67.144.62:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| HR | 65.9.191.84:443 | cdn.amplitude.com | tcp |
| GB | 142.250.200.46:443 | translate.google.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.19.214.37:443 | otnolatrnup.com | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 172.64.107.6:443 | go.ezodn.com | tcp |
| US | 172.64.107.6:443 | go.ezodn.com | tcp |
| US | 172.64.107.6:443 | go.ezodn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | tcp |
| US | 35.160.124.191:443 | api.amplitude.com | tcp |
| DE | 18.185.173.149:443 | btlr.sharethrough.com | tcp |
| DE | 18.185.173.149:443 | btlr.sharethrough.com | tcp |
| DE | 18.185.173.149:443 | btlr.sharethrough.com | tcp |
| DE | 18.185.173.149:443 | btlr.sharethrough.com | tcp |
| DE | 18.185.173.149:443 | btlr.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 18.159.167.212:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.25.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.107.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| BE | 74.125.206.154:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.206.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| HR | 65.9.25.57:443 | tags.crwdcntrl.net | tcp |
| IE | 52.19.8.73:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.77.9.4:443 | bcp.crwdcntrl.net | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 73.8.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.25.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 92.123.240.21:443 | contextual.media.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| GB | 142.250.179.225:443 | 9436e633a2ab27917c48c68b4857c4c5.safeframe.googlesyndication.com | tcp |
| FR | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| HR | 65.9.19.16:443 | cdn.prod.uidapi.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.187.198:443 | s0.2mdn.net | tcp |
| GB | 142.250.200.34:443 | www.googletagservices.com | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| GB | 142.250.187.198:443 | s0.2mdn.net | udp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| US | 104.16.243.229:443 | store.winzip.com | tcp |
| GB | 2.16.56.54:443 | www.winzip.com | tcp |
| GB | 23.48.165.153:443 | download.winzip.com | tcp |
| GB | 23.48.165.153:443 | download.winzip.com | tcp |
| US | 3.94.0.59:443 | installer.corel.com | tcp |
| GB | 2.16.56.54:443 | www.winzip.com | tcp |
| US | 104.16.123.175:443 | unpkg.com | tcp |
| US | 104.18.130.236:443 | cdn.cookielaw.org | tcp |
| US | 104.18.130.236:443 | cdn.cookielaw.org | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 35.163.134.181:443 | www.installportal.com | tcp |
| US | 35.163.134.181:443 | www.installportal.com | tcp |
| US | 35.163.134.181:443 | www.installportal.com | tcp |
| US | 35.163.134.181:443 | www.installportal.com | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 199.91.155.40:443 | download2299.mediafire.com | tcp |
| US | 199.91.155.40:443 | download2299.mediafire.com | tcp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| DE | 18.196.84.70:443 | woreppercomming.com | tcp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| DE | 18.193.251.98:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 98.251.193.18.in-addr.arpa | udp |
| GB | 142.250.180.14:443 | www.googleoptimize.com | tcp |
| GB | 2.19.147.122:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.19.147.122:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.19.147.122:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.19.147.122:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.19.147.122:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| DE | 52.222.191.120:443 | static.hotjar.com | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| IE | 163.70.128.23:443 | connect.facebook.net | tcp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| GB | 89.187.167.9:443 | tags.creativecdn.com | tcp |
| GB | 88.221.134.112:443 | snap.licdn.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| BE | 74.125.206.154:443 | stats.g.doubleclick.net | udp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| US | 18.155.153.11:443 | script.hotjar.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| IE | 212.82.100.181:443 | sp.analytics.yahoo.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 112.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| DE | 18.193.251.98:443 | www.opera.com | tcp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| US | 68.219.88.97:443 | c.clarity.ms | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 92.123.128.133:443 | www.bing.com | tcp |
| US | 92.123.128.133:443 | www.bing.com | tcp |
| US | 92.123.128.168:443 | www.bing.com | tcp |
| US | 92.123.128.168:443 | www.bing.com | tcp |
| US | 92.123.128.139:443 | th.bing.com | tcp |
| US | 92.123.128.139:443 | th.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| US | 54.149.5.211:80 | www.nchsoftware.com | tcp |
| US | 54.149.5.211:80 | www.nchsoftware.com | tcp |
| US | 54.149.5.211:443 | www.nchsoftware.com | tcp |
| US | 54.149.5.211:443 | www.nchsoftware.com | tcp |
| US | 54.149.5.211:443 | www.nchsoftware.com | tcp |
| US | 54.149.5.211:443 | www.nchsoftware.com | tcp |
| US | 54.149.5.211:443 | www.nchsoftware.com | tcp |
| US | 54.149.5.211:443 | www.nchsoftware.com | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 173.247.253.164:443 | secure.nch.com.au | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 92.123.128.139:443 | th.bing.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 172.67.69.234:443 | www.ezyzip.com | tcp |
| US | 172.67.69.234:443 | www.ezyzip.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| GB | 173.222.8.231:443 | assets.pinterest.com | tcp |
| GB | 159.65.16.11:443 | cdn4.buysellads.net | tcp |
| US | 172.64.129.7:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.129.7:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.129.7:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.129.7:443 | ka-f.fontawesome.com | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| FR | 216.58.204.86:443 | i.ytimg.com | tcp |
| BE | 74.125.206.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| DE | 52.222.181.100:443 | c.amazon-adsystem.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 18.155.153.89:443 | config.aps.amazon-adsystem.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | buysellads-d.openx.net | udp |
| GB | 142.250.200.6:443 | static.doubleclick.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| IE | 34.255.82.165:443 | ads.servenobid.com | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 18.184.33.180:443 | btlr.sharethrough.com | tcp |
| IE | 54.246.5.75:443 | hb-api.omnitagjs.com | tcp |
| DE | 52.84.50.169:443 | aax.amazon-adsystem.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| IE | 3.248.109.126:443 | ad.crwdcntrl.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | 165.82.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.33.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.5.246.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.50.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.152.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.109.248.3.in-addr.arpa | udp |
| US | 151.101.0.84:443 | log.pinterest.com | tcp |
| GB | 159.65.16.11:443 | cdn4.buysellads.net | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.187.198:443 | s0.2mdn.net | udp |
| FR | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 104.77.160.206:443 | cdn.doubleverify.com | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| FR | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| FR | 185.235.86.177:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.202:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 18.155.153.74:443 | public.servenobid.com | tcp |
| GB | 173.222.12.26:443 | contextual.media.net | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 18.155.153.74:443 | public.servenobid.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| IE | 54.74.233.207:443 | g2.gumgum.com | tcp |
| NL | 81.17.55.108:443 | ssbsync.smartadserver.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| AU | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 18.155.153.25:443 | cs-rtb.minutemedia-prebid.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 3.214.250.236:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 173.222.13.62:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 216.52.2.16:443 | ce.lijit.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 52.0.62.191:443 | ssp.disqus.com | tcp |
| NL | 216.52.2.91:443 | ce.lijit.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 18.198.247.190:443 | match.sharethrough.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| GB | 23.44.232.24:443 | hbx.media.net | tcp |
| FR | 178.250.7.11:443 | dis.criteo.com | tcp |
| US | 208.93.169.131:443 | bh.contextweb.com | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | 16.2.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.247.198.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.2.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.62.0.52.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | tcp |
| NL | 89.149.192.73:443 | rtb-csync.smartadserver.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | udp |
| JP | 211.120.53.200:443 | tg.socdm.com | tcp |
| GB | 173.222.13.62:443 | eus.rubiconproject.com | tcp |
| JP | 211.120.53.200:443 | tg.socdm.com | tcp |
| US | 52.86.247.227:443 | sync.ipredictive.com | tcp |
| IE | 52.210.175.116:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 54.152.61.223:443 | sync.srv.stackadapt.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 64.74.236.63:443 | b1sync.zemanta.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| DE | 3.73.141.43:443 | x.bidswitch.net | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 64.74.236.63:443 | b1sync.zemanta.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.247.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.53.120.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.15.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.61.152.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.141.73.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.47.18.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.236.74.64.in-addr.arpa | udp |
| GB | 88.221.135.115:443 | aefd.nelreports.net | tcp |
