Analysis Overview
Threat Level: Known bad
The file http://cardslive.org/ef058d4 was found to be: Known bad.
Malicious Activity Summary
Troldesh, Shade, Encoder.858
Deletes shadow copies
Renames multiple (60) files with added filename extension
Disables Task Manager via registry modification
Downloads MZ/PE file
UPX packed file
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops desktop.ini file(s)
Adds Run key to start application
Looks up external IP address via web service
Checks system information in the registry
Sets desktop wallpaper using registry
Program crash
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Modifies registry class
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Opens file in notepad (likely ransom note)
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-24 21:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-24 21:41
Reported
2024-04-24 21:56
Platform
win11-20240412-en
Max time kernel
891s
Max time network
893s
Command Line
Signatures
Troldesh, Shade, Encoder.858
Deletes shadow copies
Renames multiple (60) files with added filename extension
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Rokku (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Rokku (1).exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /autoplay" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\$uckyLocker (2).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\$uckyLocker (2).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\$uckyLocker (2).exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Rokku (1).exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\odopen\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /url:\"%1\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ = "ISetSelectiveSyncInformationCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\INTERFACE\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\PROXYSTUBCLSID32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\INTERFACE\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\CLSID\ = "{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\odopen | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{0f872661-c863-47a4-863f-c065c182858a} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\ = "IGetSpaceUsedCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ = "IContentProvider" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\WOW6432NODE\INTERFACE\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ = "ILoginCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ = "IGetSyncStatusCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\odopen\DefaultIcon | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\FileSyncClient.FileSyncClient\CLSID\ = "{7B37E4E2-C62F-4914-9620-8FB5062718CC}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{F904F88C-E60D-4327-9FA2-865AD075B400}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\\1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ = "IDeviceHeroShotCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ = "ISyncItemPathCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\ = "FileSyncClient AutoPlayHandler Class" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "PSFactoryBuffer" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 202471.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 902736.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 585075.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 877026.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Rokku (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 76063.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 806333.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 290315.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\$uckyLocker (2).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 299317.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cardslive.org/ef058d4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd83a73cb8,0x7ffd83a73cc8,0x7ffd83a73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 /prefetch:8
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8
C:\Users\Admin\Downloads\$uckyLocker (2).exe
"C:\Users\Admin\Downloads\$uckyLocker (2).exe"
C:\Users\Admin\Downloads\$uckyLocker (2).exe
"C:\Users\Admin\Downloads\$uckyLocker (2).exe"
C:\Users\Admin\Downloads\$uckyLocker (2).exe
"C:\Users\Admin\Downloads\$uckyLocker (2).exe"
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
/updateInstalled /background
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8
C:\Users\Admin\Downloads\Rokku (1).exe
"C:\Users\Admin\Downloads\Rokku (1).exe"
C:\Windows\SysWOW64\wbem\WMIC.exe
"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\services\VSS" /v Start /t REG_DWORD /d 4 /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop vss
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop swprv
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop srservice
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop vss
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop swprv
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop srservice
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\DllHost.exe
"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}
C:\Users\Admin\Downloads\Rokku (1).exe
"C:\Users\Admin\Downloads\Rokku (1).exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5504 -ip 5504
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 560
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\README_HOW_TO_UNLOCK.TXT
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1014020364501243111,17481859248700486140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cardslive.org | udp |
| MD | 176.123.0.83:80 | cardslive.org | tcp |
| MD | 176.123.0.83:80 | cardslive.org | tcp |
| NL | 45.141.59.166:443 | cards2024.org | tcp |
| NL | 45.141.59.166:443 | cards2024.org | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 45.141.59.166:443 | cards2024.org | tcp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 151.101.2.217:443 | browser.sentry-cdn.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d1mikxzr3lp4va.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2lmlpk6xgu7kg.cloudfront.net | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| GB | 13.224.246.207:443 | d1mikxzr3lp4va.cloudfront.net | tcp |
| GB | 108.156.32.137:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 108.156.32.137:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 108.156.32.137:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 108.156.32.137:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 108.156.32.137:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 108.156.32.137:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 18.244.183.146:443 | d2yz7ddtwusn60.cloudfront.net | tcp |
| GB | 18.244.183.146:443 | d2yz7ddtwusn60.cloudfront.net | tcp |
| NL | 45.141.59.166:443 | cards2024.org | udp |
| US | 34.120.195.249:443 | o425163.ingest.sentry.io | tcp |
| US | 34.120.195.249:443 | o425163.ingest.sentry.io | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| GB | 23.73.138.194:443 | aefd.nelreports.net | tcp |
| GB | 23.73.138.194:443 | aefd.nelreports.net | tcp |
| GB | 23.73.138.194:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | linkvertise.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.67.69.167:443 | linkvertise.com | tcp |
| US | 172.67.69.167:443 | linkvertise.com | tcp |
| US | 2.18.190.141:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | js.chargebee.com | udp |
| US | 8.8.8.8:53 | maxst.icons8.com | udp |
| IT | 95.110.206.108:443 | cdn.exmarketplace.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| NL | 104.97.14.227:443 | p.typekit.net | tcp |
| GB | 18.244.179.83:443 | js.chargebee.com | tcp |
| NL | 104.97.15.50:443 | use.typekit.net | tcp |
| GB | 195.181.164.15:443 | maxst.icons8.com | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.26.15.247:443 | publisher.linkvertise.com | tcp |
| US | 104.26.15.247:443 | publisher.linkvertise.com | tcp |
| US | 104.26.15.247:443 | publisher.linkvertise.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.15.26.104.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 13.107.5.80:443 | api.bing.com | tcp |
| DE | 176.9.175.232:443 | api.thinksuggest.org | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| DE | 176.9.175.232:443 | api.thinksuggest.org | tcp |
| DE | 176.9.175.232:443 | api.thinksuggest.org | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| GB | 172.217.169.46:443 | img.youtube.com | tcp |
| GB | 172.217.169.46:443 | img.youtube.com | tcp |
| GB | 172.217.169.46:443 | img.youtube.com | tcp |
| GB | 172.217.169.46:443 | img.youtube.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| GB | 18.245.143.4:443 | linkvertise.chargebeestaticv2.com | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 104.18.124.91:443 | api2.hcaptcha.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| NL | 104.97.15.50:443 | use.typekit.net | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 34.120.195.249:443 | o1051356.ingest.sentry.io | udp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| US | 151.101.1.140:443 | external-preview.redd.it | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| LU | 185.194.93.128:443 | www.misp-project.org | tcp |
| LU | 185.194.93.128:443 | www.misp-project.org | tcp |
| LU | 185.194.93.128:443 | www.misp-project.org | tcp |
| LU | 185.194.93.128:443 | www.misp-project.org | tcp |
| LU | 185.194.93.128:443 | www.misp-project.org | tcp |
| LU | 185.194.93.128:443 | www.misp-project.org | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 128.93.194.185.in-addr.arpa | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| CN | 182.126.166.252:54327 | tcp | |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 64.210.156.23:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | eg-cdn.trafficjunky.net | udp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 17.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| GB | 172.217.169.91:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.195:443 | www.google.co.uk | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.link-tds.com | udp |
| DE | 35.156.152.207:443 | track.link-tds.com | tcp |
| US | 8.8.8.8:53 | t.opt-tds.com | udp |
| DE | 3.120.62.154:443 | t.opt-tds.com | tcp |
| DE | 3.120.62.154:443 | t.opt-tds.com | tcp |
