Malware Analysis Report

2024-08-06 10:27

Sample ID 240614-pa3ddszeqf
Target -Anarchy-.miobject
SHA256 3833a5e7dbb4868fa50cf6f96c6ea8bd917192eea74180be4ce46b9f017f0610
Tags
cobaltstrike backdoor discovery evasion persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3833a5e7dbb4868fa50cf6f96c6ea8bd917192eea74180be4ce46b9f017f0610

Threat Level: Known bad

The file -Anarchy-.miobject was found to be: Known bad.

Malicious Activity Summary

cobaltstrike backdoor discovery evasion persistence spyware stealer trojan

Cobalt Strike reflective loader

Cobaltstrike

Downloads MZ/PE file

Contacts a large (827) amount of remote hosts

Modifies Windows Firewall

Drops file in Drivers directory

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Checks BIOS information in registry

Checks computer location settings

Reads user/profile data of web browsers

Modifies powershell logging option

Checks installed software on the system

Checks for any installed AV software in registry

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

AutoIT Executable

Checks system information in the registry

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Modifies system certificate store

Uses Volume Shadow Copy WMI provider

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Opens file in notepad (likely ransom note)

Suspicious behavior: AddClipboardFormatListener

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Uses Task Scheduler COM API

Script User-Agent

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Impair Defenses
T1562
Disable or Modify System Firewall
T1562.004
Modify Registry
T1112
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Network Service Discovery
T1046
Query Registry
T1012
System Information Discovery
T1082
Software Discovery
T1518
Security Software Discovery
T1518.001
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 12:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 12:08

Reported

2024-06-14 12:34

Platform

win10v2004-20240611-en

Max time kernel

1525s

Max time network

1524s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\-Anarchy-.miobject

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Contacts a large (827) amount of remote hosts

discovery

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsDwf.sys C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsDwf.sys C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K9QQJ.tmp\Jojos Bizarre Adventure.tmp N/A
N/A N/A C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N8LTU.tmp\Jojos Bizarre Adventure.tmp N/A
N/A N/A C:\Users\Admin\Downloads\Jojos Bizarre Adventure_2-wLxe1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod2_extract\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cwrfy2d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
N/A N/A \??\c:\program files\reasonlabs\EPP\ui\EPP.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A \??\c:\program files\reasonlabs\VPN\ui\VPN.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\program files\reasonlabs\epp\rsLitmus.A.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A \??\c:\program files\reasonlabs\DNS\ui\DNS.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K9QQJ.tmp\Jojos Bizarre Adventure.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N8LTU.tmp\Jojos Bizarre Adventure.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\regsvr32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" \??\c:\windows\system32\rundll32.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Modifies powershell logging option

evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D97B1EC1F43DD6ED4FE7AB95E144BC_1FBF5CC64736DEDD3EE6301DFD848080 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E663C78920A8217B4CBE3D45E3E6236_75C1BD04B8F3DBF3882A89F51074A729 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_EC4B03A84E582F11EFD1DC6D27A523EE C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07A7CCFBD28A674D95D3BF853C9007C6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\rsVPNSvc\WireGuard\log.bin C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\439F613B3D55693954E1B080DE3085B4_C4927E03400A4F6EDB9D613E6354F864 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48B35517638A85CA46010B026C2B955A_735A98D70471F3F6240371211712CB5C C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_1FBF5CC64736DEDD3EE6301DFD848080 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\48B35517638A85CA46010B026C2B955A_735A98D70471F3F6240371211712CB5C C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07A7CCFBD28A674D95D3BF853C9007C6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_EC4B03A84E582F11EFD1DC6D27A523EE C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E663C78920A8217B4CBE3D45E3E6236_75C1BD04B8F3DBF3882A89F51074A729 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_E3A0B2E345AA9F5A174687564C886046 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ReasonLabs\VPN\CaseExtensions.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\rsDwf.cat C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\System.Security.Cryptography.X509Certificates.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.AppContext.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.IO.MemoryMappedFiles.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\ui\app.asar C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_mcafee_logo.png C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\rsEngine.Core.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp2130060650\downloadscan.cab C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\sequencenumber.luc C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\x64\7z64.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\System.IO.Compression.ZipFile.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp2130060650\jslang\wa-res-install-pl-PL.js C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hr-HR.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sv-SE.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-de-DE.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sv-SE.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.html C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\System.Threading.Timer.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\System.Globalization.Extensions.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\System.ComponentModel.EventBasedAsync.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\System.IO.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastchecktriggered.luc C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\wa_settingsdb.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\VPN\System.Diagnostics.Debug.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp2130060650\jslang\wa-res-install-zh-TW.js C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-BR.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsLogger.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\System.Runtime.Serialization.Xml.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\x64\SQLite.Interop.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\VpnSDK.Private.Ras.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ko-KR.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\System.Threading.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\Temp2130060650\jslang\wa-res-install-cs-CZ.js C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\Temp2130060650\jslang\wa-res-install-sv-SE.js C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\celebration_white_bg_color.gif C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\th.pak C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\rsEngine.Loggers.Business.Assets.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\de\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp2130060650\logicscripts.cab C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ko-KR.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.html C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\common.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\ui\app.asar C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSES.chromium.html C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\System.Xml.XmlSerializer.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp2130060650\updater.cab C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\logging.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\rsVPNSvc.Contract.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js C:\Program Files\McAfee\Temp2130060650\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.Primitives.dll C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 704865ad53beda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d651e1763920bb4d949d709c9307976a0000000002000000000010660000000100002000000032c6ec249d44040ef56090c98ce708779b83491d3f039591e4890a4a15149ec6000000000e80000000020000200000001c70e7b1c5e3dd27b460ea2971775afc861e504590f7b039d4d3c9b219b978a52000000079d9a1c1a9b28bd4284be545f69b1cd422fcea116da88557494b5dc85aafcc75400000007dfa21be3d7b110f74414980e13220e420a1d79947aec78577790351483ab829d61b1531eb30c15d2e09381fd6cc9132db71ae9ac007a076ffc207cd629f0ef2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2892814864" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112787" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2892814864" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31112787" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 605671ad53beda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D8040A74-2A46-11EF-B1BA-D685EB24A7F4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d651e1763920bb4d949d709c9307976a00000000020000000000106600000001000020000000d25b25801e2c9b8b457e95d74fa459568eeda85937f2e5ee2d29346ae1b1c1ac000000000e8000000002000020000000f13d84f6b3c715e82d85512ad767e4f84c5824224f1dbb2982a9fbcd72214e5a2000000024be48ffec92418bde65bdaf4fc97a945dd72f1517f0eae50d195f9a432f34c5400000007eb5c5706b5daaaa2aadacd97186e9410156b96ac720f4f13c5dec4e8a177e6a8d5a92e6d9693320dc13456414052778a572414b25d45b3d15b2efd32bd0b5f1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000200000001000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\shell\ C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\DefaultIcon\ C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\ = "ScannerAPI Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version\ = "1.0" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\ = "ScannerAPI Class" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\shell\open C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\shell\open\command\ C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\DownloadScan.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\.torrent\ = "qBittorrent" C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version\ = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\Content Type = "application/x-magnet" C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\magnet\ C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Programmable C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75495c0000000100000004000000001000002000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 26226.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 526283.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTcbPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SYSTEM32\fltmc.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Token: SeDebugPrivilege N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
Token: SeDebugPrivilege N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
Token: SeDebugPrivilege N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
Token: SeBackupPrivilege N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
Token: SeRestorePrivilege N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WinRAR.zip\wrar401.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2300 wrote to memory of 4452 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2300 wrote to memory of 4452 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 4452 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4452 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4452 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4980 wrote to memory of 1348 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\dashost.exe
PID 4980 wrote to memory of 1348 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\dashost.exe
PID 4748 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\-Anarchy-.miobject

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\-Anarchy-.miobject

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4452 CREDAT:17410 /prefetch:2

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\system32\dashost.exe

dashost.exe {ea96f642-4017-42a2-80c3014501b4afbb}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c70d46f8,0x7ff8c70d4708,0x7ff8c70d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9972 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=10972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10968 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\idk.png" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=10048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2e8 0x304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_WinRAR.zip\README.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9268 /prefetch:8

C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe

"C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe"

C:\Users\Admin\AppData\Local\Temp\is-K9QQJ.tmp\Jojos Bizarre Adventure.tmp

"C:\Users\Admin\AppData\Local\Temp\is-K9QQJ.tmp\Jojos Bizarre Adventure.tmp" /SL5="$90438,13566766,780800,C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe"

C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe

"C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe"

C:\Users\Admin\AppData\Local\Temp\is-N8LTU.tmp\Jojos Bizarre Adventure.tmp

"C:\Users\Admin\AppData\Local\Temp\is-N8LTU.tmp\Jojos Bizarre Adventure.tmp" /SL5="$4022C,13566766,780800,C:\Users\Admin\Downloads\Jojos Bizarre Adventure.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8

C:\Users\Admin\Downloads\Jojos Bizarre Adventure_2-wLxe1.exe

"C:\Users\Admin\Downloads\Jojos Bizarre Adventure_2-wLxe1.exe"

C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-MOOK7.tmp\Jojos Bizarre Adventure_2-wLxe1.tmp" /SL5="$D0420,13566766,780800,C:\Users\Admin\Downloads\Jojos Bizarre Adventure_2-wLxe1.exe"

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod0.exe

"C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod0.exe" -ip:"dui=68138b08-1fe0-4204-8ec7-0d10a591e99a&dit=20240614121725&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=d267&a=100&b=em&se=true" -vp:"dui=68138b08-1fe0-4204-8ec7-0d10a591e99a&dit=20240614121725&oc=ZB_RAV_Cross_Tri_NCB&p=d267&a=100&oip=26&ptl=7&dta=true" -dp:"dui=68138b08-1fe0-4204-8ec7-0d10a591e99a&dit=20240614121725&oc=ZB_RAV_Cross_Tri_NCB&p=d267&a=100" -i -v -d -se=true

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod2_extract\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod2_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b

C:\Users\Admin\AppData\Local\Temp\cwrfy2d3.exe

"C:\Users\Admin\AppData\Local\Temp\cwrfy2d3.exe" /silent

C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b --server-tracking-blob=MzYyMjdiNjhjMGVhNmRiOGRmNDI5MzE3ZjhjNDg0ZWZlMTljNWJlMDA4MDEwNzdhNGI0M2M4NmY1ODdkYzM1ZDp7ImNvdW50cnkiOiJJTCIsImVkaXRpb24iOiJjZGYiLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvZWRpdGlvbi9jZGY/dXRtX2NvbnRlbnQ9Y2RmJnV0bV9tZWRpdW09cGIiLCJ0aW1lc3RhbXAiOiIxNzE3NTc2NDA3LjU3MTEiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI1LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY29udGVudCI6ImNkZiIsIm1lZGl1bSI6InBiIn0sInV1aWQiOiI1MDExMjQxNC1hMjZmLTQ0MzktOTc4MC1jOTU2MDEwYTdiOTQifQ==

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.64 --initial-client-data=0x328,0x32c,0x330,0x324,0x334,0x723ef308,0x723ef314,0x723ef320

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2892 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240614121735" --session-guid=0ddfe0d2-a081-43aa-b5e7-8c60ee48041f --server-tracking-blob=ZGM0MjczNGE1NDZlMjA5MjIyNDRiNjE3MmQyZmFkYmY3MDMwM2QwZWExOGYzMTQ0ZGE4NzdkMjhhYjRjMTQyMzp7ImNvdW50cnkiOiJJTCIsImVkaXRpb24iOiJjZGYiLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmEifSwicXVlcnkiOiIvZWRpdGlvbi9jZGY/dXRtX2NvbnRlbnQ9Y2RmJnV0bV9tZWRpdW09cGIiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTc1NzY0MDcuNTcxMSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjUuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wZXJhX25ld19iIiwiY29udGVudCI6ImNkZiIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6ImFpcyJ9LCJ1dWlkIjoiNTAxMTI0MTQtYTI2Zi00NDM5LTk3ODAtYzk1NjAxMGE3Yjk0In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7C05000000000000

C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4DA451EF\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.64 --initial-client-data=0x320,0x324,0x334,0x2fc,0x338,0x713af308,0x713af314,0x713af320

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Windows\SysWOW64\netsh.exe

"netsh" firewall add allowedprogramC:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe "qBittorrent" ENABLE

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe

"C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\qbittorrent.exe" magnet:?xt=urn:btih:5D32AB572D51404351882F00028ED58A796FD836

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2724 -ip 2724

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 1008

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2724 -ip 2724

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 2372

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x309f88,0x309f94,0x309fa0

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp2130060650\installer.exe

"C:\Program Files\McAfee\Temp2130060650\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2492 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2636 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2788 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3800 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2016 /prefetch:8

\??\c:\program files\reasonlabs\VPN\ui\VPN.exe

"c:\program files\reasonlabs\VPN\ui\VPN.exe" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\VPN\ui\app.asar" --engine-path="c:\program files\reasonlabs\VPN" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2268 --field-trial-handle=2272,i,5037837982282586448,1650297485518717350,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --mojo-platform-channel-handle=2688 --field-trial-handle=2272,i,5037837982282586448,1650297485518717350,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2788 --field-trial-handle=2272,i,5037837982282586448,1650297485518717350,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3900 --field-trial-handle=2272,i,5037837982282586448,1650297485518717350,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\AppData\Local\Temp\Temp1_WinRAR.zip\wrar401.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_WinRAR.zip\wrar401.exe"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4244 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

\??\c:\windows\system32\rundll32.exe

"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\DNS\rsDwf.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe"

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" -i -service install

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" -service install

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe"

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe" -i -i

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4216 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4560 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

\??\c:\program files\reasonlabs\DNS\ui\DNS.exe

"c:\program files\reasonlabs\DNS\ui\DNS.exe" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\DNS\ui\app.asar" --engine-path="c:\program files\reasonlabs\DNS" --minimized --focused --first-run