| GB | 216.58.213.14:443 | play.google.com | tcp |
| GB | 216.58.213.14:443 | play.google.com | udp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| FR | 5.196.111.65:443 | prg.smartadserver.com | tcp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| DE | 18.184.33.180:443 | btlr.sharethrough.com | tcp |
| GB | 159.65.16.11:443 | cdn4.buysellads.net | tcp |
| GB | 142.250.187.194:443 | ade.googlesyndication.com | udp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| DE | 52.59.62.243:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.62.243:443 | btlr.sharethrough.com | tcp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| GB | 142.250.187.194:443 | ade.googlesyndication.com | udp |
| FR | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.198:443 | s0.2mdn.net | udp |
| GB | 142.250.178.2:443 | googleads4.g.doubleclick.net | udp |
| US | 18.154.168.104:443 | choices.truste.com | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| DE | 52.59.62.243:443 | btlr.sharethrough.com | tcp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| FR | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| DE | 3.122.124.148:443 | btlr.sharethrough.com | tcp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| DE | 3.122.124.148:443 | btlr.sharethrough.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| DE | 3.122.124.148:443 | btlr.sharethrough.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.192:443 | prg.smartadserver.com | tcp |
| FR | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| GB | 142.250.187.194:443 | ade.googlesyndication.com | udp |
| US | 92.123.128.150:443 | www.bing.com | tcp |
| US | 92.123.128.176:443 | r.bing.com | tcp |
| US | 92.123.128.176:443 | r.bing.com | tcp |
| US | 92.123.128.190:443 | www.bing.com | tcp |
| US | 92.123.128.190:443 | www.bing.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.187.194:443 | ade.googlesyndication.com | udp |
| US | 172.67.208.202:443 | openrarfile.net | tcp |
| US | 172.67.208.202:443 | openrarfile.net | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| FR | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | www.googletagservices.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| FR | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 35.163.134.181:443 | www.installportal.com | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 92.123.128.164:443 | www.bing.com | tcp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 92.123.128.190:443 | www.bing.com | tcp |
| US | 92.123.128.148:443 | www.bing.com | tcp |
| US | 92.123.128.148:443 | www.bing.com | tcp |
| US | 92.123.128.148:443 | www.bing.com | tcp |
| US | 92.123.128.148:443 | www.bing.com | tcp |
| US | 92.123.128.148:443 | www.bing.com | tcp |
| US | 92.123.128.148:443 | www.bing.com | tcp |
| GB | 23.73.138.17:443 | www.bing.com | tcp |
| US | 20.189.173.2:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 20.189.173.2:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 14e9465c402b5bcca1c1a5dfc22d7d90 |
| SHA1 | 594df1de88b4a29906adba222e4f86e8883015ee |
| SHA256 | 152b5faa97c13b54704dee55ee0a0f0e1b9aec33e899e91a441cbbc9af072ff1 |
| SHA512 | 4af6de55f21d41cc7c74ba97b6a9ee5ccce89a06139d7fe0b61f3cd7941f17968c17e448aa9f49694fb7efd4bd701e2e689147a2b6867cb2c63d56ccbb3dbd1a |
\??\pipe\LOCAL\crashpad_4104_QRBWXSSFJWKLGEUQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2eae5fe28a1668ef29c14630a175cd9 |
| SHA1 | 88517831e087fc5387c269f5c75b8d5771f1fd78 |
| SHA256 | b470e63816b86f4ff1f1d6f853e6e7c8505c43fbd4963218cc0a1b7623cd5224 |
| SHA512 | 8cfca4473ef947662e2ed4b62ab5769bc03d01b114ca514898968006e7cae26b4ead42b293af6ee54f006135a9aef2411c792a3b9575798d0c8901b8cc012ec8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 10c9ea9b8491168ccd33ba9ea8381b13 |
| SHA1 | d9267ab35f00a24d26a9aa033a708e7745824e78 |
| SHA256 | 0f1e091f160f1ebd4eb1dccaa9de9297bb9ae847281c0e3c5db1b72eeeebf43d |
| SHA512 | a9a5456098ce2940b24d77c380dba6f374016a72a9ace8b0cd1d96f556623729e27de70d971a2d714ed270073495eb5cb997bcb0483f10af17d823e113b5572a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 837d4c030f1d97d4bc51f68e9dfd7f4f |
| SHA1 | 97a3a9c285d62c7a28cd0af9e68ebe97b953a225 |
| SHA256 | 38610fa8c496153382f332b4472cc8db5137324ba768677b83a0df1a5807ba3d |
| SHA512 | c4ac207be706a1623085c4f8c8171691753188217bc099541d5c53e987903f775880f0f00a05a1f716f6f864b34255a87ba97ed21fa1f3e333122b3b6b52262b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\Downloads\Unconfirmed 573350.crdownload
| MD5 | 7f88c3ac069bd6f6a7134af19b2fa271 |
| SHA1 | 4e834a0aed18e65e3b201ec60972d23dcd37193a |
| SHA256 | b3996a0ae78cca5781ae2842d571afa51d79e04ed07e633973978d38e5b05b4a |
| SHA512 | 5300967dbea792920e65bd86a0bdab6aab7320dc934a76dce6b1276ffb26e68c53ddb1f43d1ee64cd8a527e1ac3f847a3917b460898bee978b2f88aae31b1871 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 438015b79b93fa02a061505d594593aa |
| SHA1 | 799041829ddd44bbb15bf02c7920dc5d5ae8bb4c |
| SHA256 | ceea468439fbdaac47291457af3edaae98c8f6da290807e980ccfa0cc37d000c |
| SHA512 | 0ec884b05ad61568cea1ffc8edbd39b938280c2950cc08bd0a0b810847faebbcdecadecb7655addafba8c39e9adba1c1b495e9284b34582c09e3b5af3e3a84f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8332cab81be633b1ff0ca027b7f8316e |
| SHA1 | f6fd48b9329f61166733dd665f094ef484455bcc |
| SHA256 | 81a79aeb05f2151e1384e946d61cd8e0dea342a5bb05ede811af331bb2b02835 |
| SHA512 | 212ea91d034e23e9fd69689eb3c6ebef1fea1bab17bdfcf90e31283b765da6a4eb0f503126b0abd4bc1b17a33072648be0b875b8137593da743692136468a145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bb9a.TMP
| MD5 | ac3a532ed0da6957094d85a92ddc1138 |
| SHA1 | 6f076d7f05e2905d95af314503048f529afbdab6 |
| SHA256 | fbe3cd28d4faa2a4ce65627617ae19036c2fd310a0252d4045f9cdd3caf0ccb7 |
| SHA512 | 8f17ff396014b59d12502c2d54c8ab957f12fa0cbf2124d21eb26326836f15d34c972e5b36d37b0506076166c49bdf14ec36abc2fbdc3bcd339834845f972176 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6aaf2bb9610496d7d497e45cbd21abd |
| SHA1 | 79e2eddcda39984b323856078b89d8424dc9eb73 |
| SHA256 | 07316e7da5ffa7ed2673dcf2e53760fc914f8dca6cbbcecb1b5faafbe68e1969 |
| SHA512 | 8205b85521a936710961b97386ba696b7859e680cfdc6f6fb22a35e73905c154af836390e57d2b670b4d6e9ecf37261a4b24a32e3e6fa61edd36e14a45e25fbc |
C:\Users\Admin\Downloads\Unconfirmed 905671.crdownload
| MD5 | aa0dd80b52350ce2dc06a024efaaa1e8 |
| SHA1 | 9175b3f6cd351098cfd1164c96b98d0fa187df6f |
| SHA256 | 0761ef69008ac67ee62ac659ab68e039e42445b749c53d36dc6d453b120b8178 |
| SHA512 | f14a03f0c7f2b34c7a173dc2c362dab8ce9ddf92e1f937ed18a592b1189331422a2cb54547e8b1af3801a4c8e2ec1a4c8308fea55494d546e1b7df29e751e7b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | d4de7cc22f786656dea12e864c35d889 |
| SHA1 | fbd59fa50e0016030e00873a58f8f4a7b452d7b8 |
| SHA256 | c909a5d7199ebd9412e82043eacbbd0ef418f00fe92aee776d0956f124f15e48 |
| SHA512 | cd213bc77ee966559fc41eefc5177b14f9bd146ba33479263979265a600d23798c980a3a6f038fc8e51fa4ad8e6a2228f1e76277ee38d96259e66cc346ab86df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | b5a3f8e712a5dd5bb8a1c022f5ef8a04 |
| SHA1 | f122ccda46ed261ddea58837a7d0cf929115e1d2 |
| SHA256 | c2e2c55ef893411fe79e1f00ea2799696f182d21a538f477ea84e3fde2f6a028 |
| SHA512 | 2b3247e7fbce364c03ee0e06c0a3f39dcf75cd83d187c5fbcfbaf8d6649d21e198d37521c14fc2dbb74ccff941a8c2f46e2ff8e5314bb223b8fd6dff4845cfd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 365261d620af53e3e8d81dacb2d8d72f |
| SHA1 | a75f038630d00600c556dc27c8540448e3562205 |
| SHA256 | ab8f34aa8ac26fb8e3563724d18b2209c9cdf02bdf4f657bbe0c21598746143f |
| SHA512 | 9b5397a6fbd72b05fb0a42ef98d8fb720307e845467155fbf27fbe5f52d79a6658a1cc0c9d8c78199cea6015ce91670a97ebad12c4dcbd0b5c90f846085542bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 25a97d66e679a34d4f07e45c328143cf |
| SHA1 | 598939aa59ec3283a54504a23106292ba25b2376 |
| SHA256 | 247df298d162aa005852b080c441de34fd28d1df825f4475c83a7b540701f088 |
| SHA512 | cad860e77d54c50074777d36a2ae98567c2f9b448bfa0898cdf79a0e5730d0eeabeefe5bb66739758013ae257e9071bc5e6de68429e947775f8a64c4ed850bc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 81fd1e1e4863855d7b623d02e4405984 |
| SHA1 | fc1ea06e9e63e9e96ece05412928be0ed4ff23b1 |
| SHA256 | 86934f663b26200ac689852622e4e5929ecf7e8b980083774a4faee907db4bbe |
| SHA512 | 8a6c10ce987ca89e044758dac3e3a40a6f67e725395f64019fec025567565f43e9ffc1291a20927cb75f445703325608cfc34635f59061087678f3fb4f8813db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7fdd3f63519170c699ce667cd30f569f |
| SHA1 | 1f0c6ad65e0ced46732850cec1f58e9390776ad7 |
| SHA256 | c87e06c08480d5a0079039e7924b1e441ad4e14d7e31546f5ae18da0a64d29b6 |
| SHA512 | 8a73f375554e911378ee5afb539bba4841c13c19ccd6d17c75afd3a55115d75ad93515381dbf0abec4cd765b8118e3101ce394795f14e3fe426624aa3907fb13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1ae87c71d9619323901488c1cb4856e |
| SHA1 | a9070698dac7e62c611e5c78527905a779de1d50 |
| SHA256 | bb622356ad3ec0d4063ac3fbd2adf4812e2a29d5d2fe814f3a97fbaf6db61c43 |
| SHA512 | ef6eaebbdf7fbc829a0c1f847267c61089786ce5c4b0bf57f08ab31e87ce6842ffa078b6c6c9ea337986eb2a35a921893575cf41f81f09ae9701675c1ae6dc42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7385d5360f8842677c532400310a4e7a |
| SHA1 | 6a15b1023d504ba992072fb261aaa1f9ec0858f3 |
| SHA256 | 730ff3d7bab031ba3c1e1050401dc633d41a779ae2f83976b11f8ba7d3a0e937 |
| SHA512 | 050921486e7284140cfcce99a40322fe0dbc891e854041cdcff09d8db6763bb8a6ed531bf33c463d9ce3decc7a534239ce693c0256e284e8ac37fac9a3bfa404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ddc13e11818d7767ae033986667458a |
| SHA1 | 75a51c266fb6c850ffc482fcd8294ff7abebb626 |
| SHA256 | 343bddf3777dccaa191a93ffb89cc2429a536e88cd7dab8649a62488eff52cf0 |
| SHA512 | 8522204ec1d21dbc48c5ecc06200f3fa9dce32fddb80818753e0f3d594201bc2ee84a30c94a648b7832742a95399ab79aa6fa1a26cc04b5956f3b9875efe8e91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\650cba45-5e1d-4270-b930-275e7b03d4d8.tmp
| MD5 | cdcd3e727db4114baca1b23a6efc3f54 |
| SHA1 | 5e6b0f68852017c0540e935e1e4ea14e185d9d52 |
| SHA256 | c306c114d2fd5dc9128f3dc0dbe2b0d896566a8737885456b7b4404c72f0d2e2 |
| SHA512 | 1e8767c7a364bd1001ea875d3cbd14186dd478a1c80e82d3b8aa6c672bd0d215dab6a6248fdb9477ac030ac31c4a69c060f71f13a408e8c8eb1016e1d1e62ab0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db098fb1a62558d03604565cdc9c7453 |
| SHA1 | 30bf606da30569098b4cef40a325276e29d8af4d |