| US | 104.21.87.214:443 | hushhush-flirtzone8.com | tcp |
| US | 8.8.8.8:53 | 154.62.120.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.87.21.104.in-addr.arpa | udp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 64.210.156.20:443 | ew.phncdn.com | tcp |
| DE | 35.156.152.207:443 | track.link-tds.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | s.opoxv.com | udp |
| US | 8.8.8.8:53 | s.magsrv.com | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | 246.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.229.211.95.in-addr.arpa | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | s.zlink3.com | udp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 66.254.114.154:443 | ads.trafficjunky.net | tcp |
| DE | 78.46.40.103:443 | tsyndicate.com | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 66.254.114.154:443 | ads.trafficjunky.net | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.248:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.246:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| NL | 95.211.229.247:443 | s.zlink3.com | tcp |
| US | 35.244.130.28:443 | www.qpow89xji.com | tcp |
| US | 172.67.192.139:443 | www.datingunlimitedtoday.com | tcp |
| US | 172.67.192.139:443 | www.datingunlimitedtoday.com | tcp |
| GB | 18.245.162.27:443 | d2rv3np9wrkgl5.cloudfront.net | tcp |
| GB | 18.245.162.27:443 | d2rv3np9wrkgl5.cloudfront.net | tcp |
| GB | 18.245.162.27:443 | d2rv3np9wrkgl5.cloudfront.net | tcp |
| GB | 18.245.162.27:443 | d2rv3np9wrkgl5.cloudfront.net | tcp |
| GB | 18.245.162.27:443 | d2rv3np9wrkgl5.cloudfront.net | tcp |
| GB | 18.245.162.27:443 | d2rv3np9wrkgl5.cloudfront.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 18.245.162.27:443 | d2rv3np9wrkgl5.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.111.223:443 | onesignal.com | tcp |
| US | 8.8.8.8:53 | udp | |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:52888 | tcp | |
| SG | 76.73.17.194:9090 | tcp | |
| N/A | 127.0.0.1:52896 | tcp | |
| GB | 104.86.110.90:443 | tcp | |
| US | 20.42.65.91:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| NL | 194.109.206.212:443 | tcp | |
| N/A | 127.0.0.1:52937 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:53050 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| US | 8.8.8.8:53 | 225.88.219.68.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | devtools.azureedge.net | udp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 34.120.195.249:443 | o418887.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o418887.ingest.sentry.io | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 21986fa2280bae3957498a58adf62fc2 |
| SHA1 | d01ad69975b7dc46eba6806783450f987fa2b48d |
| SHA256 | c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5 |
| SHA512 | ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1 |
\??\pipe\LOCAL\crashpad_2380_APEHDRNTXHFSYJYF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0fcda4fac8ec713700f95299a89bc126 |
| SHA1 | 576a818957f882dc0b892a29da15c4bb71b93455 |
| SHA256 | f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430 |
| SHA512 | ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d9cc90406fc4dbefeb3dcea6aad85fc |
| SHA1 | f7d12944cf13d05a2e865be1b547d1c2be4404b6 |
| SHA256 | 6c0e83608239199c0f2fe04c829f65a1eaf229802a3f9cd14de48ecdf51d4716 |
| SHA512 | 9e2e00d7ee9ec9ee375ec50c9593c6f6b5f7667c94010f443e9897987b0b2a9d591502904b4a97dddd73699c59b9917e24a3dabdbf6d0baed5d5c902e2912a6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9e2e1a84-6841-4fd6-a382-23842e9f41c9.tmp
| MD5 | 6dc341bdd4690bacb2f7174dabb3717c |
| SHA1 | a08f4b6940a4238fce9bc142cbff5f4727d5bb8d |
| SHA256 | 45d755c512f387f49ee3ea75b25670d84e0c6af7c1daddbfb91c0b6c033e4b78 |
| SHA512 | 92ed35bfcfd62cff06b1fef7093fb932034f2622040851dbcded33f2810155b6345126de8baf096d039e06a85f7c91ba15c90498800c3cb30ea63a466eb6b8cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 04e3f7b9f312b0f5bcbea7b47b82ebb3 |
| SHA1 | 3a6075db75b8d58bcc651e5c559b8df5a133acef |
| SHA256 | c6cac39c9fbfa2c24b74bf7a67b12e1e776cb9530e7fdbfb5b2a6db376415d73 |
| SHA512 | b8e5b940ba96bd214ac4dbe303dc97aa31e0410ae01c2465133c24b4aa76c4d6383babced5aa885e0c1920054ac9524d85a4565ba869bbdfac1775332d97459e |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3db22202ed648cd272a80a0e9945ea40 |
| SHA1 | adf0fa5d4c4969adcec325ac919a51aa01058bb8 |
| SHA256 | 6c20e4c922a2375bca6d41b5902b7325fe470493256758dd68a7ec596e188f52 |
| SHA512 | d4a920d0e0d39a81611a8e9897e757d06101d6448eda92e1f2b9555debc9746433b06835e7b0159d93e2b24cd6dd60e53c3afe15e51de23c71814a34513001ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae5f63351f6e1212f9f8c243e007c81f |
| SHA1 | 0994fe84df46556472121b9422401587d25e74a0 |
| SHA256 | 5daeb911dce4548a7e01c807bd6731d44d0e67b24d00037af73cd65916a148f7 |
| SHA512 | b897d6f893758943465825856a956dab7dde66ac75bb2dd961fb23c6ccc7af42c9803cafae2128a291708d927c0ae7ce9926bc12b87ff3cb0e6d9ce1a8bbbff1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19b3e02964d77bcf9f369b691f1ce9b5 |
| SHA1 | 24f2806932c3a416c6e3c26af08234f9610623c9 |
| SHA256 | d24fd94f3eccc6e31b67b3403d42e476f85db834523ec663b9f63dcb115e8189 |
| SHA512 | a46d44e1ce81940267829129796e1e259d332609699b13ba94d2d3aa4f1320c9f48491da0c41ad1116dbcd8effe67e7df8993256afab6bba13187652031419f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfa2.TMP
| MD5 | 1e8a20be3a412ededbbedf04527724e2 |
| SHA1 | 2367045ebe1e7c661fe82e02106680fefcee8b9c |
| SHA256 | 8f186fcd7fb47aadbd848241d24e4039d1a9e700aa953128acdf956a279ecf33 |
| SHA512 | 7f20d3380e70b27de13ff4b6291eb1b2416f0aa54b59c6a045feac10a28659a1cfa92560f34725ba68fd8df9c356e73f83de0d065c30250ef1a092bdfae59cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7fdcbc398d1f0e5d07bd549c1dcb7fa5 |
| SHA1 | 47884eb88cd41671919619aec23a1f125811acce |
| SHA256 | bbe0b2054817635ece96584bef5b9a3b67dbd0c591835a3e64c042ee974d8380 |
| SHA512 | 6fd90dfea1d30df6c0a050e295fb2bd5fcaeaffc89470c0202c8f999081b862ba016c43bf1d1912eaae69964c7af764c059f82ec841148ba0309cd99014b8198 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 646c74388b8a12c76be0246157c2874c |
| SHA1 | b31980609f3ace0e26b68338f6a76646adb5842e |
| SHA256 | 5dc6362782728c0b69fe172a5edaec3b2e69ce8fe3e4f4bc24dfdbc3f11f3369 |
| SHA512 | 84fb4aa52e645fec3b9cfb609c6935e871d7502562b9c2be07f020ff2a4e6b1a7730901559b4fb70c875e3a5ac10ec682019bc526b80fafa272655f125bc7689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9834fafa2039872261ce767539034d19 |
| SHA1 | 8a7acd2de749c18fec0fab2365a49461a5fa74f1 |
| SHA256 | 23f0dd136dcb188de62dca2d67c95098dcbb04b1f258320e56b2cf86240e39e3 |
| SHA512 | 87a16c05109e74363173f666f2d0b608fe355c02c5fd7ba3b132581e7606da83c0fb2ba1b25848c85b85383276c5e436bddfdcd0eca02a24b1c5e6a5e256438a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9e8ffef-1768-430b-9921-7bf4cb6e9063.tmp
| MD5 | c835885906e6ec0f165bb7696e73f191 |
| SHA1 | 322ea31e7b0d195666ce6e47e36dd131d89b867f |
| SHA256 | 902d6ac89a46847fcb6f8501498a45e14a029ba2801b0ded43d109912a2d0700 |
| SHA512 | d5f45efa4f5c2a829850475c29e403a5f42fa774bca87c0d272adfb1c4bc7bd71505eba4bbe8fdbc71cc45c89e07d8ee0c9dfc5aba86d31839f7ed04c1ec8076 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\948c1021-cfe9-40c9-b21e-39a302c977a8.tmp
| MD5 | ae61716be94deeb4ca579de4f6de0f62 |
| SHA1 | ffa2619c50e098623736af55f87c60cd739d2609 |
| SHA256 | 9e591973eacabfc85960ab79621fc11c1ad228be37f7499698c6dd3593fcac61 |
| SHA512 | e8a16213a20372454ac4b6d284e35557d6a9afeabe831101758c68b1fe128ec747f10ca53e15aea8e66a1f4da76e9882056092a0ed6c11a0b234fb98d0e26a9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed261b0c97503ffec3337c3734a85955 |
| SHA1 | 91d54aabf53350cf63cdb23a731237bfe9a0d116 |
| SHA256 | 91a11869fad3b24db9adddee283ea296f3605ff52811b448b081f1b5b3ad1b47 |
| SHA512 | 8fbc2c0a05f212d65d24aa90e7b9cb4ce1aa8777874cf80873f75c0775d05b740e9540af91b0e8d6c72510756346b2c65a58f493cbde357cdc680386d7809d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | c32068cc5af65c3041ba5d1169c21877 |
| SHA1 | 4916b1ecb06fc8dae881723edce23c15f992c425 |
| SHA256 | d2236b94ac1e28588be6609b6320fd429146a70e97f37e2a4d70410cb15990ff |
| SHA512 | f6ee1f788ea0ab74538c9661df557b9f1f81465f098a9021d73703a7fb5fa81e849b89ce6a4af8377972b3a39179860483eed32cf7277c414aa96b48344ce3e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25b06b98ca5e0fecb0e5944d8cc03a11 |
| SHA1 | f3bbd82dca349c86c624a0e045da24cc4d2bb718 |
| SHA256 | 4e293721aba4e0209c2b78a8a81370fb5fbcbb7d042a22473c215ed4d62aa728 |
| SHA512 | af75c6dee59f17a3266a1309570a510ba10d9545ce76216190a9cd77a6b327733caf5e5d45b59b263d6b247f3ebb764a4361a9fdd665e4676e930a79408d374d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c2ed2c9ec05ff1dab9d3dca0080f2520 |
| SHA1 | f56838df4c783b2ece0899f7cf3c8b91904bd5e0 |
| SHA256 | 24c8ecb5e1c0757c3350d8166fe1000e99a256e7331e1f0092f6f52a1f1d0b3d |
| SHA512 | 207199c6af46816138f89e495af4a543e2c5eeaad9037eeaa191eae05744b8f2ff18a4801ac1971f9dd7b6f344d3784ab9e9a9f0d004f53e57c28e0f8c4ffdf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e74b3ebe05d96bede620d632759f86f3 |
| SHA1 | 44635b316eb7ab61794bb86b4cfc4edefc9185fe |
| SHA256 | d4b81f990a4dc9596299c016ae5f464cea8bf5e9c5ce5b9a1c0cc5e506a3f3c7 |
| SHA512 | 1b5949d68d185a108d9a3d99caa430a0c5744bbf67a0a622efe7b379de1b34b82fd00f41f4f0ac8e5576b84e9a73000c0dadc8694e239b418df30e2dc67bb538 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 236e56708b202213dbf227089935ef6f |
| SHA1 | 4db6333da8f8610e8cf69d30ec7119222a44735b |
| SHA256 | 112b7a8bd66003b5200bd26b649fb636704346cebc826db226a7da65240e6d09 |
| SHA512 | 586fce08f53e1f29bc77ddb15a4a52b246d383014962b5d41acf14cc86b822b5ac378f5faa3dc73a24590d2501a9c9465e12f2d0afd500d2e2468a342eb33392 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4c60caf8f580aae32d655aa2b166d013 |
| SHA1 | 7f05482408364763f34c6df0eda9a17ad8b33f8b |
| SHA256 | 4ac371b1f0b69d2be7d99528a4f9abcd070277f88b130a23dc9cbdab3e45b52e |
| SHA512 | 6c8f5d4288cea6b9d975ea7c4831195ae0fb5ba0f1924ff84e6d91d429a631a08a8f3e81e42c75ca901ddd41ceecfb188e1d7f883d99f3a19e179d3e134e9515 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 95ab6c341ba904bd83b6d08c2887b696 |
| SHA1 | a6f2a1cc985f51cc82b4dec1d8309560fc856fbe |
| SHA256 | a1c2531eaef512e2fddcf84b18369f241eb9423af77c48015a60c9ce1c424f1f |
| SHA512 | 3a964fb8c66b40c6dd2bdeeae51fd6476b0a3d7783f171d0f6b1a8d335567e0167b77143097625546d1e9dc24bf6e1566c9c9a0c28d1810e6f1863f6b4ec1337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | d2d55f8057f8b03c94a81f3839b348b9 |