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=2288,i,8455717215069175991,15295121841126138256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --mojo-platform-channel-handle=2724 --field-trial-handle=2288,i,8455717215069175991,15295121841126138256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --app-user-model-id=com.reasonlabs.dns --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2744 --field-trial-handle=2288,i,8455717215069175991,15295121841126138256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4252 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4756 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4972 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5048 --field-trial-handle=2496,i,11705774371773129128,7538145400466113563,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3996 --field-trial-handle=2272,i,5037837982282586448,1650297485518717350,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2956 --field-trial-handle=2288,i,8455717215069175991,15295121841126138256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=188 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=197 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=201 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=202 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=203 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=205 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9024 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=207 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=208 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=209 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=211 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=213 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\E_Golden_Killer.rar"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\The Ultimate Bloody Colonel.rar"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\KillerDonaldVeryHard-R_Patch.rar"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\The_Will_Of_Blue_Technology V2 (1).7z"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=214 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=215 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=217 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7800 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\The will of Calamity.7z"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=220 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=221 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=222 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=223 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=224 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=225 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=226 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=227 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=228 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=229 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=230 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=231 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=232 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=233 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=234 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=235 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=236 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=237 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=238 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=239 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=240 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=241 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=242 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=243 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=244 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=245 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=246 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=247 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=249 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=250 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=251 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=252 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=253 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=254 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=255 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=256 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=257 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=258 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=259 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=261 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=263 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=264 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=265 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=268 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=270 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11612 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Temp1_VSelect.zip\VSelect.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_VSelect.zip\VSelect.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=271 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=272 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=273 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=274 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3136808464728316858,1501116575523932430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=276 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.73:443 www.bing.com tcp
US 8.8.8.8:53 73.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 57.82.21.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.138:443 r.bing.com tcp
NL 23.62.61.56:443 th.bing.com tcp
NL 23.62.61.56:443 th.bing.com tcp
US 8.8.8.8:53 138.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 gamebanana.com udp
US 104.26.9.16:443 gamebanana.com tcp
US 104.26.9.16:443 gamebanana.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.intergient.com udp
US 8.8.8.8:53 cdn.intergi.com udp
US 8.8.8.8:53 config.playwire.com udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 16.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 webfiles.gamebanana.com udp
US 8.8.8.8:53 images.gamebanana.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
IE 13.224.68.112:443 cdn.intergi.com tcp
US 3.162.140.120:443 cdn.intergient.com tcp
US 3.162.140.120:443 cdn.intergient.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 3.162.140.44:443 config.playwire.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 35.244.159.8:443 us-u.openx.net tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 35.244.159.8:443 us-u.openx.net tcp
US 8.8.8.8:53 sync.mathtag.com udp
GB 2.16.233.56:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
US 8.8.8.8:53 z.moatads.com udp
GB 2.16.232.228:443 ads.pubmatic.com tcp
US 8.8.8.8:53 cdn.video.playwire.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.playwire.com udp
GB 2.16.233.189:443 z.moatads.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 3.162.140.120:443 cdn.intergient.com tcp
US 3.162.140.100:443 cdn.video.playwire.com tcp
IE 13.224.68.30:443 cdn.playwire.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 fixedfold.com udp
US 104.18.25.111:443 fixedfold.com tcp
US 130.211.23.194:443 api.btloader.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 120.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 112.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 44.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 56.233.16.2.in-addr.arpa udp
US 8.8.8.8:53 17.11.194.104.in-addr.arpa udp
US 8.8.8.8:53 228.232.16.2.in-addr.arpa udp
US 8.8.8.8:53 189.233.16.2.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 100.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 30.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 76.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 111.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.adsafeprotected.com udp
IE 18.66.171.73:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
DE 91.228.74.166:443 secure.quantserve.com tcp
IE 18.66.171.73:443 static.adsafeprotected.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 rules.quantcount.com udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
IE 18.66.171.123:443 rules.quantcount.com tcp
US 8.8.8.8:53 73.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 3.162.140.44:443 config.playwire.com tcp
US 8.8.8.8:53 px.moatads.com udp
US 8.8.8.8:53 impression-inferences-edge-prod.playwire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 104.18.25.111:443 fixedfold.com tcp
US 3.162.140.52:443 impression-inferences-edge-prod.playwire.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 i.creativecommons.org udp
US 104.20.5.134:443 i.creativecommons.org tcp
US 8.8.8.8:53 mb.moatads.com udp
GB 132.226.214.62:443 mb.moatads.com tcp
US 8.8.8.8:53 155.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 123.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 52.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 134.5.20.104.in-addr.arpa udp
US 8.8.8.8:53 licensebuttons.net udp
US 104.22.10.121:443 licensebuttons.net tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 8.8.8.8:53 62.214.226.132.in-addr.arpa udp
US 8.8.8.8:53 121.10.22.104.in-addr.arpa udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 static.criteo.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 3.162.142.187:443 c.amazon-adsystem.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 ats.rlcdn.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 fid.agkn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 gum.criteo.com udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 34.160.46.1:443 fid.agkn.com tcp
US 3.162.140.32:443 ats.rlcdn.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
DE 162.19.138.116:443 id5-sync.com tcp
IE 34.246.197.125:443 id.crwdcntrl.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 3.162.148.221:443 aax.amazon-adsystem.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
IE 18.66.171.56:443 config.aps.amazon-adsystem.com tcp
IE 18.66.171.42:443 tags.crwdcntrl.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 187.142.162.3.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 32.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 125.197.246.34.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 221.148.162.3.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 56.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 42.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 153.161.49.23.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
IE 34.248.224.200:443 g2.gumgum.com tcp
IE 34.248.224.200:443 g2.gumgum.com tcp
IE 34.248.224.200:443 g2.gumgum.com tcp
IE 34.248.224.200:443 g2.gumgum.com tcp
IE 34.248.224.200:443 g2.gumgum.com tcp
IE 34.248.224.200:443 g2.gumgum.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
IE 18.66.171.79:443 hb.yellowblue.io tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 geo.privacymanager.io udp
IE 52.94.220.185:443 aax-eu.amazon-adsystem.com tcp
US 3.162.140.5:443 geo.privacymanager.io tcp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 200.224.248.34.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 79.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 33.219.73.3.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 185.220.94.52.in-addr.arpa udp
US 8.8.8.8:53 5.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 646dd68dc59874941e39102c05d203a4.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 646dd68dc59874941e39102c05d203a4.safeframe.googlesyndication.com tcp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 playwire-d.openx.net udp
US 34.98.64.218:443 playwire-d.openx.net tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 172.64.149.180:443 js-sec.indexww.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 34.98.64.218:443 playwire-d.openx.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 34.160.46.1:443 fid.agkn.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 54.174.231.237:443 sync.srv.stackadapt.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 cd836371f1d.cdn.intergient.com udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
DE 3.73.242.72:443 cd836371f1d.cdn.intergient.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 ssp-sync.criteo.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
NL 185.235.87.15:443 gem.gbc.criteo.com tcp
NL 185.235.87.230:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 196.205.247.34.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 237.231.174.54.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 72.242.73.3.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 67.1.166.69.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 csi.gstatic.com udp
BR 142.250.219.35:443 csi.gstatic.com tcp
BR 142.250.219.35:443 csi.gstatic.com tcp
US 8.8.8.8:53 230.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 15.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
IE 18.66.171.91:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 35.219.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.171.66.18.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
BR 142.250.219.35:443 csi.gstatic.com udp
US 8.8.8.8:53 files.gamebanana.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 172.93.105.234:443 files.gamebanana.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 234.105.93.172.in-addr.arpa udp
NL 178.250.1.8:443 grid.bidswitch.net tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 04e002b7ecac4363003a6961a333c1bc.safeframe.googlesyndication.com udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
DK 37.157.6.237:443 c1.adform.net tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 237.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 ib.3lift.com udp
US 54.174.231.237:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 c.gumgum.com udp
IE 13.224.68.119:443 ib.3lift.com tcp
IE 18.66.171.90:443 c.gumgum.com tcp
US 8.8.8.8:53 119.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 90.171.66.18.in-addr.arpa udp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 js.gumgum.com udp
US 3.162.140.93:443 js.gumgum.com tcp
US 8.8.8.8:53 img.3lift.com udp
US 3.162.140.6:443 img.3lift.com tcp
US 8.8.8.8:53 93.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 6.140.162.3.in-addr.arpa udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 www.ebayadservices.com udp
US 66.211.162.160:443 www.ebayadservices.com tcp
IE 34.248.224.200:443 g2.gumgum.com tcp
US 8.8.8.8:53 aba.gumgum.com udp
IE 18.66.171.90:443 c.gumgum.com tcp
US 3.162.140.93:443 js.gumgum.com tcp
US 8.8.8.8:53 gumgum.com udp
IE 13.224.68.12:443 gumgum.com tcp
US 3.165.136.15:443 aba.gumgum.com tcp
US 66.211.162.160:443 www.ebayadservices.com tcp
US 8.8.8.8:53 ie-g2.gumgum.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 rtb.gumgum.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 12.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 15.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 160.162.211.66.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 secureir.ebaystatic.com udp
BE 104.90.25.29:443 secureir.ebaystatic.com tcp
US 8.8.8.8:53 29.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 filecache33.gamebanana.com udp
US 104.194.11.131:443 filecache33.gamebanana.com tcp
US 8.8.8.8:53 131.11.194.104.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
GB 216.58.204.66:443 ade.googlesyndication.com udp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 3.73.219.33:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
BE 23.41.178.42:443 th.bing.com tcp
US 8.8.8.8:53 42.178.41.23.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 52.58.29.89:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 89.29.58.52.in-addr.arpa udp
GB 216.58.204.66:443 ade.googlesyndication.com udp
US 8.8.8.8:53 testfamilysafety.bing.com udp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 8.8.8.8:53 201.197.79.204.in-addr.arpa udp
DE 52.58.29.89:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 52.58.29.89:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 i.pinimg.com udp
US 8.8.8.8:53 www.nawpic.com udp
US 8.8.8.8:53 wallpaperaccess.com udp
US 8.8.8.8:53 www.enjpg.com udp
US 172.67.7.204:443 wallpaperaccess.com tcp
US 104.21.11.174:443 www.nawpic.com tcp
US 104.21.1.48:443 www.enjpg.com tcp
US 104.21.1.48:443 www.enjpg.com tcp
GB 199.232.56.84:443 i.pinimg.com tcp
GB 199.232.56.84:443 i.pinimg.com tcp
US 8.8.8.8:53 204.7.67.172.in-addr.arpa udp
US 8.8.8.8:53 174.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.1.21.104.in-addr.arpa udp
US 8.8.8.8:53 84.56.232.199.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 52.58.29.89:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 23.73.138.209:443 aefd.nelreports.net tcp
GB 23.73.138.209:443 aefd.nelreports.net tcp
GB 23.73.138.209:443 aefd.nelreports.net udp
US 8.8.8.8:53 209.138.73.23.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 52.58.29.89:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 186.200.196.18.in-addr.arpa udp
US 8.8.8.8:53 64.1.166.69.in-addr.arpa udp
GB 216.58.204.66:443 ade.googlesyndication.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
BE 23.41.178.75:443 th.bing.com tcp
US 8.8.8.8:53 75.178.41.23.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
GB 23.73.138.209:443 aefd.nelreports.net udp
US 8.8.8.8:53 ts4.mm.bing.net udp
US 8.8.8.8:53 ts1.mm.bing.net udp
US 8.8.8.8:53 ts4.explicit.bing.net udp
US 8.8.8.8:53 ts2.mm.bing.net udp
US 150.171.28.10:443 ts2.mm.bing.net tcp
US 150.171.27.10:443 ts2.mm.bing.net tcp
US 150.171.28.10:443 ts2.mm.bing.net tcp
US 8.8.8.8:53 ts3.mm.bing.net udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 8.8.8.8:53 images2.alphacoders.com udp
US 8.8.8.8:53 images4.alphacoders.com udp
US 8.8.8.8:53 images7.alphacoders.com udp
US 8.8.8.8:53 images5.alphacoders.com udp
US 8.8.8.8:53 images3.alphacoders.com udp
US 104.20.75.132:443 images3.alphacoders.com tcp
US 172.67.48.187:443 images3.alphacoders.com tcp
US 104.20.76.132:443 images3.alphacoders.com tcp
US 104.20.76.132:443 images3.alphacoders.com tcp
US 172.67.48.187:443 images3.alphacoders.com tcp
US 104.20.75.132:443 images3.alphacoders.com tcp
US 172.67.48.187:443 images3.alphacoders.com tcp
US 104.20.76.132:443 images3.alphacoders.com tcp
US 8.8.8.8:53 132.76.20.104.in-addr.arpa udp
US 8.8.8.8:53 187.48.67.172.in-addr.arpa udp
US 8.8.8.8:53 132.75.20.104.in-addr.arpa udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 69.166.1.64:443 apex.go.sonobi.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
DE 52.59.114.254:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 254.114.59.52.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
GB 216.58.204.66:443 ade.googlesyndication.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
BE 23.41.178.113:443 th.bing.com tcp
US 8.8.8.8:53 113.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 www.andersonkenya1.net udp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 21.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 content.invisioncic.com udp
IE 18.66.171.100:443 content.invisioncic.com tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 100.171.66.18.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 23.73.138.209:443 aefd.nelreports.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 151.101.129.108:443 cdn.adnxs.com tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
NL 185.89.210.20:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
BE 23.41.178.113:443 th.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
BE 23.41.178.113:443 th.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 23.41.178.42:443 r.bing.com tcp
BE 23.41.178.131:443 th.bing.com tcp
BE 23.41.178.42:443 r.bing.com tcp
US 8.8.8.8:53 131.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 gamefabrique.com udp
US 104.21.37.165:443 gamefabrique.com tcp
US 104.21.37.165:443 gamefabrique.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.213.10:443 ajax.googleapis.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 216.58.213.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 d1pdf4c3hchi80.cloudfront.net udp
US 3.162.143.93:443 d1pdf4c3hchi80.cloudfront.net tcp
US 8.8.8.8:53 165.37.21.104.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
BE 108.177.15.154:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 knowledconsideunden.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 tarvardsusyseinpou.info udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 3.162.143.93:443 d1pdf4c3hchi80.cloudfront.net tcp
FR 18.155.129.26:443 ghabovethec.info tcp
US 8.8.8.8:53 pogothere.xyz udp
GB 18.244.155.104:443 tarvardsusyseinpou.info tcp
US 8.8.8.8:53 accounts.google.com udp
US 104.21.45.236:443 knowledconsideunden.info tcp
GB 143.204.176.76:443 getrunkhomuto.info tcp
US 8.8.8.8:53 www.facebook.com udp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 93.143.162.3.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 26.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 104.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 236.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 76.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 203.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 104.21.37.165:443 gamefabrique.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 143.204.176.76:443 getrunkhomuto.info tcp
US 8.8.8.8:53 d2wq8v5uodxvtb.cloudfront.net udp
IE 18.66.168.35:443 d2wq8v5uodxvtb.cloudfront.net tcp
IE 18.66.168.35:443 d2wq8v5uodxvtb.cloudfront.net tcp
US 8.8.8.8:53 dukirliaon.com udp
NL 139.45.197.239:443 dukirliaon.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 yonmewon.com udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:443 yonmewon.com tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 35.168.66.18.in-addr.arpa udp
US 8.8.8.8:53 239.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 8.195.45.139.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
BE 104.68.85.7:443 s.click.aliexpress.com tcp
BE 104.68.85.7:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 7.85.68.104.in-addr.arpa udp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
US 8.8.8.8:53 acs.aliexpress.com udp
US 163.181.154.229:443 g.alicdn.com tcp
US 8.8.8.8:53 ae.mmstat.com udp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
BE 104.68.85.7:443 assets.alicdn.com tcp
US 8.8.8.8:53 is.alicdn.com udp
BE 104.90.24.45:443 ae01.alicdn.com tcp
BE 104.90.24.45:443 ae01.alicdn.com tcp
BE 104.90.24.45:443 ae01.alicdn.com tcp
BE 104.90.24.45:443 ae01.alicdn.com tcp
US 8.8.8.8:53 ae04.alicdn.com udp
BE 104.117.77.42:443 time-ae.akamaized.net tcp
SG 47.246.110.43:443 ae.mmstat.com tcp
BE 104.90.24.45:443 ae01.alicdn.com tcp
BE 104.90.24.45:443 ae01.alicdn.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 229.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 45.24.90.104.in-addr.arpa udp
US 8.8.8.8:53 42.77.117.104.in-addr.arpa udp
BE 23.41.178.25:443 ae04.alicdn.com tcp
DE 47.246.146.12:443 acs.aliexpress.com tcp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 25.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 43.110.246.47.in-addr.arpa udp
US 8.8.8.8:53 12.146.246.47.in-addr.arpa udp
US 163.181.154.229:443 g.alicdn.com tcp
US 163.181.154.229:443 g.alicdn.com tcp
US 8.8.8.8:53 fourier.taobao.com udp
US 8.8.8.8:53 login.aliexpress.ru udp
US 8.8.8.8:53 login.aliexpress.us udp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
RU 47.246.133.207:443 login.aliexpress.ru tcp
US 8.8.8.8:53 fourier.aliexpress.com udp
US 8.8.8.8:53 wp.aliexpress.com udp
DE 47.246.146.222:443 fourier.aliexpress.com tcp
US 8.8.8.8:53 login.aliexpress.com udp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
US 8.8.8.8:53 de-wum.aliexpress.com udp