| SHA256 | 7f0a95c68d6bc4cb46d50bbfa6d8f080324c5632a12fe1774932e2d8bac3686a |
| SHA512 | 38e86c2a86841ca46747e66e6e68f99754baf81d347f0096c508f7454e634d1ed5e57d38f898b4bf01a83295035730e9e4766b5e504138bf0375f37d51806f37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cf6e0d0036057667a9c77dc69fcb3b79 |
| SHA1 | ce0dc732516a7944549eec14cac2d11982a4f04b |
| SHA256 | 16f9633d370a4b434b0fe1b2b3060fe800065a432ae450d668b6ceee5bc147e2 |
| SHA512 | 3e74b5f96151f0faae3019434e2cce1b1cd5b05fadbb987b66bf76fa0f8f523e90906042b5bfbd571efc8ccfa916aab9e149fe6d335a067263706f608d8b6628 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 604d1bc09b14e35af4348e1af606dbcf |
| SHA1 | e864912324acb691be6b9c4fb0d0462e70de614c |
| SHA256 | 9f36e4b9075fc31275be77d6410069279bb5fb60291ffc7db99df11c3455d221 |
| SHA512 | 0fcabd7bdd93d54ca935174549d86e5812ec6717f967b373ced237fcfd9139e2429a8cc139b16cf0356a3afc783dc948b5b2e08e73f1dbdca22a502ce0d86f0e |
C:\Users\Admin\Downloads\winzip28-mf.exe
| MD5 | cdf4095fe0a84759afed80bc1145bf54 |
| SHA1 | 46075b953d84b7e6f527208de5b39801dabb79e0 |
| SHA256 | f6b2ae3fd6ef35d8fe250f451726afa848828e236b152baceb697f4da70a92df |
| SHA512 | 663197d4e095afa7702e9114f757eb1b3ec33f8544a3d45b515d879580d7256f42da7e5e7d3a41e6a544133db7706ac5b967828a4865c2c6d6d08b151a2467b5 |
C:\Users\Admin\AppData\Local\Temp\e59a36a\Load.html
| MD5 | 1757c2d0841f85052f85d8d3cd03a827 |
| SHA1 | 801b085330505bad85e7a5af69e6d15d962a7c3a |
| SHA256 | 3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35 |
| SHA512 | 4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a |
C:\Users\Admin\AppData\Local\Temp\e59a36a\common\js\jquery-1.11.2.min.js
| MD5 | 5790ead7ad3ba27397aedfa3d263b867 |
| SHA1 | 8130544c215fe5d1ec081d83461bf4a711e74882 |
| SHA256 | 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0 |
| SHA512 | 781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a |
C:\Users\Admin\AppData\Local\Temp\e59a36a\common\js\common.js
| MD5 | 87daf84c22986fa441a388490e2ed220 |
| SHA1 | 4eede8fb28a52e124261d8f3b10e6a40e89e5543 |
| SHA256 | 787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23 |
| SHA512 | af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f |
C:\Users\Admin\AppData\Local\Temp\e59a36a\config\config.js
| MD5 | 34f8eb4ea7d667d961dccfa7cfd8d194 |
| SHA1 | 80ca002efed52a92daeed1477f40c437a6541a07 |
| SHA256 | 30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d |
| SHA512 | b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50 |
C:\Users\Admin\AppData\Local\Temp\e59a36a\common\js\external.js
| MD5 | 140918feded87fe0a5563a4080071258 |
| SHA1 | 9a45488c130eba3a9279393d27d4a81080d9b96a |
| SHA256 | 25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6 |
| SHA512 | 56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6 |
C:\Users\Admin\AppData\Local\Temp\e59a36a\config\stubparams.js
| MD5 | 91f6304d426d676ec9365c3e1ff249d5 |
| SHA1 | 05a3456160862fbaf5b4a96aeb43c722e0a148da |
| SHA256 | 823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b |
| SHA512 | 530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4 |
C:\Users\Admin\AppData\Local\Temp\e59a36a\config\installparams.js
| MD5 | 029f99f0d633a0612f7c43347a2807d5 |
| SHA1 | feda4bf1a89857a116f869c6be81102e40b4cd15 |
| SHA256 | d1a5f9ac69fdce584031e97fd454088975e9df4b6d24d246b226552a08a6f453 |
| SHA512 | 064465b5f40d32a9c1edd00410bbdb09e9ec6cd41a5fd0d07868db015df6f044a7b0ce98290f0e30a8fa813b9e388848e6f32d6c6c2c8c3aa06b176187367873 |
C:\Users\Admin\AppData\Local\Temp\e59a36a\pages\Initialization\page.html
| MD5 | b23411777957312ec2a28cf8da6bcb4a |
| SHA1 | 6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7 |
| SHA256 | 4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074 |
| SHA512 | e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc |
C:\Users\Admin\AppData\Local\Temp\e59a36a\pages\Initialization\page.js
| MD5 | 50c3c85a9b0a5a57c534c48763f9d17e |
| SHA1 | 0455f60e056146082fd36d4aafe24fdbb61e2611 |
| SHA256 | 0135163476d0eb025e0b26e9d6b673730b76b61d3fd7c8ffcd064fc2c0c0682a |
| SHA512 | 01fb800963516fd5b9f59a73e397f80daba1065c3d7186891523162b08559e93abf936f154fc84191bbadec0fa947d54b5b74c6981cebc987c8e90f83ddf22c4 |
C:\Users\Admin\AppData\Local\Temp\e59a36a\pages\Initialization\features.js
| MD5 | 7e20d80564b5d02568a8c9f00868b863 |
| SHA1 | 15391f96e1b003f3c790a460965ebce9fce40b8a |
| SHA256 | cba5152c525188a27394b48761362a9e119ef3d79761358a1e42c879c2fe08cc |
| SHA512 | 74d333f518cabb97a84aab98fbc72da9ce07dd74d8aab877e749815c17c1b836db63061b7ac5928dc0bb3ffd54f9a1d14b8be7ed3a1ba7b86ee1776f82ba78e7 |
C:\Users\Admin\AppData\Local\Temp\e59a36a\config\installerlist.js
| MD5 | f90f74ad5b513b0c863f2a5d1c381c0b |
| SHA1 | 7ef91f2c0a7383bd4e76fd38c8dd2467abb41db7 |
| SHA256 | df2f68a1db705dc49b25faf1c04d69e84e214142389898110f6abb821a980dcc |
| SHA512 | 4e95032c4d3dbd5c5531d96a0e4c4688c4205255566a775679c5187422762a17cbca3e4b0068918dbf5e9bf148fc8594f8b747930e0634d10cc710bea9e6ff5d |
C:\Users\Admin\AppData\Local\Temp\e59d046\winzip28-mf.exe:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\ProgramData\UniqueId\data
| MD5 | a58133ababb79302cc11b09a37e9ee1e |
| SHA1 | 53b0f3489171a2e79a2281fffb886a7bd6b0d729 |
| SHA256 | 7ac59b8c24f7d1aa34e60edafdd617612bb16ef7ad34422afba0399399f99d67 |
| SHA512 | fd60e0619a0d919b809b595886d49eac8022a64237839f1f4005cb3d0499201c87a9ab07d5226d4308eab29dcd659acbc01c96a39691fffbce72a118b00998eb |
C:\Users\Admin\AppData\Local\Temp\e59d0d3\common\css\common.css
| MD5 | 33b1c68fff898cbf19c44e486c856282 |
| SHA1 | 4bcae82469404701498583903ccad307c64e2aa5 |
| SHA256 | 265d280bad44060c22a6caef0140bb8085b994cdd8d76789f3a43a6e7f2a16ea |
| SHA512 | e8ee2691c3b5c6542873e804f6ba7b13b9230de0bd28944a18bc25c529afe1a11d452988387aa3edddfd2bf65b02e293e549415b0a6a961285d50b3cd2d46a7f |
C:\Users\Admin\AppData\Local\Temp\e59d0d3\pages\Initialization\page.css
| MD5 | ec8deaebe3216ee6e101d73981db11f7 |
| SHA1 | 217c2e5e81447b70388883d8c1c77e3dfc00e6fa |
| SHA256 | cd804f5b34e9f8d0a7b085a0d9337b864e83d286b1408210343997f029fcc628 |
| SHA512 | 370d6ab807b175973165f1de8b682c7c111d38c25cba5abf11aad73eea4312f0b1f33304b276edde5e290553900e0b701e41097bc96a07d8dfd3e6164dec4042 |
memory/5432-831-0x0000000004F60000-0x0000000004F80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e59fed8\common\img\headerImg.png
| MD5 | 79f3461a48f669ef914eefbd83925820 |
| SHA1 | ef791b21f2de9a9b80f4bd9523b037b6432f41dc |
| SHA256 | a9b420a106adb6b09e5dd39a864dd00519aade91ce6f500c179e9e6652b0fc51 |
| SHA512 | 20cdb62ae15343f82081629df3e92f0fbb9dd61d793a1d1f73d9a37fd1c0c6265d574372d25de2857c279b5097858598cc6494ca272106fa67664479152b17f1 |
C:\Users\Admin\AppData\Local\Temp\e59fed8\common\img\close-normal.png
| MD5 | c9f970b77486b6c60f583de55b82ebb2 |
| SHA1 | ac80263df2a6706ceef401b55b0e3f35d14985a7 |
| SHA256 | dd727b90f3c6b053fa5b4c8401440e5d120dac6b93305573caaefecedc5f0c5e |
| SHA512 | b33b7cabbce1469c41a2f5ddaea7c3ced9d4d0239edabbd37931d53ddfe7c50d5a9bba101b702d8367ecdfa4df6bdd6bb614d8cf6c639e3239cef69a8d434942 |
C:\Users\Admin\AppData\Local\Temp\e59fed8\common\css\jquery-ui.css
| MD5 | 1ce4eb3e5153f4c9b93a3cfdf3ef2e77 |
| SHA1 | 03b04e1e31c9c355e7caf71ba0ecb12e741d9aea |
| SHA256 | 95f4c300d84eedd0c43a30a1b6f0dfbbf7b8c47725511981e4cfe12dfaeb0e93 |
| SHA512 | 75b272ef0d474be75aa19226a60a9c6d0370cfbd40276a274460391dbbe0350c17849aa21f375e46bacb7cf7cb3052be5862569f5a196e15b8ca49baa82436a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1127ec2fe8ed572d0ead7532a3c657d2 |
| SHA1 | 34a484ad88b43deb128da1e66b924ee22680a89f |
| SHA256 | 1b7262a263204375ef0ae3c8d026b224858937848ece9104b733d4e9bc517511 |
| SHA512 | c5feeaff765c71554fbf67cfc3401526a2407977c257a31fc5dc2f0a2cb696d89b7835475d6bdf5c1576a1a72a1f7dfa9b1196de1212f0acd8e5eacb40744e9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7b72cc1544a3dba37f28d9c1dfce6a2 |
| SHA1 | 5c3b78e0479a99d3dd3b38d919c82d684dba6313 |
| SHA256 | f0f4e3f265ef1ae3f7c9507e81ca4757da6f1dbd4bbaa1005ef32336889bb615 |
| SHA512 | 3189e80b8b1f768cbb4276e0c609c7679e4f4fe96fb79dd35cc911a56160a53804874a39ff54779e6e9cd5a8beabc78bedc0033d910ac8ac52b1b7c2f7d05d99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f2144a310c1a665fa06ef153e37fd5ac |
| SHA1 | f7336df43249b360aab138096127ff0a11d305f8 |
| SHA256 | 6d0f99bc6db8fd9590d4d9a785eb5ab4ac6932756dda0989d4e55194c5fbb167 |
| SHA512 | d11d5966d54aa8e73712c7ce957f757c27f1b04bdc814fe5df9d2b2225859fc6f412c99fc5537d55595e2e45bbe26c0b496f0581023849574c0c64a7bd46f6ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63388787-4ff9-4acc-b366-c8db0e9097bd.tmp
| MD5 | 590281836a2a6ac2ca507128588d8f88 |
| SHA1 | e0d63b20870f34ecd4289447b3034962bb6a6100 |
| SHA256 | 3e4fd5d9121f84263ea8920ae406f03cff92fdef7fe26d83bad34e2f30e9668d |
| SHA512 | e878ca6bd7e4e3d29eed6af7f3b870471e8dff24a87880c615db0368236354a594dba178ff9d92631be2eb046e215fbe3d1211db49a290ef3403df2be415baa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b100e828ecc31c389d52bae325a62e5 |
| SHA1 | d84ff6afebde38f4bad2469b37658d6d23013a3d |
| SHA256 | 9c953e049705146d9ff6c1030f154803c69c5e97c7faf159e96d5382a4f35403 |
| SHA512 | e34bfbde7f47e059dd98289ebd503de2f94a73cd124f224676f81ace840277e85472830746989ac08b65cd7a02aa6593c9df6fa5afc1523a95f057f5a26e9d5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28c7588d72dc0083e5403d1f95828c7c |
| SHA1 | b39a434fd3ffbe2b7b303c036ad8c097cc1850f2 |
| SHA256 | b0246ecb1687c0778cbcc4c8212eba7bb01667cd287df46fdedf466f614846b4 |
| SHA512 | f30427cef15a7704d5f6453151bbd4c4323062ee10f2aa02af8cb2d14af1b17f0225cce3da2343fb67bc4152e81a8cd24dd8ea2295ae19bb7839415860f7232e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 284975fc1c44105352783d14ad8d72ce |
| SHA1 | f2b439f35908f7ccea3976fc1100269df1b6578c |
| SHA256 | ed2d10d0307630a8b81d86d482cfce27c2cad49fa39974bfe1a1bcacb883d0ea |
| SHA512 | c6ffa3f244bfaa95b4eb4abf2690d95c448dd8f615021904c1a9aa30f6dc29add7d34d16ab55efe67843dbf2f44e30f798347dca547e5c359f0eccde8395dc9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 25e88c56a6a74261abe9b84e2dc11ae6 |
| SHA1 | effc6e2f27a985c3ebd7223e6207b8462f980863 |
| SHA256 | 379e6dae771babefe728d087bba8214a1a509b0f2956ac848ba8cc167ce573f7 |
| SHA512 | 4bf27e5ef33ec2377c95eb1061920bdffe5a35cf723dcb2a83f4d693624d92dad24a754dbaa192684daf17a5185fae76c52455b515d93aa0ab1c12c1c8d1e280 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf2eb853e3f5a517bbb763a7596840f4 |
| SHA1 | 20651b707f360c9e96a52c85b970f97d885ce1dd |