| SHA1 | 37c399584539734ff679e3c66309498c8b2dd4d9 |
| SHA256 | 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c |
| SHA512 | 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 798e76073abe579251a34ee1dacf9b3e |
| SHA1 | 7e9294eec6545c8e1bbdb7849a73820cdca2fbd2 |
| SHA256 | 8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666 |
| SHA512 | cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b97c2dfb4a9d1d15a5395a3dd0f5ad1 |
| SHA1 | 0ee3b932afa340437d1c9c14e51e0a5d715fdd04 |
| SHA256 | d448e18bb8d59a31f916c48d6469ad84e3c323c22d7856d94b3a5f1df23d6b56 |
| SHA512 | 6df242a3a872b3c377803e24180bbc3e04f68945c51a57cd2b96924328444eed2e959a4e4b9812ceecfa20eff87237d791f7f47460cdba125b4660df33e8cc16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53735c2bc2cae6218f5e9d73bca1f7d8 |
| SHA1 | 767c6693f35b843ddb0fad196df7f5c367667c89 |
| SHA256 | 56ac35115a1ff4b684ebcab2698f7c87f349cbec279695d85e80f334c70c61f7 |
| SHA512 | 0ec9f256714fe2a14ebb2902a1c0d47772a262189dfb94d83da68ca94e347aa121a9a73432edd78932c3267b4d01f4358eb2a580c2990d5b873db0c989b5bfba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 48b6f8e03b16d925098883d20c8f30c7 |
| SHA1 | df10ee24c11e26004f09775613e2c777a53c9c56 |
| SHA256 | 6197bd0fdc1618166ca2f8b57bf1f236cec85832d599d0699ff551501e0dbec7 |
| SHA512 | 8052df45edbc7a5623ae6a7b2527b758f64a2dd2efebf29453b201c5ef822b90a29db818f0e7e03809a31b0865d5a11997af44494a60c22dd333c1d2fa38a42f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 3cd0f2f60ab620c7be0c2c3dbf2cda97 |
| SHA1 | 47fad82bfa9a32d578c0c84aed2840c55bd27bfb |
| SHA256 | 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b |
| SHA512 | ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | cf989be758e8dab43e0a5bc0798c71e0 |
| SHA1 | 97537516ffd3621ffdd0219ede2a0771a9d1e01d |
| SHA256 | beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615 |
| SHA512 | f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
| MD5 | f5bc40498b73af1cc23f51ea60130601 |
| SHA1 | 44de2c184cf4e0a2b9106756fc860df9ed584666 |
| SHA256 | c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb |
| SHA512 | 9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6259b69f212a7c3a0c4eb9269ba532bf |
| SHA1 | d0a91e65b8999a09be652a3bc54f5df62945b38c |
| SHA256 | 2883bebf577328ed7ae23c05eabcab50da99b4ae4fa4eab3ba38aff359c6d5fa |
| SHA512 | b387b514ebed1d8ffc12ef3c5cc3ff75b4deaf012b0597896af742645dd60d9637b696b5336c582445aa77c4833696caf81fab1b66216327a0f988cc303a4188 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3a99e15ca40efc2446fce632cbdccfcf |
| SHA1 | 633f1d22364be5fa999f3da2361ca56ca3c14fdf |
| SHA256 | be99f1e1244c37ed434202dd1d328002a74da5094ee954336a8ad85293161603 |
| SHA512 | 4c4fb132222a1325c8a420541613b787e4d15fa9a261fb6a49a2784a25ec3331b64627d7b1ef277d02ff44694cc2863d32f520d76f41a76d466e9fa32420efb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 375f6d31c7706657c52e0097ddf5b928 |
| SHA1 | 0848a425ebf836e59e147e63b860c20249c1e53a |
| SHA256 | 3bb78ae066ee1634274342e4a93cf29f32dd566bfe9b8b2460496208768db81d |
| SHA512 | 9f48e06ace5d7d7a00777a3f5b4dee82f9f04823f88cc29ccf7e38ec3690d79a375c392f2c2f7638319e08fa54b15275dae6d15ec2ca99efd9c0dc63541e97b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a73cc9bb2b624d867e8b9ae6642e1423 |
| SHA1 | 5da59c770b53afc20f0818098ce63bb8917f18b8 |
| SHA256 | 306b70e75d6173257343324280f7007e3154f8ab5853a24f1ca04b4963717e8f |
| SHA512 | 97ff22167812239089c42e17409dc1785436db7b5d428ee1af9ef0baf5e5a67d0b86a64b8e633aca07a9ba1be9baabfadc86eae0aa4ddbabbabe9b3e9fceb031 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5c4630e1969445f27aa187a7a1357dfb |
| SHA1 | 62bc4290aaf5f28a7bd4c8836689c9116ed0ab4d |
| SHA256 | bffe81e1635d747bcb8421d0d05456bf6914f82597f87d3a3c7012592e6f0b27 |
| SHA512 | 8cc266895604e1b3e75a869bbe55ec2d69a5f893a2a47190ba47fe2e0ad95feaf3dbfd59d15133c865075d3af34709620b7a1b4f7f3b0862c64dc55845eb61ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a96dc97d56320f60c1a81f8882e7934a |
| SHA1 | 2c48261105c45eb566388a45d0a583805e4dddaa |
| SHA256 | f301d5693aec8c1c5bce6fa5918b217ffa6afd1ed99e20f2494d1fdffa9b9140 |
| SHA512 | d51d3381952edaec78ce1884a18a432cbcf604c373648fb4723965a3ca4ce0d54d447abf11aaaa3c5afa2c29980796965b678487a7f401ee41afbbdae7a28f16 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d51949880b94fe250558c15c826e6cdd |
| SHA1 | 11ecacb015f73486035863e9deb59a87aec474dc |
| SHA256 | 0fa251abe1abe8257dd458bba79e8776bd79f612acc25bc78f4953aaccc9f17e |
| SHA512 | 5b69283587107862fdea785c9124dbb6267e29e27f01e7ddb4f67d649884aff995e941028d10c67db280773d4d9b9804adf0c1c93400e378224018d4ba80ca88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15c4291c0def1adf4bdd8f6ba36deb50 |
| SHA1 | eca957b1828c7f9299d3015e1d9f09df7bbf2bed |
| SHA256 | 8b5d263f2b2e97abeefd1e78db912612270c63d61f7d2718ab8e46a5947350aa |
| SHA512 | cd662e837de399b5b1a65b10a315724a5bfab1c3543ea824cf61f78deb59cc121909966f4e876abc6bde2338d7ecf344dc1c69a21ca016156328e898e5781fa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87b59f5fc30e28063f8c99f483e09ec1 |
| SHA1 | 76c3eb02411b8aa6c6b6a8590a3b284d56e66bb9 |
| SHA256 | 221f4b6203aacffaf5869ef4554a544990902e656a17cc5f97c1c1ef382eb574 |
| SHA512 | f175bd2673912306e304a4ad6ae078e34d97cf5178cc6b5ef154f13138e476ac2b56054af99d18e5dfeec0b4bad16458aca7813c0137eda7f73d2c20d8fb76d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1857fa1d3de6e0b42a0d053e7b369ee |
| SHA1 | f7961c09a2e14f295807edaefceedc522a54b0b8 |
| SHA256 | a02cb6b9a4d004420e7564cda43350dcd6697869abc928afabd013537a7c5efa |
| SHA512 | 4f143f1ebc95cfb59cf643771b020be868bdf14ede95fb3bb4cc9899af5014ecfea7913d8b4c2c8755ef629d24a3e6214a9760a64a31f66995f293af5ccbc8c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a67c262f46c24d48f625cc1594cf4207 |
| SHA1 | 7f196fe827b526e09d6f135bba407426c5f25d30 |
| SHA256 | 4dca0513c08e32c398a7c88f11835276b9419b3630b5f8ff09c978e497e0ce1c |
| SHA512 | dd463c2f37af929d4c75ee33354070680289050029af8510cc80861fe4ac550e1163d1e0b94874ed00e0d0442363a5afee753d9272256bbd0a9a63e0e21bc136 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
| MD5 | ba8944a1bc1f34593e69ebc891c12426 |
| SHA1 | a30a994228bf594d1dda6754fff0e9a69efe8026 |
| SHA256 | 9340ba11edb902965c4418b16c657856bae3308705da60a5db551a16dee552f0 |
| SHA512 | 3965c0260ebc20d1a1a1b2a5d0c61357b596703cebd838379a26f7fa0e5d8178417cc9eb43d5e534c971af14072afb3f78fa9b6361592d40ac0ad8f751367d9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 1eac12645fa31d5da3f8f3cfd35a8df6 |
| SHA1 | 6c23b5e73223e5840618d35144b5dce6b833c694 |
| SHA256 | dd82914d39a90b7c439c815bc3bef13c5b16c5118046936e096b77598fb644c2 |
| SHA512 | 74d8aa68f804cfa1673d0150e50205495808ea472774e31df2ea152af7a466f0e51ce01921c5782a0ad7f95dc7b42866ece0d327ad4d773b5fbe26e135595301 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
| MD5 | 44d537ab79f921fde5a28b2c1636f397 |
| SHA1 | b2879f9e1d0985a96842bf7f55a2b2cc4c636d04 |
| SHA256 | 3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be |
| SHA512 | 08836d89ba7c7b7645c9de36e2e856cdc31fbb1c3a4a83045848d772720b98d352fb11182471161ef07d01739953a6320355ffecf25a06881bb1111ba02a73cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e6cecfbf12ba2350217b9b55ba2d514 |
| SHA1 | a487ee332521838fdd058fd5a18cca4ba0e0af42 |
| SHA256 | 65bd9bee9751eca5ff2e4515e49d6707eb46e92d22066a9eb5e126449ef87db8 |
| SHA512 | 3f388984743fc1eb148ecb7763fad5484b2aa66ef128a0df5d6660c9d9a6a4b5fc1ceebdaabb38849322d47b9172eb2862310865af672a7c25b9f1b28444f4d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ece0a9f52197774ba3cf786ddd1e3b9a |
| SHA1 | 665c47b76760407edcb6fc4726236dcaaa5261b9 |
| SHA256 | 64316f3fdd46c2b384d915782926f3411e760878bef37eee31e43379eec0cc75 |
| SHA512 | b3d875741bd992cb25909bacf8e546874278d28f412b7b542dda264c73d3358da1c7d4ae346ea4f8306e692f7a12af1fa05362e80e43488fc16d5914ba72c78a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cd31363dd883e1ab0c2a51bb2e99ba2f |
| SHA1 | fd2c7d1890ea2ecaed98bccf5ab79d16ec39b2a3 |
| SHA256 | 7b0de38a625530b6fb506280e41f16ae3a3d60cada1da4b9c1918ad860640aa6 |
| SHA512 | 15d6cee58b8795459ecc8c1335cb8f34309ca820b708af36c236b90df539d99549aed7aa6426af041d7afb7b06c188fa65f8c8d38c5b5ff145eb13b94144597e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6aa8e960d399557cb02ab3b8cedba55e |
| SHA1 | 1ae224fb0e20876ea272c3f0ab98121bb4837809 |
| SHA256 | ab6175965699e5b94a49a47f668fc8ddaa9d2e0526d1599b40884fd8780a144e |
| SHA512 | 554995efa538137c3cd437cd1753c7bebfd28f79d19d65b39a9be6735040fe67ce586bd23707bc0a416fc5033aa9c363780a5a5d09e55c78ab622cd5eea13c7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9927c681d630a86ff28be5a36bfcd62 |
| SHA1 | 994576de377b6ebf99b0bc22192bfe88d820c9fb |
| SHA256 | f53e081f15cd3df70dbd51f507dc4b3550c5c5a4397431bbf54c48120965f9b0 |
| SHA512 | 9cc76d21cda319a8130d1bca1347c5a16d244d49a16d070272950a26793aab5a5802fe5397d3f44a3794705747299435446372def77064f4a5a5a195234fa385 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c08c9cee95171198d597135e3dfe0b74 |
| SHA1 | 6b099e2389f46328cc5997cf3f993d3d7948bb87 |
| SHA256 | 1e7fb24f4586f83b35e3120c53f9b3ea22200601ff0d67523ee2a3f0d54f910c |
| SHA512 | c7c894b3cc8d25e7df85d9e08fbd968a34bafb43ee4ec62d6a6ced89e6586cc56f7a623be8bb488626933d5c3255efdd220e1212a883c1a43159a68378a0ac00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40f73d02aef9e589cec7913bdbf21468 |
| SHA1 | 7acc0c423d43f05ceebc8325990c57c6c7cb4bcd |
| SHA256 | b97e8f9558d4eb680d64e7e35ad40e11514868cb76753ba4ddfe322381c3e93c |
| SHA512 | 7b9f55033b2c116d098b9501dcc059db90dbb9a1d7e9dcbcafa437ac663c646b2ab51b024a173d4e4064cef9814d31714f0366ab419a85daf9396ae852164e9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0
| MD5 | 88004f03e61f831134c92ca7ca66cd5b |
| SHA1 | a4bfb12915c7e717bf90d75629f811dba94e7ff0 |
| SHA256 | d23bfa9bc3b8f7281973f76f929aeb23cfc644373b4c9b3cae670c93cf12d70f |
| SHA512 | a9c0ac0432802d9607e3d729bffe897284b35b2343ecc3e3defd729c9d30b11f34d093133037e0eea1db80909557f9c63f03a98e09aaf203796aa4c4cdead80d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ddd24c84ad8a45c1_0
| MD5 | 0ee09932e50e989c9a5f98b5c390c53b |
| SHA1 | d41841aeb44babae5880c4c0f515d181a29d356f |
| SHA256 | aca0763d1ece123e94e5009f1c2419418611d7de76f147bc393fbf307bf9018f |