US 8.8.8.8:53 207.133.246.47.in-addr.arpa udp
US 8.8.8.8:53 img.alicdn.com udp
DE 47.246.146.79:443 de-wum.aliexpress.com tcp
DE 47.246.146.55:443 us.ynuf.aliapp.org tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
GB 79.133.176.243:443 img.alicdn.com tcp
GB 79.133.176.243:443 img.alicdn.com tcp
US 8.8.8.8:53 79.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 55.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 243.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 dk26i5.tdum.alibaba.com udp
US 8.8.8.8:53 ynuf.aliapp.org udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
DE 47.254.177.101:443 dk26i5.tdum.alibaba.com tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
US 8.8.8.8:53 101.177.254.47.in-addr.arpa udp
US 8.8.8.8:53 d3ben4sjdmrs9v.cloudfront.net udp
US 3.162.143.121:443 d3ben4sjdmrs9v.cloudfront.net tcp
US 8.8.8.8:53 121.143.162.3.in-addr.arpa udp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
US 3.162.143.121:443 d3ben4sjdmrs9v.cloudfront.net tcp
US 8.8.8.8:53 getrunkhomuto.info udp
US 216.239.32.36:443 region1.analytics.google.com udp
BE 108.177.15.154:443 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
NL 139.45.197.239:443 dukirliaon.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 sr7pv7n5x.com udp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
US 8.8.8.8:53 201.190.117.212.in-addr.arpa udp
BE 104.117.77.42:443 time-ae.akamaized.net tcp
BE 23.41.178.25:443 ae04.alicdn.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 f5tckt.tdum.alibaba.com udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
US 3.162.143.121:443 d3ben4sjdmrs9v.cloudfront.net tcp
US 3.162.143.121:443 d3ben4sjdmrs9v.cloudfront.net tcp
US 8.8.8.8:53 shield.reasonsecurity.com udp
IE 13.224.68.75:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 75.68.224.13.in-addr.arpa udp
IE 13.224.68.75:443 shield.reasonsecurity.com tcp
US 34.214.16.73:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 73.16.214.34.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 23.73.139.8:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
US 8.8.8.8:53 8.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
NL 82.145.216.23:443 download.opera.com tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
NL 185.26.182.112:443 features.opera-api2.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.10.89:443 download5.operacdn.com tcp
US 44.193.86.186:443 track.analytics-data.io tcp
US 44.193.86.186:443 track.analytics-data.io tcp
US 8.8.8.8:53 23.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 89.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 186.86.193.44.in-addr.arpa udp
US 44.193.86.186:443 track.analytics-data.io tcp
US 44.193.86.186:443 track.analytics-data.io tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 dht.libtorrent.org udp
US 8.8.8.8:53 router.bittorrent.com udp
US 8.8.8.8:53 router.utorrent.com udp
US 8.8.8.8:53 dht.transmissionbt.com udp
N/A 10.127.0.1:5351 udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 dht.aelitis.com udp
US 8.8.8.8:53 download.db-ip.com udp
US 104.26.4.15:443 download.db-ip.com tcp
US 34.229.89.117:6881 dht.aelitis.com udp
US 67.215.246.10:6881 router.bittorrent.com udp
IS 82.221.103.244:6881 router.utorrent.com udp
FR 87.98.162.88:6881 dht.transmissionbt.com udp
SE 185.157.221.247:25401 dht.libtorrent.org udp
NL 79.137.194.10:59096 udp
GB 90.196.147.174:59196 udp
RU 5.228.112.37:6733 udp
RU 109.169.255.88:6882 udp
BE 109.130.40.213:50447 udp
CH 178.38.197.98:56508 udp
RU 185.48.36.30:23400 udp
RU 185.237.251.81:22492 udp
IN 106.221.112.8:21302 udp
CA 173.255.159.4:6881 udp
NL 212.7.203.229:53156 udp
US 99.182.252.79:50321 udp
NL 45.87.251.149:28153 udp
AR 181.47.121.75:55056 udp
US 8.8.8.8:53 www.fosshub.com udp
US 104.20.227.61:443 www.fosshub.com tcp
BG 109.120.204.120:46335 udp
US 8.8.8.8:53 117.89.229.34.in-addr.arpa udp
US 8.8.8.8:53 10.246.215.67.in-addr.arpa udp
US 8.8.8.8:53 244.103.221.82.in-addr.arpa udp
US 8.8.8.8:53 88.162.98.87.in-addr.arpa udp
US 8.8.8.8:53 247.221.157.185.in-addr.arpa udp
US 8.8.8.8:53 15.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 10.194.137.79.in-addr.arpa udp
US 8.8.8.8:53 174.147.196.90.in-addr.arpa udp
US 8.8.8.8:53 37.112.228.5.in-addr.arpa udp
US 8.8.8.8:53 88.255.169.109.in-addr.arpa udp
US 8.8.8.8:53 213.40.130.109.in-addr.arpa udp
US 8.8.8.8:53 98.197.38.178.in-addr.arpa udp
US 8.8.8.8:53 30.36.48.185.in-addr.arpa udp
US 8.8.8.8:53 81.251.237.185.in-addr.arpa udp
US 8.8.8.8:53 4.159.255.173.in-addr.arpa udp
US 8.8.8.8:53 229.203.7.212.in-addr.arpa udp
US 8.8.8.8:53 79.252.182.99.in-addr.arpa udp
US 8.8.8.8:53 149.251.87.45.in-addr.arpa udp
US 8.8.8.8:53 75.121.47.181.in-addr.arpa udp
US 8.8.8.8:53 61.227.20.104.in-addr.arpa udp
US 8.8.8.8:53 120.204.120.109.in-addr.arpa udp
N/A 239.192.152.143:6771 udp
NL 181.214.206.102:59322 udp
NL 84.247.116.104:59683 udp
CZ 46.29.231.43:7881 udp
NL 95.168.167.199:28029 udp
RU 94.41.185.7:2918 udp
KR 14.52.194.3:40924 udp
RU 31.23.173.97:12559 udp
NL 213.227.152.133:28002 udp
AU 167.179.134.208:40559 udp
US 216.131.80.10:54215 udp
DE 5.189.140.45:10071 udp
GB 82.15.97.95:32968 udp
HU 84.21.0.217:50787 udp
US 76.25.39.18:29701 udp
US 149.22.90.231:58786 udp
NL 45.87.251.148:10580 udp
US 8.8.8.8:53 143.152.192.239.in-addr.arpa udp
US 8.8.8.8:53 f.8.8.9.0.c.f.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.1.f.f.ip6.arpa udp
US 8.8.8.8:53 102.206.214.181.in-addr.arpa udp
US 8.8.8.8:53 104.116.247.84.in-addr.arpa udp
US 8.8.8.8:53 43.231.29.46.in-addr.arpa udp
US 8.8.8.8:53 199.167.168.95.in-addr.arpa udp
US 8.8.8.8:53 7.185.41.94.in-addr.arpa udp
NL 185.21.217.16:50204 udp
RU 178.68.242.81:49001 udp
CN 120.133.218.123:10019 udp
FR 91.160.9.217:53014 udp
NL 185.162.184.6:51333 udp
NL 213.152.186.40:52026 udp
BR 191.217.248.62:37321 udp
CN 60.161.202.253:5782 udp
DE 184.174.33.115:6950 udp
NL 85.17.12.232:8163 udp
BR 187.120.168.38:6881 udp
US 65.26.228.216:10539 udp
RU 95.27.69.191:49001 udp
SK 188.167.251.132:8813 udp
SI 89.143.120.204:6881 udp
RU 78.37.2.73:49001 udp
TT 201.238.125.106:37722 udp
FR 195.154.172.169:48430 udp
CH 109.203.35.157:64097 udp
BR 45.187.99.157:40091 udp
CN 58.45.244.70:51413 udp
DE 139.162.190.235:7889 udp
RU 178.45.123.100:33130 udp
RU 31.173.101.74:27036 udp
BR 45.235.163.157:62884 udp
MY 115.164.214.78:36593 udp
UA 194.107.231.162:39964 udp
RU 136.169.149.77:27045 udp
AU 125.253.103.243:51413 udp
IN 106.221.179.108:34182 udp
US 8.8.8.8:53 sadownload.mcafee.com udp
RU 136.169.149.77:41784 udp
GB 23.73.139.8:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
US 8.8.8.8:53 3.194.52.14.in-addr.arpa udp
US 8.8.8.8:53 97.173.23.31.in-addr.arpa udp
US 8.8.8.8:53 133.152.227.213.in-addr.arpa udp
US 8.8.8.8:53 208.134.179.167.in-addr.arpa udp
US 8.8.8.8:53 10.80.131.216.in-addr.arpa udp
US 8.8.8.8:53 45.140.189.5.in-addr.arpa udp
US 8.8.8.8:53 95.97.15.82.in-addr.arpa udp
US 8.8.8.8:53 217.0.21.84.in-addr.arpa udp
US 8.8.8.8:53 18.39.25.76.in-addr.arpa udp
US 8.8.8.8:53 231.90.22.149.in-addr.arpa udp
US 8.8.8.8:53 16.217.21.185.in-addr.arpa udp
US 8.8.8.8:53 81.242.68.178.in-addr.arpa udp
US 8.8.8.8:53 123.218.133.120.in-addr.arpa udp
US 8.8.8.8:53 217.9.160.91.in-addr.arpa udp
US 8.8.8.8:53 6.184.162.185.in-addr.arpa udp
US 8.8.8.8:53 62.248.217.191.in-addr.arpa udp
US 8.8.8.8:53 115.33.174.184.in-addr.arpa udp
US 8.8.8.8:53 232.12.17.85.in-addr.arpa udp
US 8.8.8.8:53 38.168.120.187.in-addr.arpa udp
US 8.8.8.8:53 216.228.26.65.in-addr.arpa udp
US 8.8.8.8:53 191.69.27.95.in-addr.arpa udp
US 8.8.8.8:53 132.251.167.188.in-addr.arpa udp
US 8.8.8.8:53 204.120.143.89.in-addr.arpa udp
US 8.8.8.8:53 73.2.37.78.in-addr.arpa udp
US 8.8.8.8:53 106.125.238.201.in-addr.arpa udp
US 8.8.8.8:53 169.172.154.195.in-addr.arpa udp
US 8.8.8.8:53 157.35.203.109.in-addr.arpa udp
US 8.8.8.8:53 157.99.187.45.in-addr.arpa udp
US 8.8.8.8:53 70.244.45.58.in-addr.arpa udp
US 8.8.8.8:53 235.190.162.139.in-addr.arpa udp
US 8.8.8.8:53 100.123.45.178.in-addr.arpa udp
US 8.8.8.8:53 74.101.173.31.in-addr.arpa udp
US 8.8.8.8:53 78.214.164.115.in-addr.arpa udp
US 8.8.8.8:53 162.231.107.194.in-addr.arpa udp
US 8.8.8.8:53 77.149.169.136.in-addr.arpa udp
US 8.8.8.8:53 108.179.221.106.in-addr.arpa udp
US 8.8.8.8:53 253.202.161.60.in-addr.arpa udp
US 8.8.8.8:53 243.103.253.125.in-addr.arpa udp
US 8.8.8.8:53 40.186.152.213.in-addr.arpa udp
US 8.8.8.8:53 home.mcafee.com udp
IE 18.66.171.31:443 update.reasonsecurity.com tcp
NL 46.232.210.197:58007 udp
BR 179.84.214.78:17259 udp
US 35.155.156.153:6881 udp
GB 191.101.209.11:45996 udp
SN 41.83.151.220:37723 udp
TH 119.76.34.15:44627 udp
BE 104.68.84.174:443 home.mcafee.com tcp
BD 103.252.226.15:3158 udp
FR 188.165.210.225:3619 udp
US 163.237.217.11:6927 udp
GB 194.29.101.83:10240 udp
US 44.193.86.186:443 track.analytics-data.io tcp
US 44.193.86.186:443 track.analytics-data.io tcp
US 8.8.8.8:53 electron-shell.reasonsecurity.com udp
IE 13.224.68.32:443 electron-shell.reasonsecurity.com tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 35.80.226.215:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 197.210.232.46.in-addr.arpa udp
US 8.8.8.8:53 78.214.84.179.in-addr.arpa udp
US 8.8.8.8:53 153.156.155.35.in-addr.arpa udp
US 8.8.8.8:53 11.209.101.191.in-addr.arpa udp
US 8.8.8.8:53 15.34.76.119.in-addr.arpa udp
US 8.8.8.8:53 220.151.83.41.in-addr.arpa udp
US 8.8.8.8:53 31.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 225.210.165.188.in-addr.arpa udp
US 8.8.8.8:53 174.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 11.217.237.163.in-addr.arpa udp
US 8.8.8.8:53 83.101.29.194.in-addr.arpa udp
US 8.8.8.8:53 215.226.80.35.in-addr.arpa udp
US 8.8.8.8:53 32.68.224.13.in-addr.arpa udp
IN 103.211.132.208:29414 udp
CN 218.91.78.255:12009 udp
RU 176.99.85.208:1290 udp
RU 95.25.60.248:7775 udp
BR 187.19.134.51:1084 udp
AR 186.12.229.228:35766 udp
BR 191.242.1.118:6881 udp
AU 203.63.105.35:30286 udp
UA 185.16.28.240:2623 udp
FR 5.48.156.240:31984 udp
RU 46.160.248.149:49001 udp
ES 79.116.226.172:8621 udp
RU 80.234.78.57:9237 udp
US 73.189.182.70:6881 udp
UA 213.111.120.204:41483 udp
IQ 37.238.255.137:8999 udp
DE 95.223.107.192:33272 udp
RU 95.25.254.27:38627 udp
IN 49.43.163.157:6881 udp
BY 37.45.182.70:6881 udp
RU 5.143.76.184:26342 udp
US 169.150.203.200:20109 udp
AU 163.53.145.11:46805 udp
IT 93.65.153.86:7605 udp
IN 157.32.222.19:56355 udp
IN 157.48.158.19:55942 udp
IT 79.24.57.94:22866 udp
MX 177.245.152.252:46933 udp
CN 114.228.105.62:29064 udp
RS 77.243.23.220:24533 udp
US 8.8.8.8:53 208.132.211.103.in-addr.arpa udp
US 8.8.8.8:53 255.78.91.218.in-addr.arpa udp
US 8.8.8.8:53 248.60.25.95.in-addr.arpa udp
US 8.8.8.8:53 51.134.19.187.in-addr.arpa udp
US 8.8.8.8:53 228.229.12.186.in-addr.arpa udp
US 8.8.8.8:53 118.1.242.191.in-addr.arpa udp
US 8.8.8.8:53 35.105.63.203.in-addr.arpa udp
US 8.8.8.8:53 240.28.16.185.in-addr.arpa udp
US 8.8.8.8:53 240.156.48.5.in-addr.arpa udp
US 8.8.8.8:53 149.248.160.46.in-addr.arpa udp
US 8.8.8.8:53 172.226.116.79.in-addr.arpa udp
US 8.8.8.8:53 57.78.234.80.in-addr.arpa udp
US 8.8.8.8:53 70.182.189.73.in-addr.arpa udp
US 8.8.8.8:53 204.120.111.213.in-addr.arpa udp
US 8.8.8.8:53 137.255.238.37.in-addr.arpa udp
US 8.8.8.8:53 192.107.223.95.in-addr.arpa udp
US 8.8.8.8:53 27.254.25.95.in-addr.arpa udp
US 8.8.8.8:53 157.163.43.49.in-addr.arpa udp
US 8.8.8.8:53 70.182.45.37.in-addr.arpa udp
US 8.8.8.8:53 184.76.143.5.in-addr.arpa udp
US 8.8.8.8:53 200.203.150.169.in-addr.arpa udp
US 8.8.8.8:53 11.145.53.163.in-addr.arpa udp
US 8.8.8.8:53 86.153.65.93.in-addr.arpa udp
US 8.8.8.8:53 19.222.32.157.in-addr.arpa udp
US 8.8.8.8:53 19.158.48.157.in-addr.arpa udp
US 8.8.8.8:53 94.57.24.79.in-addr.arpa udp
US 8.8.8.8:53 252.152.245.177.in-addr.arpa udp
US 8.8.8.8:53 62.105.228.114.in-addr.arpa udp
RU 213.183.33.37:25856 udp
US 8.8.8.8:53 37.33.183.213.in-addr.arpa udp
RU 109.202.44.84:2079 udp
US 8.8.8.8:53 84.44.202.109.in-addr.arpa udp
UA 194.107.231.162:39964 tcp
RU 91.246.120.153:25856 udp
US 8.8.8.8:53 153.120.246.91.in-addr.arpa udp
RU 178.64.87.54:61626 udp
DE 51.75.78.69:6883 udp
US 204.12.208.37:6881 udp
US 69.164.207.171:6881 udp
US 192.227.221.96:10240 udp
BR 200.6.95.29:25856 udp
RU 213.183.33.37:25856 tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 35.80.226.215:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 54.87.64.178.in-addr.arpa udp
US 8.8.8.8:53 69.78.75.51.in-addr.arpa udp
US 8.8.8.8:53 37.208.12.204.in-addr.arpa udp
US 8.8.8.8:53 171.207.164.69.in-addr.arpa udp
US 8.8.8.8:53 96.221.227.192.in-addr.arpa udp
US 8.8.8.8:53 29.95.6.200.in-addr.arpa udp
US 8.8.8.8:53 113.236.22.52.in-addr.arpa udp
DE 139.162.190.235:7889 tcp
RU 195.208.131.182:51493 udp
RU 5.18.250.73:6726 udp
RU 84.51.77.240:16416 udp
IN 223.231.141.94:57258 udp
BR 191.177.179.253:3856 udp
UY 167.58.72.75:47966 udp
PH 136.158.42.208:3690 udp
GB 88.97.192.80:4006 udp
RU 95.24.150.142:58250 udp
NL 185.149.91.143:51047 udp
US 3.90.90.64:6880 udp
LT 85.206.96.197:11103 udp
DE 185.209.196.250:3334 udp
NL 5.182.210.152:8000 udp
UA 178.151.12.207:6881 udp
DE 104.238.177.63:51413 udp
CN 116.27.169.73:21508 udp
DZ 154.255.212.232:43271 udp
DE 89.245.177.66:20270 udp
RU 90.154.72.219:3404 udp
UA 176.67.18.171:6881 udp
RU 37.21.240.32:14600 udp
KR 182.216.155.183:6881 udp
RU 95.188.83.224:41739 udp
ES 37.134.175.83:1102 udp
RU 95.154.118.47:49653 udp
KR 124.216.143.58:7673 udp
NL 185.183.33.153:6883 udp
NL 94.208.49.171:6999 udp
CN 223.109.185.147:6881 udp
HU 5.204.90.7:7881 udp
KR 14.38.5.250:41101 udp
NO 84.49.119.45:6881 udp
CA 148.163.160.4:6881 udp
RU 212.3.150.144:18439 udp
CA 142.189.45.94:53219 udp
US 68.132.226.54:34104 udp
RU 176.77.33.212:40274 udp
NL 178.162.173.38:28004 udp
RU 109.252.104.220:1709 udp
GE 94.43.158.61:41751 udp
RU 185.9.78.65:21285 udp
RU 185.197.35.87:6881 udp
CA 198.16.235.35:51413 udp
NL 5.2.78.92:56101 udp
CA 142.115.83.219:51413 udp
RU 95.165.175.200:50091 udp
RU 79.105.117.133:7735 udp
KR 115.41.131.122:27451 udp
RU 188.32.191.67:49001 udp
TH 223.204.218.191:55154 udp
UA 82.193.108.22:47512 udp
CA 76.64.99.72:64891 udp
AU 106.71.14.250:34813 udp
EE 90.191.17.79:6061 udp
CA 144.217.71.208:51413 udp
KR 110.12.125.243:40878 udp
US 23.251.65.221:64365 udp
RU 85.175.25.1:52486 udp
RU 176.212.168.53:10410 udp
IT 185.202.244.179:5956 udp
GB 80.42.66.77:62700 udp
RU 95.32.178.142:6881 udp
GB 185.248.85.14:62590 udp
US 173.63.130.238:13457 udp
RU 176.214.201.58:61115 udp
US 172.241.214.249:22333 udp
US 98.35.90.7:48018 udp
AT 84.115.219.94:7155 udp
CA 174.138.216.124:35687 udp
UA 188.163.82.8:38467 udp
HU 178.164.131.162:39252 udp
RU 136.169.174.124:53159 udp
IL 109.67.211.243:62748 udp
RU 2.61.208.169:6881 udp
AU 203.45.167.43:53055 udp
RU 46.149.66.196:49001 udp
AU 159.196.168.132:56424 udp
US 157.131.170.7:3846 udp
RU 95.27.190.15:6881 udp
RU 37.112.158.103:6881 udp
RU 212.77.154.15:13881 udp
MX 189.193.72.153:44464 udp
SE 98.128.180.102:13301 udp
RU 91.246.120.153:25856 tcp
RU 178.64.87.54:61626 tcp
US 8.8.8.8:53 182.131.208.195.in-addr.arpa udp
US 8.8.8.8:53 73.250.18.5.in-addr.arpa udp
US 8.8.8.8:53 240.77.51.84.in-addr.arpa udp
US 8.8.8.8:53 94.141.231.223.in-addr.arpa udp
US 8.8.8.8:53 253.179.177.191.in-addr.arpa udp
US 8.8.8.8:53 75.72.58.167.in-addr.arpa udp
US 8.8.8.8:53 208.42.158.136.in-addr.arpa udp
US 8.8.8.8:53 80.192.97.88.in-addr.arpa udp
US 8.8.8.8:53 142.150.24.95.in-addr.arpa udp
US 8.8.8.8:53 143.91.149.185.in-addr.arpa udp
US 8.8.8.8:53 64.90.90.3.in-addr.arpa udp
US 8.8.8.8:53 197.96.206.85.in-addr.arpa udp
US 8.8.8.8:53 250.196.209.185.in-addr.arpa udp
US 8.8.8.8:53 152.210.182.5.in-addr.arpa udp
US 8.8.8.8:53 207.12.151.178.in-addr.arpa udp
US 8.8.8.8:53 63.177.238.104.in-addr.arpa udp
US 8.8.8.8:53 73.169.27.116.in-addr.arpa udp
US 8.8.8.8:53 232.212.255.154.in-addr.arpa udp
US 8.8.8.8:53 66.177.245.89.in-addr.arpa udp
US 8.8.8.8:53 171.18.67.176.in-addr.arpa udp
US 8.8.8.8:53 32.240.21.37.in-addr.arpa udp
US 8.8.8.8:53 183.155.216.182.in-addr.arpa udp
US 8.8.8.8:53 224.83.188.95.in-addr.arpa udp
US 8.8.8.8:53 83.175.134.37.in-addr.arpa udp
US 8.8.8.8:53 47.118.154.95.in-addr.arpa udp
US 8.8.8.8:53 58.143.216.124.in-addr.arpa udp
US 8.8.8.8:53 153.33.183.185.in-addr.arpa udp
US 8.8.8.8:53 171.49.208.94.in-addr.arpa udp
US 8.8.8.8:53 147.185.109.223.in-addr.arpa udp
US 8.8.8.8:53 7.90.204.5.in-addr.arpa udp
US 8.8.8.8:53 250.5.38.14.in-addr.arpa udp
US 8.8.8.8:53 45.119.49.84.in-addr.arpa udp
US 8.8.8.8:53 4.160.163.148.in-addr.arpa udp
US 8.8.8.8:53 144.150.3.212.in-addr.arpa udp
US 8.8.8.8:53 94.45.189.142.in-addr.arpa udp
US 8.8.8.8:53 54.226.132.68.in-addr.arpa udp
US 8.8.8.8:53 212.33.77.176.in-addr.arpa udp
US 8.8.8.8:53 38.173.162.178.in-addr.arpa udp
US 8.8.8.8:53 220.104.252.109.in-addr.arpa udp
US 8.8.8.8:53 61.158.43.94.in-addr.arpa udp
US 8.8.8.8:53 65.78.9.185.in-addr.arpa udp
US 8.8.8.8:53 87.35.197.185.in-addr.arpa udp
US 8.8.8.8:53 35.235.16.198.in-addr.arpa udp
US 8.8.8.8:53 92.78.2.5.in-addr.arpa udp
US 8.8.8.8:53 219.83.115.142.in-addr.arpa udp
US 8.8.8.8:53 133.117.105.79.in-addr.arpa udp
US 8.8.8.8:53 200.175.165.95.in-addr.arpa udp
US 8.8.8.8:53 122.131.41.115.in-addr.arpa udp
US 8.8.8.8:53 67.191.32.188.in-addr.arpa udp
US 8.8.8.8:53 191.218.204.223.in-addr.arpa udp
US 8.8.8.8:53 22.108.193.82.in-addr.arpa udp
US 8.8.8.8:53 72.99.64.76.in-addr.arpa udp
US 8.8.8.8:53 250.14.71.106.in-addr.arpa udp
US 8.8.8.8:53 79.17.191.90.in-addr.arpa udp
US 8.8.8.8:53 208.71.217.144.in-addr.arpa udp
US 8.8.8.8:53 243.125.12.110.in-addr.arpa udp
US 8.8.8.8:53 221.65.251.23.in-addr.arpa udp
US 8.8.8.8:53 1.25.175.85.in-addr.arpa udp
US 8.8.8.8:53 53.168.212.176.in-addr.arpa udp
US 8.8.8.8:53 179.244.202.185.in-addr.arpa udp
US 8.8.8.8:53 77.66.42.80.in-addr.arpa udp
US 8.8.8.8:53 142.178.32.95.in-addr.arpa udp
US 8.8.8.8:53 14.85.248.185.in-addr.arpa udp
US 8.8.8.8:53 238.130.63.173.in-addr.arpa udp
US 8.8.8.8:53 58.201.214.176.in-addr.arpa udp
US 8.8.8.8:53 249.214.241.172.in-addr.arpa udp
US 8.8.8.8:53 7.90.35.98.in-addr.arpa udp
US 8.8.8.8:53 94.219.115.84.in-addr.arpa udp
US 8.8.8.8:53 124.216.138.174.in-addr.arpa udp
US 8.8.8.8:53 8.82.163.188.in-addr.arpa udp
US 8.8.8.8:53 162.131.164.178.in-addr.arpa udp
US 8.8.8.8:53 124.174.169.136.in-addr.arpa udp
US 8.8.8.8:53 243.211.67.109.in-addr.arpa udp
US 8.8.8.8:53 169.208.61.2.in-addr.arpa udp
US 8.8.8.8:53 43.167.45.203.in-addr.arpa udp
US 8.8.8.8:53 196.66.149.46.in-addr.arpa udp
US 8.8.8.8:53 132.168.196.159.in-addr.arpa udp
US 8.8.8.8:53 7.170.131.157.in-addr.arpa udp
US 8.8.8.8:53 15.190.27.95.in-addr.arpa udp
US 8.8.8.8:53 103.158.112.37.in-addr.arpa udp
US 8.8.8.8:53 15.154.77.212.in-addr.arpa udp
US 8.8.8.8:53 153.72.193.189.in-addr.arpa udp
US 8.8.8.8:53 102.180.128.98.in-addr.arpa udp
BR 200.6.95.29:25856 tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
US 3.162.140.94:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 94.140.162.3.in-addr.arpa udp
IN 103.211.132.208:14576 udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
GB 23.73.139.8:443 sadownload.mcafee.com tcp
US 206.255.53.147:48230 udp
US 8.8.8.8:53 147.53.255.206.in-addr.arpa udp
N/A 127.0.0.1:51642 tcp
US 8.8.8.8:53 www.microsoft.com udp
DE 23.35.229.160:80 www.microsoft.com tcp
SE 89.253.72.150:43636 udp
US 8.8.8.8:53 160.229.35.23.in-addr.arpa udp
US 8.8.8.8:53 150.72.253.89.in-addr.arpa udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 44.193.86.186:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 65.26.133.217:6881 udp
US 8.8.8.8:53 217.133.26.65.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
DE 23.35.229.160:80 www.microsoft.com tcp
HU 62.201.107.28:45362 udp
US 8.8.8.8:53 28.107.201.62.in-addr.arpa udp
US 8.8.8.8:53 config.reasonsecurity.com udp
IE 13.224.68.28:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 28.68.224.13.in-addr.arpa udp
CA 203.28.168.2:6881 udp
US 8.8.8.8:53 2.168.28.203.in-addr.arpa udp
US 44.193.86.186:443 track.analytics-data.io tcp
FR 78.194.14.217:14420 udp
US 8.8.8.8:53 217.14.194.78.in-addr.arpa udp
IE 18.66.171.31:443 update.reasonsecurity.com tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 3.162.140.94:443 cdn.reasonsecurity.com tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
CA 169.150.251.169:12309 udp
US 8.8.8.8:53 169.251.150.169.in-addr.arpa udp
US 8.8.8.8:53 mc6.reasonsecurity.com udp
US 52.43.110.0:443 mc6.reasonsecurity.com tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 8.8.8.8:53 0.110.43.52.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
CN 27.129.166.197:22223 udp
US 8.8.8.8:53 197.166.129.27.in-addr.arpa udp
TW 1.171.155.241:19119 udp
US 8.8.8.8:53 241.155.171.1.in-addr.arpa udp
GB 191.101.209.39:25856 udp
US 8.8.8.8:53 39.209.101.191.in-addr.arpa udp
US 8.8.8.8:53 track.analytics-data.io udp
US 18.210.46.60:443 track.analytics-data.io tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com udp
GB 23.73.139.43:80 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 60.46.210.18.in-addr.arpa udp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
RU 159.93.49.140:40982 udp
US 8.8.8.8:53 235.0.22.104.in-addr.arpa udp
US 8.8.8.8:53 140.49.93.159.in-addr.arpa udp
GB 191.101.209.39:25856 tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
NL 46.232.211.117:16359 udp
IE 13.224.68.28:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 117.211.232.46.in-addr.arpa udp
N/A 239.192.152.143:6771 udp
US 18.210.46.60:443 track.analytics-data.io tcp
NL 62.212.81.233:28006 udp
US 8.8.8.8:53 233.81.212.62.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
IT 2.236.240.8:6881 udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
GB 81.158.231.105:51413 udp
US 8.8.8.8:53 105.231.158.81.in-addr.arpa udp
US 8.8.8.8:53 edr-api.reasonlabsapi.com udp
US 3.162.140.64:443 edr-api.reasonlabsapi.com tcp
US 44.193.86.186:443 track.analytics-data.io tcp
UA 176.111.185.7:24275 udp
US 8.8.8.8:53 64.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 7.185.111.176.in-addr.arpa udp
IE 18.66.171.31:443 update.reasonsecurity.com tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 3.162.140.94:443 cdn.reasonsecurity.com tcp
US 52.22.236.113:443 track.analytics-data.io tcp
SI 89.143.60.38:52443 udp
US 8.8.8.8:53 38.60.143.89.in-addr.arpa udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
RO 89.47.250.3:35645 udp
US 8.8.8.8:53 3.250.47.89.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.21.189.233:80 www.microsoft.com tcp
US 8.8.8.8:53 233.189.21.2.in-addr.arpa udp
US 73.184.106.126:54483 udp
US 8.8.8.8:53 126.106.184.73.in-addr.arpa udp
GB 2.21.189.233:80 www.microsoft.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
RU 109.195.87.240:6881 udp
US 8.8.8.8:53 240.87.195.109.in-addr.arpa udp
BR 187.43.176.189:10229 udp
US 8.8.8.8:53 189.176.43.187.in-addr.arpa udp
IN 49.34.208.181:37838 udp
US 8.8.8.8:53 181.208.34.49.in-addr.arpa udp
US 8.8.8.8:53 config.reasonsecurity.com udp
IE 13.224.68.111:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 111.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 ud.reasonsecurity.com udp
IE 18.66.171.39:443 ud.reasonsecurity.com tcp
US 8.8.8.8:53 39.171.66.18.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
IE 18.66.171.86:443 tcp
US 76.76.21.93:443 tcp
US 8.8.8.8:53 86.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 93.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 safer-web.reasonsecurity.com udp
US 3.162.140.103:443 safer-web.reasonsecurity.com tcp
AU 163.53.145.39:6113 udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
US 8.8.8.8:53 39.145.53.163.in-addr.arpa udp
US 8.8.8.8:53 track.analytics-data.io udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 3.162.140.26:443 tcp
US 3.162.140.26:443 tcp
US 3.162.140.83:443 img.3lift.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 26.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 83.140.162.3.in-addr.arpa udp
US 18.210.46.60:443 track.analytics-data.io tcp
US 151.101.0.176:443 tcp
RU 213.183.33.37:25856 tcp
NL 142.250.102.92:443 tcp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 92.102.250.142.in-addr.arpa udp
US 151.101.0.176:443 tcp
US 3.162.140.97:443 tcp