| SHA256 | e68f5bc24172e97f587928fa526c495562c5fe6a275e70ac33bf6f692c3380d3 |
| SHA512 | d44b7611925c4991d8780f1b35d7892517e7415940f11e4f15fb8ef13535c961ea2808f6759bf03a5f4ea62b1409854b6e0de14b6ff6a359d462ee2cc36a6edb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4f51b5ca304f0b0b7f74d62c2d69671 |
| SHA1 | fa3b5e0d92170cc0acac5c71176bd65eaf2ffe82 |
| SHA256 | 00d1a0d1141a15a3121172fc42fac6f1a92c0d41cb9e4431378784f8212b221f |
| SHA512 | 0234be556f10996406fe6942a4c639ec1f8053f1e93a6812e504accac77d857a9c17a1ac954581c852451b7b425ccd1b278f86464dbcb8ab9683263084fd0d1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052
| MD5 | bea64c447b0f2a1012d0ede8e09e700d |
| SHA1 | 03c4e014a1ed074ed2611b5889ed79b6f1ed8aa6 |
| SHA256 | 34dcdd7a5b57897d1eb1a2620ae5bc31d4b5d80e761e62fb8cd3c2a3b907241f |
| SHA512 | ac1c4b495b990d8fad333f54d3e61d5573efb7a0c7c584659cea48be8d4857461bb011b1f2a4966cd714bb9252cc1750e8e53f2203418ca19fcc8143fdea6b76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 45a177b92bc3dac4f6955a68b5b21745 |
| SHA1 | eac969dc4f81a857fdd380b3e9c0963d8d5b87d1 |
| SHA256 | 2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb |
| SHA512 | f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | bf86b7a75a970559d077f790895a5ecd |
| SHA1 | 2a35495fdbdadffef16b9b294b7f49351c959ba9 |
| SHA256 | 21ecfcf1b74f0c3cdeb145b9298bb2873bc6ea15b1d52b34820f1627fe6fd962 |
| SHA512 | 7fb648967ea6e5980264b6764a6311dfde889be6a6003d978d1303b22389d7b7869c204af6c01ee8965aefdcb2a8cd6b1ff189fec85015caa9100cd1aee0c15e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | aaa3bfbfb2e4d619eed90ea229e3b8d4 |
| SHA1 | dbb45e2e5ef5025a2c02ae7456525b968bf74335 |
| SHA256 | fa84161b327968256f1bce5d0383b121466152cd16f94ae19d9d9c07b29906b8 |
| SHA512 | 65bef3e0893b3ddc2861b2908e8b5497848b165e01a4fc10e2440d62855486dbdad575342b771e56c8b0be564320b676fe6716cfa6e13958b6b955b52c88d88d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d17328b8b8991af7bc13167c8723d3f8 |
| SHA1 | b3ee1e8524996645776c5b2cc5b921043d8b6d60 |
| SHA256 | 5823301e1bf698ec761286590f69bb52e4ea1ff225deebcad87c3c93cd30c27c |
| SHA512 | 225c313580e525114e76d95659baa41dadfc9e91bdc0e4f7d3aa45a84c49876ba7a64f2039fa41f695b624fd7946e47ebafbe62c73e9a4dc6f9a283abadbdeb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ee165c57d111c73d6aecba39df5486f |
| SHA1 | d2b6d89c0c70d23cd984e2783355692e02372be5 |
| SHA256 | bf70f70cebef480b49e771c1f1b50d57a9031cbc59b44b1743687b269cff5b4a |
| SHA512 | dc74f8e466a46d0a78cb13409f02ffbb15eae5727ccf4b650ae3306fd93fa77e1e47401d1a72ad6da4f97b63ee11d4ba0d412c8aa5ccf8f8928e828aeae17cbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084
| MD5 | dddb088e8db2750ffb12a89289c8f112 |
| SHA1 | ce83692bd2e3fc8598b35d70b831a9ba7c5cb969 |
| SHA256 | 1bce785eae58d7a19195aa2aaa683e57496478b230c9ff5a014f5a0d4bd4edac |
| SHA512 | 7472f909ffebf6213cbfdbfa35b862744088d7ef598b7d4d4bfbd4d3076332bce4326db1fd658022bac986a61280c71254774532458577fc802396581d56930c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
| MD5 | 2b7ec9fe5044c75348bc52964bf50b78 |
| SHA1 | 039e784c53ba423877c5c845ffb044abbf4c110e |
| SHA256 | 71c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97 |
| SHA512 | 92cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2013a6dbdf5aa4121ec0e18ef53ea5a9 |
| SHA1 | 39790b2c9d2e4e5730b24d7e95b9b533cbb298ae |
| SHA256 | aac7fb07167f8d3b37e0125fa784ce65fe3042f148708dd942d5c79a61c23c0f |
| SHA512 | 23b8bceabfc46605d107373f88083eb4aa19764aa2dd6e4652136e3dbb8cf27d036debcb5c012ecf366079963460d94e9f735a00e0c4703c59cab475c2795b56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f1b081a27e17a91ffeb7cac4218e35c9 |
| SHA1 | 806a93553fcc9370e1044777a89696ac92ea75a2 |
| SHA256 | 99e0aa52dd0c35af2b2b93a495e64dcc307bd4cf531baa1072bcb966678293ba |
| SHA512 | ff069f2999f3e02d12c5c39eba8d137b611c83ab991655eab5dca67e9fc0e47ebee01842cbab9468d57852e63eb05764bd4bdca03516474507dc2d773ebe968a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e3ae02b2d2b1621981fbcee7f169ccf |
| SHA1 | 93780bcb3730181d54f18e34591aba70bb48bd74 |
| SHA256 | 751784523a25b3adc0f80b3262cc6f412da09b3da24a8be98b465923cd8d2302 |
| SHA512 | 16400b703dae3615b153eb0357a40ba55e6d75e56b4b0151c4ecdbc1d5020105bd0d40d3a798a8e551f7cb3b8c2b7a708a51e6262d96d4625d9b7e83d26426a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ae061bfd1f7a50607bd413b1e5e1f30 |
| SHA1 | 6a589b5993181ec6d2c824fd22047cdf3baa402e |
| SHA256 | f11acdc8455299ef41712f2863b7c5dce40a222e70a2000d2c9b32146a6d15cf |
| SHA512 | 854da2eadd0914d9baccea7464d0af48aa9e91728e6283c47cbe2d070d30a81a855de3c36a5e89279abd200227fb8362ae866b769e1b5b72d798282be44a0438 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6e57c77b39ba6199153f62c1549f8e36 |
| SHA1 | f3952c9a5537c0a7f8e0a78a8bd39d0c53bd8994 |
| SHA256 | b2b971bba7af1029b697f6b283cb58f523ad805628becbf71fc991caa2f8c993 |
| SHA512 | 1825daaec490e808421119c9b522a203de81bd73f0c587b28fd9644fa8da0ca789d0edcce439780400a1b42dda2166b5a08ddf804dfb8d53ba3f2281e8d26e48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a88adfeb0172dadc2641479415399729 |
| SHA1 | f8e2c233d34081683998322607da02c10517e50e |
| SHA256 | 9f6a937f5c87c35d3371430cd7cddb411b0e762952efdaff27b50054cabeadd3 |
| SHA512 | 3892fc9ca7b8ed89dbad99be1c92b92b2624a6f498f82b6190d2e6d3040c8edb5ebd18cded47ff7ce3649e56039bf7200e8f80411a27c709f427719896d5de4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f3d994fb2c512f067b047fe9dd6185b |
| SHA1 | 3a7110164792f72e2c96b66b9f1f81f2076bd31b |
| SHA256 | 68ffa701104401cb265c5af68a695ab24ea254174e7b13e4974477bd28548fa5 |
| SHA512 | 89d4e3b0dcc044ed57eb76a6971ea27011b544e5543358464fe69830ac6c9282035a1543897a4a89eaa671eb9776a4e5499612d3d81c66b587b5f8e9bbbc7937 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04f365e1dce62f8d7d4934e3d40a615c |
| SHA1 | 47ee26b4335fadd489cbd0488d6cc3044b247d38 |
| SHA256 | 66c4f6c47f444568a73d40d3309db9d0efde89b752d3a40cb085fea32e08b7c5 |
| SHA512 | ea7e072b7744d7711848fa1dff840954283fecd176df6996fcb7fdde9ffdad7c079589a518e42666ff941aa8956b38022aca1621fa69a9d654e15fb7797f2457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | beec3ef91a9d942e4c921dcfb6f89f89 |
| SHA1 | 47b51ccaecbc477aa5a12c181add0c7883f6d870 |
| SHA256 | c7a05ac5a838ff778c45f1e31f5cd5d3a84f97c5305dc86a3efa186faeff31d8 |
| SHA512 | d1148d246c305ad8e397d7af084505d8965a60dd996267f8047acbba4eb7dc8c4db49a00653ed23c84ab8d4d74fce387133e0d06fea80aa2b13336fd5677c2ac |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\libEGL.dll
| MD5 | b92b6f5d41627a0ce73f12f702a80a5a |
| SHA1 | 3237235ae31b666da6ef33d888c93fbeffc1c684 |
| SHA256 | ef66809667ccfdeb35261026954bbd65632f9ebfcc204c959d61f1d8e7b15c65 |
| SHA512 | b829d4ac1521acaba7c8c910c69612c02f4c9fcaec7d23ae2cae20bc3c87eb10c52c475df7cba7563fb0bfc97ba04cb0eb7470abdb3ab2ed6239bfcd8548b50e |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\resources.pak
| MD5 | 1cfdeb8fe84a467bed6d8cca87ab741f |
| SHA1 | 8a8f24e4891248f75f2bdd4a322fda445b9f4097 |
| SHA256 | 2f6b4d96ba54356fcd4bbc9cd2b81551084b6a06ffcd8b9843303091342fabe3 |
| SHA512 | b575f4abdf20be911e8e656c1d84e03d4bc83a5297bca9aec3accca1a1191dff5df7c2147e8de65ad67662231ce84278122ff74901ba05bbd6b99f94a585eddc |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\de.pak
| MD5 | 9d88c0e5e2f89a0641e382d30fa1a209 |
| SHA1 | 1108251aaaa99a56d97fb767fed5e2ccb0117b8f |
| SHA256 | ba9c07801611b80d4db36f1cbd75b494596ce51b9c2e5e57a866a25beb2238e4 |
| SHA512 | 10c333b5c1f86361f8699b92196fc9c43e0105d2926942a5cb857fd9e22e07915349ace4423901f3229e4b9ae78ece55867515d014ea1265b65523c8a809e369 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\fil.pak
| MD5 | f4487f7ee7d0bbbe872f3d0839a855cf |
| SHA1 | 777f4e079d52b28ca4fd75dca5e02351f92d27f4 |
| SHA256 | c3d676bc973a6d6a642f848832914b583e8d13a7d3ea32f99ee439f9ef40ec6b |
| SHA512 | 672509639e913901c7015014a3e2de07dd4319a43e76b627f050f6ba9ffeaa25d8e77d3dfa834644540bb1271ae7b43610ddcef8839c0a5b550f9af6e9b58640 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ro.pak
| MD5 | 147516c3c0667fbc145219028065782b |
| SHA1 | 0eed592d9db9e10edb7f1fa1acc9b6111021a79f |
| SHA256 | 22bcc93349f05bb0e8e490645587f954086f7651acf0055734baa37000dfe2a2 |
| SHA512 | 81954d18f16edccda06a2000e568920d53972ec298d0f1d3ffd6720699ebbc2ada40a90ca97d5ed2f12308de144c4ca8822e4dd6185ff46f0fe507351f5b76f4 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\zh-TW.pak
| MD5 | ef8f90d3aa61a9ee0f181f67e3adba8a |
| SHA1 | 5db322b0cb26b7662e7b1fd4e291d579292c00e2 |
| SHA256 | b1c8f7a07a58b53522e7d73edb2f02bac8e42cf28528036c73edaf55277a67b3 |
| SHA512 | bbc4a64dd981fe83774c8023ad8d0e2a6e17fecca015f72634d5f8c97a2d29ec02b5ad5af3ef04f6e85fc025cfd6fe3dbd2306dc0e9f82ea1957d026e241fa7c |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\zh-CN.pak
| MD5 | 2987dc0c046f2ff79953b4e37c204bc7 |
| SHA1 | 12589f04c6953c7221e59c805ecbc6db288f3f0b |
| SHA256 | 95f8b2ebd6246b7a566a3d5eb0016144e86c93cc83c369595e87cf9005fbcbe9 |
| SHA512 | 5c28cb32b34bd37898c8058fd52b7efd8a792a86fa43e5c3bd853b289593de2eb9733fc2b0bdf1dcb69f5f37ec0f14e2b9c16ee3a6093cd88bd4292a9273127f |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\vi.pak
| MD5 | 56cacf2855fe91a0036d544c8d246627 |
| SHA1 | 248b60d6baee5f1728afafa4c22e3285f5624128 |
| SHA256 | 07e9b9f0f0c5924b9d20f707c242c8038baa3b8a81ad65df72ab84dbcc4927c6 |
| SHA512 | 01167d8fe369fe693e2e4b4a6651ab10c221bc66fb759ece40365f47dcb0ca0a3121c2afb9332ca80135662d583cb1fc3db497f0306c2cacc37d9ab116a282bc |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\uk.pak
| MD5 | 8a1231d54d537ce4ef42e922b9893d14 |
| SHA1 | 48e6a08949c9b1c5cafabba25e80c85ce6803e57 |
| SHA256 | 83bc2baf3605f318da4031d901522c796aee1e41c758bb6bd9910374a4d4eea9 |
| SHA512 | 512c27c15059131e8bc45777e6cdf61138d5a1e6050f18e61e9ae38231a746f5a09f2ba90a03f318fc9c94b52c0904731276c465d1cb169735e788f3b7124e50 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | d9728b3d652497ac3d15d2d29bd2d29a |
| SHA1 | 3fab4c19f1e4a87ade7741a3bbf660a002237c51 |
| SHA256 | 3c5363e384d845bc3e61302a59e2a6f80b69deb559f2f1bda409239183e820bc |
| SHA512 | 498ab761d3b764608d4fc16fd6c230a9089647f9270d718ef767e823fca9ff622de74754ce273b5e5f770be50c1975e7ef556f2dcdfd32762802355fe46774b2 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\StdUtils.dll
| MD5 | e52f3e1aa55595c84d285dcc713f106b |
| SHA1 | 7a69a3833b2eba0ce84a8a6208867b35ef9f7737 |
| SHA256 | b74698101a38f15578a4b2881c381de4de4c1bcc8eb85a0a5d7a7898241905dc |