| SHA512 | 775176ea6d357a6fc7c53e4e4f470b8327b293e27041cfef0d1544011a1c04243057665475db5ba6e7f4c4af96eccf180434add8f68f3b922ecca7e0168ffe32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096fae0c49b6663b_0
| MD5 | 93bf7010179b26835d2bf555f8f5d2e0 |
| SHA1 | 8b16d9014f68c8b206f498d6f39053c4bf991fc0 |
| SHA256 | a71ad6d8959c424607d3b942475f2993025c53372ef67e10b68eb9153f1d604f |
| SHA512 | 8ad3d5e30ed971160a211c8e6019e7a4c5197a3a553e56e15602c2b7f3bc0d8f4e12fd4349ae12f043b858aa8b350579edec4e33e993c5fc684fd9b75d34fc32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0
| MD5 | d5074a68cba36e5f148b042c6b5863d9 |
| SHA1 | 5d8b058d50575689bfa6697f7107d58ea5ef2b70 |
| SHA256 | d94b4878df1bdbc6fed58586e9eaaa7e706bc0bdd4ea7a6a3442814f9f5116ab |
| SHA512 | 04cc3e23a8345b4a590d9b6588c35eeff3f0c8a9976fea6385aef641b7750c3bb160501c4bf9b33c5634361ba7f0f4d75f19178be51fcea1dfa923e3e584ecb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0
| MD5 | 897f7f7918545c5d45c7c01d993b0992 |
| SHA1 | b38274a6aef9e7daaabca0a160dc9ce31274801b |
| SHA256 | da38ac378b0db708370654c1a2910c53b1f72df1d4dadf963bdb5f197433f850 |
| SHA512 | f2f0f7b955d8eb16afb3d46f9e2e1e486dae99395ce2958200714bc4907ae74f1acc80bf884f02ba571a4eb1dfb47dfc21909d99b63d376e45ea908b9f0f716c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | 848a8a22589e47f98265c8213c8ffc0a |
| SHA1 | 20e30ded1c241e691f148da9a5d8b03aecb25016 |
| SHA256 | 4636ed3ef2d2f3a12411d29865198c485faba029dce7435f51b5aaf80646646d |
| SHA512 | 86d843303a317b73507585d1782ee0dd80c12b71bba27ed1f6df56c7e0f2694b4c85cc842c8df00ebfbd62f32e48af2c3606ae2a71718943fcc8689ec6bec841 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
| MD5 | 83f6b9a8f4ff7882a684e38b0cb963ec |
| SHA1 | fc59be832640c4b7e53cb494354f3062b06b99f4 |
| SHA256 | 998f6e53d56cfbbd372a4618dc29adaf1c5042a4b2035624163d125a4a338904 |
| SHA512 | 730a399506514719b1df9880ac9e8d9bdfb0d0ecf68acedb6a9da2bf2dce259bf616cb0b2a458db534f0133253c49d47329a38b4bc7ad05b0654de86e92e2ea9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cc77eb8468bbd89b4c0b91d067f5b0f7 |
| SHA1 | 2b656fbc28de13191d06ad79431ffba8405aef0e |
| SHA256 | 36b12a86936f8df7dc294bd7023c42b6c7d38ecaa20edb6169354251728bf497 |
| SHA512 | f08bb136bb9acc887b44308ea2acbb2b3015c8adb871cda9b4d0138e9c418cea44f6cbab6cb261fc4c1c37c3535c5b6374c4f4e56c59d2e408262e3df9c18979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a19c8961364596de214ce95448c28b74 |
| SHA1 | bad7cb369284b6592a80efc95b46ec794c7b6aa3 |
| SHA256 | 5b0ff6f5d420b4a1056be7b327dcb318b687ceb61d5bba63a212ba68d73c18c5 |
| SHA512 | d3c07aa510b53779ce00852615c84723a8adb37bd6b3c1214484be1b5cab8e485096e4507fc1b28c63be20de1843b9f9da64a60be44d010fc7bb7458fa8cf6e8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | bd9f70697dd566f3ac19b59e7a22961c |
| SHA1 | 3d134d28e13c9bfc774a46e4e94a8ffd92812a8e |
| SHA256 | 2aeefb39a911f290301fa1e2baf9f06d5e000277da26256a99ee0ffa20515338 |
| SHA512 | a94b5d0b5cbc1750b701b2d6f5d0b6d76a5b17bcf50a7aea43119c6c0bdd9585ed54cdefa2bfaa873380b7fd45043d7acb36787e3aac6a5745f80aed731401ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 077456032d137a3f9f6c21c1fa63cc85 |
| SHA1 | a99f13d20f5dccd872a7552bbf4745442ad67002 |
| SHA256 | ff15d3d168424fe4b55d220e970ad020cdad865d5426e8c9b375d930f7927c5e |
| SHA512 | c9382664969e05be8728cf15e8c7de1772512409e373cd8e748d25b5d5375deeb549c98343d22daa3beb6b92ba2400a7cfe1a13c0ccdd50fc1ffd3412c5e0793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 033923612b5c3b8cc4223714325e905b |
| SHA1 | 0ff81cbf3a42bbc1918f756adf786c7845d34590 |
| SHA256 | aefaf21efa3decd7b848272bac7f58750eb2521e6a1f062d73cc4b59d6e1aee6 |
| SHA512 | c85e2ce24b140227a58aa9e469b1da042afea8bf6f76bcf633ccc310074c05277be6f3fdc33b1d5f104b22ccc597ddc221a962b07929c2e670a6e039075eb864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e2512341c4ea1ecc847b0ef5cf7eeb04 |
| SHA1 | 47fba5ba4166d70f6f9d20affff090e13816288d |
| SHA256 | e6936c8748630108a4198b11cbbc75e8e812fe6a0f2ff0246b64b11a8c5f00b8 |
| SHA512 | a6f6fc7e19ae6807ca9550e165dec48f6698840af08311b6635843581208e13b14f0c73a235b7a30aa452055141b1af20ad36c6e81976d15269d083524860f04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cd8c4.TMP
| MD5 | 9f440a6941732703fa1208f809d3e34d |
| SHA1 | 52f7690b3f3f23a7e03b5086fb5a5fc5bf860c63 |
| SHA256 | 8d68f79750e9f36085d68fae96c4574da35a851f5f3d21e69e835e928e6b857d |
| SHA512 | 209a95fd995907f37344ac13e29fe3e6a744b95d40fb023c9c498a603d8d8bb0b7d763d1d23f31f11998b133f901e5c3f8e9a71e6f01f23e1fee9ce91d6f1730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | cda11197165c552b9f133226c428b9ef |
| SHA1 | 6b9ba9a76783fa5096dcdad895261f5d97bbc620 |
| SHA256 | 8eadfc36e822e3a266d472da11194680fb23c9520c6c7b5dc6f63b3639fa01fd |
| SHA512 | 090cef892b110353f87b9e8b8a83724b5cf564d52c1a05df510f4754d93bcf0f5faf7e72d8778f130159b8527300136e39512d223910dca35cb23ad05460a78b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9efad497e301958cdfe40d5008354b37 |
| SHA1 | 06a0dfe066b129145f2dcd798d9fec3aeadf329d |
| SHA256 | f3e783376e2435c62a7ec541cd73d6a4677cbab683029dbffa171326953cef20 |
| SHA512 | ad9de0d4616b329f9c561f3f15fa6da6745c6be561f6236ce6908379bab93559b1975b83e36f2e6aed7673424168296b8ddd491240240b6bb53858a118553c7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f1975f17f307186349b7f99c0cf88207 |
| SHA1 | 29a68224c349d44da6ad85ecaf83c8d3b5a5b8ba |
| SHA256 | 21c420babd40e57bb15a3c25b643d193d4d821343f00d0b762bf159d7bdf5595 |
| SHA512 | 6788c45f2b279cbbb5d6f10151ba75023ecabd6c00eb6bf35d600399556e1a5b0e3820edb64a133a77c9d6ae3c9135d2a195a091ac1555b85daebc60267aba00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 481d483fb761308d4a2b9836f310e3a0 |
| SHA1 | e484a8369d922613da4d47792d60630d8e67ccea |
| SHA256 | 84dd6a185581528b33a3beaa5813ffd0e23f5080727ac7bf071a1ca81c345896 |
| SHA512 | c80b2e5c252e62cb9eff4c92cdb3328109dd541b97e46aa35581dc10311660f412ba601499c3375110e9d973b873a82598a3c4d80d42a9deabb45f0c523ed231 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c075f5337b838d33ebfdbbc782c59739 |
| SHA1 | 42c750e062894f92dbd75aa4ed6c5d552979b478 |
| SHA256 | 17739a7a721be9d2be7ea24491012c40674abbe2d5f6d0a693af47d155220a20 |
| SHA512 | 680a7c71ff036afe2c281b2df191ecca3c0490f352df72831e936186a89eb11ff1658c2c881df0943560337266a88c00b2d390040461e936986bef9f78427711 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8e8fc3e-b4a8-4efe-89bd-fafdb7e93ed7.tmp
| MD5 | 5c9f3aca9df59054daa01c22e2a38071 |
| SHA1 | eea640e97be212b8762cfdea2eedbfb9ef053728 |
| SHA256 | e85b98ec07e1c0b1d1a6b96db22932dbe2c4a213f6b5fa05b2eece8605d7b009 |
| SHA512 | 322abc49d97da3cdff7b69f25f4db1f8511a270beb486667dd4c62661a60ca7832f5840891ea5671de31a65f96a64d3517b63eeb471b88144bed5eae27191221 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90eeba1ac3664ced834ac17b896d7626 |
| SHA1 | 5012c7f913f9bdd1c623e93c71248b0c39e6040c |
| SHA256 | 8a01cbc6655b4ce233c10c713d5ca35573c1eadd55274f13606e55f56fa7e09d |
| SHA512 | 9c946e6038dc7414b1ee192783cccdb4dbbc5bb08496651d016733c10e2865c5817cf29940460af3b968da90c84fd2a2c4ab89597c2f4b0613a2c3cdd3b998b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9f2f4781078d913dbaaac53125dc16a8 |
| SHA1 | fefad1cd16cc6760dce775ff035077c6c6d2dc68 |
| SHA256 | 27cb4fe7f61b71d7a4d1f85c04fa9ffd2e12583f6d482f8851e9b75cfbde1cf0 |
| SHA512 | 2a78611bd3c5ab5a7b51e353df9839d1dbe7ada1b591c581fa97cc86f2753c56580b5aa0e3f30baf94f1936198324062947ee134e727f14494ae07c454e35e57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 178e838c6a0c0216e8a39393c7b5bfb3 |
| SHA1 | d62f9a7feae7838fa736bdeac472182d91f12421 |
| SHA256 | d4f449563218e241c33b67c31aa279bac51fdc44c80e5df1b42c260b8526228a |
| SHA512 | 61067d77a8e517affd0727ceb81e27f6b9149dd8d38c887177c11dfaf45939a7e48d3d5c03458225f9c8c82ee75e45fcca8365e216c464568589f7eb6bbbfcca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d7046bb2c49352aa63aab98375a14c8f |
| SHA1 | 910985da5b0afdd51e38ddfab5e97752b1444b63 |
| SHA256 | 3940a92f922715a4cd8acee21004009d437573e453f4702f97f822cbef8b7fae |
| SHA512 | 025c7f6d68835b259ebe04f0d2d4f4e522cdf66c9c6832b6f93a27825f91012fee4db75824829c7258b69436582da8fde5b3546765a71ef7eb9e0746325c36b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c670566370243aae9cf9a6ef8f3b53df |
| SHA1 | b440aa50c59a696baccb1563064074f03a175888 |
| SHA256 | 637362b1365787907b64d7f2d939948105e2f16fd335e7a95198dd08f8bfa333 |
| SHA512 | 4fefc89777d548f2bf59d4154509942fe5d672e8b1713a204020b672d2647b31671e06012cddda2ee61dd5a1c83affc669943818498e56cead76de76a6917018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e70d442a90d44aaf3069fb6998f55bb4 |
| SHA1 | f7e36306ffcb8c416f23b05ce4fffe5e17d28474 |
| SHA256 | bee7cea86cb6986ea6bf085fa40fe1f5977b023240ed97bbd61f85083df95da1 |
| SHA512 | 0e3b068b71cecde3e31bef8bf258ba2e3bdf6162e5424b8a77c1a0de4543b74536b980129180b1157b958e571bf0762ccab6ae73ffc097341edaa1074156df69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aca10e16aa07caad61ab7160c3805d76 |
| SHA1 | b54c41a7751e8c6fcf4e65d3f26eded4b01331f0 |
| SHA256 | eb3639bd76f65b1b9e8c04904fc0434f2fb87fdc6b2a791aeda2a62f9a407723 |
| SHA512 | f58927b80c7d6c8aa617a9ad9996551beaa460b9731831dfc5200c6ce76fc2e769399c561c18b85ae1605d922c026e28d4aca6b60fdf5051872a2a63fcc73bbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0
| MD5 | aa946db17af88fa32d98b3cbb2035a15 |
| SHA1 | 7dddef2316416cdca2d2126607c0e4deac474317 |
| SHA256 | ee259b47fa340978cfda50c067217eefde025ffcd4f0b462750ad9821056ab64 |
| SHA512 | ab70ca0d5a2294fb6da65bf26e1d33d5137abbd4c4277e3ba8d77a1a1b48a85e2ef8a2ff1460c08a574978f97e05bdaa63a9e37c5a03f137ec432222dfa9862d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0
| MD5 | 320c8b53a8bb35f997401c89dfdd0bfb |
| SHA1 | 4659dd4dd4c33eadc79e8e9e0c75533f6f05493f |
| SHA256 | af89f0347cf6e37331e6fcc1cbf5d33e4ffd7fab57a21eca47f95c05b92450f0 |
| SHA512 | eb02c2719ea7a41e7a3fe12777535f7d034aaba4e25d39344486ddafa1bce4becf1f776e37afe014cef3f76cf81140f9dd666bf849b13058c685930430b05cf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0
| MD5 | 37e22ed62589c8510100bbf6beada1b8 |
| SHA1 | a3b72c8f17584df264db3b482ef8f79232421a7a |
| SHA256 | 5bba9548a006caab5bb5d10c0550c3134df5e98c6d2ef77639accbe1dc52703b |
| SHA512 | a1cea3cf6f6845f2a92ea4b914c21e2d72379bf5369419bf8131447d56656df7b7808079508a4cbf5be1c3f9d9c6bd5f55fc372cadff927a9656d16dc1c87fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0
| MD5 | 3ed1e6ddca37f19ec46f23c44532fb48 |
| SHA1 | 68461d6f89ee31126a455a9d0390995c7dc2fa77 |