GB 163.70.147.23:443 connect.facebook.net udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.102.92:443 udp
BR 177.131.23.240:38549 udp
US 54.187.119.242:443 tcp
US 54.187.119.242:443 tcp
IE 52.213.55.22:443 tcp
IE 18.66.171.64:443 tcp
IE 52.211.131.71:443 tcp
US 198.137.150.81:443 tcp
US 8.8.8.8:53 97.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 240.23.131.177.in-addr.arpa udp
US 8.8.8.8:53 22.55.213.52.in-addr.arpa udp
US 8.8.8.8:53 64.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 71.131.211.52.in-addr.arpa udp
US 8.8.8.8:53 81.150.137.198.in-addr.arpa udp
US 8.8.8.8:53 242.119.187.54.in-addr.arpa udp
GB 172.217.169.46:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.46:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 35.82.1.136:443 tcp
US 8.8.8.8:53 136.1.82.35.in-addr.arpa udp
US 35.82.1.136:443 tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 35.82.1.136:443 tcp
US 54.187.119.242:443 tcp
IE 34.252.11.128:443 tcp
US 151.101.0.176:443 tcp
BE 23.41.178.90:443 www.bing.com tcp
US 71.92.98.35:31859 udp
US 8.8.8.8:53 128.11.252.34.in-addr.arpa udp
US 8.8.8.8:53 35.98.92.71.in-addr.arpa udp
US 8.8.8.8:53 90.178.41.23.in-addr.arpa udp
RU 91.245.145.39:1827 udp
US 8.8.8.8:53 39.145.245.91.in-addr.arpa udp
UA 194.107.231.162:39964 tcp
DE 139.162.190.235:7889 tcp
CN 111.15.70.43:7715 udp
RU 91.246.120.153:25856 tcp
RU 178.64.87.54:61626 tcp
US 8.8.8.8:53 43.70.15.111.in-addr.arpa udp
BR 200.6.95.29:25856 tcp
US 54.70.174.84:6881 udp
US 8.8.8.8:53 84.174.70.54.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 23.41.178.65:443 r.bing.com tcp
BE 23.41.178.65:443 r.bing.com tcp
BE 23.41.178.26:443 th.bing.com tcp
BE 23.41.178.26:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 65.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 26.178.41.23.in-addr.arpa udp
GB 217.155.200.119:6881 udp
US 8.8.8.8:53 119.200.155.217.in-addr.arpa udp
US 8.8.8.8:53 content.invisioncic.com udp
US 8.8.8.8:53 www.andersonkenya1.net udp
IE 18.66.171.129:443 content.invisioncic.com tcp
IE 18.66.171.118:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 129.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 118.171.66.18.in-addr.arpa udp
BE 23.41.178.90:443 www.bing.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
IE 18.66.171.129:443 content.invisioncic.com tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
AU 121.208.222.63:18735 udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 63.222.208.121.in-addr.arpa udp
BE 23.41.178.26:443 th.bing.com tcp
US 8.8.8.8:53 ads.eu.criteo.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 rtb.nl3.eu.criteo.com udp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 csm.eu.criteo.net udp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 10.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
BR 201.40.234.126:43014 udp
US 8.8.8.8:53 126.234.40.201.in-addr.arpa udp
BE 23.41.178.90:443 www.bing.com tcp
IE 18.66.171.129:443 content.invisioncic.com tcp
RO 79.119.159.173:23215 udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
TR 95.13.165.102:39837 udp
US 8.8.8.8:53 102.165.13.95.in-addr.arpa udp
IE 18.66.171.129:443 content.invisioncic.com tcp
KR 119.205.101.102:41082 udp
US 8.8.8.8:53 102.101.205.119.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
IQ 151.236.162.35:36430 udp
US 8.8.8.8:53 35.162.236.151.in-addr.arpa udp
ES 79.116.133.251:22402 udp
US 8.8.4.4:443 dns.google udp
NL 142.250.102.92:443 udp
US 8.8.8.8:53 251.133.116.79.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
CN 183.250.96.223:4966 udp
US 8.8.8.8:53 223.96.250.183.in-addr.arpa udp
GB 191.101.209.39:25856 tcp
IE 18.66.171.118:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
AU 142.250.66.227:443 csi.gstatic.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r3---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.136:443 r3---sn-aigl6nsr.gvt1.com udp
US 8.8.8.8:53 227.66.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.105.125.74.in-addr.arpa udp
IE 18.66.171.129:443 content.invisioncic.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.andersonkenya1.net udp
US 8.8.8.8:53 content.invisioncic.com udp
IE 18.66.171.75:443 content.invisioncic.com tcp
US 8.8.8.8:53 content-restricted.invisioncic.com udp
US 3.162.140.96:443 content-restricted.invisioncic.com tcp
US 8.8.8.8:53 75.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 96.140.162.3.in-addr.arpa udp
BE 23.41.178.72:443 www.bing.com tcp
US 8.8.8.8:53 72.178.41.23.in-addr.arpa udp
NL 45.152.209.5:55159 udp
US 8.8.8.8:53 5.209.152.45.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 75.69.20.246:30648 udp
US 8.8.8.8:53 246.20.69.75.in-addr.arpa udp
KR 210.222.53.46:62470 udp
US 8.8.8.8:53 46.53.222.210.in-addr.arpa udp
KR 121.184.106.126:7545 udp
US 8.8.8.8:53 126.106.184.121.in-addr.arpa udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
IE 18.66.171.75:443 content.invisioncic.com tcp
US 8.8.8.8:53 89.171.66.18.in-addr.arpa udp
PK 119.155.50.94:49721 udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 94.50.155.119.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
BR 201.88.170.126:45774 udp
US 8.8.8.8:53 126.170.88.201.in-addr.arpa udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
IE 18.66.171.75:443 content.invisioncic.com tcp
BR 167.249.190.55:10646 udp
US 8.8.8.8:53 55.190.249.167.in-addr.arpa udp
BR 177.27.227.177:43541 udp
JP 118.106.153.77:51413 udp
US 8.8.8.8:53 77.153.106.118.in-addr.arpa udp
RU 109.107.163.177:14076 udp
US 8.8.8.8:53 177.163.107.109.in-addr.arpa udp
ES 95.124.172.202:62725 udp
US 8.8.8.8:53 202.172.124.95.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 p4-c7nsnnqkfcwlu-vzxhqsavkhdqtw6b-if-v6exp3-v4.metric.gstatic.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
GB 216.58.212.227:443 p4-c7nsnnqkfcwlu-vzxhqsavkhdqtw6b-if-v6exp3-v4.metric.gstatic.com tcp
GB 216.58.212.227:443 p4-c7nsnnqkfcwlu-vzxhqsavkhdqtw6b-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 rtb.fr3.eu.criteo.com udp
GB 142.250.187.196:443 www.google.com udp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 12.7.250.178.in-addr.arpa udp
NL 178.250.1.3:443 static.criteo.net tcp
US 3.162.140.96:443 content-restricted.invisioncic.com tcp
IN 49.204.119.10:55111 udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 10.119.204.49.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
MX 189.203.97.82:18717 udp
US 8.8.8.8:53 82.97.203.189.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 p4-c7nsnnqkfcwlu-vzxhqsavkhdqtw6b-955820-i1-v6exp3.ds.metric.gstatic.com udp
US 8.8.8.8:53 p4-c7nsnnqkfcwlu-vzxhqsavkhdqtw6b-955820-i2-v6exp3.v4.metric.gstatic.com udp
GB 142.250.187.210:443 p4-c7nsnnqkfcwlu-vzxhqsavkhdqtw6b-955820-i1-v6exp3.ds.metric.gstatic.com tcp
GB 142.250.180.18:443 p4-c7nsnnqkfcwlu-vzxhqsavkhdqtw6b-955820-i2-v6exp3.v4.metric.gstatic.com tcp
BR 201.9.239.216:44991 udp
US 8.8.8.8:53 210.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.239.9.201.in-addr.arpa udp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 content.invisioncic.com udp
IE 18.66.171.75:443 content.invisioncic.com tcp
RU 5.143.184.224:50659 udp
US 8.8.8.8:53 224.184.143.5.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
TR 85.153.237.59:23579 udp
US 8.8.8.8:53 59.237.153.85.in-addr.arpa udp
IE 18.66.171.75:443 content.invisioncic.com tcp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
US 173.79.120.224:49411 udp
US 8.8.8.8:53 224.120.79.173.in-addr.arpa udp
CH 31.10.171.135:27837 udp
US 8.8.8.8:53 135.171.10.31.in-addr.arpa udp
US 173.209.169.22:51413 udp
US 8.8.8.8:53 22.169.209.173.in-addr.arpa udp
RU 213.183.33.37:25856 tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.102.92:443 udp
BR 177.192.28.220:8065 udp
US 8.8.8.8:53 220.28.192.177.in-addr.arpa udp
PR 24.50.234.169:52745 udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 169.234.50.24.in-addr.arpa udp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
UA 93.127.56.224:39091 udp
US 8.8.8.8:53 224.56.127.93.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 18.220.82.190:6881 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.75:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.75:443 r.bing.com tcp
US 8.8.8.8:53 190.82.220.18.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
UA 194.107.231.162:39964 tcp
JO 37.220.113.47:45461 udp
DE 139.162.190.235:7889 tcp
US 8.8.8.8:53 47.113.220.37.in-addr.arpa udp
RU 91.246.120.153:25856 tcp
RU 178.64.87.54:61626 tcp
BR 200.6.95.29:25856 tcp
PH 103.200.32.22:35637 udp
US 8.8.8.8:53 22.32.200.103.in-addr.arpa udp
FI 95.216.100.173:41998 udp
US 8.8.8.8:53 173.100.216.95.in-addr.arpa udp
SA 31.167.243.53:6881 udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 53.243.167.31.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 150.171.27.10:443 tse4.mm.bing.net tcp
US 150.171.28.10:443 tse4.mm.bing.net tcp
US 150.171.27.10:443 tse4.mm.bing.net tcp
US 150.171.28.10:443 tse4.mm.bing.net tcp
US 67.171.246.188:35782 udp
US 8.8.8.8:53 188.246.171.67.in-addr.arpa udp
IS 89.160.245.72:1040 udp
US 8.8.8.8:53 72.245.160.89.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
RU 5.3.213.19:53798 udp
US 8.8.8.8:53 19.213.3.5.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 content.invisioncic.com udp
US 8.8.8.8:53 www.andersonkenya1.net udp
IE 18.66.171.12:443 content.invisioncic.com tcp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 12.171.66.18.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
CN 118.112.135.158:10048 udp
US 8.8.8.8:53 158.135.112.118.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
IE 18.66.171.12:443 content.invisioncic.com tcp
BR 177.86.233.8:6881 udp
US 8.8.8.8:53 8.233.86.177.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 172.217.169.66:443 ade.googlesyndication.com udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
IE 18.66.171.12:443 content.invisioncic.com tcp
BR 189.4.106.171:3150 udp
US 8.8.8.8:53 171.106.4.189.in-addr.arpa udp
GB 191.101.209.39:25856 tcp
NL 217.62.243.142:51413 udp
US 8.8.8.8:53 142.243.62.217.in-addr.arpa udp
NL 185.162.184.42:62044 udp
US 8.8.8.8:53 42.184.162.185.in-addr.arpa udp
MX 201.111.54.73:47156 udp
US 8.8.8.8:53 73.54.111.201.in-addr.arpa udp
US 159.235.216.164:51413 udp
US 8.8.8.8:53 164.216.235.159.in-addr.arpa udp
UA 37.115.101.97:30920 udp
US 8.8.8.8:53 97.101.115.37.in-addr.arpa udp
JP 59.170.49.221:59131 udp
US 8.8.8.8:53 221.49.170.59.in-addr.arpa udp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
IE 18.66.171.12:443 content.invisioncic.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
IR 5.122.160.50:3446 udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 50.160.122.5.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 172.217.169.66:443 ade.googlesyndication.com udp
US 8.8.8.8:53 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-if-v6exp3-v4.metric.gstatic.com udp
GB 142.250.187.227:443 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-if-v6exp3-v4.metric.gstatic.com tcp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
GB 142.250.187.196:443 www.google.com udp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
GB 142.250.187.227:443 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-if-v6exp3-v4.metric.gstatic.com udp
GB 142.250.187.196:443 www.google.com udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
IE 18.66.171.21:443 www.andersonkenya1.net tcp
RU 46.146.242.232:51413 udp
US 8.8.8.8:53 232.242.146.46.in-addr.arpa udp
US 8.8.8.8:53 www.andersonkenya1.net udp
US 8.8.8.8:53 content.invisioncic.com udp
IE 18.66.171.129:443 content.invisioncic.com tcp
US 8.8.8.8:53 content-restricted.invisioncic.com udp
US 3.162.140.24:443 content-restricted.invisioncic.com tcp
US 8.8.8.8:53 24.140.162.3.in-addr.arpa udp
RU 95.26.220.66:26734 udp
US 8.8.8.8:53 66.220.26.95.in-addr.arpa udp
US 8.8.8.8:53 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-i1-v6exp3.v4.metric.gstatic.com udp
US 8.8.8.8:53 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-i2-v6exp3.ds.metric.gstatic.com udp
GB 216.58.212.210:443 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-i1-v6exp3.v4.metric.gstatic.com tcp
GB 216.58.204.82:443 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-i2-v6exp3.ds.metric.gstatic.com tcp
GB 216.58.212.210:443 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-i1-v6exp3.v4.metric.gstatic.com tcp
GB 216.58.204.82:443 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-i2-v6exp3.ds.metric.gstatic.com tcp
KR 121.169.37.183:32886 udp
US 8.8.8.8:53 210.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 183.37.169.121.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
KR 1.224.24.26:40826 udp
US 8.8.8.8:53 26.24.224.1.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
NL 142.250.102.92:443 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.99:443 r.bing.com tcp
NL 23.62.61.99:443 r.bing.com tcp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
RU 31.180.214.98:58872 udp
IE 18.66.171.40:443 www.andersonkenya1.net tcp
IE 18.66.171.129:443 content.invisioncic.com tcp
US 8.8.8.8:53 98.214.180.31.in-addr.arpa udp
US 8.8.8.8:53 40.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 use.typekit.net udp
US 2.22.144.70:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
US 2.22.144.101:443 p.typekit.net tcp
US 8.8.8.8:53 track.scoota.co udp
US 216.239.38.21:443 track.scoota.co tcp
US 216.239.38.21:443 track.scoota.co tcp
US 2.22.144.70:443 use.typekit.net tcp
US 8.8.8.8:53 70.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 101.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 assets.scoota.co udp
IE 18.66.171.125:443 assets.scoota.co tcp
IE 18.66.171.125:443 assets.scoota.co tcp
IE 18.66.171.125:443 assets.scoota.co tcp
MX 187.188.228.6:30929 udp
US 8.8.8.8:53 21.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 125.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 6.228.188.187.in-addr.arpa udp
US 216.239.38.21:443 track.scoota.co tcp
NL 23.62.61.160:443 r.bing.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
IL 85.65.209.246:49447 udp
UA 93.170.96.50:1347 udp
US 8.8.8.8:53 50.96.170.93.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.187.226:443 ade.googlesyndication.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
IE 18.66.171.40:443 www.andersonkenya1.net tcp
IE 18.66.171.129:443 content.invisioncic.com tcp
US 8.8.8.8:53 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-s1-v6exp3-v4.metric.gstatic.com udp
GB 172.217.16.227:443 p4-c3xfzh42js64m-2xvsvbhszgcp7xmm-815945-s1-v6exp3-v4.metric.gstatic.com tcp
PT 213.22.82.16:54376 udp
US 8.8.8.8:53 16.82.22.213.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 68.129.221.76:50321 udp
US 8.8.8.8:53 76.221.129.68.in-addr.arpa udp
US 71.81.93.105:61991 udp
US 8.8.8.8:53 105.93.81.71.in-addr.arpa udp
RU 95.24.115.29:25095 udp
US 8.8.8.8:53 29.115.24.95.in-addr.arpa udp
US 67.209.91.14:6898 udp
US 8.8.8.8:53 14.91.209.67.in-addr.arpa udp
CA 173.176.137.98:55546 udp
US 8.8.8.8:53 98.137.176.173.in-addr.arpa udp
US 8.8.8.8:53 www.andersonkenya1.net udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 content.invisioncic.com udp
IE 18.66.171.100:443 content.invisioncic.com tcp
NL 185.21.217.60:64867 udp
US 8.8.8.8:53 60.217.21.185.in-addr.arpa udp
NL 23.62.61.160:443 r.bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 66.61.49.193:6346 udp
US 216.239.38.21:443 track.scoota.co tcp
US 8.8.8.8:53 193.49.61.66.in-addr.arpa udp
CA 99.236.131.38:8621 udp
US 8.8.8.8:53 38.131.236.99.in-addr.arpa udp
HK 61.93.122.155:6881 udp
US 8.8.8.8:53 155.122.93.61.in-addr.arpa udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
KR 121.166.144.243:6881 udp
IE 18.66.171.100:443 content.invisioncic.com tcp
US 8.8.8.8:53 243.144.166.121.in-addr.arpa udp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
PT 93.108.147.223:56309 udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 223.147.108.93.in-addr.arpa udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 142.250.187.196:443 www.google.com udp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 content-restricted.invisioncic.com udp
US 3.162.140.24:443 content-restricted.invisioncic.com tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
IT 93.46.106.27:6889 udp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 27.106.46.93.in-addr.arpa udp
US 8.8.8.8:53 68.9.67.172.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
ES 37.133.63.10:6889 udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 10.63.133.37.in-addr.arpa udp
SE 81.228.48.197:6889 udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
US 8.8.8.8:53 197.48.228.81.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 i.imgur.com udp
US 199.232.196.193:443 i.imgur.com tcp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 108.185.1.146:6881 udp
US 8.8.8.8:53 146.1.185.108.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
NL 5.79.77.77:59718 udp
US 8.8.8.8:53 77.77.79.5.in-addr.arpa udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
CZ 86.49.250.144:5040 udp
US 8.8.8.8:53 144.250.49.86.in-addr.arpa udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
IE 18.66.171.100:443 content.invisioncic.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 35.80.226.215:443 analytics.apis.mcafee.com tcp
CA 142.114.254.104:20630 udp
US 8.8.8.8:53 104.254.114.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
RU 77.95.92.53:6881 udp
US 8.8.8.8:53 53.92.95.77.in-addr.arpa udp
CA 192.99.12.23:56943 udp
US 8.8.8.8:53 23.12.99.192.in-addr.arpa udp
NL 37.48.95.60:61107 udp
US 8.8.8.8:53 60.95.48.37.in-addr.arpa udp
GB 81.111.54.72:51413 udp
US 8.8.8.8:53 72.54.111.81.in-addr.arpa udp
US 8.8.8.8:53 www.andersonkenya1.net udp
IE 18.66.171.40:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 content.invisioncic.com udp
IE 18.66.171.75:443 content.invisioncic.com tcp
MD 217.19.215.240:16528 udp
PL 185.16.39.229:11534 udp
FR 94.23.249.222:37464 udp
CN 183.250.96.223:15910 udp
US 18.218.241.3:6881 udp
FR 37.187.75.111:50914 udp
FI 185.148.3.203:11158 udp
US 8.8.8.8:53 240.215.19.217.in-addr.arpa udp
US 8.8.8.8:53 229.39.16.185.in-addr.arpa udp
US 8.8.8.8:53 222.249.23.94.in-addr.arpa udp
US 8.8.8.8:53 111.75.187.37.in-addr.arpa udp
US 8.8.8.8:53 3.241.218.18.in-addr.arpa udp
US 8.8.8.8:53 203.3.148.185.in-addr.arpa udp
IE 18.66.171.40:443 www.andersonkenya1.net tcp
IE 18.66.171.75:443 content.invisioncic.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.178.3:443 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-if-v6exp3-v4.metric.gstatic.com tcp
GB 142.250.178.3:443 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-if-v6exp3-v4.metric.gstatic.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 content-restricted.invisioncic.com udp
US 3.162.140.111:443 content-restricted.invisioncic.com tcp
US 8.8.8.8:53 111.140.162.3.in-addr.arpa udp
FI 65.108.78.54:6881 udp
US 8.8.8.8:53 54.78.108.65.in-addr.arpa udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
JP 59.132.22.98:6881 udp
CN 183.165.174.9:60148 udp
US 8.8.8.8:53 9.174.165.183.in-addr.arpa udp
US 8.8.8.8:53 98.22.132.59.in-addr.arpa udp
US 8.8.8.8:53 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-391452-i1-v6exp3.ds.metric.gstatic.com udp
US 8.8.8.8:53 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-391452-i2-v6exp3.v4.metric.gstatic.com udp
GB 172.217.169.18:443 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-391452-i1-v6exp3.ds.metric.gstatic.com tcp
GB 172.217.169.82:443 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-391452-i2-v6exp3.v4.metric.gstatic.com tcp
GB 172.217.169.18:443 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-391452-i1-v6exp3.ds.metric.gstatic.com tcp
GB 172.217.169.82:443 p4-hvgmet77t7ouy-mhv2xltjlq3igioi-391452-i2-v6exp3.v4.metric.gstatic.com tcp
US 8.8.8.8:53 18.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.169.217.172.in-addr.arpa udp
IE 18.66.171.40:443 www.andersonkenya1.net tcp
IE 18.66.171.75:443 content.invisioncic.com tcp
IE 18.66.171.40:443 www.andersonkenya1.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
IE 18.66.171.40:443 www.andersonkenya1.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.20.12.102:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 102.12.20.2.in-addr.arpa udp
NL 23.62.61.99:443 www.bing.com tcp
MX 177.245.153.165:3461 udp
US 8.8.8.8:53 165.153.245.177.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 18.210.46.60:443 track.analytics-data.io tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 18.190.61.127:6881 udp
US 8.8.8.8:53 127.61.190.18.in-addr.arpa udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
RU 109.107.163.177:18956 udp
IN 47.29.165.102:45941 udp
US 8.8.8.8:53 102.165.29.47.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
N/A 172.17.0.1:40519 udp
US 8.8.8.8:53 1.0.17.172.in-addr.arpa udp
NL 213.227.152.198:51413 udp
US 8.8.8.8:53 198.152.227.213.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
NL 45.87.250.248:65156 udp
US 8.8.8.8:53 248.250.87.45.in-addr.arpa udp
CA 68.148.103.110:52863 udp
US 8.8.8.8:53 110.103.148.68.in-addr.arpa udp
MY 14.1.255.43:51829 udp
US 8.8.8.8:53 www.andersonkenya1.net udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
US 8.8.8.8:53 43.255.1.14.in-addr.arpa udp
US 8.8.8.8:53 content.invisioncic.com udp
IE 18.66.171.75:443 content.invisioncic.com tcp
US 205.178.102.33:65165 udp
US 8.8.8.8:53 33.102.178.205.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 74.37.181.2:1234 udp
US 8.8.8.8:53 2.181.37.74.in-addr.arpa udp
KR 218.157.226.164:41048 udp
US 75.164.61.9:3861 udp
US 8.8.8.8:53 9.61.164.75.in-addr.arpa udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
IE 18.66.171.75:443 content.invisioncic.com tcp
KR 222.108.214.131:20481 udp
US 8.8.8.8:53 131.214.108.222.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
KR 111.67.209.216:41119 udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
IE 18.66.171.75:443 content.invisioncic.com tcp
US 8.8.8.8:53 216.209.67.111.in-addr.arpa udp
CN 1.116.241.164:57211 udp
RU 89.148.243.66:16565 udp
US 8.8.8.8:53 66.243.148.89.in-addr.arpa udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
IE 18.66.171.75:443 content.invisioncic.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
KR 220.85.184.5:32915 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 5.184.85.220.in-addr.arpa udp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
IE 18.66.171.89:443 www.andersonkenya1.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
JP 60.33.151.14:51413 udp
US 8.8.8.8:53 14.151.33.60.in-addr.arpa udp
KR 112.154.65.11:8124 udp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
US 8.8.8.8:53 content-restricted.invisioncic.com udp
US 3.162.140.111:443 content-restricted.invisioncic.com tcp
US 8.8.8.8:53 11.65.154.112.in-addr.arpa udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
HK 218.250.102.86:12059 udp
US 8.8.8.8:53 86.102.250.218.in-addr.arpa udp
US 8.8.8.8:53 www.andersonkenya1.net udp
IE 18.66.171.75:443 content.invisioncic.com tcp
RU 88.206.86.71:41921 udp
US 8.8.8.8:53 71.86.206.88.in-addr.arpa udp
CA 184.75.221.195:44952 udp
US 8.8.8.8:53 195.221.75.184.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
NL 142.250.102.92:443 udp
NL 5.79.68.76:58630 udp
US 8.8.8.8:53 76.68.79.5.in-addr.arpa udp
GB 82.18.47.138:54793 udp
US 8.8.8.8:53 138.47.18.82.in-addr.arpa udp
BG 185.230.244.168:63847 udp
US 8.8.8.8:53 168.244.230.185.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
FR 195.154.179.2:50929 udp
US 8.8.8.8:53 2.179.154.195.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
FR 195.154.172.179:44610 udp
US 8.8.8.8:53 179.172.154.195.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 188.165.246.171:53941 udp
NL 23.62.61.171:443 r.bing.com tcp
US 8.8.8.8:53 171.246.165.188.in-addr.arpa udp
US 8.8.8.8:53 mugen.fandom.com udp
US 199.232.212.194:443 mugen.fandom.com tcp
US 199.232.212.194:443 mugen.fandom.com tcp
US 8.8.8.8:53 194.212.232.199.in-addr.arpa udp
US 8.8.8.8:53 static.wikia.nocookie.net udp