| SHA512 | 38e612799cc9cd35c1fdeea6ea5e023324329530b2190f028f551b8efec0059c6a3f342ef0fde98ccce862a7a461226bf2a847655f0d45f11e8556ecd94fc8a1 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 1bae4871c55c9e69a7d23a697e2a3c29 |
| SHA1 | 9131e9e4a93b3f02d80d2ee17c243182c72b66b0 |
| SHA256 | 7fe680e3f17bbc40ca7624d251bccae640992e5af0037702f5b0f7efd55d2dcd |
| SHA512 | f68d1b1c610b4a247dbf8247401a9b6e7567dab7c0d82160db744ae6504242e57aaca9e591449a1c70fbe3a12f5712bcc66dc31840f69e274d463d0a76414260 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | e335b69f0573892227f9c6c5d3a32436 |
| SHA1 | 9e3a9389600b9972a083a0c00f23de20f98a84f3 |
| SHA256 | f8e7f808eea4907b730e23a9eadeb9a859727d986f34c82c2c5de19374327686 |
| SHA512 | ba38b30790c8d197de8b10b9355017af1fde27d80a09682ab7f3c00f20afcdaba3e925426a0d490049de8faa45b0bdf42de484c27acb47f12200dafc3cd79012 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | eea555cdba89291a684ee0c1ed6fbcdf |
| SHA1 | b60650394c57c38ca3c173c215927b9de77f7beb |
| SHA256 | 8a1890ec61a7987c70a5116c6e00c0a66c7dcf50c8b097a9d272831d582259c8 |
| SHA512 | 190a7fd2cd890c0eafae35f5b0651c5c1c02f75e917de4fd4fe9eae9ba4ea9e935bde182af276be69dd89785e972c343ff679204dcafe385a1f5602904fe438a |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\resources\elevate.exe
| MD5 | a57d9b244f363c7dd4718fa34e1a3a5c |
| SHA1 | f30e87e164a376cfb781db1f5d1083a7d2c87bbe |
| SHA256 | 2e8e71d3262a03d80b77d9df22fe22289d1a236320bf14a662c0b86c49a77910 |
| SHA512 | 4acbf1272131e12e5500c9e74a242484163afaa912e88debd6d7ec4e5af8cd5f70a370c28c9c1414f44234ae8d60596482531a2552dca9791f838502d702ff10 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\resources\app.asar
| MD5 | b904d7cb0bb2995cc4d7cc47e3f97a7e |
| SHA1 | 9b06266081bbd881d699285ae7ec490e631b016a |
| SHA256 | 9ff773334e6c0a1a09c8b3eec0f0fcb8d3e14adcaf996feb09c72c98a49ab0bd |
| SHA512 | b56ef6af94f5900b441e51c470518188a34e69e668248299f6ce685afa5fd7edcc64e1239db086663e8ad8b01e46f3a82121f33207de7e05764687af493c0034 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\tr.pak
| MD5 | 8f5547760d8257aa7c941cc0af0e6ddd |
| SHA1 | d775e74059ae582f41c8c7735a095cb003148f36 |
| SHA256 | 70f4f3e547d3065b997779cc9bd5f5b30c8e009e30d12570851f7ccc367cb10b |
| SHA512 | 0d1b54fbaecfc8ce13ed6c8f7613b60cf9dde204ed41fbe6d8a0e9068a43c6716e365358b3317b946a090a0bea0ddfeb08b685223d967b9242f62676305f38c7 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\th.pak
| MD5 | ed3b15ef91763c13cdad9125af492a1e |
| SHA1 | 280c4bf87224d43d27b9a8667609fcb1f1b7b782 |
| SHA256 | e0db0c92953efde52831e7a11f91258f5fe3b1c6cb0bcbac1dcd705aaa3afa4b |
| SHA512 | 7197b8622237f70baae27f62f280be174dbbe36c8d2b6951975edf96fa85d8fb5948fee0e4029697ab8f42dda077bea682b78bb9b0141b9b72591f829bae98e1 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\te.pak
| MD5 | a47ff10c2d7a6b317e5ed22b3af6cb20 |
| SHA1 | da48a9bb3c2973697e5bddc73b5c9a541ef677d9 |
| SHA256 | cb4df8995289445de2d2282e0af9500d39d979c584079cbee729883dc566000f |
| SHA512 | d10d870e37a480a1b4ce606f7f79cd600c41fb9d334afd5e7e09aa3d0ed9cc34d7155f90c85a923eca971f6ad28b08c03241bc1e5c8995ffaa3d5170e926d113 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ta.pak
| MD5 | 7d45fc6252a0f41f9144e253ddf7c3f9 |
| SHA1 | 3490838aed29d0ef78eebb3a08726de546671138 |
| SHA256 | ac95707daf1244580c28dde41df94b23cb3a4ed9fb17705556d7edd52356e112 |
| SHA512 | 9491fbc344c33b808d5d7b18881d3e75fb2314aed4671b72b8df2cb5c69f94b112b0c00d6b870f24b001d268fbd5b017bc920988d64e980b82f01ec8bdc26112 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\sr.pak
| MD5 | af8339ab922002ae786b3342cac3d255 |
| SHA1 | 6d81f20bc6306420132144296b0b00102b4c7526 |
| SHA256 | 192f958480190f42a6167e8987d21a09ca510a79a5bf73385eadcf16efa1cb1b |
| SHA512 | c0de45f8622937b700e325077bf3e28e4bb8e8a383666a1f608e09d0f43a71b701d341be9a9d3b984396f21bb7514932c2bbdf3ad654ac1f679a53a0eab52f88 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\kn.pak
| MD5 | 32404be0137a37be18714cef955c9e43 |
| SHA1 | 1a1fe5d168dbcda0279f9da122065a44cbcb58ba |
| SHA256 | 4bd9892c024e81008e28f502885ae9bc5b350fee1c6a430d10043b86907ab43b |
| SHA512 | 4361f8309a15f8efe02f2becb56c3a83a98de0311ef3c4697990f85c415b28eb5d12b19dd14866b20252b2cb5055e1d6a468a8056e748fce7d8ab8f7f80f6029 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\hi.pak
| MD5 | 92d036a7f755703ec30f8f8655315384 |
| SHA1 | 47ef473e87425ce51b6285ea06714b42fa32eafb |
| SHA256 | ff74717b5d216b1e6ccd53ef736b2a0958f95cc599a4f3c1457d97e3ec8095aa |
| SHA512 | 9e84e8fca9852e96fd38204471c66555a6fdfab0862a7041eb8f25f894423b4dfd38b6f58749b39f3242b8413a5aa325de9f85c8e060183d88609a075a83d623 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
memory/6260-2685-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ca.pak
| MD5 | 858165912a58cbafb842d74c1e835324 |
| SHA1 | b469a0a02a11fb7218511a6ede7b7d222cc40283 |
| SHA256 | fb4092ccc9653437f03473bca4512fedc534f08000deeb7d7554068c59d6ad79 |
| SHA512 | 9df33b11681016c8f07a0bd5d9ff7a84e81117c3ca9633111a3c75312b40c12918d0cffbe262e7b7de24917a0441d27b9539142c5e05fc57fd66a5152bc0b536 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\locales\am.pak
| MD5 | 014ffa01a117b487f87e4627bd57141a |
| SHA1 | da3fed65d8c002909e0adbdf46627b2727477583 |
| SHA256 | ccd13a662d18d11793480f0c3e856337d1f596651bc63cb45f3eb4345e98676d |
| SHA512 | cd9d022fa920891eef6b49d1a9941a52474b7024f78bcd89ea9b990aa95ba8619923aa596e9c7701cae43e09a04121d5d11ce4686bd730eec9218d723698d4ac |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\vulkan-1.dll
| MD5 | 311ff1dfba92cd5a5567c630d51ecea5 |
| SHA1 | a0961e27cbb8c10b2b9fe3e47e71f0c258c045cd |
| SHA256 | 8169c8c03726cfad7d9a24e242eb7b33c398464de032858d7fcac03a01f54a3d |
| SHA512 | 41fa8f91a9a0e5284931a2122d4a4611cc1ab2eadf0df3cd9f2049108fa8d4909a4f8b762400133f657188705553609681bc4256f4f5e61f0f55a0d99c5b4d3a |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\vk_swiftshader.dll
| MD5 | e01068368af50d8509630dd2b1a30c62 |
| SHA1 | b4a23bf533d10d085894da2913d492a75dd3641b |
| SHA256 | 6e6bfaf817c7826e7ebb6471af9c37dd1d043c38e09352cdf182144f7406b194 |
| SHA512 | d098d1a5138076375cb08285cd8b03263a74961abd6b285f1adfa17d85b46d1979fa5603b37229b46dd653f1b4d8a7fe123ad36d0dcf24ac92adeb761a49fee7 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\v8_context_snapshot.bin
| MD5 | bb593cd8f9fe28641497e9feca5723a0 |
| SHA1 | af57f2b48a3c69a1c64736c3714dcfc5f05f60b3 |
| SHA256 | 0922c29c504e53635c12d43862e8e8b426d2b4c2efe9f98c347001c2c4e7949f |
| SHA512 | 78e9352c1d5f0257348d4dc34ec5f302e9e4731a272917d2db9c96d95fffe1931d6efb451cc1969b02a638e15f3360dcd1aec3174943a98e3fb03c8fb0a71d43 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\ScorpGen2.42.exe
| MD5 | 92f96018c562601e7b447839b15305de |
| SHA1 | 49ca9dd60266fb196050209df90b803efdaa4fb4 |
| SHA256 | 77a946e14188a9d0e4682da82bd363d8efaa73e519d3337c9182af4f97fd94ff |
| SHA512 | 9df43ab3c01d9b981f6637ef2ea6f3c6817733547c1b8f1a9e86876e6efb84158f2854023c96e8d6e26544b73ce547ffed82bd31b0dc98c3c83c74179617dfe3 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\LICENSES.chromium.html
| MD5 | 7ace922f46ed960cfc448d7058b824a1 |
| SHA1 | 8ee04462b80f96784285e9fad1eb7ef6518c7366 |
| SHA256 | 0855b4b3f598ef4728a77501dbb5bf8699e2f72dd9233b34d57252dc1acfb109 |
| SHA512 | 2d45f4dad5858509fc23ece204a7310d234d17b368f80b52d78cb8160148cfd1f8f4a5cbb29aeec743968469d0f806e5f49f80462949c7b4b999225ad96c6223 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\libGLESv2.dll
| MD5 | 0af0afff6fd838d30d379fc1482d8d89 |
| SHA1 | 572754b00b600cb86982e4f26740e4fd1b6c5811 |
| SHA256 | 87224ec9ff01eec000cc51ed4017095efdf86b718f7fe943996a5ecc2291c045 |
| SHA512 | 7fe0828469d4776c96d0a182ec10ecfa95dc9dfb02b67b889a1eebe40b56e9a902cfcc21614c61cc4d36a0f05fd79fae6cdeb421a7c4e1f3f1f223f0cc8af8bd |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\icudtl.dat
| MD5 | 1b8ce258af2a6582a3d819f5baa8b333 |
| SHA1 | 9fa2163b281eb37662c430d2a36e0360d4942174 |
| SHA256 | 89515d7a1a4bc56378a2c270c5614cf3154673aeb6c0539fc3b5925a189f0e9b |
| SHA512 | 5a0668481d36d9092d48fd7cabb06851625bbd96c243f27f59c627121be3363591486b79efe0204693674d3f8dd1614af6f44e3da10df4731262e0b99547b427 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\ffmpeg.dll
| MD5 | 9e95ada205ca94eb4d3fe9b3d03530df |
| SHA1 | 89d2426b26cc7df001b6824413e6d27a9a184bc3 |
| SHA256 | 6c586ecae866b9a06bd41ae49ccc635cf2f81f0b0aad2731f016badbebefb864 |
| SHA512 | 8bdb95478ec2dc831f188d256e63320aec54b3c1976f8698340ef383d9fd6ac8687ed2949231199a9f2a116afab6637faf773fd31e24bd9e5f787513b2f63708 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 9c357125820ecbe562e25c761e9ff0c4 |
| SHA1 | e37506efff192c028092ebadb10282df79fb4b2f |
| SHA256 | ccc7e42cdabed268c2f903b86061a8d7cf1796ec45756845644d0a0447a311ae |
| SHA512 | 7945f72fd017b1f7049ed2a133468d95bdfae3c9b061a30cf75b72b45840fb0622707202c9dcf56861afac34846086a463cd1e19ed8f206c3e659750561766e6 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\2YlwMmhuEtU0ceZANMs6XB5avMM\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
memory/6680-2706-0x000002C1FA440000-0x000002C1FA462000-memory.dmp
memory/6680-2707-0x00007FFBDC5A0000-0x00007FFBDD062000-memory.dmp
memory/6680-2710-0x000002C1F8550000-0x000002C1F8560000-memory.dmp
memory/6680-2709-0x000002C1F8550000-0x000002C1F8560000-memory.dmp
memory/556-2724-0x00007FFBDC5A0000-0x00007FFBDD062000-memory.dmp
memory/556-2726-0x00000140B2F90000-0x00000140B2FA0000-memory.dmp
memory/556-2729-0x00007FFBDC5A0000-0x00007FFBDD062000-memory.dmp
memory/556-2725-0x00000140B2F90000-0x00000140B2FA0000-memory.dmp
memory/6680-2714-0x00007FFBDC5A0000-0x00007FFBDD062000-memory.dmp
memory/6680-2708-0x000002C1F8550000-0x000002C1F8560000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kwsga1hi.ufp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3200-2743-0x00007FFBDC6C0000-0x00007FFBDD182000-memory.dmp
memory/3200-2748-0x00007FFBDC6C0000-0x00007FFBDD182000-memory.dmp
memory/3200-2746-0x0000023CF8AB0000-0x0000023CF8AC0000-memory.dmp
memory/3200-2745-0x0000023CF8AB0000-0x0000023CF8AC0000-memory.dmp
memory/3200-2744-0x0000023CF8AB0000-0x0000023CF8AC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsb9870.tmp\nsis7z.dll
| MD5 | 7c6881963fc0b6b56564b3bf1c8c8da7 |
| SHA1 | 40a3d883171cd4659d2bc021b21e77a0a6de2582 |
| SHA256 | 5e8989393cc6761f00f6d6809dd0ca85f5e063214c2a48e36e4258663af38b29 |