| SHA256 | 542792d2703c59787251240bf91f6561532e0f265d78be0d19ba026d1207edf6 |
| SHA512 | 60460d7bd51fda9313690c9e5c780ce50dc2b7d595e5b1fae0850d7b329eb1ef153e3e17c586843ba8839eea02efe9e838cc3b02cd3c2d7fde2f24c7cffcd7a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0
| MD5 | 150a5bc6a97b8eeabcaffc0d73ef57c1 |
| SHA1 | bd9be5b61adb70a53ec9641d0498eb5cfdbee04a |
| SHA256 | 23a404b8b69ae37cd3cabe26c79debf10e3dc4d98cf57166fcdeebd0a8026eb8 |
| SHA512 | 3dcb267e83626da1a8da4508532d85b7972fe20222b6840aa21aaacec14f404fa91e53e263a829dc0e100206c8085ea7c89295476fa616c6463cb86a345214f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70f5c3c247200e69_0
| MD5 | 9fbabc5b8f7c3a7d717a573b4ba081ae |
| SHA1 | c9b00df8745b4416ee83336fe6dd7b5603f9ebb5 |
| SHA256 | a14f6d7b23a19eb4616fbd44cfdacfe45791513e42b893149417b2f4d126bc58 |
| SHA512 | b9253118e0924f546c4be3779026b4739c3fdf4f03b3aae2a271d58294fae74e618684e0f03c929e2629bbea084ba9a1aa0a5f21521aa861d694fe8cdf3b8d73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | 4cfcb9a1518be7a0be959822359f839c |
| SHA1 | 268c5c577fb77aa4ac9b35c787f2811c256ed3fa |
| SHA256 | 5d789356e37200321bd41d5f4ba362b6fc52f65f5ad62d2a65dd35d809d8c653 |
| SHA512 | 4b73d9cdf88df07415ba5b763c535d700306f0aba0608ae9eecc1e1358c758436e6a21488b3233b9fcb348c153a501d9a3944a7f2a6f7a07c9b425dcb254c866 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0
| MD5 | 239dc7728f46f8cc63fd000b32eed2ec |
| SHA1 | e2bab12a2052f5507e39243ea2d1ba993c031dde |
| SHA256 | 0f9c7f868b2efacd20807aa999a60639c27a620363fcab1d77f0e7622fd8591f |
| SHA512 | bd94602c191afc1908bb5dddaa416818ac1353d26aa26820b44bb3184affef09b0f6167410acbb52b7e6d14157eaf8c07eba6e6f1b224618b954fb2e5e99fb03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b0642232c5e45ad_0
| MD5 | 0815628aafd2a9a57e6fcd451196af65 |
| SHA1 | 9b6ce7bd002665d20a39346d3b135460bde35b66 |
| SHA256 | 2b3ef46a159bb95805ecca41f8aa6988801f0e9940d92b1e5950a89a61186d99 |
| SHA512 | 9dbef141fdd77850533e0364a771996aa85730106e132779a45d9f1ee9696c11caf6342f843dbbe78ef79af70678b6748f24e2958851d4539bf154f4f7ea5f03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | 963b29bccc839168063000f1246df71c |
| SHA1 | ec7d7d5d6796cb9cf66188b4869c74cae4d1ef5f |
| SHA256 | f7780123ec6fa1bd35217eccaac91d72e6a894f6602dc82e2eb00e805920f7e6 |
| SHA512 | ab8b0e0c725aaaaf8cf57e0d05a2404fc9e15862d7e86ec4e5d80e9252c6ca589bbb902d1e893790d1081c9d8fb3ec47b1f1df19f5cc5344c3c83e04d82e8b73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 4e44e31ca6872e000812969a859398ee |
| SHA1 | 794747a05b6704dbd0b082590495e0ff8da86480 |
| SHA256 | 11e83ded4c6425f94a3930d8761d662a4fbaed28e9f5cb45fa155ff491a1777a |
| SHA512 | 6602b0f9339cd691e67a6bb9226f0a8e7bfcfef7a4f202ecdc987167aa6647ceee98ad7607c375d78da5d02ffd0aeb28db80af9d6f09644e07cc38ef6f8a4154 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | d295b7694d66b76a513149a0e3c6734e |
| SHA1 | e191f2ebec4f1888b5618c225bc69036367f1338 |
| SHA256 | 1a8672b93c620fc7f97b3d77c605daa0f1e9b61175f468f640a95e6740b3aadc |
| SHA512 | 3d673ac672dda772bec6b77babc934c6a466e2a9e1956d0ef5b4b638457454283f2c09ca8e8f1bc1fcf3389f69be49946fbaa12c22e32e870d7b4c9dd319022e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | fb2bd448a58cd1c0137be8430307ec0e |
| SHA1 | d3a356feb25384c94abd0a47dfe07ee6029c7a3e |
| SHA256 | 255f1006a17a4ccff6497191e685f9023b140461528004cde9ba60a502677b2b |
| SHA512 | 04ed5e09db29f7c054acb46dc9972db4dcd3e7bd414fb87be263585519481bf4b77182498afb840b74468b340299c5b10ef4c147290bb62518dbc94846aa3c61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 75dd0c36dd0ab60b40d132ca902b23cd |
| SHA1 | fe0a550561ee92b0ab89246147d52e09b50b4054 |
| SHA256 | 9c0c5c9298ceced8c0519aca1276e61e56fa9068429124580999685af43ca576 |
| SHA512 | 64404f5ca5d8af10a245d11f4f620e739697dde411b05ac0f199e1bc077a4b715c1d9bc42437d66a47fcaa1ba385d1672395a8fc6b800944288322b0504dd0c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 6d6e328a4da563aba9cb6760f6734808 |
| SHA1 | 2b295fdb2ebb468ef2b0985fb399481e8d84c514 |
| SHA256 | 15287269d397fb85c72f08d0efb71d7344390b17e080fde900a90bc23ce4fb9b |
| SHA512 | 38f46d6274f5d5b35613216da6f37535162eabc9fcf8b8f0dc7103b8b723571555a2e7ef5942a4dfda6bdaab09f26054b448e3ed1699c1062549d5251bea4471 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef9afccef2928f1d_0
| MD5 | c730dff9cdf7a8abe3b0711422b0342b |
| SHA1 | 02e0feb92402fee55a709e51923fca92a03a1738 |
| SHA256 | 58a9068a8f878f261a06b5bae2d5b42164ec5eabf0d3e1e89c7f7a601ea4b260 |
| SHA512 | f317f7154807202843de33b51577fb9c5946316785eeb18de43b097b73274c14e906e7b8812879b4705dacb85e39f200eb4830488c2da34af5f6f98c6d7714bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0
| MD5 | 136bcaad22f9d7dfeb1086bb046450f4 |
| SHA1 | c62367d45b1682a068d6723927b33ce67acde2b9 |
| SHA256 | 950cf6b92777572d6ff10fc05f95198302b5db6ae49c09ea790f14414557fad3 |
| SHA512 | c66c67d0a8b212a69fdad4e49a0bd1f5452af947618901425497caaed02da3eb444d82356168efe3f3364181a38911655c0bb4ed7e2eb01e8e0d90bfbdafbdcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
| MD5 | 1c49828d257b413050d2a9cd4d119d1d |
| SHA1 | 3c9d8f484e6d2cdb144697b880e680fe64698109 |
| SHA256 | f354e7a1a94cb2cfc8f85ec88bb64d898a13ef48720a7deb39a5e59aaa66295c |
| SHA512 | 10a89b86d5696e44107a53ddfe641a2d1a84b2256cf266eb0477f23f3afe040847a263e790c02d29156858bcd10e3ff005cbedaedbc694b08aef7fcb9cc7a4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | 98fc2329e9f1bc55089941f8f6a26d4c |
| SHA1 | 08d13f00aa98d5090ae9d9a3bf222ee3032e8800 |
| SHA256 | 57e476b53a44ec234e64a01d4421e11c5ce4609e01c698a321cd3e8fb05ebebb |
| SHA512 | 0e90b1040d1d43fa3bf39987966e138fdc922dcf372100c170e18f8d8ee09eb446cacda38e7c54227b6de6a2a4dd79de1ca2c828497281452e6544b006355a05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | 385605dfe77fdf7eccd8c87d28ec3ac5 |
| SHA1 | eb8d2930534dc09b90232c98c1a1b7e4e2557e61 |
| SHA256 | 3040a0e84b9d2c2aeec9a4d81c0d02810de9f51367f5923c80b453f440686145 |
| SHA512 | a17b90ef17979492c9269f96ff8938bdbc9a8c3bb841a1f1f800576b40eeba4fcfe0bd8d78c9722b17053d722172ac83f1b6e8d17539ba4849b7f2bd441a26dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0
| MD5 | 57c26fea5c99a79259ec274446d111fb |
| SHA1 | 32eac656cad8f9f8e29dac99944828b3187563d9 |
| SHA256 | ab97a8dab59af72d6408064b683f0c61fa7d24672c1e71dbf0f4cb97ad0ab781 |
| SHA512 | 0fdc4e26941b08a9fd03d917adfb718540e1f630963eadc9ebbf83beb473632e99d9eeaa19a0beee760e670da9d50e9199c0411e5ac408dab84263d885820cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebdb4ad61d7b6f2b_0
| MD5 | 558f267d4c90f4e96ab347976ce8b992 |
| SHA1 | 0b4ec71e1867ad3a7d1a4a60db327e57e1bd34cb |
| SHA256 | a69d80672ae05d5f9e46c3bee89200b4fc6511f8944b96a98ffbaaf0fbca643c |
| SHA512 | 8c89e00ddcceb2ffb2d6c1169acdc078e11655bba391f910b5868d267f4e012a1ae3fdfba88edaa3f35b90c58658044ebbd4e0eb8661bfd97e705d1110d1b42c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | fe3030ef32910e158da3bad41d981486 |
| SHA1 | 898937f845212cbbcae18b4ef5e4c8dd76a9034d |
| SHA256 | fea527a16bdd85c42bf333e5496a0f977c29b6c1f38f6ae6e410df80c8932c8c |
| SHA512 | a6996092dcb976f9bbe6ec660c1b4cbcb096fd89fdfe1657f7ef1bf3d7c20da0d3f749a478b135d9870df41423a096e35c570a0de30bfedb1969b48e443ba4a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | 669352052e6e609de38879f47d64b3f4 |
| SHA1 | 82484260ff5239d96a7f2985511e000ece62c7d2 |
| SHA256 | b0fe494041f6c358cf06194fca52ad72afabd414259434b31abf6b7c967690ea |
| SHA512 | 017ac06fa12758958f2d881cb901b4c910156f620726a7d19e53e1bd857d6e8fe9255f80c252e8f741351f261548c4044dc9a8f6cab86d7127867be1deca3d24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0
| MD5 | f81ad2255c4c0d1c03dc51ac299e892f |
| SHA1 | 31ee661bff47fe0d5be9ace6f5825036fdb7c189 |
| SHA256 | 74471bffa22c0a1609a846adfc71e91ee3b3adb172d101bb7785253f6f63c151 |
| SHA512 | b01dad7a0da9ebc0bc97c7f0da809235d1c7456b9e77349028f862adab611841e7b66441cae8d4f7ac26e3153ab3190d3f395402ea510aca299f52cf1d9ef509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0
| MD5 | 836946aaa596a2590b2790ce1618c9bf |
| SHA1 | bf7d4b468233bf357bde56afc290f05aa77f5601 |
| SHA256 | abcfb6ab57668d1b6f3bfaa65d261d4b50f9ffa4f19e3eac5d9416b5b8b417db |
| SHA512 | a1098ba348417e535cb1bb4a9f0296cb3e094c95eb121dfcef55c59e3fd6fc1594db764cb26786eca3a8bdb28a5a9e3df1cc1e97d6e91a77b27928f092612d14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23c07bc9a5d23b64_0
| MD5 | cf6f264adca74d438b46570a8e25235a |
| SHA1 | 2dd66ab96d768957a338e408ea5ba61659d14641 |
| SHA256 | 99e36fa7cde65af6ac8c5a8ef3557dd3e5bc2b7bd104c0a7aa653586b7800836 |
| SHA512 | 21ca90c60fee4a399fd0392086841ee2f15af6d133c362df0d574b6a568f092b4395a4ac8a67ce7d706f08f97401689ac527fae09a53324327dc232df789715a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0
| MD5 | 43e9decffa32ca23b0d656fd77efb655 |
| SHA1 | 600b41e7d579c4e18e72f1d512b9c5b96ec3b5dd |
| SHA256 | 55c17422d535f799958b25e4d9fff58d00be3dcaaa71ef919cfe08293b52fee4 |
| SHA512 | f37b40b33e887d6cf275b5e182eb1745c2a76d08d86ff8d3eaac4c02d5e52aa281a33fde0a55ca2c39409a0f37fd9d62bac6f79e7d114fe9f4ef1f9d0f989242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c5e3ce4a9483f3_0
| MD5 | 1f513815ca3c133f627721f7916b3e1f |
| SHA1 | a98424406f6056cb6402f4c77b7ae1f417de06ce |
| SHA256 | edabed16d3e1a3e637aee78b7b2bd2f3c1b0c9b3d465bcece4a41d3ebd583e38 |
| SHA512 | 4c254ad46fd509290960f1f2327f4ae928f35b7f8271e3c516b44392650f31b6196ed40b5522f12be9cd129787e58d1a3d926ca3f08627a2c61a0f730433a47c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bbf6589fef108e69_0
| MD5 | e498f64c3a6e8064f6b4dfc48746374d |
| SHA1 | 9bc4aac3231458cfda343db6abe007aaedf1059c |
| SHA256 | 49fdba45e9ba290a1cac5fc82128054d14acb7783c0833b87e3dfe2c949cda9a |
| SHA512 | 7301814f6c5284f0958887ad027e6cce4e4c4cc28230b8d6cc9d4a64e3f50d78ea8282f31d9b9ef664e2d874f27d89d912a45e4463bc1370157d07bb939abe35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0
| MD5 | fb155b522d00952bff2595c7fed5f396 |
| SHA1 | 71931e2fcaea937b59fb2b82e5b956e709669087 |
| SHA256 | 872cc753149c7b006c02a00858b61b169e05a74b8cab63aa58fa9cbe0e189f4f |
| SHA512 | 1d29deb337fdecd84ee07671084d4c94bfb21119ae3d020a5ddb103d066104dfa209191c46c1895381f475c21aed8d896d0ae456cce078122252097a55693f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\671b86e53e859f9b_0
| MD5 | 90aba15965e39092e0e69dcec7f25672 |
| SHA1 | a339096f5a5d1f3b7cfc2c2a04d216923555a54b |
| SHA256 | 2eeb6e4e62ee6da0451a109a5709d88d8272fecf4519475f00abc77f0d5e00a6 |