DE 74.120.188.204:443 static.wikia.nocookie.net tcp
US 8.8.8.8:53 services.fandom.com udp
US 8.8.8.8:53 www.fastly-insights.com udp
US 151.101.130.91:443 www.fastly-insights.com tcp
DE 74.120.188.204:443 static.wikia.nocookie.net tcp
US 8.8.8.8:53 204.188.120.74.in-addr.arpa udp
US 8.8.8.8:53 vignette.wikia.nocookie.net udp
US 199.232.212.194:443 services.fandom.com tcp
US 8.8.8.8:53 91.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 dev.fandom.com udp
US 8.8.8.8:53 www.fandom.com udp
RU 78.155.178.37:17791 udp
US 8.8.8.8:53 beacon.wikia-services.com udp
US 74.120.189.205:443 beacon.wikia-services.com tcp
US 8.8.8.8:53 37.178.155.78.in-addr.arpa udp
US 8.8.8.8:53 205.189.120.74.in-addr.arpa udp
US 74.120.189.205:443 beacon.wikia-services.com tcp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 108.177.15.155:443 stats.g.doubleclick.net udp
DE 91.228.74.200:443 secure.quantserve.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com udp
US 151.101.65.229:443 cdn.jsdelivr.net udp
GB 142.250.200.3:443 www.google.co.uk udp
US 3.162.140.66:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 seg.ad.gt udp
US 104.22.4.69:443 seg.ad.gt tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.adsafeprotected.com udp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 b-code.liadm.com udp
US 8.8.8.8:53 cdn-gl.imrworldwide.com udp
US 172.67.23.234:443 a.ad.gt tcp
US 3.162.140.77:443 cdn.adsafeprotected.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ads.servenobid.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 s.seedtag.com udp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 3.162.142.187:443 c.amazon-adsystem.com tcp
IE 54.76.139.215:443 ads.servenobid.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
IE 18.66.171.48:443 b-code.liadm.com tcp
IE 18.66.171.11:443 rules.quantcount.com tcp
NL 185.89.210.141:443 ib.adnxs.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 172.64.144.78:443 elb.the-ozone-project.com tcp
US 104.18.167.224:443 pub.doubleverify.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
IE 18.66.171.82:443 cdn-gl.imrworldwide.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 13.224.68.73:443 cdn.amplitude.com tcp
US 8.8.8.8:53 www.doubleclick.net udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 77.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 78.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 224.167.18.104.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 48.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 11.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 215.139.76.54.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
GB 216.58.204.78:443 www.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 tunglashor.webnode.com udp
DE 3.65.102.101:80 tunglashor.webnode.com tcp
DE 3.65.102.101:80 tunglashor.webnode.com tcp
US 8.8.8.8:53 tunglashor.webnode.page udp
DE 3.79.173.192:80 tunglashor.webnode.page tcp
DE 3.79.173.192:443 tunglashor.webnode.page tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 82.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 101.102.65.3.in-addr.arpa udp
US 8.8.8.8:53 192.173.79.3.in-addr.arpa udp
US 8.8.8.8:53 d11bh4d8fhuq47.cloudfront.net udp
US 3.162.143.90:443 d11bh4d8fhuq47.cloudfront.net tcp
US 3.162.143.90:443 d11bh4d8fhuq47.cloudfront.net tcp
US 3.162.143.90:443 d11bh4d8fhuq47.cloudfront.net tcp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 52.43.182.206:443 ids.ad.gt tcp
US 34.111.113.62:443 pixel.tapad.com tcp
US 35.244.159.8:443 u.openx.net udp
IE 34.253.131.179:443 pixel.adsafeprotected.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
IE 54.220.209.169:443 dpm.demdex.net tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 104.22.5.69:443 p.ad.gt tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
GB 185.64.191.210:443 image2.pubmatic.com tcp
IE 18.66.171.49:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 sync.1rx.io udp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 marketingplatform.google.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 216.58.201.110:443 marketingplatform.google.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 90.143.162.3.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 169.209.220.54.in-addr.arpa udp
US 8.8.8.8:53 206.182.43.52.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 49.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 47.202.97.23:8661 udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 74.120.189.205:443 beacon.wikia-services.com tcp
US 8.8.8.8:53 23.97.202.47.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 3.162.143.90:443 d11bh4d8fhuq47.cloudfront.net tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:443 s7.addthis.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 52.26.54.77:443 api2.amplitude.com tcp
US 52.43.182.206:443 ids.ad.gt tcp
US 52.26.54.77:443 api2.amplitude.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 52.43.182.206:443 ids.ad.gt tcp
US 52.43.182.206:443 ids.ad.gt tcp
US 172.67.23.234:443 p.ad.gt tcp
IE 52.95.126.160:443 aax-eu.amazon-adsystem.com tcp
US 104.22.5.69:443 p.ad.gt tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
DE 3.79.173.192:443 tunglashor.webnode.page tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 104.244.42.200:443 syndication.twitter.com tcp
IE 18.66.171.82:443 cdn-gl.imrworldwide.com tcp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
IE 18.66.171.45:443 launchpad-wrapper.privacymanager.io tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 77.54.26.52.in-addr.arpa udp
US 8.8.8.8:53 160.126.95.52.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
IE 18.66.171.8:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 twitter.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 prebid-match.dotomi.com udp
NL 63.215.202.140:443 prebid-match.dotomi.com tcp
US 74.120.189.205:443 beacon.wikia-services.com tcp
US 199.232.212.194:443 www.fandom.com tcp
US 199.232.212.194:443 www.fandom.com tcp
US 8.8.8.8:53 secure-dcr.imrworldwide.com udp
US 8.8.8.8:53 hcee5ssw4c3lyzw5x73ajc4wiammn1718368338.nuid.imrworldwide.com udp
US 8.8.8.8:53 pixels.ad.gt udp
IE 13.224.68.65:443 hcee5ssw4c3lyzw5x73ajc4wiammn1718368338.nuid.imrworldwide.com tcp
IE 52.18.140.180:443 secure-dcr.imrworldwide.com tcp
IE 54.72.245.162:443 bcp.crwdcntrl.net tcp
US 172.67.23.234:443 pixels.ad.gt tcp
US 8.8.8.8:53 2a161993ad20db5ada8144f4eb0a0b59.safeframe.googlesyndication.com udp
US 8.8.8.8:53 45.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 8.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 65.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 180.140.18.52.in-addr.arpa udp
US 8.8.8.8:53 162.245.72.54.in-addr.arpa udp
GB 172.217.169.65:443 2a161993ad20db5ada8144f4eb0a0b59.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 launchpad.privacymanager.io udp
IE 18.66.171.55:443 launchpad.privacymanager.io tcp
US 8.8.8.8:53 cookies.nextmillmedia.com udp
US 107.20.43.192:443 cookies.nextmillmedia.com tcp
IE 34.253.131.179:443 pixel.adsafeprotected.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.giantbomb.com udp
US 8.8.8.8:53 geo.privacymanager.io udp
US 199.232.212.194:443 www.giantbomb.com tcp
US 3.162.140.50:443 geo.privacymanager.io tcp
US 8.8.8.8:53 cdn.doubleverify.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
BE 23.14.90.89:443 cdn.doubleverify.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 55.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 192.43.20.107.in-addr.arpa udp
US 8.8.8.8:53 50.140.162.3.in-addr.arpa udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
NL 185.89.210.141:443 secure.adnxs.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 104.18.36.155:443 ssum.casalemedia.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.233.248:443 csync.loopme.me tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 35.186.253.211:443 rtb.openx.net udp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 ap.lijit.com udp
IE 54.216.196.207:443 ap.lijit.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 pbs.nextmillmedia.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 51.81.244.170:443 pbs.nextmillmedia.com tcp
GB 2.16.233.56:443 eus.rubiconproject.com tcp
IE 54.74.114.10:443 ads.yieldmo.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
IE 18.66.171.24:443 ud.reasonsecurity.com tcp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 248.233.214.35.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 207.196.216.54.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 10.114.74.54.in-addr.arpa udp
US 8.8.8.8:53 170.244.81.51.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 51.81.244.170:443 pbs.nextmillmedia.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
DE 74.120.188.204:443 vignette.wikia.nocookie.net tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:80 www.mediafire.com tcp
US 104.16.114.74:80 www.mediafire.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
DE 52.29.179.14:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
IE 18.66.165.237:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 24.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 14.179.29.52.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 237.165.66.18.in-addr.arpa udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.113.74:80 static.mediafire.com tcp
US 104.16.113.74:80 static.mediafire.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 104.16.113.74:80 static.mediafire.com tcp
US 104.16.113.74:80 static.mediafire.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 download2284.mediafire.com udp
US 172.67.170.144:80 www.ezojs.com tcp
IE 13.224.68.73:443 cdn.amplitude.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
GB 142.250.187.238:80 translate.google.com tcp
DE 51.75.86.98:443 onetag-sys.com udp
NL 145.40.97.67:443 sync.a-mo.net tcp
US 8.8.8.8:53 blog.mediafire.com udp
US 8.8.8.8:53 mediafire.zendesk.com udp
US 8.8.8.8:53 fast.io udp
US 8.8.8.8:53 api.btloader.com udp
GB 142.250.187.238:443 translate.google.com tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 130.211.23.194:443 api.btloader.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 3.162.140.16:443 static.hotjar.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 35.181.89.222:80 g.ezoic.net tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 go.ezodn.com udp
US 104.21.87.79:80 go.ezodn.com tcp
US 104.21.87.79:80 go.ezodn.com tcp
US 104.21.87.79:80 go.ezodn.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 44.233.60.45:443 api.amplitude.com tcp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 104.21.87.79:80 go.ezodn.com tcp
US 104.21.87.79:80 go.ezodn.com tcp
US 104.21.87.79:80 go.ezodn.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 g.ezodn.com udp
GB 142.250.200.34:80 securepubads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.200.10:443 translate.googleapis.com tcp
US 172.67.142.121:443 g.ezodn.com tcp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 16.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 45.60.233.44.in-addr.arpa udp
FR 35.181.89.222:80 g.ezoic.net tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
NL 94.140.5.69:52357 udp
FR 35.181.89.222:443 g.ezoic.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 script.4dex.io udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 172.67.14.119:443 prebid.smilewanted.com tcp
IE 18.66.171.119:443 hb.yellowblue.io tcp
US 104.26.8.169:443 script.4dex.io tcp
US 107.151.11.18:443 ghb.adtelligent.com tcp
GB 142.250.187.196:443 www.google.com udp
US 104.18.36.155:443 ssum.casalemedia.com tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
GB 185.239.172.170:443 ghb1.adtelligent.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
NL 185.89.210.141:443 secure.adnxs.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 74.120.189.205:443 beacon.wikia-services.com tcp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 ow.pubmatic.com udp
FR 35.181.89.222:80 g.ezoic.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 79.127.227.46:443 id.rtb.mx tcp
US 8.8.8.8:53 69.5.140.94.in-addr.arpa udp
US 8.8.8.8:53 119.14.67.172.in-addr.arpa udp
US 8.8.8.8:53 119.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 170.172.239.185.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 18.11.151.107.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 0d87a021744b43c119082db6ae273d34.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 0d87a021744b43c119082db6ae273d34.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 104.21.87.79:443 bshr.ezodn.com tcp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
US 104.21.87.79:80 bshr.ezodn.com tcp
FR 35.181.89.222:80 g.ezoic.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 adssettings.google.com udp
GB 142.250.187.193:443 cdn.ampproject.org udp
US 104.21.87.79:80 bshr.ezodn.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
DE 74.120.188.204:443 vignette.wikia.nocookie.net tcp
US 8.8.8.8:53 tps.doubleverify.com udp
FR 178.32.197.52:443 ssbsync-global.smartadserver.com tcp
US 130.211.44.5:443 tps.doubleverify.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
IE 18.66.171.24:443 ud.reasonsecurity.com tcp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 34.102.146.192:443 oa.openxcdn.net udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 connectid.analytics.yahoo.com udp
US 104.22.51.98:443 spl.zeotap.com tcp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
IE 18.66.171.7:443 connectid.analytics.yahoo.com tcp
US 34.120.107.143:443 oajs.openx.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 199.232.212.194:443 www.giantbomb.com tcp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 107.20.43.192:443 cookies.nextmillmedia.com tcp
US 34.120.107.143:443 oajs.openx.net udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
DE 79.127.216.47:443 id.rtb.mx tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 51.81.244.170:443 pbs.nextmillmedia.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
GB 2.16.232.228:443 ads.pubmatic.com tcp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 52.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 104.16.52.110:443 otnolatrnup.com tcp
US 104.16.52.110:443 otnolatrnup.com tcp
US 199.91.155.25:80 download2284.mediafire.com tcp
US 199.91.155.25:80 download2284.mediafire.com tcp
DE 52.29.179.14:443 rtb.mfadsrvr.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
GB 104.120.140.21:443 hbx.media.net tcp
GB 104.120.140.21:443 hbx.media.net tcp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 7.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.22.4.69:443 pixels.ad.gt tcp
US 15.197.193.217:80 match.adsrvr.org tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 stx-match.dotomi.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 70.42.32.31:443 b1sync.zemanta.com tcp
IE 54.246.18.125:443 pr-bh.ybp.yahoo.com tcp
IE 52.17.40.72:443 id.crwdcntrl.net tcp
NL 89.207.16.140:443 stx-match.dotomi.com tcp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
DE 52.57.239.98:443 match.sharethrough.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 sync.adtelligent.com udp
US 8.8.8.8:53 sys.ctrackapp.com udp
GB 185.83.71.234:443 sync.adtelligent.com tcp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 25.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 21.140.120.104.in-addr.arpa udp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 125.18.246.54.in-addr.arpa udp
US 143.198.169.179:58680 udp
US 8.8.8.8:53 72.40.17.52.in-addr.arpa udp
IE 13.224.68.3:443 sys.ctrackapp.com tcp
IE 13.224.68.3:443 sys.ctrackapp.com tcp
US 8.8.8.8:53 track.donecperficiam.com udp
IE 18.66.171.73:443 track.donecperficiam.com tcp
IE 18.66.171.73:443 track.donecperficiam.com tcp
US 8.8.8.8:53 go.etoro.com udp
GB 23.206.73.117:443 go.etoro.com tcp
GB 23.206.73.117:443 go.etoro.com tcp
US 8.8.8.8:53 31.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 98.239.57.52.in-addr.arpa udp
US 8.8.8.8:53 179.169.198.143.in-addr.arpa udp
US 8.8.8.8:53 234.71.83.185.in-addr.arpa udp
US 8.8.8.8:53 3.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 marketing.etorostatic.com udp
US 8.8.8.8:53 etoro-cdn.etorostatic.com udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 static.smilewanted.com udp
US 172.67.14.119:443 static.smilewanted.com tcp
US 8.8.8.8:53 117.73.206.23.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 bat.bing.com udp
US 3.162.140.16:443 static.hotjar.com tcp
US 8.8.8.8:53 c0.adalyser.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 204.79.197.237:443 bat.bing.com tcp
US 151.101.193.44:443 cdn.taboola.com tcp
GB 2.16.233.118:443 amplify.outbrain.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 199.232.56.157:443 static.ads-twitter.com tcp
IE 52.19.176.124:443 c0.adalyser.com tcp
US 8.8.8.8:53 9944765.fls.doubleclick.net udp
US 8.8.8.8:53 geolocation.onetrust.com udp
GB 216.58.204.70:443 9944765.fls.doubleclick.net tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 tr.outbrain.com udp
US 104.244.42.195:443 analytics.twitter.com tcp
US 3.162.140.25:443 script.hotjar.com tcp
PL 93.184.221.165:443 t.co tcp
US 8.8.8.8:53 wave.outbrain.com udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 124.176.19.52.in-addr.arpa udp
US 64.74.236.95:443 tr.outbrain.com tcp
US 64.74.236.95:443 tr.outbrain.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 118.233.16.2.in-addr.arpa udp
GB 2.16.233.118:443 wave.outbrain.com tcp
GB 2.16.233.118:443 wave.outbrain.com tcp
GB 2.16.233.118:443 wave.outbrain.com tcp
GB 2.16.233.118:443 wave.outbrain.com tcp
GB 2.16.233.118:443 wave.outbrain.com tcp
GB 216.58.204.70:443 9944765.fls.doubleclick.net udp
RU 95.24.73.208:38199 udp
GB 2.16.233.118:443 wave.outbrain.com tcp
GB 2.22.99.132:443 etoro-cdn.etorostatic.com tcp
US 8.8.8.8:53 cdn.etorostatic.com udp
GB 2.22.99.132:443 cdn.etorostatic.com tcp
US 8.8.8.8:53 etorologsapi.etoro.com udp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 25.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 165.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 208.73.24.95.in-addr.arpa udp
NL 20.54.209.212:443 etorologsapi.etoro.com tcp
NL 20.54.209.212:443 etorologsapi.etoro.com tcp
GB 23.206.73.117:443 go.etoro.com tcp
US 8.8.8.8:53 cdn.mxpnl.com udp
GB 2.30.240.190:53076 udp
US 8.8.8.8:53 trc-events.taboola.com udp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 130.211.5.208:443 cdn.mxpnl.com tcp
US 8.8.8.8:53 212.209.54.20.in-addr.arpa udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 8.8.8.8:53 190.240.30.2.in-addr.arpa udp
NL 20.50.88.242:443 dc.services.visualstudio.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 2.22.99.132:443 cdn.etorostatic.com tcp
US 8.8.8.8:53 208.5.211.130.in-addr.arpa udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 www.etoro.com udp
US 104.18.34.56:443 www.etoro.com tcp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
AU 101.167.171.167:6889 udp
US 8.8.8.8:53 242.88.50.20.in-addr.arpa udp
US 8.8.8.8:53 56.34.18.104.in-addr.arpa udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 104.18.34.56:443 www.etoro.com tcp
GB 2.22.99.132:443 cdn.etorostatic.com tcp
US 8.8.8.8:53 167.171.167.101.in-addr.arpa udp
ZM 102.67.160.155:2489 udp
FR 35.181.89.222:80 g.ezoic.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
US 172.67.14.119:443 static.smilewanted.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
FR 35.181.89.222:80 g.ezoic.net tcp
US 107.151.11.18:443 ghb1.adtelligent.com tcp
FR 35.181.89.222:80 g.ezoic.net tcp
GB 185.239.172.170:443 ghb1.adtelligent.com tcp
US 8.8.8.8:53 ghb2.adtelligent.com udp
US 104.18.34.56:443 www.etoro.com tcp
US 74.120.189.205:443 beacon.wikia-services.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
DE 74.120.188.204:443 vignette.wikia.nocookie.net tcp
US 8.8.8.8:53 155.160.67.102.in-addr.arpa udp
DE 142.132.249.188:443 ghb2.adtelligent.com tcp
DE 142.132.249.188:443 ghb2.adtelligent.com tcp
US 64.74.236.95:443 tr.outbrain.com tcp
BR 179.214.84.142:51814 udp
BR 170.80.110.71:6881 udp
HK 43.225.8.185:23056 udp
US 151.101.1.44:443 cdn.taboola.com tcp
US 151.101.1.44:443 cdn.taboola.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 167.172.226.132:6060 udp
US 35.232.31.198:6881 udp
US 8.8.8.8:53 188.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 142.84.214.179.in-addr.arpa udp
US 8.8.8.8:53 71.110.80.170.in-addr.arpa udp
US 8.8.8.8:53 185.8.225.43.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 132.226.172.167.in-addr.arpa udp
US 104.18.34.56:443 www.etoro.com tcp
NL 20.50.88.242:443 dc.services.visualstudio.com tcp
AU 202.179.131.130:25856 udp
IT 5.90.196.34:36375 udp
PL 146.19.24.47:59190 udp
NL 45.87.251.173:12677 udp
US 8.8.8.8:53 198.31.232.35.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
JP 133.167.77.114:25856 udp
US 8.8.8.8:53 update.reasonsecurity.com udp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
SE 213.113.88.35:7146 udp
US 104.18.34.56:443 www.etoro.com tcp
US 8.8.8.8:53 130.131.179.202.in-addr.arpa udp
US 8.8.8.8:53 34.196.90.5.in-addr.arpa udp
US 8.8.8.8:53 47.24.19.146.in-addr.arpa udp
US 8.8.8.8:53 173.251.87.45.in-addr.arpa udp
US 8.8.8.8:53 114.77.167.133.in-addr.arpa udp
IE 18.66.171.96:443 update.reasonsecurity.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 151.101.1.44:443 cdn.taboola.com tcp
US 130.211.5.208:443 cdn.mxpnl.com udp
AU 202.179.131.130:25856 tcp
US 8.8.8.8:53 35.88.113.213.in-addr.arpa udp
US 8.8.8.8:53 96.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 maintenance.etoro.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 ice.360yield.com udp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
FR 35.181.89.222:80 g.ezoic.net tcp
NL 20.54.209.212:443 etorologsapi.etoro.com tcp
FR 35.181.89.222:80 g.ezoic.net tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 104.21.87.79:80 bshr.ezodn.com tcp
NL 81.17.55.97:443 sync.smartadserver.com tcp
NL 185.89.210.82:443 secure.adnxs.com tcp
GB 2.16.232.228:443 ads.pubmatic.com tcp
US 35.244.159.8:443 google-bidout-d.openx.net udp
US 104.21.87.79:80 bshr.ezodn.com tcp
IE 52.209.247.91:443 ice.360yield.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
GB 23.206.73.117:443 maintenance.etoro.com tcp
US 104.21.87.79:80 bshr.ezodn.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 2.22.99.132:443 cdn.etorostatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
IE 54.217.7.55:443 ap.lijit.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 91.247.209.52.in-addr.arpa udp
US 8.8.8.8:53 cm.adform.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
DK 37.157.4.28:443 cm.adform.net tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 8.8.8.8:53 us.shb-sync.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.2.110.33:443 us.shb-sync.com tcp
IE 13.224.68.3:443 sys.ctrackapp.com tcp
US 8.8.8.8:53 api1.reasonsecurity.com udp
JP 133.167.77.114:25856 tcp
US 104.22.1.235:443 api1.reasonsecurity.com tcp
US 8.8.8.8:53 55.7.217.54.in-addr.arpa udp
US 8.8.8.8:53 28.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 235.1.22.104.in-addr.arpa udp
DE 51.75.86.98:443 onetag-sys.com tcp
US 74.120.189.205:443 beacon.wikia-services.com tcp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
IE 54.195.211.127:443 pixel.adsafeprotected.com tcp
US 74.120.189.205:443 beacon.wikia-services.com tcp
US 8.8.8.8:53 127.211.195.54.in-addr.arpa udp
RU 89.250.167.213:3329 udp
US 8.8.8.8:53 213.167.250.89.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
IE 34.252.11.128:443 tcp
IE 34.243.88.176:443 tcp
UA 109.87.161.216:53649 udp
US 8.8.8.8:53 216.161.87.109.in-addr.arpa udp
IE 34.252.11.128:443 tcp
RU 95.53.205.68:47315 udp
US 8.8.8.8:53 68.205.53.95.in-addr.arpa udp
CA 199.189.27.123:32688 udp
US 8.8.8.8:53 123.27.189.199.in-addr.arpa udp
RU 95.24.108.245:57941 udp
RU 188.168.153.182:36855 udp
US 8.8.8.8:53 182.153.168.188.in-addr.arpa udp
RU 178.184.190.67:40419 udp
US 8.8.8.8:53 67.190.184.178.in-addr.arpa udp
RU 2.61.89.182:39035 udp
US 8.8.8.8:53 182.89.61.2.in-addr.arpa udp