| SHA512 | 0bd2b375edd3e37a74e1691e603861496780bca2afd2fd300b5a5b09a678b7eacb55051871e986acf45de99057e6706a52c58f23dad9ee16eb2d69b3ae0b7690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b32e730223c5315b439130620ee4aae3 |
| SHA1 | 37f6855b2c01b0e2294a6107c24ca9eae340fa05 |
| SHA256 | 26dfac331870f4b4d1a88cc860465f844035eabc789024a91ce78455155fd294 |
| SHA512 | eaa673ccf398bdeecc9ac2d2b3db8643ae1aaf21ec4e5663495ca4b3e58c17c921400e14677615b5c05f153c109ffd7234df8b309383fa6f5ef755199583bc84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b0170ed20daa38a631369c9b63230e23 |
| SHA1 | a8456d71fc0527deba5c610feb9eb5fe4ca3b01d |
| SHA256 | 9a73b2193abd6d8c433eeb61dbdcb62069ad809179677399c77eafa76df48b68 |
| SHA512 | a011f9567724e4958fd2686337f10a78bcb4265498f05ed910888a5bdbe1ad9fc2c4ed37e4f930f621271770c1bd06be7105192ea52982bdfb663cf24a7f038d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 29669c3d8ce4cf97ae1e71b024af98a0 |
| SHA1 | 1130d1d8db8d973b857e86382916701f55db6788 |
| SHA256 | 189200b96fe5f90ef155d2401cce953ebcef1b38900eb4f351c4ffedc6e424be |
| SHA512 | 9dba40f2697dbf63f27d29c2d1de0af60b58240066fc21c1bda1775129f15f32f6449050519c7deb07621d1ca4f36d18298ed4e36018c7bae5f38722f9bbeb46 |
C:\Users\Admin\AppData\Local\Temp\nsv9A8.tmp\app-64.7z
| MD5 | 5ec6b1a813295cbead5afc6c41b778e3 |
| SHA1 | 8fa2296638e8f98ce0a9925da32c844690582c2c |
| SHA256 | 9680274110da6556f3178f63a951b5d93dfda471587d2c8d645d4d2ff55a1d16 |
| SHA512 | 2379c3adda67a86bf2b2e6d8d1cd62133765a297ac47197a490152a6f58a4b9c972fb6a387c17c1f4faf78d68b131f26d05ab7881d81520cac9a4c1c66d8c402 |
C:\Users\Admin\AppData\Local\Temp\24d48276-e23e-475a-90eb-8b19b3ca70ce.tmp.node
| MD5 | 3c02cdf84ab796a60f9c44c494f43139 |
| SHA1 | bed23d54eb4ecad3e5206b9daf42af06b73345cd |
| SHA256 | 24932be111f878a0f1a7ff48c456f8a5f7a0ddeb85d2b621c7f39e741e964b35 |
| SHA512 | 06fd4d65c39600ad1fcfd00a7fdf4df1e3edbf7d1d258b8c23e0f2492279226cb9d07eefb4ca7c629d4cb5afb605739cc1f590e80239d3ef4bbb5aefe1fd5fe1 |
C:\Users\Admin\AppData\Local\Temp\b68554c3-33b5-4ed0-8663-c7e012e2571c.tmp.node
| MD5 | b4fdfd0dc44fc37a4098c836c5794ee5 |
| SHA1 | 9551c711b6f211ae2847739c54951a84edd3a57d |
| SHA256 | a1c6228d7d9a6d9b464756500d8e43a9b52e585ef5e979dfc0f29e1f86d9e226 |
| SHA512 | 3b9639bd9b1188393953d76ea1118c5dded23436e7139c3e1fa4735a83b982748266b9ddaa02c73b31f7549602123a21a8ace3f3ea10c837607cc17451669cb8 |
memory/6504-3628-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
memory/9044-3649-0x00007FFBDC500000-0x00007FFBDCFC2000-memory.dmp
memory/9044-3650-0x0000023E7CCF0000-0x0000023E7CD00000-memory.dmp
memory/9044-3652-0x0000023E7CCF0000-0x0000023E7CD00000-memory.dmp
memory/9044-3651-0x0000023E7CCF0000-0x0000023E7CD00000-memory.dmp
memory/9044-3655-0x00007FFBDC500000-0x00007FFBDCFC2000-memory.dmp
memory/10128-3666-0x000001A7C2E30000-0x000001A7C2E40000-memory.dmp
memory/10128-3665-0x00007FFBDC500000-0x00007FFBDCFC2000-memory.dmp
memory/10128-3669-0x00007FFBDC500000-0x00007FFBDCFC2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef2bd0914528dc54a87bcc63d781ef86 |
| SHA1 | ebb56493105dabe39acde530b0f87f26438451d7 |
| SHA256 | bf46f6a3378add173b816cd7ea54be2c9b2cb0978b2a9345063ca7c6d05f9bc8 |
| SHA512 | 765f45580de2351f8e02d1e6b994924061a6302474eaa542dd60c50e3661404199803101c9263b9a118a2673c11c484d49cabe25900b3bc835c0e884916d6bfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4e6e0daa9d1e86455b783051ae2106f |
| SHA1 | 6b9bdba7c61a42415723c6dbee2165cd5ffe22b8 |
| SHA256 | 386002ac3bfa748ab265112ed08a479789b7bc6c6648212150d1435eeb159178 |
| SHA512 | af0e6bd42b798643787a35f4c275d370374aecb4480ffef523928a8024eeb78d4cdd3febaf414a83a61f30cb0324a750820fdc4614512012368f7d1ce1d46db7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4820db2eac5252c7ba7528522755a133 |
| SHA1 | fa37d4dc97c2cb525f00d0a69917ae9b252a8118 |
| SHA256 | b390d344f49096a98222fd502f8dcdf6b2ecc1234d798868dc1e1b55ce997592 |
| SHA512 | 660b5c5480d2847dd9e048410661ebbb7b077abcb3a53d14f5f49799723f963676060d6e731a74d793530ff834305f99c7e9f03a2a75f325dbc1e009613b5b8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 242fdb58a15c8dcd0fce39bbc9b6fbc6 |
| SHA1 | a3a8682d58379146add53853c90c68c848de1893 |
| SHA256 | f3014d6739b2de7c42dccd08f66182b8331151d7761667a5dadc24a271a4b027 |
| SHA512 | 45925ea4dd55f3617c9c11244fb6937012e74c77bce37e28a0a28798ff475487f943444a23a53f604447195c571d3666a1cb6606b4721521957567500b8e0a24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | f0d11cde238eb54a334858a3b0432a3f |
| SHA1 | 7c764fe6f00cab8058caeba38eb7482088a378f4 |
| SHA256 | 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96 |
| SHA512 | b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
| MD5 | 58d4ec17141f90f940c0c8cf1babf0c4 |
| SHA1 | 188d4da38593a7fbffa950c4d7017a40bca8e8f1 |
| SHA256 | 07a29e19ab31e312a9bbe223588b66408531bdca831a97fcf79fd30206010d4d |
| SHA512 | fffa1a79c33b2212974a50474a1798a20e0667befa77391f97124347bbefd4bb7785e747aa02482240cacff1a5305c4d92702c7467554a0f0e7660105e8b9a24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058
| MD5 | 873c4764c2a7befb6d4d78650fffa6cb |
| SHA1 | 3052199d1a09e6aa9a48667267a1a65e01925785 |
| SHA256 | c6396cfb3b709128efd82810adebff888f1af62d634f882abf05b09cde839b15 |
| SHA512 | 385d88634055001bcb3526b0878f2a9adbc02b77e60d0c72a3cc9d81c0c8e59aa7ec04f15e7d80e34ec416c876631288171c8924ea91482b12f7b8ddf37bb2fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5946bb65ec556e1e8832ffefdf0f90cb |
| SHA1 | 33a841df0b0571f1a4efc42887553e04daba6fa1 |
| SHA256 | c70d242c5e26edac3ccc771f787f2b580056dbc8b17d7d5c421452a71d4e3a6d |
| SHA512 | fca9e8bfb331e839f4db8946947540bd2210466aed864b36e824563e790f1c9b27bd0e8e6dfde1d1b3e88b03bc76f3ea7e72c4a9dd27541d9aa8457fbcf98ebc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 287a47a001703dbe0ee73e74b2c09da5 |
| SHA1 | 4c0914b5aea3bb2c746644154c43f999779f9f46 |
| SHA256 | 0726a45eec7b788a2174dfb0e195863494f876dc8562833ec26048d6cd029af9 |
| SHA512 | dc49f9c114524a76e59dce148ffc9bf965632c130dd6f7471ffe6a45b64d474cc23359e29843c103fa19c379b963d547135ed9bdde17a724100801993cb43123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 882122f47604115048eba20e5ed7b1ce |
| SHA1 | 37fffae52c1a0d14d21a0bf687d38fd8364d788b |
| SHA256 | 1300ab242253a6d0499433590c1c37785c273bb194594ff20c6edd9f7b118a69 |
| SHA512 | ce46527f2f9822425ad535d0f4c4e1280f6a03745768abf0ac0b7c82b4b1ae29c7fa4c880b6665c7e8f87fe0f98b3d859d21990e0cb8ab13974abc2ee471853e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4f416bc5530961b250be2296df83231d |
| SHA1 | dcd6a932d320f9d47dc800686cc67ac8e6d15ceb |
| SHA256 | 66916facff233158f85fb54cc7e8eeb0f1a2fce474758574083d40e1b6192a38 |
| SHA512 | acb840a02dc41aa594b5f904099f797e588af5de7bb06ce066c9c43afbf3b27c58fe68250be82c9fe79cf02f3d232cd5c25bfe70d9b2d5fddc931a9de6c0f7d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1
| MD5 | 7270c5efb635e161172d21ae40aaeac2 |
| SHA1 | 795d2180a973f421b5dcc1a508bb187d89feb05d |
| SHA256 | 53540896da2a6487ef3bdc73e045fa23f41c58c299d5a295ada803ad939fc844 |
| SHA512 | ced3dd3e57b5274ca5b5a37e10fd57c3e64735aebdd41b7bc9356d196f14dfadc49f734d069726a5be82026b1f9a8149ec9129f9e37324ca0b8caefe1225fcdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5
| MD5 | 5139a3f3ce6e1d235c8284ad88e6d531 |
| SHA1 | 38418a77e5c3945417908de3b071009e728d66b3 |
| SHA256 | 2d27676c636efd83f4c1f32e7b0f5a5ed5b2bb245ce926381c25b72942bfbcbd |
| SHA512 | 4bdd34a645bd9c216f2737248cf5b6032367e7c970ed5ac84e680c1985820601500301f1f248f42fcbfc6ce8b60263fc600cfe9a87275f13a9b25fec6561d5f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e788554c2f7c43f76533ff4eba1c5bc |
| SHA1 | c9fd82bf7075a76b5477fed99d2ab6e8c608067a |
| SHA256 | 9d281fe215e69b5f30af2812ca84f1d1cdaf984b3c668b3c2a7313a6a719e45f |
| SHA512 | 00ad6b367fa0afebf0c58d34459ab453519c0df8803ad91223e8e12277a962385e8b8d9df0e495091e2b379581462e76611c4177da9611ab14ac86493a491299 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 483005c1828d4078b699475ca8719cd5 |
| SHA1 | f7852c6a26fd45fb593ab82387be63c7a0acb96b |
| SHA256 | edf2a48bf64423d5fb22247ebe7ddfcc7dfdfa8fb699704ad9eb3646cdf1d6f3 |
| SHA512 | 3a3803d347564bb578deebc1102ccde62f87686ad395354e39c8bd7efcdb789b742ed2011d51062d052455f2553de33dc932462ad7f94cc4a30e127543b8770e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f0286c82d97a10b94dd43702d39f111b |
| SHA1 | 0786f09fe4e00476322cd568fcbf95df0c648843 |
| SHA256 | 61a1fc8335b84445a77343fcf4bf8a04a8ca1930915203397d743271a00ff7bb |
| SHA512 | 16d1fd329cf297aca271b686cffa1cd61fdde402952629a8ea67254ceafe33adf883a453a4c14f16067b3a36a9a900def18bd792224c6f5b0a5d4b78aedeaa58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a690986d1d9c4e8a9b0c38ab680196e |
| SHA1 | 04d3a4bde215ea272ce3d449b051848124c6fdaf |
| SHA256 | e7274afe75340c4ef673b311bb671dab95b4951dc89b31e0ff78b4c40950ce82 |
| SHA512 | fd5c7880c6ea877e73095ced7edae28170da0ccffe0f30cc4db1258e713eec0f67f0d67117817d82b1807e135b08db6e72d51f5371227f18cf6e0280b17a965f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 587b8d4f3f222d752573428da17174b2 |
| SHA1 | a400f4a5f381bb5735ffafa383a6a38f5765d9a8 |
| SHA256 | 6bfc3032372748d74b2afee230e3fd557c7c6062252ab020a135e78b6e468987 |
| SHA512 | bddf15d015d52eb03a867018568c75c6bcf96d09f901c80d50c506666bf7c38b77ce3126a158ea12cd4266c27c449f026da00e791ead5b9ddd1c9073e8afe9c9 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\button-normal.png
| MD5 | 4b618927fabd5bfea9cf228c9e3f4428 |
| SHA1 | 7dbd0ebee22f43e831bfdd6f523d64e4fa3b3bac |
| SHA256 | a768c604ae9ef96d0f26d8e6c46b0c24515ada8945c9bd8a86b8173eea730653 |
| SHA512 | 7bacb6b475317b1b576f7be9f88838896a66b134dd8ede5f33c03b30b8f028c2f221e4c424fe94ed97a1d580cfc5894a4e60c3db48a9548b53ecd264803b423f |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\button-hover.png
| MD5 | c3b0e9ed9d0658f1001bbe0c39646e59 |
| SHA1 | 41ed12d4645a1a6078801ac9944ace6e03acc5f6 |
| SHA256 | 936a313e370e0cffb7f92cdbc10dca11e63798186d8ca29ad66154e81af4c7a0 |
| SHA512 | 96161a002af7cea0bdaee7a958403840fcc3afe461081690f9ff58cd497c2e3633c8482dc4d26cdb8bcace3197eaf356f000cbfc8d1b7e6b40b6a0ce3b4303d5 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\arrow.png
| MD5 | 2a9e7e3fdd66157922465ce189d69af3 |
| SHA1 | 047dab8f85e90c2911875c826ac6c80cc1c2b4a5 |
| SHA256 | fe20166694a729af85baf6547aca4e3a5297888091ca69cd5588ef1e48616e2f |
| SHA512 | fa7d07b3374a89451db65722d3b289165452a7d45edd8119e817d11cc8a84b5863253099e01ecbbcb4dca184da852d3b355df6db287570e7a27c70ca304e09fd |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\centerImg.png