| SHA512 | a0a429ef69c3c4e4a1cb5c3ba5d7cb0b4c26f5050b4a656b896bd095cbde494f8a547a7e43ee42d77b51b2a9b3ccdd53a05e564b922dda7ced3cc732e002cf45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\839f0d8c7f1a4c83_0
| MD5 | f2f7bd88da108c6eb93e37858d0ab032 |
| SHA1 | 11d726029299434450710ec2cba32aa8944250a0 |
| SHA256 | bab02566d8b65f7115d8049d65fdc95d682700eaeea6989bfead72f8da651058 |
| SHA512 | ac816fe468987091633a6109b021aebeb889e49bab87356d2b3d012016507a114fec44384fe7164b6ba211a47ea7dd85e013b78103657283ba20ed8b0f5b264e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ddf4d032175758e_0
| MD5 | 40b859f2b5e0ee174dc5754d1ddf1948 |
| SHA1 | a5856f4b1cf010220d059b5349c08229aada8a8a |
| SHA256 | fbf4c9610ed54cbd76a0b4f6d88bd29e457fe6f836e8c50add8aaea8dd896871 |
| SHA512 | 56f4a11a64bd41e3b9dc7102dd6a4e11cbe095c2bc87a4f6f16d80cbda23996a5b463f80005e60d5cfeb9ef8a792d2443003dfe48410c0313279141d950ae799 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0
| MD5 | c083b2ed7ac75befda85abf4092b35bc |
| SHA1 | 99f45c12e077875a087f1789cf31ab5d57af1fef |
| SHA256 | 5960326201247c875e48118f9c846586c8d12201e99d516e4bd02290ea1993b6 |
| SHA512 | 011c477fe27affc3779d017d38619bc88e7e362fe3b52e3e07a2420ed4a7e9e73bb8785dbeb4d7d68f317fd3c0e3837333c8e83d5b01c29744c1379886adc2ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fc201b5483e4dc8_0
| MD5 | 94c05dc6660e4a8936db9973f3fc82b0 |
| SHA1 | 5364da0fc6f01373993182da3900b268c49db3e4 |
| SHA256 | c96201caf0f28a41a9dcf4f089f44675ff8218f80b8e00c04e96c6493f83ff0b |
| SHA512 | 5cd5ff36f9d049779169553fb7829a3f43668fa662a5ba3cdf3d14b8e5931c565ab665a49ada9cd549abad68d5c3b83145be0287e5da6b9b708a3a50ec2bf7b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0
| MD5 | 01290bdd56b06dd533d18083483b3916 |
| SHA1 | 42ee1c39f8663965f8767c2078eca2a672f2dccc |
| SHA256 | d80bbccb67c4a622c356eddcf3e714273d99e43d184418faacb4c9bb623033bc |
| SHA512 | 13c4693cf72e06757bc893b018fc1b4aa910f6e991872e0d77a659b6c7888a955c7232793a92e1dcdb40b9a34374e0439f03fa89dc544486f0f8eea28efac779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daf0b019d07753bd_0
| MD5 | f085f2512f6c6a3141991e998102935b |
| SHA1 | bb7c326a56fed42dd90aaff50b4da96a42e2af06 |
| SHA256 | aaf1d53274fd90c74c1e956e0e40fb8b1e3af8ec5dbc163b3ee953661ff6d77d |
| SHA512 | a0629b19ed40f520654864ce6b9b9bbbb0afc08a4a33bb128ac4387e649d3982dcb3ae2e0a1f0381412f4a0203d4e24b1b1b1937cf2befbfaab7b99d95e54304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fda0aba9e3042332_0
| MD5 | 16e2d34a2faaf86bc04dd4dec14a5102 |
| SHA1 | fa67886b9d8d9d06186645cb608e1add0ba1b7d8 |
| SHA256 | db585f8f01002cf9167defd9025a5dc04b2488d760540c5c517e33afd8bacee9 |
| SHA512 | 7abfa8e4f3ffea09de97741e92177a4cc95e315aa24d91812659fb12398bb56ef13908eb7bef0773cd8c2a5c2eec9fe07ba9cd1820b9782d6c13d1c74bc5b9a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2e8c167e1462fb5_0
| MD5 | 1c7b508244c1d5397422661de66ca9b9 |
| SHA1 | dbe732cf462b51bba506acd7353929c49cf9bc4e |
| SHA256 | fbaf5a3b6f843c0dfbc06c82bd134534509416049252fe7cabaff964e6e149ed |
| SHA512 | 11237675f91d17fa764335667bf2190ca0f374ea739f5d00715cdf51346e6b43013207a9ae8069fde2decb196f438520b69a81b8816e7ac1029256c7d4b6cab6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0
| MD5 | eb44c46aac104fa6f68cac17b915dd3b |
| SHA1 | c380a78d5ca31427ae1143f1a014486c6bc2d6db |
| SHA256 | 382e4c916c11480c926a5b1cd812fb3640956241aa65af4df74b7e792d12f2d2 |
| SHA512 | 8eda3307789fbc73b6c70040bf752109f1b5f73d5e254c1f61875859d177991f0cdf48f03377ea0548ffcea34696c5ce3aa0dd8b0a68f30c3227957745b7edcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
| MD5 | 16721a579e5edbdf125aa18e6a7b2d3d |
| SHA1 | b8989447fed4e10f22112deb62908b6db73a1ebc |
| SHA256 | f3b91b077ac89ec91dfd5e14357597ac77658ef2ebe2132a106f53280064476b |
| SHA512 | 4afcc9c3d6e387816f41f0b4e9d34af39085449780ab8ca28cd707192c79bd8798c80cc79b0217d3b664b96b6d08df7f322b02ae954b6aa904377bea65053306 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | eff7b6acbb29070abe3aea6685e4b44a |
| SHA1 | 6badc7f467be2884b87e74ba48758dfb1fa77a22 |
| SHA256 | 2bb141e9e106ea473d450d730bf32e6e789b25bd4f7b271ee0cb49b975c8f59e |
| SHA512 | 8e55aeec2f9b36d243cadd68e1f9240a0e0d09cbf0f0b80127bd7e3fc2176862de7e3ae80e64d573c44f21c2d0f015f92931917e05fcaa770eceaef4dae5a1e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | f706c4bf6b066ce573e07c129a3f8cfd |
| SHA1 | 18158fc1c8c751ae115e093a52ef7b717c4513df |
| SHA256 | 3b5a8814887bbc38093ee4765abb809e6ef2259d22ed5d0a06b43fda1b58ac28 |
| SHA512 | 99573edfee51e67924ef570d6502aef375f6a6e7f79c06fd15550fd0d4a59e0ff23a567ece29b9e0266bd8e8b4ae481d5301490fa0e839e8603747b1c89cf366 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91005327c4788773_0
| MD5 | cb37479e024ae5fb81fa26925c3f62de |
| SHA1 | 9b7027acfc14318bfbd2168f0abb43567d77604b |
| SHA256 | b092414a5214c5772012624cc9fc0690dfbdcae7e19b9ced5692f3a829c616d0 |
| SHA512 | bfee4f46a676b271968dd10d0a7e863197fc50bd4b69faedf38f0e3830813cbe793b51a75a8053d273ce74e3bd4d4bce211291e46fd76dcdf1fabe48065526c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | 045f796bbf8e121eb7df173b8e200e83 |
| SHA1 | 2bf7e8ee7519ab22c4e07ea8b09474d644c2e477 |
| SHA256 | b93f51cea6e676524102534a9bb5be271ec874902db15bb5f57e5bb4888ef7ac |
| SHA512 | ebd0cfba69007c3bfe6c777b47f5fca8be6f5c06427e350bbd2fde8cd2b53a940a49762ea64c1c9c7750998c1c58453355aebdd185784498b072b2d1707953f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e708d587df685aba0057d977ceef50cb |
| SHA1 | e920eeb92fa99d2a568fdb26e838a7c539bbdab1 |
| SHA256 | 3f397d3d585fd57e1d6af0653629b245514e2b9ec5c64b2640a5bd5d93ccd5ec |
| SHA512 | ed390479482ea857eb627d17289b559b3ad96ab6bb3c0ba7c36985a6cf195fd96825ba8f954bcbd8b92106237e3008ebb38b95777b4ff045b67711beddd1a8e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6fe094ed4e410c337f96d21065856ca2 |
| SHA1 | 39e86701d57f5bde4f96b1aef3adb35aa9334559 |
| SHA256 | a579e325f47d2f3fc101ef67737da4f59255833543f8b929106d057914058d07 |
| SHA512 | ecdd92743aaf86566f703744afb291becf7e51aaf5233a7b3eb372f35a1eabd6a2a41e3070c591d4416b7be1f9e4cfc966296c01ff611caaebda518cbc7b47b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f642c61d274073abcd606e2314935f0 |
| SHA1 | ff78a13e6a75aee3ba85582abf1f662b939ce395 |
| SHA256 | 34252656dc22373851428547ec19ff6ac5844d93e8aaadd121daf22f2e473f62 |
| SHA512 | 3dc97d31b6946dfd265042fb32a5615cadc1b52d6cb8ec9f83502a4981b6a1daadeedd2ea2aacddf6170fc5a934a8c5e1a25067d3c6944e26b4b01417daba84b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6fd9969fde9eda60c466eebbecf6e89e |
| SHA1 | 2beb451cc2c57c292a30bf77df1cafd77c60b321 |
| SHA256 | 122f13b9730a2bdc5bcf92135cf170f78a6d2995d088ac2636985c8a21d9460a |
| SHA512 | 43c75de0690e6b6eb79ccef29d9e2bb9a024cfa471037b5e89549a548677dda3095615d717717ecb9240ae334ba7b178510be3eafe2a27f7e7079e23786125d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 763584539c3c01c7615c13257374b7e1 |
| SHA1 | 594e6a259dc1650e14ca5799326b895de4669162 |
| SHA256 | 6614264c29ed1c1244798bf23443efdcb836256ab85c88254227bfb23e722fc0 |
| SHA512 | ff86ed3a4f14766b4e48947ff811d36e6ee96320664f40659fd90f1189c2a0d9d0cedf50600b77dd0301443ed62512a1508c1ac502073333d5c92036f4427a91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e11f371f8eb85ac39285040acfb3ef35 |
| SHA1 | eacd69f54ce9be52c8424ba4d551ee757d6911db |
| SHA256 | 1858a50955292105ecf0f12c6c77aa9e4c9726928657497f533a47e74fbe2e90 |
| SHA512 | 53cea0e16f665784fe7ca5f977c165e1fb797eb7940ec247ca7b127649283a3cb150f591cf6d77e8055648f02cce206e692002ec89a7b9d4b4587dfd8290f290 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 95246f985696e6ee821b95002a3796cc |
| SHA1 | 47741e6300acefbc147edcc20630913370c8757e |
| SHA256 | b54be1f19b47f7fbe6f0e3d8c8e7a35892afcff50e42f8d3d25a922ab0e1836d |
| SHA512 | 819227c7d53c33d9e39ed6785897b414978183f8b8c692ee989363b9a75202c2da88a7ef0175840adf33820d25d4e6e2483bb3e8fc3350821fc7ddbf049c6f3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc4461626774d3041ad3025cd36e564c |
| SHA1 | 2f7d045130c367c5a032dedf70c42c0c366f813d |
| SHA256 | aa42b583f4589fcd87513f15e6f3b386b1800680d2bccdba8ec9c819d4a86e58 |
| SHA512 | e3665baa9bb48fe75e8a99370d93fb8e459eceb31aef553219f752e0e2d8fbf267c41c0fa2e5c16fafd98481509f7846ce288ce80e4bf2a6bef6f0e2c1f2afa0 |
C:\Users\Admin\Downloads\Unconfirmed 299317.crdownload
| MD5 | 63210f8f1dde6c40a7f3643ccf0ff313 |
| SHA1 | 57edd72391d710d71bead504d44389d0462ccec9 |
| SHA256 | 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f |
| SHA512 | 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ea3ab145eef875a2dd63516cc8e0bc7 |
| SHA1 | 7be9fc27e7211fb30a39d4f99898093c3b164f53 |
| SHA256 | 15dec81022b1668778066ded674d06a52b062046a15de327f08b596313379e49 |
| SHA512 | f786f92aec2a3b013bc772005233e24975de76ba90a2804d957ed6375acdea9f2d3d5cfa67eeeb4f8b67c66c156a17daf4fd0d3af0b5062647641e2ae9e5f4c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 739e47d7f6ded2ec5939e741eb7c0911 |
| SHA1 | 13d001fda545be72f89cc8f604b7588eba301911 |
| SHA256 | 4bcb011c9d0970eeb8c91bd200ee0dbe87a42dea4e4f82a2558206437ce34cd2 |
| SHA512 | a5dd31c0d3869bfe4a1fb546032b694b528406efb15b00445ed773fa9a9e578e7463dc2d2646ef32ffc3d711f0289366b050b5fd5338c7b2f4fb197b0d89a89a |
C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
memory/4944-2718-0x00000000024F0000-0x00000000025BE000-memory.dmp
memory/4944-2720-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2719-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2721-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2722-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2723-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3880-2727-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3880-2728-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3880-2729-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3880-2730-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2742-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2752-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2753-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4324-2754-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4324-2756-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2757-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4324-2758-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2761-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 2cd1ef7fde0e815cb11d453940dc0276 |
| SHA1 | 05fc6c4c32517696e8f480ebd13ec380f4682bfb |