Files

C:\Users\Admin\Desktop\AssertDisable.M2T

MD5 18cbae251820eb33c1e7b1af715cb642
SHA1 9acc2057e096e635da56ee75b8a28c36c701ba80
SHA256 1f06dc06ea8bf182cfd52df8a1399967e972df120c5efb768fad8ed56ca3bd12
SHA512 3e56767df7891c338e1d957d2e9694ce97910a1f3d5c1d5cb67ae94db251b4c9b744f295452f773471d2153460f81f331db192503ab1ef7aef8e6e6d1cb9ebf7

C:\Users\Admin\Desktop\ConfirmDismount.vssm

MD5 b85412585251226639767ab34cec2dfc
SHA1 848a725ee09d2bf3212f404fea86d72b7efe3f98
SHA256 8c5c9ef75c20ca94d7cc86a40dcbea697a2ec0af04407a1f641d7f2aea50b1a1
SHA512 797f7190ea0e0467f2f2b1f1ef4d4f4179c359d1a20196124478e82d65b82d0453b7f7f680b071236ae64461e125f9875f88f4893cd7688b50d8f16da21159cb

C:\Users\Admin\Desktop\CompleteSwitch.AAC

MD5 f5d3c0bc31c3a83de98fbaf629df2724
SHA1 0f2ff49e6583da03569ae91d92bf28ae85e7fcfe
SHA256 e3c02d9ca521813a68ee84b02e4aa4971092077eb850e44c47ac576cac12013d
SHA512 5ecc8cce0504c0c0fb2bd388be81ea76e6cf37c1b520560e3ca26696fd0f29f35c5742d5d38725b63c83e4d426aa62878a864a892925e9eac69b696a4a00481f

C:\Users\Admin\Desktop\ClearBlock.mp2

MD5 31f1cccddf662fe8282a98d067f84483
SHA1 6ca3e301d1e736884be914a4a9140a6bd042892e
SHA256 5c4bf96466a49e8fbf1381cb492a4f61db47c4242ba4a5ba5091bccf877b8cf7
SHA512 e4c4a3705e3d38933bb1b2eb534d70314c807827e82acb63bbfbf0cffba6501afc023f55144ebf7988e7fb6bc7c28aa997c921a525ae5dd7b53975e8e49998e5

C:\Users\Admin\Desktop\DenyOptimize.tif

MD5 8aaf9e6d0fa3af2a564e5a4c5ac9a9e7
SHA1 ecfc3246f661265dc3aba9e2a6ced82a4438c5b0
SHA256 73f755ae6d9fcca5f6afd4c85251add098ed5e45df84ffc010d9850ed00d4dfb
SHA512 a89555b33004700c37ddda8f4ebcd98b4dc57d04be5c26a80b4fdb4fac18164d1a683818fb2f331daec3bc9c015373e64d2c13a4a11f3218ca73d0e9de2ed922

C:\Users\Admin\Desktop\MountStep.xls

MD5 814acc0da2fb1d02046ae2490b2bb5d3
SHA1 ab72781b39b3be5a0b3323415084df89c8d9f8de
SHA256 7d6628d1030c6d31e4c5eda8a06eaf843649a554237504699f82168c46b1d912
SHA512 242b164c367f38aa991e2545070cce8c5ea2aaa01f9d5d31962ddb5039492544d878cde5a0463e04b9fb024e0afc652b41b8b14f7ddebe14d87be325fd75ebb4

C:\Users\Admin\Desktop\LimitStop.contact

MD5 1bbb55781a5296fad05bc16013d8be53
SHA1 609062603c694fedc5abd444ab31743e61666dfb
SHA256 ba4dff9171e41584da8e2217e47542c2a93787c924438dbf4436eeda90cd787d
SHA512 2ec3797ea339f03445ea5f299d6ca71abda67052f22e543480e9eaead402c552ba76905502a2d5a522f0983f1b8ba4200f1fd22d94d9df153c587ccc363934ce

C:\Users\Admin\Desktop\DisableAdd.pdf

MD5 72e13233b1fa45fb7aef2b8f427811b8
SHA1 4c98d66041c5a710f9cd64c0de9d38e56f0416b8
SHA256 aa681dabd7c20ed36d14b8ad84ea718c402f783bb15ff1eeec014a0e6ca2039e
SHA512 ccc603bcfcf0477ccf94ed7b1ea3b19356ad1257db4e5b1006f1f2aec7e04a7f89a425c471281bbac1d31abecb52777cbf6fd135d07a3677f86ed750bb4f9ac7

C:\Users\Admin\Desktop\DenyFormat.htm

MD5 c966288a3e6458d703ac76f43c9ad6c1
SHA1 ff0d77f6c10b94d425a22539df68f15f303f52b0
SHA256 741e2073dfefeb5a5179b9a65bb18d7e381fa4015ea1e0d8d3314790ebc81256
SHA512 4a78babb5bcb4b1f119709d025648a8dac261824a832478d0012bf9bbf6fc1014ea9c02bdf85759a2feeb21abf260399e44978169ad9538a0cfd8f4e156dd15e

C:\Users\Admin\Desktop\PopTrace.ini

MD5 0be63266b6aa11c29525863e42c29467
SHA1 153bfc0b706863759d1ce7343d232ed05cc12cd6
SHA256 8368a8be6597acb4b025f4b24d3dc0294792b9ea30cd9e6f0394eca8cfa38e7e
SHA512 992aa8e9154bd6100247b9c919203bc3806933c3e23aee3693abae85238069f71ee29909a6d2e57b146d5be9e92c4aa5030a47e7262c641f6c1984d3a2a198e6

C:\Users\Admin\Desktop\OutFormat.gif

MD5 a3f7a0cea8cbed317171489186b92bef
SHA1 bd37d60f002d17c281d69f116ec5b78f0a55930b
SHA256 f3677825c81fd53200fa708b9e3dc1cde8c2140ca4d16443811c68c9e8159bcc
SHA512 f02d953bfc34139ba1b2c338bb31c49e2aa97cbfcc01cbdcacde27c8f3c1493ed4a47f718efeff0ef120579453fcd10214ae5b36d5778bf40f8a5a69b9f1ea5e

C:\Users\Admin\Desktop\ResizeDeny.asf

MD5 d661778ed6c27c10da0bcdf76f264bb6
SHA1 5f7aa1c0295f03c8987a42e7a984f785e054a4a4
SHA256 15289a9d6a22e880f907d0090b154943231695f5b643a7c8ef7e425b7e060bed
SHA512 29422d326db30d12cf6699fb9ba66750af6e35be616d51416f5cea23aff6491db5c190342fc8aa63cbe6fc83efc264be5d625c7389dbac88163f356c9f85eee7

C:\Users\Admin\Desktop\RestoreUnblock.gif

MD5 74c36bbb4e263e0ae13895e5ba93d393
SHA1 be8d49124732fb4b8568d6d786508fe923eb612b
SHA256 52f23d8d156458757aa3c3512c4bd9112c48677298bc1551224ad04ba9521d37
SHA512 b00ca4f833e6d64c2eee6bbb78777e76b068a3146626fc0beaa0beb073a2f65853f62d8e711164b7ca03ecfb91c5ef096a9b71f8953a30e5b161bc1ab5240fd9