| MD5 | 63ed3f09dc01f121b261b681eb77551e |
| SHA1 | 4144be490d7045d37b05cec2b547385f04c35bb9 |
| SHA256 | 8627777c53a31448c9e61705478b77edbaa2dcfd55ef930eb33f840bac014781 |
| SHA512 | 353ef7b301b5b2170f02a7438ce231b231304ec528ecd3687ff5bad41ff19d1efbc93e3736d86eb72b8c274f2f4936639e767c116266c0e850a167b680bcecef |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\progress_value.png
| MD5 | 37ffea558ccd74932778cffd5bbab974 |
| SHA1 | ef105a7d3e5370ee0599a54447ebcafd67f0686c |
| SHA256 | e9b73d55379abb474e251a44386d4b28922f30c3d135c92996a6310af59bfdfe |
| SHA512 | 82f9acaf40aad817d947ef5d344ce33281d50b477b821180d602a29b2f6922f471cb9eea7ff5ff9c4e30e54ae8e395b5b3b603d58cfe9396ac0a9f9b3da5075a |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\progress_background.png
| MD5 | 17d7b3b6595a0d6860af793bc8916f30 |
| SHA1 | ac22b9436a194c1535de7adc20d9a7437302df8d |
| SHA256 | 74bfc424e331df2961b4df57d65fbffc116594333dc1dde0cd1277c351fa9c69 |
| SHA512 | 7850866913aae6a91a9d30624939aa14d330216b723205b225fb1454d0adc4c2cede106b846d423ec79c138f7e147cea7acd9a29a4eab7d513035f8212ccc5ce |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\header_logo.png
| MD5 | 9f74dffb0fea380b891a7b1596109a22 |
| SHA1 | 256c884dae9a58ecb5ec7525721a78321f75547d |
| SHA256 | ec9d030b3f64cedc4645f8efea56baff55f1b13dfb0db6eececdb9612676f893 |
| SHA512 | 8defba25f67895fd2481bce885a9cd8318f0a0d3f95082758c2907c1ca75f93d78a541c0105ce018cc457570cc63e0cb8691fabaf10222482b430179cbd4f37c |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\footerImg.png
| MD5 | 59068c9a357b259a32c5acf1eae1b6ca |
| SHA1 | cc30ade1b55ca43070ddce5cc9d613bfb28a1115 |
| SHA256 | ea52a6f973100cbdd3217a609ef3737dae42597dd112165fc8a0c42fbd37a517 |
| SHA512 | 3c57bb3494757aa9badbd77f3e5f84f680104bea9778dc8e0875ae18eac0595d8da5aea13643a81ba154633afc25412a2e12f843858d978f8233380c25fdce9f |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\img\close-hover.png
| MD5 | dc25f8ebe54644f4c207f83711ee04ac |
| SHA1 | d780363532a053591025851ea8cc931f7d611db0 |
| SHA256 | 0b0df46552e1b95349c2f9d65dbb7379a7535e1a8a3c18c3b27958d0d8308e9b |
| SHA512 | af5f5785afce29d37afa7636f69354e5c7b7252f01dce95d8c7ca3e83864192fcfd34d95571275144df1662fc522b668c392bc2ae323940f3e64a2e318e6026c |
C:\Users\Admin\AppData\Local\Temp\e623b1f\common\js\jquery-ui.min.js
| MD5 | 97753710dc6fc2f47616d0578e991eb5 |
| SHA1 | b28a9c0b217aefd5c43ac26cd1d2a45a44184f15 |
| SHA256 | 2e5f9b159be16a83d09c1dc654c73737e10d2a6f8372b51be480b1ba42b7273c |
| SHA512 | ed9aff4ed084eafa0fcaf213f10e5ba2a57b1b18eed4410d6c1a714e6f02b1dc0e94ea5cb45ee70f4556d8a9196a8f606b1e058821ac1673acdcffda18161465 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Agreement\page.js
| MD5 | c6439dbc2eb9d5b026ba205932958cbf |
| SHA1 | 2ddb7e7e09260a9138f4e282985a8f26ba7b7a09 |
| SHA256 | 934c949b9369958c7c2fb293283fce40f08dafd63841f7ca46d7e46c552e9c03 |
| SHA512 | c5fd1cd91a0d19e95b56ed06f625923176faddfbf91c668e76755420da3691f18fa3ee38190908066b6b55da54543ca9ba53b53a199e1b7e9e38a016c24ee185 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Agreement\page.html
| MD5 | 9866262066431a37850ee51677473bc3 |
| SHA1 | 90fdfe4f61294ef4cc9dd0d25ae482b6ebe5784d |
| SHA256 | 41700cceb0226f9198b1e09be78e0a2942cfcb71529f679cca390f7385502a2c |
| SHA512 | 9b5a991f06490bae36cce22c01c56357ff71cfedebb1e8b6910eabb0671bafca54bf5040a0c56d138e4e5f752f012b918f5b0cb594fb4e9bfa68fc97dc4d5229 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Agreement\page.css
| MD5 | 29bdd72e463c39cf131b664c77325f2f |
| SHA1 | 9cebfacca0587379482312140f5e9f907b3c3e0e |
| SHA256 | cc2c612878921b73e3b8e0058fb6e638dd21ad4df684c1824d2b013fe773be09 |
| SHA512 | eca5bc7ce4b203368f1234871163262611d51b1018ede3d65f7d8682c497b18d2cb0ab51235c4eec72dec24d1254f61f83c065a0f631ab3c6fdb423b0b437e30 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Agreement\features.js
| MD5 | d6c9af2359b6d2b70f5952362d97d8c5 |
| SHA1 | bad5a4f26a1c3e03d7aed0b1a2302f6976968936 |
| SHA256 | 2a1591b93cd0b7c8795b04aa47404c4a1c0b8857e7adfdaa2590aada61133802 |
| SHA512 | 0653839d20ca7baa94af04bcf09289cfb480c0e2b5202060e9d966fa6a79f0d618ec22ad75cd76b97df4cd939e27357b1aeb9527453180c100dc43282bcc6ed2 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Analytics\page.js
| MD5 | c52f9696d2dbb145633a7ed1eadeb083 |
| SHA1 | a04c1b23882af287d1f53331ab8e493982ab58bc |
| SHA256 | dccd51191cd0c6a31e5692944b394f8f2c6596d4dd44982a362db26342d373d5 |
| SHA512 | c82bb2559dccf7c6795987e1bf400745433bf183f70be0efa71a68d3592a7feaa97d768e988eeb6d69df2879667f9afc2b0b498c7593a59558c1c465182f9b76 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Analytics\page.html
| MD5 | 7b278f2ca126e16376800d6b5dd947b6 |
| SHA1 | c86c7b8d46dccd49688489a748535226526c63fe |
| SHA256 | ca8c664cbb210ebd14e92853ec9f6067512744158c795cc4dd510e99fb32e036 |
| SHA512 | 114fd77749d08cb28241743054bc06fa36cc3189c10e789c0f960a08e29600fa7c3253928dc111da8684b4d3f4142722a082ff1efd4b2ab884290c7c774de79a |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Analytics\page.css
| MD5 | af4b32d23820c5781ea56b460676d21a |
| SHA1 | fc5e6c096a187932a1236a4d481a71c6ab10c4cb |
| SHA256 | f2c24a684a60d7345664f8f34103bafdde952ecd93925411d380314d7e6d9532 |
| SHA512 | 01f7e10a94aacc29c208423f20e221429579d2e2c4e1bb8fce680e4b294d015ec50081e814217df22246f4b3a10de35ef5bc465010677a70c7d53d2c9f7a11dc |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Analytics\features.js
| MD5 | 4ae15c449669ebcb864ed45637c3e3cb |
| SHA1 | 467a81a8e3f044a5b7f7369ed63c430d83a84b48 |
| SHA256 | 7b19373f0e1b5bfc2499da6c4e0d8584b0371ead066f09aa5df132528334deaf |
| SHA512 | 8ea665748bc574b162ada5f3f535969ba286ff18b49c3414f95f84621c92ab4ee8ae5c27598138acd5429bdbba9f85af45b46b89e66546cd312f00bc2999f9b8 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Downloading\features.js
| MD5 | 40d07e37e26ee54a57b18c70c3e63d04 |
| SHA1 | 847ff3c3fdb4188feb1cb86034086543831bf75d |
| SHA256 | f234498755b699a077ef73c1c82973d39078818bfb7f68c35f2ed0202807cfe8 |
| SHA512 | dec4c2327da5323b24914dcf8211b7a9d31524e57f10898401005449aab8dc67f28f160e94b8fcac4c0640a24b24233684048f19a81c513e376ed430be28b7f4 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Downloading\page.css
| MD5 | fd543ce2d5587d66e98135a722170e85 |
| SHA1 | 9cd68d0935af90f185d7a705b7c366ab49f04df5 |
| SHA256 | 1fdcdf740c03adff872f260f3eb092c2d589b89d14d971e15fdddf27ea7bd802 |
| SHA512 | 2b668fe2748224b40da910547732a15f112c483f9f3c0f139e5f7d2d9ff007e184ba11a4d425b90b976d9bcf9974d6be49751c69f233ec58c368cd6a401d6453 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Downloading\page.html
| MD5 | 5bf37181edaf9d4051264105a0bc593f |
| SHA1 | 7590c29aac79246969416a102f4926a4f06f117b |
| SHA256 | c4d316dc0b7988a7e4bfd8dfa9f69670132a4fb3918ebe38306f75c6c63b93d9 |
| SHA512 | dd3ddd878f2e46f0c5fa50c56fc6d9fd0f179eafc17ba40b405fec0c899d8cbf0d9a80f15a8f0da02234d3e2eddee6df2bb03d061dc7113c39888fba012b1dcf |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Downloading\page.js
| MD5 | fb8274da21a03e1edea1815958418f51 |
| SHA1 | 8600bf528c93cf7a7c415ec63aa69fad284773d5 |
| SHA256 | 4c5f5a13046daed4469c21edbe655e5d9dc9e91bec7df9ab87de44809d1094b3 |
| SHA512 | ea0dd049fb40b1cd28230ed13361c78c14b388168a5d80c9d4b659857eb0abbf6df2778a66f55374532992020777d25741caca78594a6731b4ac70d4aa389a08 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Finish\page.js
| MD5 | 93ac28d1917ae519f743568f96012230 |
| SHA1 | 256ec8cb4954f536aac06fe9a675f34f57b6961a |
| SHA256 | 37d603cc938999d6d057008e587b62d4b20d92c87eda816ed7176cba4500326d |
| SHA512 | 24c12698432285a898ae2ca32720c463c953c604c6019ce11d561eb61e7c5e05fc2954179f81c097d24ae9ee63abce929bd5098e76fc5019fc4f6c6ea8f26c05 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Finish\page.html
| MD5 | 41bfaedb192bee87c1c56891bcc82365 |
| SHA1 | e8cca3e6ae94580c8c2c2e7759e7952874cd8cf1 |
| SHA256 | 3005b43a1147d9dc34acf39e5f925ab2350de83615bc5c71586de5bff088d57e |
| SHA512 | 2ee621a7df355f2414b233106d397ca844db4334ddb4253d31a3102512a0fd66bfa3e981039ee2311686e4e075343959c1e6459a19ab271b6150421b40f27ce4 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Finish\page.css
| MD5 | 9abbfa8ea18ae3a46a50362832e42577 |
| SHA1 | 11e935620bb973e4748fd4d29d4851ad49e0b9b8 |
| SHA256 | 55c31b7dc175910d53d0376ff5ddf4b94be4d3109f390a924157187c23451b5e |
| SHA512 | 269c071f3cbd07381b84628268e07e05237c56ad266449a5e691e23951ad4958af5cd09e415050057c9e854237e70b8fb5c969aa14d67b85cff7c1e1b2056f2b |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Finish\features.js
| MD5 | a8a9d7cdc3428c8bc26111f7be3695c2 |
| SHA1 | c219378f4e828025717c76c335e3ef1c5702ae60 |
| SHA256 | f1c05ddb3ba731f2587f01c978168c76297880896a262eee77575fc5ff72a951 |
| SHA512 | 5f88d31b11b5a0f880e0199680e1b1a29aa0b6e954940c35140148eed439fb5dfe46565f20c2184460ff5f814c6cf38ef1f48b4258be829e45137b9092d48f06 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Installing\features.js
| MD5 | f6d73e0e314d91ec34e14dcde96aeebc |
| SHA1 | a462f179ec232cc5de0ba2388fb3f5f39f696db5 |
| SHA256 | 90795d388875950b15f843e346345d04b8b0cada6b3c73e0e13edb2fadba1c1c |
| SHA512 | 947dab403570348ab04582bad64943179c1acdfa3514e76e8abf02f4af5af0aa4e32c6040aa0230c9e6beaf3dcccd358a8c0eb08d1d79cefa612794cd3246360 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Installing\page.css
| MD5 | e329472f22e005f647f671876c54633a |
| SHA1 | 897630e1d7b056e253e002ce53670b5ce7d815e4 |
| SHA256 | 415eb87b37fa9dd5def597d3462aeb281e6ca032e011fa4fb31ca1626618f62b |
| SHA512 | 8c24c396125ed8340e8b0dbfad58de878ba510dfeba66d4c463c195afe62904aed743525ab8481ecc19c11f50748f7fcac0a36a5f69f1c80aed8507bae159de1 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Installing\page.html
| MD5 | c03747d4bb17f012283d39767fda76e9 |
| SHA1 | eb24063361400510fb7a392053e4120341602682 |
| SHA256 | 373eaa4ee1aa75efd45803dbb78bbe6e72ac1cacd62d6ac9694b3f878d1d9be0 |
| SHA512 | d4f53e1bf69706c0369747c6792f0c023999799673d6826c41dd4f9ff3280bbc81b2717709c06a538ee434cd8207a6a4de4949d6a68e2d6eac4ee81b2de90874 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Prerequisite\page.css
| MD5 | f6be81ccc8dd26bdd406467895a86de1 |
| SHA1 | 75e83daad0b750efc0d615e6efda1b3635287ab5 |
| SHA256 | 838bd6df9b1fc1a1d236a93687a48ca2f95fd38a1d377ff8f8eccbfb3e4ceed2 |
| SHA512 | 27857b60a5ab01044ffd78efcd560281e97f04ce09651f51527d51cfe23f0182423d6fa8d99337c33feda16970a9f1741475f193fe02249b09f676d259c7149f |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Prerequisite\page.html