| SHA256 | 378305610b5a584323dfb0dff22376f4daf7d3f42e64356572c5eb5db0048eae |
| SHA512 | cf0492be49fe84012ef9f175ad91d241996e894019fede09ea34342220ad8386eb389fde55ed9b60188440a87e6d4db07957cb800be38bae449074f210c980a8 |
memory/4944-2782-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8beffe461fa9171c903b86e1fdf11c1 |
| SHA1 | a7828745d7eefa49c1e5f33c4255844211269139 |
| SHA256 | 1a9aed9a1c393326641b96f1902d9541b36eb4bb83d1d4dec17045aade953119 |
| SHA512 | 64c3597d0da4df99c2c76c8326f7b7fa8b4f9cf0ec9bec8b990af33a3d2209def85fc65038784ae9176fb1dba38e0c9775f54d0f5f467d28a1a5e18dca05c202 |
memory/4944-2801-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ecf653a80dcb710df9b74871387b0cd |
| SHA1 | f30d767f02448c5eec4d70cfa8c899cdf82f71d9 |
| SHA256 | 0d7c051da6ec047724f59fc345a166dc6679aa5474798d3a73ea193a9f351ec8 |
| SHA512 | 31d6c271e929edb9c5505b05442d30a6de63b70bc1cbe82920acfd852949a990bb96c16bc230ad1ffd6e929575c37051be8d073662b254355b1bfb0571512aa1 |
C:\Users\Admin\Downloads\a872685f-7f21-430c-8a2c-014c8b4d1b55.tmp
| MD5 | c850f942ccf6e45230169cc4bd9eb5c8 |
| SHA1 | 51c647e2b150e781bd1910cac4061a2cee1daf89 |
| SHA256 | 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f |
| SHA512 | 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9 |
memory/4944-2826-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb375682c2db076245f3e03bf6ba2c88 |
| SHA1 | 80a5620f890bdfa7bc5d9635f9669ef9fb78d66c |
| SHA256 | 3073cb708143724a49b0683f6bd121b2c92f6fbfc82007b7e676fc4307287754 |
| SHA512 | faea8ec88e16b055d824cfc7207582982b3a05ba5685fae36e06d1969f5ff8cddf05491812f87c105d659d4c76f45b793f0f402a9a20c14cd93c28b3ee49969d |
C:\Users\Admin\Downloads\Unconfirmed 806333.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
memory/1364-2854-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1364-2856-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2857-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1364-2858-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4604-2869-0x0000000074500000-0x0000000074CB1000-memory.dmp
memory/4604-2868-0x0000000000090000-0x00000000000FE000-memory.dmp
memory/4604-2870-0x0000000005260000-0x0000000005806000-memory.dmp
memory/4604-2871-0x0000000004BA0000-0x0000000004C32000-memory.dmp
memory/4604-2872-0x0000000004E60000-0x0000000004E70000-memory.dmp
memory/4604-2873-0x0000000004C40000-0x0000000004C4A000-memory.dmp
memory/4944-2879-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2883-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3280-2884-0x0000000074500000-0x0000000074CB1000-memory.dmp
memory/3280-2885-0x0000000005890000-0x00000000058A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2ff6933ba78726273952d31c3c1d45b |
| SHA1 | d99fc963b6a546d6bd4e244929c31c67d2f14d2d |
| SHA256 | 8e2a5c8cfdd2103648077bcc2bee36e854901640e7c8a48f43722cec7bc8e91b |
| SHA512 | 8ac6c604d3abcc6dbee7398d84e55f106c6d10e461a890609dd6e2054c7909631170c35ec48e4928b4b3f3c1c52ab2b66d2a0d6e7fe1e54bdd9c29fcaac433b1 |
memory/4604-2898-0x0000000074500000-0x0000000074CB1000-memory.dmp
memory/4696-2900-0x0000000004FD0000-0x0000000004FE0000-memory.dmp
memory/4696-2899-0x0000000074500000-0x0000000074CB1000-memory.dmp
memory/4604-2901-0x0000000004E60000-0x0000000004E70000-memory.dmp
memory/4944-2913-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3280-2914-0x0000000074500000-0x0000000074CB1000-memory.dmp
memory/4944-2915-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3280-2916-0x0000000005890000-0x00000000058A0000-memory.dmp
memory/4696-2917-0x0000000074500000-0x0000000074CB1000-memory.dmp
memory/4696-2918-0x0000000004FD0000-0x0000000004FE0000-memory.dmp
memory/4944-2919-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2920-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2921-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\20OIFLVL\update100[2].xml
| MD5 | 53244e542ddf6d280a2b03e28f0646b7 |
| SHA1 | d9925f810a95880c92974549deead18d56f19c37 |
| SHA256 | 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d |
| SHA512 | 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62 |
memory/4944-2961-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4944-2962-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | fb4aa59c92c9b3263eb07e07b91568b5 |
| SHA1 | 6071a3e3c4338b90d892a8416b6a92fbfe25bb67 |
| SHA256 | e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9 |
| SHA512 | 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini
| MD5 | 0da77f21b2093e6cee583fb70d274192 |
| SHA1 | 2af74ba1d35cac7ceaf9811569b45f141cc7ae9d |
| SHA256 | aa61f8bef838d7c972fe27d342dd927778d984559b733629257927ed58fc2e43 |
| SHA512 | 9e4fd91b120d045e90a22c9023b1231d6622ca3d2160715ecf4d3ded69447cf22cbc4547b2a548480758ad8680151cb22f33828bbd149c10a072a5fb8a16148b |
C:\Users\Admin\AppData\Local\Temp\tmp51BF.tmp
| MD5 | 5b16ef80abd2b4ace517c4e98f4ff551 |
| SHA1 | 438806a0256e075239aa8bbec9ba3d3fb634af55 |
| SHA256 | bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009 |
| SHA512 | 69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4 |
memory/4944-3227-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini
| MD5 | cc04d6015cd4395c9b980b280254156e |
| SHA1 | 87b176f1330dc08d4ffabe3f7e77da4121c8e749 |
| SHA256 | 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e |
| SHA512 | d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe
| MD5 | c2938eb5ff932c2540a1514cc82c197c |
| SHA1 | 2d7da1c3bfa4755ba0efec5317260d239cbb51c3 |
| SHA256 | 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665 |
| SHA512 | 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
| MD5 | 09773d7bb374aeec469367708fcfe442 |
| SHA1 | 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6 |
| SHA256 | 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2 |
| SHA512 | f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml
| MD5 | 5ae2d05d894d1a55d9a1e4f593c68969 |
| SHA1 | a983584f58d68552e639601538af960a34fa1da7 |
| SHA256 | d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c |
| SHA512 | 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
| MD5 | 3c29933ab3beda6803c4b704fba48c53 |
| SHA1 | 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c |
| SHA256 | 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633 |
| SHA512 | 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
| MD5 | 22e17842b11cd1cb17b24aa743a74e67 |
| SHA1 | f230cb9e5a6cb027e6561fabf11a909aa3ba0207 |
| SHA256 | 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42 |
| SHA512 | 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
| MD5 | 552b0304f2e25a1283709ad56c4b1a85 |
| SHA1 | 92a9d0d795852ec45beae1d08f8327d02de8994e |
| SHA256 | 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535 |
| SHA512 | 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
| MD5 | 2c7a9e323a69409f4b13b1c3244074c4 |
| SHA1 | 3c77c1b013691fa3bdff5677c3a31b355d3e2205 |
| SHA256 | 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2 |
| SHA512 | 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
| MD5 | f4e9f958ed6436aef6d16ee6868fa657 |
| SHA1 | b14bc7aaca388f29570825010ebc17ca577b292f |
| SHA256 | 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b |
| SHA512 | cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png
| MD5 | e593676ee86a6183082112df974a4706 |
| SHA1 | c4e91440312dea1f89777c2856cb11e45d95fe55 |
| SHA256 | deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb |
| SHA512 | 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png
| MD5 | 13e6baac125114e87f50c21017b9e010 |
| SHA1 | 561c84f767537d71c901a23a061213cf03b27a58 |
| SHA256 | 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e |
| SHA512 | 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png
| MD5 | a23c55ae34e1b8d81aa34514ea792540 |
| SHA1 | 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf |
| SHA256 | 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd |
| SHA512 | 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png
| MD5 | d03b7edafe4cb7889418f28af439c9c1 |
| SHA1 | 16822a2ab6a15dda520f28472f6eeddb27f81178 |
| SHA256 | a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665 |
| SHA512 | 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png
| MD5 | 57a6876000151c4303f99e9a05ab4265 |
| SHA1 | 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794 |
| SHA256 | 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4 |
| SHA512 | c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
| MD5 | adbbeb01272c8d8b14977481108400d6 |
| SHA1 | 1cc6868eec36764b249de193f0ce44787ba9dd45 |
| SHA256 | 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85 |
| SHA512 | c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
| MD5 | f1c75409c9a1b823e846cc746903e12c |
| SHA1 | f0e1f0cf35369544d88d8a2785570f55f6024779 |
| SHA256 | fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6 |
| SHA512 | ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
| MD5 | de5ba8348a73164c66750f70f4b59663 |
| SHA1 | 1d7a04b74bd36ecac2f5dae6921465fc27812fec |
| SHA256 | a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73 |
| SHA512 | 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
| MD5 | 8347d6f79f819fcf91e0c9d3791d6861 |
| SHA1 | 5591cf408f0adaa3b86a5a30b0112863ec3d6d28 |
| SHA256 | e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750 |
| SHA512 | 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
| MD5 | 771bc7583fe704745a763cd3f46d75d2 |
| SHA1 | e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752 |
| SHA256 | 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d |
| SHA512 | 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
| MD5 | b83ac69831fd735d5f3811cc214c7c43 |
| SHA1 | 5b549067fdd64dcb425b88fabe1b1ca46a9a8124 |
| SHA256 | cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185 |
| SHA512 | 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
| MD5 | 72747c27b2f2a08700ece584c576af89 |
| SHA1 | 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33 |
| SHA256 | 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b |
| SHA512 | 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
| MD5 | 19876b66df75a2c358c37be528f76991 |
| SHA1 | 181cab3db89f416f343bae9699bf868920240c8b |
| SHA256 | a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425 |
| SHA512 | 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri
| MD5 | 7473be9c7899f2a2da99d09c596b2d6d |
| SHA1 | 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac |
| SHA256 | e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3 |