C:\Users\Admin\Desktop\RevokeRestore.mp3

MD5 4b833e93d96ee4a599c3c58f09516c78
SHA1 3baaec78686c186ccb9bb1c45d13986209ebb73c
SHA256 9e68cd7d06f7dc18e28c4d41f992ea4f17747febcfeb27efebb5095d1eec6160
SHA512 6d91d69329a3208095693c3d6cef8f1260eb167cfd393a4b25cc9d56a5b20add625023b7878f651a8f25d8d4234b775c0952b482de60743630323ed3ad328493

C:\Users\Admin\Desktop\SkipOut.nfo

MD5 4836397349acfbcd5152168434369c84
SHA1 bdac33c5e48af8535b375c6783774665b56f7ef4
SHA256 2fbdd5f922743d38a04a46b74d1895c5b4675b7b0605c9015b7c6d18d3bd5f73
SHA512 021559c932c54af244cbdf7d241c17dcf1ecba82b1887fb2308afda04d8d7c630678402751f0e2d6be4c577a1247957118d62d9ad029d05a1143670b9a723889

C:\Users\Admin\Desktop\StepResolve.dwfx

MD5 5cab9ceb2905613efbef1c418a44426d
SHA1 b0a536b404dfd61452f3e69aba905bb0969ce8e0
SHA256 a47fe2d83487dc6cfbb9422b992816b7ff2dcc42803d9caaecf961c271428656
SHA512 884c857e9f00fe3b71919869516ae7a08809cd4f271bb700d20a3e10675869fdae30519cc60bc616f8d52c65add17f51db20b8b38b0af57a63022de0ae8e7940

C:\Users\Admin\Desktop\StepTrace.wpl

MD5 565b334dec7e2aa7d813359daf050a74
SHA1 e180d51fc79e5a6a2ad02bfd05e9053c769cae5c
SHA256 2f3205da86cd2cd74042ddafab49f6dade420d88bf5ddb46a03c9a31745f35a5
SHA512 f1f519edbb17183cb55c3f1733887a309c6e943a4d194e3963b30826054badf31bd0318efc8bbd7b6d1418878b88e0ba2a8353a4d915010d04038b160072c094

C:\Users\Admin\Desktop\UseCheckpoint.DVR-MS

MD5 8feeb0102275b721b956e0e0fbf6ff35
SHA1 451a7d88855da42fb7d8063fe1199e299653b727
SHA256 9b4227a62710047f1621e0d080d5b13be22c5cddea063c8204717742a95ded90
SHA512 80e00169ba290468a9237c1e3b8229de55f707be26a0387b1191b5123827a5f33f50a67e49a48320c006374569bac421c809aa2ccab7cdb40feb91a51c513bb0

C:\Users\Admin\Desktop\WriteMove.exe

MD5 2f30e58f9dddc2557a60b34e420d4d24
SHA1 c733b3afdce065c183589cdba68f564bf0ee1b12
SHA256 14e288b7b042ae96e0cb40a17e7d07ed137fe2a03606d65d6f9f72c99da7a0b1
SHA512 0a8c6a1242fdddcd3332dda21d8e1416aa9ddf2e1792b210f811662bf91a3827d5fa80b9bacba9893cb16ee6132aa24ff7e62159193d45c9891e8dad415d8ae3

C:\Users\Admin\Desktop\ConvertEnable.vst

MD5 95e8b886af03f5feb4510dfa49137354
SHA1 97e0e6f730c881167bfbf79ceecd8995c2452868
SHA256 3b9cf9336aaa5b0f618636190b486779d203423edd450e2906ad3995dc59e040
SHA512 4ef072b3d1434f4a8da8ee12951b649628e6c534d19f1db69cdaf600452ff57420fad74e283cdee4a35065be185d0c4a48661c19855ac3f72e39adec6e66bea0

C:\Users\Admin\Desktop\DenyExport.odt

MD5 eb8ee23a6bcb310b3b02fabb7617a335
SHA1 95f5b1a3fe2a71ae03217ab36042a108a5578bb2
SHA256 47d8de8b3900ffa4a544c9e075c46d8ac4855655ba6723b135e5e5df62bbbdfb
SHA512 3abf3ca9de407b484e12e9ae313d6d1cc082e8bc2a302db7ecf378db8f31ca6bec754c1f74ee26aed938cecc1c20fdf1b43f69fb23e0b31fda3c1235198142b3

C:\Users\Admin\Desktop\DisconnectPing.wmf

MD5 99ce15cae22cbc1642138e1a35b89cf9
SHA1 b3de6c53bc177975d13f4f82eb30bd5030b26fdb
SHA256 450b3c3cc151b1f79289a4731ababc87abcd36f6564489ac035e34af76bbac73
SHA512 eef47dfefa2b299f6246d11aba7ee82c572c81272812dcebebe2939375e85db35077abe38388e5d772e8f4c66c46aff9fb3422d7c4d74114327897e5672c3e18

C:\Users\Admin\Desktop\MountSync.gif

MD5 4ccd1460721ea160f0780fed9fa56c49
SHA1 6552ab6d8cd16053ffd8427069720af96df34f2f
SHA256 99e6e34bfc40f6e2c780ffe30b4af3847284dd5fd4026de634ec1d531b9b6249
SHA512 b97ff3a356464ad941ce64e21d9cf4a9a3c426bc2b80acb641dff9de5f4ba2555219662360e7b5ef52eab8c4361bb39cd3867800d65e7c804b874e8a5ea15b70

C:\Users\Admin\Desktop\InstallSave.xht

MD5 222b29b7f84dc5d1bf79f478eb961744
SHA1 5a32b1b86cb26526705ee1305fba0129bfc25b7e
SHA256 2380824359d977627bfa1afa1bbc17d424a341616361743ecab2df51684790e5
SHA512 7f5603d62b3c2c777e3ab6020fbe4ad165d3a2efab65a4939c205bcf8c3d586ba1dc5f1821c0f1ca4665a40e4b0998b4d534281e8a67d9db6f5bd0979fada5d8

C:\Users\Admin\Desktop\EditStop.wax

MD5 9263c086b425207db205701b0eaf1750
SHA1 5a7b338e0c61f24f7586162c50ae33287eb6f9ba
SHA256 e745291a4198e0cd036d1b8705ba449658c4a26d365cc1fe7e23ac0962109a6a
SHA512 c87d8cda2e48eaab42491d2d6f1af983189c14bfd4654dc8d03bd157f4bc985e08c2947ae95d9d5bfc903e96fb86361e3224f226d463beb1b03794156eefe05b

C:\Users\Admin\Desktop\PopCheckpoint.mpa

MD5 56af6653b86367e34d9c2cc227f0dab5
SHA1 24e11088718a688bfd56cc0dbe32351f0a514aca
SHA256 8d9a9124f03c1918fa55745f3be3a4c9e6256efcf55d415efae091f54f4d2cd8
SHA512 7bf00533820d5065e58c8404fbf611583fa57a85b1943ecf20a918a5c2c1a435f7b1ef9dea73befb4c74fb7a5a763769c7043e4bfdfbac5bd17ed9ff1d5931e8

C:\Users\Admin\Desktop\SkipResume.odt

MD5 50b08d95b2de30fe87655681d49f2ec4
SHA1 f9f18181c2f5a6339ec73f5024e80c0fe8755398
SHA256 f31e300615191cd8e2988951aa1b479dfbcec3fa6ad0e2cc627c2b8d40838120
SHA512 a3139403bd016fa9bcc17be579f2209a27fc678d428f7e520090fc33869fcdac8d6527286242177e7232952c30c9956982628b81620f2ce25ea8a36b1edfab9e

C:\Users\Admin\Desktop\UnlockResolve.easmx

MD5 b4763720f3dfca57b226a2631a2095e6
SHA1 195586594d4f3b5877a42ca1fc132335fddd7284
SHA256 d19fa5992eca57f0ded7b31152809e06dffb52722a2c618a62d7743313c241a2
SHA512 8c1271d8fa61ed2153c221ac790db59d5dc9c2402f85d602ecd1f0805539affde7cf83eb74c7473542ac045391fa25797c6db0b547f2d64c338a6ee233aed02a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

\??\pipe\LOCAL\crashpad_4748_EFAQMYRHHZOLEEHX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 227370880f0d2394993d56ee9de48953
SHA1 84f7f534f4b2f9e92da98a6abe18060a64edcf62
SHA256 04bcd26952c3f00bd58c2938900387ccc07d6e74891cc029e3d95d4f01e13cb7
SHA512 a82fbe1e49d2bec7956da1d4980f63cdb5f608f9e0df77cfef26628d8b90ef9e7ee10711335b6230a3c8a467a6b41bc3b61d5283b108928a858c7ed05ce3fbb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\~DF574EF4920A805F48.TMP

MD5 4c1d196486eda85851a8ccdf54774e0c
SHA1 89e9ab575e7e1b0051169954b5d623b2f3569403
SHA256 f52e1993aee57414db4f55d91a23897791180486c23c24662918ed4f3db00d91
SHA512 968017a0427bf3f466477c4489cfbfe6f5169d62d1c45788148870fa09a4696feb5021f13290bf7b446aa085db8ccaddac69d64127c19c96a4bc51d45ca8f893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cdf517ed229739b3ce5c29f4184cee52
SHA1 1ef4b49324b65092e637c967e5fb1221de297628
SHA256 7c721bc60d5991d2dd2eec8f8c7cec330637e39383489813a331921d406d07c4
SHA512 f60d32c175e950712358b4c5dd606d7c4a80b2b037874040468b8060f242db61dbce6e417e1993750b1614361c9959eaea35c4ebc0f0f174bdbc62270c348417

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a085f9a0c4df0024f4077b7e0c22295f
SHA1 ad0353b2d2ec067beab0c33b245d8be79a0c179c
SHA256 30e17ddd4bd12c4a31b7a038076ff44d8cfd5df594e251fb83fc92a4db26cf24
SHA512 9b5e79ede568cda979a3f283a997af12e3528fd1f77e82e3d9d7bb282a29ed367a772672feaddf1bd6c25557d5f329da45f0db0ca084b45534cfbacf7ee597f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 6d539a53f953141403ec1022e693f770
SHA1 24f54f6fa0a2a983b8531adad993cfa0cbc045c8
SHA256 bb0d5fe2d676c4b80d4628a411420813b9e7c69c7f1839a56fa278deb8130d02
SHA512 874d9b86543af2be7d6b3b7a7bd34fd964a0f502c1c2c16ab677071e5a8f3876143f108dbc7d703ee019516720d28473821061a65e2c3c24ce36b9bf9f59ec65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a42df4bb7bf3a2c8cf44333a7899d2f9
SHA1 3021d0a831102613bae9da3e5113f6b427065e66
SHA256 2f6418cf91dfd6873ab2065047902215584b2b564e20896caaca6234ee5b1c38
SHA512 cf4a15daf823d389f0e93c3ff50f1075ce0e9ad3f79f340f548930740a61db57dd824074c032885fd159e31f431f1bf6d386bbbdc058fc5fca59852c69db29b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b947446b132adcd827a7dd65ff5e69b9
SHA1 7712a30b05ef539c8cfb1f86a825fb66abcf96eb
SHA256 3cce9a650dc46694770d83ace36e2adbc9cecf5d8c9dcea81b6a38c968dfd45e
SHA512 c8c3bfe66f7827c2d5022ae20ab0a869974d76feb93099d5bbbd826c7e32a4fb2dcbdaf9de1cf599cfa626fd8eb4fa9465c9e3843d7d313b5200d60163032b1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584169.TMP

MD5 30e4c55a57d59d69f70898117cc704bf
SHA1 a5c35bb3adc7670d19b1b2b92a3635c6f37d3cb1
SHA256 95a7c233969a8cd61bd7fa9a905462352fe1cab46637b6e5fb234e4b2dc85fdd
SHA512 7f240476668b9377f13e0ab6e088598ec76140dedfecb8682e65b62fa1fb91f4de2b87c1464fad3577a6dc96a8970e16e270879675dc0cf8c7ebc1f7509d7a99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 ae77bfef629655dd8ed8fe4cc394f58f
SHA1 a84909d7499179d0e93bce05568d3cc1dd23cf1f
SHA256 3f575f6c903bfae795fc4528d1064a5442b8d89cf1e3f874e1202bc22132f9c5
SHA512 b719d8343370ff8d4c4c44df5134f565860c1c8d1e455dee810715548a6ac41e33d406331adfd25ed361c6b5b2b828d4033684bd4a35cfc3f7bb1245d0cf55ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f48b8134073907f_0

MD5 8226ed78429685ce73057f97720776f8
SHA1 530d4cf664796b05181c4a1814ff4cb4fa568ffc
SHA256 3abf77430c036cd9214662e7fd991c57ba71244938b87b6af7f386dd9c6333e4
SHA512 11683cec8bc77d99db91df7945a4a5dbed7d2658890eee83b6f55da3f6c0153f00a8c5b8788fc49b06baafff1175266c9c967d5c21ae642c57bcbb55527ac99a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ff57a2ab5599059c_0

MD5 1ccd4d8e219ba0bb533840b756eadee7
SHA1 9221df41aa92874680e988a77bc5fb7b70fd5a0f
SHA256 033e15bf1507c0c2288ee8535060dc7ce2b522fe530d2cea8c5543ed2017dd49
SHA512 f94ea22611d45bdee9699ea17d808c0f994c2806eb660aca8d1af0288aed23024c6c8a6ba814900c4e3c910abf6356a45e17dc3f27908760560f16693ce6c6f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\34dba55f6e195e23_0

MD5 fa44921b243de73661f015fcb77f9bcd
SHA1 a3e8af0195e71d6edb56f6660f9ff7687cc4d534
SHA256 225278e6c1a4fb2683a45a78bbeeaef9ed37be8c3f1c01f323339dd4dde59ccb
SHA512 eb3859d5394958f0add113ee4ed4d80125aea9ae72a7dddd7edefc47cb5f521abcd5a84c507df688707909f2bf939670e2414f7eefef41e746b0e73a1e560c69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 42d9fcc7172456834d9e05605cfb999f
SHA1 d1df0982a953011482b7cc5e97803a5fae290ba7
SHA256 5029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575
SHA512 5fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 bb30ea3b46964f49ba85f475efd1fb6f
SHA1 1bb4aae7781af8b933e1dd4dee56879a3ef92d38
SHA256 7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6
SHA512 bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c717e766d0db755e79617bc721e6be05
SHA1 f4d288f0328b73d84a821242f9d7283095b937ac
SHA256 763a0c6e78ebb9e2f70414e084ce69fe42bb672927747b4687869d0825bffa0f
SHA512 c49f3c5591b88e2e8285d61a0b5ba0cc30f96fed2b27a6b766a1d3e4aceb5b8662560dbbf0c1f3e87afca8e4343ea9d65f8e448411de8f654be270a59515cc22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0811fd8eb3c1b1d720630c03b7c96283
SHA1 eff2495669f051db4451a6b59103b2813f147f0f
SHA256 5be5639df707d8f7044ee2e2a843f4ea3c983d8f068d7becea7581adbd56072c
SHA512 31bc9826c613b16aa75405d4d0488e5096e762f93621dc7f52596f8b3ce351d10eb0cbc23f39d3641750726243c40e0ffbd885309bc5c1ab0a41b6028fa65b08

C:\Users\Admin\Downloads\winmugenplus_54c8e.zip

MD5 052e3214918a95c3597a355800c97561
SHA1 f02b38277eac1eb945deb4bd38e39db9c6bf2a0e
SHA256 8a35d9a656030df9842b5a6d49d40ee9a623d5bd84127c2036be208fde2aa711
SHA512 1363b07c0cd416ccbd4c3c1f2455e2307419f2134cc4a655cd4c9b2970f12d89fa3a0ec277507764b187d954b838262027f7bf398923b95410483ec549ed2a5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5195dd7612f5ce71dfe4727c9c277b0b
SHA1 70419514cbedc780eaa0d4baf3ee6f310328c847
SHA256 83f5d26836277c54946a495b55847d72ccc4e50b31cf35f5315e5ea25bceb6de
SHA512 3f2bb0964f569262824fa29dfc1a506393d1c8af2e8184481105b2f36a166c9a81eb5b1e69b4e6b84bc4e8ebdff8ba4155e7d26982aaf6a7416b55285c14e401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13f387b211ce762211646474ae8341ee
SHA1 cbda4446a30d1741d35c9341ca39afbac28e71eb
SHA256 7a437ea2eda6ce406a9c92f1297630e13b2cbe083d2780af8524eb06c5cbc1c0
SHA512 8cdde6a9386918a93177a39bf2fb55079eeda51a9ac1f787e591ba5cf187c39ac78819bfc63f1ca046e45c163c6604c01d2ef524bb63118c4804010827e55602

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 ff2f5ca154017b946b0fb41fb689f4d8
SHA1 c8734581728346d0f3faeeea89fc589cfdbc8cae
SHA256 acd5afb29d1b87e2dcb15e518283c3f8311aa3d74c3452a1c88837ffeb3c3199
SHA512 8c23296846a123c8a9e1c07443ebe620a288c9936e18ba4643b8b1047f3fbf58dd133ad9d2edfa57a4989bafd3481a5bb36cd266d8f2fa1ce7a4e2f05633a39e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3fdc1372788f2ab630cbbd6a27b22065
SHA1 bfbf59ec15fa33e52c1d39bf85071d3faa9f3a06
SHA256 c46de56c96dd76d2874075e71effdf772cd5b1ca2509201b862307191be4ca6e
SHA512 f4bcdb5eed433b933f14e5a94550516991a47b430eaf85519a0e447fdd0c4fa69882c9e6a5e910ca77bba7017ee0e8137e92d07b4c228c0137c458831b6ce751

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 92356d0513ca1b8d064a32ed5c03f331
SHA1 9d115a0eef9a38663c9df6c8f3fae605edb37114
SHA256 0033a94154e5b25943ce930a90d066f29c49e174e1feaf241d56c1be3514514a
SHA512 631d8da4b0df3143a2910ea82355718fb8c926600b3bdabaf19953f5209ec26df7710bb5cb64d420a40a635f93fdc90ae7c9e8b00f80bbeae4eaa9a620526013

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6cd47456afe1fae55240827bc4dd3ceb
SHA1 3f379c48cefefd3374e2b6bbbaddcd69f7fda957
SHA256 ab32203b252c8fc2f274a5a052cdf18cb030cb236172fd950f638450cb7cc2d3
SHA512 3a3274dec1100b0cefc43f0fb4bc6fd2e9adf48f03da8424f1fd305cb8ef14570a3f3ccd7312f6c120d4da5f217d33cf2382b58bf1b7527db78a85251da152b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 77889a56a821c6559dc6fe7ab0fd0126
SHA1 39ec0ce7ec3bf6a47efc6453f193a528ffc15a09
SHA256 bcd908cbad8d2c3b8d2b7cd7deba43e115381b33e15d257ec0e9b2b43fbb1f9e
SHA512 07152679dcdf02e3d880de2fc24d61e056ce5a5d8bc5d960220d2459cefc0635e46a23880c035f12667ace17f6a0a9f4c7022b1e16c1de9f9cf01caad2a672b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5eafef364a0df40553f18db6cd35ffde
SHA1 2411aa00c19b77af25374024ea5193160756e175
SHA256 61236f6f79a8c4570d520904790e0225ece0fb94a11b98ada05d4fbc293af47b
SHA512 91b013a6184e561a16474b1e8549eb6ce02e5e1eca0043d0a563bab64b6147dc7f4f8a4909f4d5d8322929b13c582d22466447277e9756bae3e6a6f0daa8e9a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 591e2d00ef54628690bcd69105392ca6
SHA1 d4314a91f414a3322b7c498e6e6fffb02a9a96d0
SHA256 65f519a3fbe21da8bcf5d782e943cb09fe27b4c99272f6188cc444754d6e7097
SHA512 7320db87e5989c12bea582fa5a0340069f4d73827fa4ba5bc14ed80e9092d4f82d3e8685dd2b8b428c4917b611fd43ad5780db5d7f7b06d911e9dc92fc0917d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 2c5d4af27f0e230c62198ade697d92d9
SHA1 325d8f28b44c70726baa862fbb4ede8180589eb8
SHA256 ec6a2d5277ff4de593b08873db1cd9d5b87793e1d6c7d579842255f29285f978
SHA512 ec8b16f9020211bebeab1a4cd10df2735525586859e6bebcb34144012d4c64b3985e291a4a142bb9d18b7fa7a0d3f2d3b0fcbfb2935c8454afc134ce987d3562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2fa413749c8fc80fd915111a499ea6b0
SHA1 cf9dacf2451cfa462d573c454c24b9b209b31faa
SHA256 411ccb79eca67e7f61ee68ff2d0160771ed049590c35a747d2e6341eae05099b
SHA512 e4de0203a3680d9d694b76379e5c82549739ff51bf783624ac73bf4b622c69d08c0473de7f7d85a33c80354bc507d5ddc87cc8b0643e22cc661c4537711a705b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 76e2533d5c0f986355fe79efb4f5e4c3
SHA1 1f26c931a1b019c96159c055b72e400ffd34cb2f
SHA256 91c7483f7086c4019bee8005e6e32b15eea1d4c4e596c13bfbfb616d0f4f6a42
SHA512 07f9f9ad2bc1ad100135494c6d3662d3e169df0d949ecff246298b1e5b6f9ffa87c75cfba323f9d6d7ad0317dc19f95da6dc22df16cca3130f035dfb2145e764