| MD5 | 2f514596d7ad1035896215c0d193d07e |
| SHA1 | f58bf8e74a5b0559dbce0fd65d33f3434acc296b |
| SHA256 | 433623b8a8103892864355924f7a54eb7e09697afc8cadf7a281906a8db3f55a |
| SHA512 | a8852dfc079ac51bc1a7843bca7e8880ad61f955b23698c6e8fa6c1fa8ebc7fe42605c06eb9bda2c2e53d9f0385e5a1e76b3bf1c639bc1ba636b286dfcb7d6c0 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Prerequisite\page.js
| MD5 | def8094ed17e208d23a4a5b1313645b6 |
| SHA1 | 6bbe68096b8849dac975cb6db6cb1dcc2236f5a0 |
| SHA256 | e055453eb302a29991326e64bedcf399d39274bab0b6aebdfd311e71f8345eab |
| SHA512 | 11a2e235c89eac39b9c7642e6c47272330efc757b828d0261f587ddce0c190f3b08acdc124bd7c64ddb1cc1bb7da78a81c781417a54a1c3c415886317cb4836e |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Welcome\page.js
| MD5 | fda79e06c6495f84d59e1a26449336b7 |
| SHA1 | 9882828ef3f934e059d602d120317547b5e975ed |
| SHA256 | fb50127f5669e8f32762b734267487c3fe572c598afebe7a948921e60281e7c2 |
| SHA512 | 74c65d17ce61ddf8901c84f2df07d935c1bc9ff8302cfc42cd660a0e0261027fa182f21e12b2bf64700c512c2a9706a91f0653eb999572d22fef1ad2ce53385e |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Welcome\page.html
| MD5 | bcc519c4b8ef7e26aa39681687ffcb7f |
| SHA1 | c59c36dc00e283553e45efdab2eecbb9b5d830db |
| SHA256 | 308d7eb472a0af7f045ef22ca108c7ac7eba002ca4b9d31cc0a0854afbeb7542 |
| SHA512 | 852e01ba2629d2093b37e93b5b0b75123cae153d45c349ad2f67867aec77b2886199ab6c32415f41a80409bb4619c0c11d020b884cc780ee8d1651cf55ebdcc0 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Welcome\page.css
| MD5 | 4409b32e730d40c01b77d91e28ae3ae2 |
| SHA1 | 2a9510313e6950237d5c9c43ba60537cc5cf8a4a |
| SHA256 | 559f1924daf943ec970017cb008f34108eb829d3ced1c47f0602a27919476895 |
| SHA512 | 45d714c309361980c7a21eb8e5e6c02ed3c6f7e3f13a2ca7b436bf4905b32cb701bdb91b1e7fea037249055f282d84e551da52acd5ad50e224f04ad213f76b84 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Welcome\features.js
| MD5 | 07a983653f6ff14da5a355eda093ea6b |
| SHA1 | 60aefe57052cd14cbaa28f22bc18a7a6933503d3 |
| SHA256 | a3dead0aa2b886493733f48ada2c20aa3185fadd9d696104b1e3d6c21c37d433 |
| SHA512 | 6b8079913ccb26b003c620889d33059beff45dec6ca8ab5617457716db4b2cbcc21effb403c1bbab72db0e9bbe32bd41274b6d486fdac8016d7303555b259892 |
C:\Users\Admin\AppData\Local\Temp\e623b1f\pages\Installing\page.js
| MD5 | b69b5551744bfb19aa7f19c7c702d7ce |
| SHA1 | 2b8d3caf4ac7da93aa1fd24cd2d8be4d78153eed |
| SHA256 | 40640c3065f17ad7f736ad72f2f30ac6b7cf5e882c32bc7ba527d99dfbb41763 |
| SHA512 | d8903cb7062c735c3732c13725d24ea90719fd131a8f40f2ddfd453a88101745d07304d2bbcab6e84a0a06115f5a7b6fa5f338b0641081d104c4073ebb487130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 5f104e4c3d91186be4dc83770e0181b8 |
| SHA1 | 2b9aff5274eee8387500d4b600596a8beb2b7c5c |
| SHA256 | eed15b6f1d63f965e07a5465ba31f420943c71f5e9af154a0f290a8639232486 |
| SHA512 | 6391183fbc115e58d25edbf6afca6b24c32a0792a7d1aba742df10cb5610008ccc5c53758283afbf97f6b99fd3d07f2841566d6e15190a540fd71590b7b34e31 |
C:\Users\Admin\AppData\Local\Temp\7zO49A1A2E4\VantaCheatsv1.34.exe
| MD5 | 213ae80ad4c201f8d31da4194bbe5799 |
| SHA1 | 707ff1e56eeec73eaaa3b76e564f5553a5260b3c |
| SHA256 | 868378855eabc1be6343628dc108bc14ae3d4f8ca348028b226851c20941c2d0 |
| SHA512 | 99ae4c75c6ce031d7e39bea083ffa77e6c6b1f4179dc79cecf0f13ec171fd9c567f80842d224551655883e93f92f0e87efb269c6fcc53d64efac6b9363ac64d8 |
memory/7072-5374-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
memory/6720-5396-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/6720-5398-0x0000018D99AE0000-0x0000018D99AF0000-memory.dmp
memory/6720-5397-0x0000018D99AE0000-0x0000018D99AF0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/6720-5409-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/8224-5411-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/8224-5413-0x00000214D6F60000-0x00000214D6F70000-memory.dmp
memory/8224-5412-0x00000214D6F60000-0x00000214D6F70000-memory.dmp
memory/8224-5424-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/7016-6156-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
memory/7468-6179-0x000001F4A4FE0000-0x000001F4A4FF0000-memory.dmp
memory/7468-6180-0x000001F4A4FE0000-0x000001F4A4FF0000-memory.dmp
memory/7468-6183-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/8824-6194-0x0000012C86610000-0x0000012C86620000-memory.dmp
memory/8824-6193-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/7468-6178-0x000001F4A4FE0000-0x000001F4A4FF0000-memory.dmp
memory/7468-6177-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/8824-6197-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/8624-7076-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
memory/5712-7097-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/5712-7098-0x00000241FE8B0000-0x00000241FE8C0000-memory.dmp
memory/5712-7099-0x00000241FE8B0000-0x00000241FE8C0000-memory.dmp
memory/5712-7100-0x00000241FE8B0000-0x00000241FE8C0000-memory.dmp
memory/5712-7103-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/5468-7113-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
memory/5468-7114-0x00000168A5520000-0x00000168A5530000-memory.dmp
memory/5468-7115-0x00000168A5520000-0x00000168A5530000-memory.dmp
memory/5468-7118-0x00007FFBDCBA0000-0x00007FFBDD662000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 266a77c004c573072c4f1f8084c1ebf3 |
| SHA1 | 89b172938e4f74d8193c2f0613a952a5b745a7ac |
| SHA256 | 3fc5d2cc63eb3fadecd9a7a88a9dfbdc61dad46c3885ea3a9a3508d4e0253b0f |
| SHA512 | 1d2af3b66af5e0f521891df9bf5d7fc64ec69fa24bfe1a8f0bf487497c7714e7b28ece594090133c23831379c35880c8890e869ffd60dd123e174d23e69a52e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa932e3f5094d1b4aeca985a6610f39a |
| SHA1 | bb57961feb95dd8df2a5498b6573785dd0c169cb |
| SHA256 | dec3e1fe4d3532ce905d6cc366f106a7fa46cc67ce71cc5f21ddf8583ccc551a |
| SHA512 | 2857de9f4f13fc3bead2ed11cf418d2e141bcb98ad4e6ae02ff48038e8f35706c7873f76d9e1b622dbe409394c4f232a7b13f13b0e667ad35627b68944a52335 |
memory/6700-8212-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
memory/6960-8225-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/6960-8226-0x000001C5B5090000-0x000001C5B50A0000-memory.dmp
memory/6960-8237-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/868-8248-0x0000021A7A4A0000-0x0000021A7A4B0000-memory.dmp
memory/868-8247-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/868-8251-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/5380-9109-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
memory/2632-9122-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/2632-9123-0x0000013F3B960000-0x0000013F3B970000-memory.dmp
memory/2632-9124-0x0000013F3B960000-0x0000013F3B970000-memory.dmp
memory/2632-9135-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/4260-9137-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/4260-9143-0x000001D01C6F0000-0x000001D01C700000-memory.dmp
memory/4260-9149-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/9396-10007-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
memory/2240-10020-0x00007FFBDCC80000-0x00007FFBDD742000-memory.dmp
memory/2240-10021-0x000001D9712F0000-0x000001D971300000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 1d4ec75baf43efd5748133f9bb104777 |
| SHA1 | 234f4525b63174ac8a1601fe03a42ccb9d06f7f4 |
| SHA256 | 5008358cdcc85dcc92a0b6cff8e89adf7d08c47858e33c7fa15a12c47cef497c |
| SHA512 | 704e19df398a68a41c4a86f945fe1fe1b80804e8edceba8943858044aa70d04a2ae5ef7fd857c6d3ee0a230dd51c87f282e0d8107492baa181aceb028429cf1a |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c02aff2c-0a26-4c9f-805d-6f0611659bd8.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | afba0d794e4bf69ac4a76853aa18d0dd |
| SHA1 | a8eb5bd60940d503cb97d52d83f9eecfdafa8796 |
| SHA256 | ede6a22d86051f0214c055cbb88e0c1184bb927520f95a25fb0dffda1bb6ae02 |
| SHA512 | e25c7971be08c4deaea5e1cf07764dbb404555a2fde55f3755f618cba63a1ffc4b0bc8f6a8a3bf91aff2c8876d55c3467ced93376234b99e5951291279ac76c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 309c087360b735c1c266ec3a3678de61 |
| SHA1 | bbee74d430c90800520980b74ba375a08f1e6d2a |
| SHA256 | b14f431f71c10a7bce507703b9ef9c3a49bc65a7fc8c248a2ddb09acdacc77af |
| SHA512 | 2952986cef4a604355926eec121044adb623c2f2a0526f7afdb17cd6efbea2dc388d2498a4b6868385078a844675d201aa97d0b77e2ca2d15535a939189fb71a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b71e20e7d2a4bdb8b06e05bf2da777db |
| SHA1 | e0e6039a06ecfbde3dc2bfa4d8b2bf426183671d |
| SHA256 | 798e59f04092cca6fc8b7a37d9166d1264e291cf0d13da44ff2b1c030c9201bc |
| SHA512 | 0faeed3a574b6e6b2813cfabab3688d301ebf0fd56eafb41146dcf2b026d5d84c04a3b2a1f4ed731db00bbff7099e716fc038674ef7e1444c001f20ba991b281 |
memory/5960-10427-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10428-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10429-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10433-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10434-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10435-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10436-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10437-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10438-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/5960-10439-0x000001D389D70000-0x000001D389D71000-memory.dmp
memory/7000-11001-0x00007FFC02230000-0x00007FFC02231000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 78e923850257e2f5a164c52cc0ba8038 |
| SHA1 | 8b8fff6f3ef003329fab46bd33c3173882ee9482 |
| SHA256 | 7abd871ce4961af4d2b9fda1b571903eea5fb9ff31fd36a88c9293dec5a2581a |
| SHA512 | 8769286f1ccda4036f79fb2a4283836eeaf9df450c6540cb1f9a3368055896e9e1c278762e6fb2fa9a302fe04d0409f112662040f6d9e4a06850e176311a1cf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74a212c9c3495d68bf71fbf0c459fb34 |
| SHA1 | ae44f97bb089af451e4aca8eaad799916990bf6b |
| SHA256 | 89c85af587c944649da27746c6bf2b030a1160ae36edcbc551b1245d17f58df2 |
| SHA512 | 6d23b505915912d22e397775438a8405dff9b1e3ed7e7a56e6ff72fd6704001a4523b58bde37307a4d3ea471ab712a814a7a5362e76897aa72476d180f925488 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 29db2b031ec7927f4f3ca9e5ef149686 |
| SHA1 | 4011e5a6f6556f07b76cd7222259d32f7a16f24e |
| SHA256 | a39e470c9da4ef803434923ae65787d66915a17dedd4cbac93760d9910a056b5 |
| SHA512 | c50d212ef6e630102eb9800c308725c2dd81590d56514d2191a508f0787e62a42437cbeeeacc777428a9c3c9f0c117dddb0da1c4f0e0c72c0d5ed1bdd566d081 |