| SHA512 | a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe
| MD5 | 9cdabfbf75fd35e615c9f85fedafce8a |
| SHA1 | 57b7fc9bf59cf09a9c19ad0ce0a159746554d682 |
| SHA256 | 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673 |
| SHA512 | 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png
| MD5 | 096d0e769212718b8de5237b3427aacc |
| SHA1 | 4b912a0f2192f44824057832d9bb08c1a2c76e72 |
| SHA256 | 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef |
| SHA512 | 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png
| MD5 | d9d00ecb4bb933cdbb0cd1b5d511dcf5 |
| SHA1 | 4e41b1eda56c4ebe5534eb49e826289ebff99dd9 |
| SHA256 | 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89 |
| SHA512 | 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png
| MD5 | ed306d8b1c42995188866a80d6b761de |
| SHA1 | eadc119bec9fad65019909e8229584cd6b7e0a2b |
| SHA256 | 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301 |
| SHA512 | 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png
| MD5 | 09f3f8485e79f57f0a34abd5a67898ca |
| SHA1 | e68ae5685d5442c1b7acc567dc0b1939cad5f41a |
| SHA256 | 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3 |
| SHA512 | 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png
| MD5 | 1f156044d43913efd88cad6aa6474d73 |
| SHA1 | 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26 |
| SHA256 | 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816 |
| SHA512 | df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
| MD5 | e01cdbbd97eebc41c63a280f65db28e9 |
| SHA1 | 1c2657880dd1ea10caf86bd08312cd832a967be1 |
| SHA256 | 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f |
| SHA512 | ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
| MD5 | 57bd9bd545af2b0f2ce14a33ca57ece9 |
| SHA1 | 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1 |
| SHA256 | a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf |
| SHA512 | d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 527e6fa97184b70f5da1caa74293ef27 |
| SHA1 | 5a67116ccac26fc18a7adfeff8b48071149b21e2 |
| SHA256 | 76efcf623511a2e1a2eda72f608f77f79c6b656d0a62c92d8de93889d551219a |
| SHA512 | fc07453fff44c57755eba8cbf21db1b1fbd532fa46dca9f80afe8b23fa6ad658d56e223a2c0c5c9ca2c232a5ea29e020adcf554ab80fa10a4af5717ee479aa6e |
memory/5692-3819-0x00000000044F0000-0x0000000004500000-memory.dmp
memory/4944-3838-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini
| MD5 | 10c41e6157777303c4fc6d11e07f1ad6 |
| SHA1 | 431eaf0625a754180347f84288a8915b4fb7e780 |
| SHA256 | e67085552de5cb171cb03659ab516a20d9ca3f4120c2dd18cabdd77349b55f44 |
| SHA512 | 9b33f35695b1faf4cb4bca4786482a4748e190eb2984a63dd1096bef0d9ebb3dee04eb7c5be5ea59b3f579de229464a2c00157324ac2f2a7ab07131e4b52a8fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5c4ac34e2cbdec05805d2f1d5c784091 |
| SHA1 | cfcbfcd00bbcffe1e0f734dbe66ec34eacbdfed8 |
| SHA256 | 5738dd6ac52ef29c4b1302a0a42abb9a2d9e6df6a6b73740fc040a9d36f94780 |
| SHA512 | 98cf79aa4ea1a4ac0830a6814c6a0512543cea0a214ad9e23ffc7fbcd9289f0572bec79cdca946ec74033a5d01ecece33239bb5f6ae81f2e5fffa78c45ea7eb5 |
memory/4944-3883-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/5692-3915-0x00000000044F0000-0x0000000004500000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b382286e9797e17b5f405af27b3cda71 |
| SHA1 | 0e5cf801180501eea08a334de690789f9db77eb5 |
| SHA256 | 003eed9f776ad3cbb970a493b3db8b78aa4a90d6d54b00136b75cb76499431f0 |
| SHA512 | 45689057966f1d98da330525f8e66bd633a54dd10a0b332355e6cc769494713e70f6201e3cb83f6a6a4e7e9aab9f4a31f364082b6139770d08d34b579e790ee7 |
memory/4944-3940-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7654cf206708dd295254e7b6b103d717 |
| SHA1 | 83c19aef0bf0fd715f2c0ab9d67ddf546f48f325 |
| SHA256 | 75a3c7a859f2b3de221fb3f9fd7f0cc06312345496b5f93dcfaa5c09cd311cb1 |
| SHA512 | d6cd5f1c9160d4a4afc674bc3fb56c5284b15f2a6a1f7284fa608f92e336f3ad75561227cfd18355af2346d3143609b58655ae5cb351642fd733b080dd7884d1 |
C:\Users\Admin\Downloads\Unconfirmed 877026.crdownload
| MD5 | 97512f4617019c907cd0f88193039e7c |
| SHA1 | 24cfa261ee30f697e7d1e2215eee1c21eebf4579 |
| SHA256 | 438888ef36bad1079af79daf152db443b4472c5715a7b3da0ba24cc757c53499 |
| SHA512 | cfbb8dd91434f917d507cb919aa7e6b16b7b2056d56185f6ad5b6149e05629325cdb3df907f58bb3f634b17a9989bf5b6d6b81f5396a3a556431742ed742ac4a |
memory/4944-4049-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1670c431b232f804026f661fefa33c03 |
| SHA1 | df30fef93d805b2a5349dea9bf3cc3817ce5a9f1 |
| SHA256 | ed3e2ff329a07fe568a3c2eae322e0eb64f214f74e63dbb9579184635f596080 |
| SHA512 | 6d90f68e15c2b76327e52ea1d7c56e985abb5edd721466d7c6aacd5fcc9cb5baee3977216a3d88dd7ea6c197c6a6e02d3bfdafd809b3d274941efb8a60d50366 |
memory/5164-4071-0x0000000000400000-0x000000000058D000-memory.dmp
memory/5164-4072-0x0000000000C70000-0x0000000000CB3000-memory.dmp
C:\Users\Admin\README_HOW_TO_UNLOCK.HTML
| MD5 | c784d96ca311302c6f2f8f0bee8c725b |
| SHA1 | dc68b518ce0eef4f519f9127769e3e3fa8edce46 |
| SHA256 | a7836550412b0e0963d16d8442b894a1148326b86d119e4d30f1b11956380ef0 |
| SHA512 | f97891dc3c3f15b9bc3446bc9d5913431f374aa54cced33d2082cf14d173a8178e29a8d9487c2a1ab87d2f6abf37e915f69f45c0d8b747ad3f17970645c35d98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87ba3134f2c84ee1d482f49f4276c283 |
| SHA1 | 3fc2eb647c88f0edbaf7fa69684f4278d0f468d3 |
| SHA256 | a75c11f3dadfd1c724a97f35147266f1bf6f8348a8e39648f160c11c9ddffabf |
| SHA512 | 08f4faf3229f29938345d960f4101ad41eadff399b6f7fa263738b293f58c92a573c8e27970529197e9cf9f09a7ad4fb18d47b13ffab066ee5d642cae55783b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e9e6112e9f2e32ba32753995d2c2cf4 |
| SHA1 | 79b83740453ef34b2e72b4a5da642413797f070b |
| SHA256 | d18d6df02e61fb9ecbfcb54e64a91d78396eec04ebc35c65c11e18904cef3382 |
| SHA512 | baa942fd978070c5e45c487e8dc7c851300adea44ef7300f9a1a6269222c9a432aab5ae21b9bc204ec74f2fbbcf6c24a6f6271b6e22abe393c823c96a3191d91 |
C:\Users\Admin\README_HOW_TO_UNLOCK.TXT
| MD5 | 04b892b779d04f3a906fde1a904d98bb |
| SHA1 | 1a0d6cb6f921bc06ba9547a84b872ef61eb7e8a5 |
| SHA256 | eb22c6ecfd4d7d0fcea5063201ccf5e7313780e007ef47cca01f1369ee0e6be0 |
| SHA512 | e946aa4ac3ec9e5a178eac6f4c63a98f46bc85bed3efd6a53282d87aa56e53b4c11bb0d1c58c6c670f9f4ad9952b5e7fd1bb310a8bd7b5b04e7c607d1b74238a |
memory/4944-4302-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/5504-4314-0x0000000000400000-0x000000000058D000-memory.dmp
memory/5504-4318-0x0000000000980000-0x00000000009C3000-memory.dmp
memory/5504-4322-0x0000000000400000-0x000000000058D000-memory.dmp
memory/5164-4326-0x0000000000400000-0x000000000058D000-memory.dmp
memory/4944-4343-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/5164-4361-0x0000000000C70000-0x0000000000CB3000-memory.dmp
memory/4944-4370-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6a86f80162b121829eb05b4e34577c0e |
| SHA1 | dc19af8cdc1cdc871d95a40dc743bc4f5cfbccae |
| SHA256 | 8c388f4b2a5c35c9203f335b697ef0a449c8bb438eb56bed3d33f4224a6a96e4 |
| SHA512 | 3c67a80f4012f62ebdcbbd788afc3a5e35244ab7bddf1653c8c35fdaa3b7e6bb267c67bd314bd7e66b9654b0121f39c60b391fd892355df1d9de2e5381729629 |
memory/4944-4413-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d81f062eb9d9d04393f47b7203a16de5 |
| SHA1 | 499e1292e5e231d3738a814cdefda6fa1a9c744b |
| SHA256 | a1f2f71ae0e1483fff295cfae6ca6223b6b1751a17bdb9f1c3f83f81fd84826e |
| SHA512 | 53797908ab96e055f084f1e98945865b37b2f2945693e010842b6a0f29511c9cc85b0bea51c1fd5467452ba4219902fd1a23104448699810474a01e191661e43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79c4bb0f3841dcaf4b6d9da1a1537f2f |
| SHA1 | 1d6d690f41fd26ea66cca137d0a1299330e5face |
| SHA256 | a26a0dd52b4f3cb2c9b79e87de4e61937ffefeba34beca900c1b7e13ac95d7ed |
| SHA512 | 0877120e7576b6be065b34f8d2ceeef6890c4942fd32fede208bfdb9a639c755b9b6cb0c4699483f5ddcba4b4ac1f8ee1aa9954a6c36aab9a1c429f06197f426 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | ad71890acee761dfc0bee32f37ce38f4 |
| SHA1 | b8fb6dcde20d0f762ede74ee4733217483d93d3b |
| SHA256 | ba1666a7114c8fa9eca949febb6e1c28f9492e1b7c62671e674ea2588aa00bbc |
| SHA512 | 18eace7bab2975343f67517a6985c20ec92e31f7fa0c78e400486407e6fdd48644be94615d3986f2932f2d5580d7e18967bf0addc1f3b2950d1a1864a14d1f86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | b2eef9224da727f8fafbe76d042d5f14 |
| SHA1 | 8b2d44fade5265407d7010b0692a69341dd68898 |
| SHA256 | 8806be817ea078ea37dca1f6f93a9fbce42a26527827a7aa878f6ed1aa2a7960 |
| SHA512 | 9ac5a5945aa5912cbeee46ce87c277f6ccdfb1a839f09d5b0f43888bd989f60d3638e56e929da65004f0315849465d3849d221db255619431d5ba27a81e87ca8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0
| MD5 | 8c29784be0965e35f697b90ac64c2d8e |
| SHA1 | 853c018538d64bb3d1c16450488dabf480b7c6a7 |
| SHA256 | cab18106e0fbcbc368f2e35d29b81939f60030985aafc3fe977249ff58491245 |
| SHA512 | ec8ff123632701be8087f97f02af4e7e2b46bdd3c966e11bb1baf4bc7266bdb1e066883d1372261d3e8be4b8e39654ad7c536c727e20240563926f3d94f93106 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a9b3662d971774b_0
| MD5 | eae8685e390f36a821191bf439c13241 |
| SHA1 | a5c880e10275b9f276d893782b7a9b161e27e4a6 |
| SHA256 | 987e2b05c69b83996535e9205bd50a4ae51bded6a536cc7c042187d3e031d2af |
| SHA512 | b0a5799726b613389f296418c0e0fac63d3664bf4a414d09747033391dc7c749b8f59c065b929f09ef4f0d55b010c90cd868776f82a432b2e4c2a1e107faf2bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb2dca5ae247f4a2_0
| MD5 | 804c43cbc8714238f6a1e5cb96cd3403 |
| SHA1 | 49678cb9eeb4e6956b73183e2d7f917cbae10356 |
| SHA256 | d39a48c684242fb7d63b81760e179098a8886c47c1a644bf90d2c0c36ab4dfd2 |
| SHA512 | 6de97dad8614278613276e303da6d8f691977414616ad7aa1a443abe0478436a32abd31a4c3dead2b2db19a5110e63980bf75c643e246e11634cdf85b303768d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
| MD5 | f782de7f00a1e90076b6b77a05fa908a |
| SHA1 | 4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1 |
| SHA256 | d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968 |
| SHA512 | 78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766 |
memory/4944-4894-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34ab1fb8692f43a80a16bbeb2133789f |
| SHA1 | d0ad6146d1e842a5bb407af016aa280794bdf466 |
| SHA256 | 28f2f136dd2b08390f2455775783e0c561891db3c8c223dff76d6dd1a9cfc191 |
| SHA512 | ad23bb2916419b5f0022f98218f19f5cbd31f8cc920273f965fbed2a34592b59dff6acb3b20863e857710a59c64d2549f1278618d36b927103c1c0477de0a9bf |
memory/4944-4923-0x0000000000400000-0x00000000005DE000-memory.dmp