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 23619f4d047f537cefb37e095bf71757
SHA1 35971c77d2b25870a9dd5be12e5fd2f94098a010
SHA256 9bc01a7dad75a1299112d6db870638aaf30400b652546b02d22a67d1ef1fe5ca
SHA512 62db92c11520cb966c86ef50c898ae50c0eda28c7effbf3ed113a8398b7941f751173e2d09aec0adf9fd4e006660f8d5f85fdef944f10c08bf9344f4948e06d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7f05529c655f135ee43308f10cb3a98b
SHA1 839aac896174a5313d42cf9b91537b856ed36fd4
SHA256 cd3cdbeecf738f6ee81f3697cf43d69b06fa4e1d6441b542fb55b83637f357f7
SHA512 7626cca6ef8805e0c0d3a934ebc16429de6e3ee8d57d5ce0f53113822383fe6d0e2e1b4265be4ca3b253c0a6309a3a9c374555c0c368690e385c7364bb59b477

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fcfe9b64fbe11eea31743581c00f503b
SHA1 63bd5d45ea867038335665d8300a472eacc484d7
SHA256 7cbea8fce398defa8576e3b126ea3c6da2bfc2e9185170c65bab7be7d568116d
SHA512 2e04ba1ce08745ce010faaf32f81cc6861af9cc6dfb21863678410068d429aa1021708c589ce471f588585321ad54f35454e5687ed366d5658e582ffe5fbd94f

C:\Users\Admin\Downloads\c1ddbedf-fecb-4f4a-ba37-fde0fbdfa0a8.tmp

MD5 18cf15a2332c6a1fb6f154ecde94b1bd
SHA1 a5cfe9975bb0c7f65064c359674cc109b5a4bd99
SHA256 d54255ca19893663bbc4a3a2cb780e3c0a7004b93e8f0e31f3755819301c7472
SHA512 779554feaae894c309333f2b182a258cdca4df209f7bd423b28153426e2028d18b0fb5997dab2f0e23719247dfe2fad6b6055370457e9664cc5cef82b7222c94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 385bf56b64c2602da39239b7dd1bfbcf
SHA1 964de70e40edff9fa3cd33cc2247273d458d2243
SHA256 96d7ce11a4b89572bb4c563b7b6b2e628a74992d70b61d65c5d2a754b4f31322
SHA512 b5ecf0ad752fbb54f1abed50a04aebd5db43b204a0ebb7d5843dac93395293e63f0ee8d4e8ba36c441578ec23d4d7edbe05517db997f94b987a120e3944961a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de1a15b909c692f0509bb2cb6021d77b
SHA1 e6dd4be0b108d289e48b3d1acb036acd8daf8659
SHA256 1044f3f44709bdc4f530da40761d65c9095b4b24ac350dadeab454cee157ccad
SHA512 73cfe398a6672dee768e223ec5dd8623de629a4e03823e950ded513e57977df4727059c217e758bb57c6458e5ea96681202052c2262a11b47572653fa7510a48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 beb39f643315eccc5758a129b5513cf9
SHA1 23dc780d4a91582629dafee08d09ac51690297be
SHA256 c550086ceb3594006a1036d9f3e0844c0b0d9fc3576b23938203e636c738a9b6
SHA512 40a6ce722bec29548330f9fc950e301be28aefbf16521b6eda5827a8d84b66295304a65fc78c52f3fe5ac9463a17051066db15cb42ca199f3118da1b2bd7b5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c34c3e0a479c2ee0597f5d1dd8c43538
SHA1 b1572d6e5bcb49a5f780b714558a3a536f04f9d1
SHA256 15ea0f5e3c3fecd1845b1085fa53a6fbb6f2a3a582bd8593d282211d71f45289
SHA512 34d9a43301fabb4a670dcd04b7b151c2ff6d36d612781ad3e24847a5c5e88c002a765adfff68cf3e9c9a6fda525f49459536036c65beadf3e915bd3c54a4ef97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4a526d630106fb92e215a4feb06dcf15
SHA1 f3bfaf868e3a43181812c526b0d3b913a306b92a
SHA256 650cf957531dad5d954d28653d1b886ed9d93733d8790884e5f3cc28f22b4690
SHA512 e8e930c468e38c7ad88b73de9604222d7cb72dd5a7dcef46ebf53723059274d28d1eb9ef455b01cb2f5ab9543e7e5997824d729e525c7135f590235aa1ca557c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1e3be55748aae515c3caaeb06af147d
SHA1 58882f7df9172d4c7548647dc972464170b794f7
SHA256 63bc2ed4508ec9ac991e161aea9ce9363a56f36cbf739d3a67a71219965e634a
SHA512 99c8ac51ceda0d9f256fb8ed4646abe8353d2db090c259b9141db3d459069ceb31b6ae50ebb3afb123541a0a09da0f0627d8b0ef95cfb78deeaa798034ca56ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47450bdb0f92f9e0cf8ee70b6c8b0f3b
SHA1 277065dfae7594dd3534e6a8ea86eb48fc4763f7
SHA256 97d490072576c2584f58df74d000a36b342ccd2d6350821f983b7673692cc121
SHA512 48e88bb3405a8464ff32c000a2bcde95de9ba617455f8d57adc20e4a2cb96ca709b45a14473f4293e737a47704831fce77591e638e6692ebd33420849cd6aff0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 333eab9743f340141d20fcade055f9f1
SHA1 f9191a6c64e30dd70cf7b5d508a68a9656a662ba
SHA256 6f853b51f1d22b67b9ba4a8414ea7b85cf2e04e36cb5b70a004f3c41ddf29847
SHA512 422c0645382a31be476c0bd8811a6f53b0b3f15713386382be62f0abf068b287d642dacf2eff49db50b1756ba0e22a7de7c2bddb6fc9be9decec749ce00a12db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5dc9c2e78d335ac52c781a6fdd6c49bd
SHA1 407913a1c928a54d7fe4d5d0b761558e0ac1fa80
SHA256 d3e4443f9b9e8fda836608d6e028458c20d1a627a032e931296fe5f72460701c
SHA512 174516a9568cb452a551bdbd58058ee5bdbbaa56fceeb61d0c709265f6adb3052a1b0219132b9143327fda758635ee0c5af9ebe55ceafcf5736896197df0999e

memory/2428-1465-0x000002A822370000-0x000002A822380000-memory.dmp

memory/2428-1469-0x000002A8223B0000-0x000002A8223C0000-memory.dmp

memory/2428-1476-0x000002A82B000000-0x000002A82B001000-memory.dmp

memory/2428-1478-0x000002A82B080000-0x000002A82B081000-memory.dmp

memory/2428-1480-0x000002A82B080000-0x000002A82B081000-memory.dmp

memory/2428-1481-0x000002A82B110000-0x000002A82B111000-memory.dmp

memory/2428-1482-0x000002A82B110000-0x000002A82B111000-memory.dmp

memory/2428-1483-0x000002A82B120000-0x000002A82B121000-memory.dmp

memory/2428-1484-0x000002A82B120000-0x000002A82B121000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67e72e0546a73482ebc0c30995694917
SHA1 68f54e05227250d68c1d9ce1a954a340eff2ab74
SHA256 9bcc4d0483032a73868f677c52892142cf3f1f5adb6a7ef4747bd2f88e49a73b
SHA512 b1126a73ece17aba73b58963fbdd34ec4108e074550b8cc8f89f5c4db6fe0e26ffca5fa393b09793a57123cc0f6577eb422cfe4480d0d26bd3518d9900e60ddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85a42e30dc25051aac6d028294112f56
SHA1 a14525234f648b56b68d12ce065246abef353fb3
SHA256 ea449510d5d8e4b419dc91f3bc3eb55c43865d0c258104fe83fdbda4f0975dab
SHA512 06010f9082390cc4a84f75360813a4db4679f828c3cde785385fd57b247883e9ed55cde30535bb71106f9b4b3d35e1b8ca23bc5f907c537aeab8c75683b7cd05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 d102519748a254a51d3dcd05a39c9b03
SHA1 bafa6e83e20f6841195eddf62b8e94feea48714b
SHA256 2e4fca66a259d4e36105796c46be44b3d990ca2142d3f4e033f67c7632a325c4
SHA512 63bed1ed1588241581b565c721287d475a56eddcbc1776f1959a453da7965cebd4b42a836cb0d3edf9dddc89650357f8491f8cfcb606cc66b9bc46a4a4fe0431

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2774a3ccd068f05ee254f7c7940082a
SHA1 6641a3f239e0ea8bb627ffdc44c382f2fdfc5abd
SHA256 a03c05cedabd09b7caaa9f67d538b8949eac37574770d2a4e101b8fd9e1a7cfd
SHA512 3eebcbeaba15fd660c4e825be475d7d24c29844b185e72653fd1ce1b7b873cdf770eada6e5e361caaf04e56b64c3d14456915b0e2567a539ab595994795151bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\558ec00d-76ce-42b0-988b-53691c23f0ee.tmp

MD5 3998d1cd7326437ddef7030667e82ddd
SHA1 3f179b05878b80820def7f9ddd3513fada7a1490
SHA256 b9930f6580160b96b18a88ddb0d5a1b1110ae7e1410ca4a27656db6d16efe6aa
SHA512 2f93d6ab532336d3c7338fd1fb5cf90e7851931cdd2584db1343c75bea4838069f31192d080be0b0ae88626f9e9d0ddf53770b10cd6ad0ef70020075ed89b979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

MD5 72a4c5bc3c91608116ea66144d132961
SHA1 4a4054742a9b93341b13bd4529e3121df79773a4
SHA256 677e06ad416676932a7b8c89dd3de7e1272fdbac51f0fe50a0c180f10edcb2d3
SHA512 1d469e6c36f2acc28d5902e781cf47640112d252e2c945f875893ccff6e5867503d830a236841ac7356211c91311fb5ec847e45e6a7364a1ade6e0a6e4b34a9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 b6bbd8de0dab2b2111b84e9cf28f64cb
SHA1 1a6429d5ef61d56bf6781b48ce89a8fdb7986185
SHA256 b2f2486827e16b4f299fc1ebf52719323c1d14751a81e228e099bb8ad39e938f
SHA512 1ed3002b632faaa278ffa6f6412d5c215b9a818abae3baf0ca31b17824d9cabe276fb00c138f6889fddc44cffea2415691569230e808cf04e0de3ca91de7e5be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 e640cd9beb8ac670eff005314b8d7cb5
SHA1 af507c8c8c71e684d454822bcc427645742e046c
SHA256 98e45390d9713136d37fb4f91d97ec77814af21804846c0524814ee46d1be4c8
SHA512 9c6a5e385241430557c9fca368e9d4385e81cb704b1b70f5e7b89bdfe82778bb18535dab4d9b166012a1a24500bad51f313b87d213a5fa0d91b5a010ae35e327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 c629915ed3bb062e17db8acdb3353551
SHA1 255009fd2b041c19a6fc10ed5ba553aadcd6adb6
SHA256 0e3d815ad912264607b20430e68108aba8d36de76cb968b391b1998a71de4e9d
SHA512 792c513ac9cd4469468d6a027ca7c72cc0e9bbc0d5dee72376ae3cb09fe87585f96178c950feb0ca9de046cc3f3a3303a8448cfa5ef08d1c70b12d13556fa8d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 dcc9a96d6a18f6a9303dc898223fe7f3
SHA1 d88b7e160f284ec5ca828bbcee373c3fccefb32c
SHA256 34b95ac9419b8371e41dc9d7c0d166b4981df9faafa93563658e6be79a65a726
SHA512 f38bf8e53bd0ba42d329223d5d3668a1a8a5cf3a5c7bcf919c68c820a4cb3290509ba419ba3aeaed5e5c76dc91841437e8bac552f8e31cdc044cc288ba1e3b19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 a5f1360da041a199ae6b99c0228d738b
SHA1 a519c55b43fb017108571da47a521829fc760eb8
SHA256 147749581b328c802c9956ef6c8b35f404970bb4dcb961f7f518712dbda4f2be
SHA512 22a14377707f799c6f8861546fc412db5145b2a5b281b34ddc97684d8012a5ecaf4dcfc334e6a6c4c408145771a92487d354318908038177eedb24cb12cdd1b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d82d987324e9c9b2_0

MD5 ce4d9608f348ebf34a9e724a88a5fcad
SHA1 12afb4181fd840a8073342eac7dca66dbfee75b1
SHA256 ffa8272e3fa18abe7da09a35b25a021287fb30ba7dff2a893dd3d62af1fb3bc7
SHA512 5e2f7566f995350fefcc240e423c527e38287f415360b975f260598ca6df2c1bdc30780cb400f37ce1a0bf32854d5c3bafbd552095d638ef42922d3090d8d871

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 abc1f2740758d63a7f619259e207deb9
SHA1 097099d1ae675b6759778b58bad31fba664eddca
SHA256 c3dd3cba1713eb474f29504a2aba36023445bed822716f802add01f9e3ab74b2
SHA512 abf1a52c38630677e91909e68708f36b02ec8b4c9123cbd9a15f33104c2723538b7ad841ee988496ed2b3a84a6e21968d2ba34a392d7c4daf5dd1efac89c150e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ded5092c04cd9b4f_0

MD5 a2b81c77e11c84673f72640f33713fcb
SHA1 4d69b53383f1734964506c8e6e162387a6dcf68b
SHA256 fcceb514a4a11db0107c84c4cae77120c24390d68346890676e0e8cbc340d9ea
SHA512 8d2b43373a508c606465096ab7d7e92c7a15aa4443a27e0a021633ab2534ca1e4da55528aabbd3c941e76c84a386486f8996c694e27b51bcc02c1ad395d7ff25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 4bedc54bf6459648dc3e35c57c902991
SHA1 1cbdded3767c01bffe81ccb93e3b481aec8694fa
SHA256 a918962b52988c6c7c019263344ff8217159b0de4405ab2536a6cd390db8ce37
SHA512 9b31a134f5430f383ce358077f726532d5ac1154b817dde2f06bcb6543e2d3516dbc66a4e032576cac127ba68d9492e792ce4b208b41d6932fdabeaa70a6773c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 942e2fbab8c7fab29516cd9f6b1f6696
SHA1 308865a20db79eae2b45226a40caaf63f076965e
SHA256 4a7e95306210fe50e094dfe04a9e5b96ed9c940b42c0def7dfd42b62b094c36d
SHA512 56e77e2a7cfe8b133547bf3306b0d52335869e77be18a7db3466775ac809d830864ad32a9109c9032b1a0346a3b7dfd906e65b24a6d5e7a13ae788b78d7b760d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 e4665b567209a6e6bfb92f8a90cabf55
SHA1 ecda546d0407272d5d238531df5759b01308bf7a
SHA256 26b27a5006c3a78f4f4aa37a9321d9d258aa0172e98a3386171f90e7eb5d8b2e
SHA512 f770c43132a3565fe3e4f9a47e58001994e82968c34e34fa3b5cefb9c7eb85b9de1c0b1d4eaa51148f55291d19703e559c1a5378276b7955ef59b5a5753a5a60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c035c55e661cf4e0_0

MD5 5d00376f08318121c10f73ddf7461680
SHA1 2e644c571bd2ca818442e63d8fcb2a9da78d3308
SHA256 2253ad6a566cb0f2cfb81a1fbb5037781abd77476dbf07c88ce87e13817ae30d
SHA512 376ca9721d5d76a5959201dae0a58091c23a7c484cabe207a200636665774d499d3c0096ada000547a60b8f3c9c66b59ef8e6e23288790b928cbfc44c0bb0793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 2e08e0106141e8b25708303ac3e63984
SHA1 41ca8d706f3774ab4bd226eddc1a28824653fad3
SHA256 66c0f8bc9d1d72134e59b4ed43a5115212855f3adf3173cbf5fd4f38a12065b5
SHA512 98953003ec760d277cf2e671881e13c0194776e2bccb578da213a08d718dd66e262a0c79bc846455211437b8c89e55b55344d26b16d8ff793e88438ce1d133cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d72a7d6eb8e0daa7_0

MD5 dcd822e496a5f24387d07e591a2f4f93
SHA1 2effb806f9d66217b6323a1d67589a87d4e3f7f0
SHA256 cdcb35027c736bc7d4ce6359da8877a5f2689637f583d6b0691ab3b4e4728cc8
SHA512 011330a7a5ad02b6d9a239c039aff2069f3cb32a7b8f9e657f02d62070a07636502508d2d71baabab59f58f7516ba93a0c6cf7d063642e326d8cfb8703ff3411

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\032a982be73b7ccc_0

MD5 ec676cb43cf8e52077aa666fa51a7bcb
SHA1 c2519f44274274a2391f67cff4da11fd4597891a
SHA256 933ebad40d15407e27b3c4ede09648df805f5ecad3f2db81da00a442df656c93
SHA512 3e1126b401bcd05492e925c849470f67a3f7210387fb59649c66dbffff46930fa602bfc4a544ef021eb451cb151e26326e4053c4b265b19c22bf1749b959e628

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 83fbb2be9ed47cc133a8ae36241c58f1
SHA1 d10ce12d8fd54154c074df8e24b27b78996cfd8c
SHA256 06d663e754856ada03796d6c284c0e1eaa0286859522c602e1149a248638ed8f
SHA512 c6a2ec08f07b21e90a0a9fca4336e70737916f6da96a80a61b03f595f277aa537a5e0c80ce70dca42d14ba51f58ab3e21522b3e4f362abc450bde2e12b599ec3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 a8d6448aaaa50f3e91d329f4ffbc1916
SHA1 61494567065ab4aa8fa93baa4e93a935d97e9e8b
SHA256 b69151ebcda06287befc2b6734fb011f93c697dee4140c1b46c2aff0d1552fbc
SHA512 3d3128d505d22cd45ecbe8015cfcb4837bf53fc63c4692ebdaf924865d1da0931b584af0af66d14411de8f62efb13c33534ad42155b22ea2049bb15ab564f3fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 87d472f4708a548956a50858832fbb6c
SHA1 f18fdedad5440873ffde6881348f4d1877037b19
SHA256 a6841dc055f03256be0739f2f9d43af1477ea3aa0c72cf9b3d0b7b3b9a1cff95
SHA512 b5bd6c264bb848b48cd78067f66c11fbf565bc47d0e46ec6ba81205d0879ec691d0e2c84352a7c739fc401fc24f10bc5ace180294040d1c53b9ba16dee61ebae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

MD5 792d627228b07758de58b4795dfd2b9a
SHA1 7c234bd5c523be64996f053f9fcf489e4053594e
SHA256 52589ce712106de87158b0e20f8e14236cf4bc42a20756e8a9ea9a5e0aa7eb98
SHA512 f97d59cbb9894d6eed47f5263be8f828a74a7617d8399175531e6e0653c2375c0b2278952c73176d238cb09438552944b79da9630296b52ddf67f6bb056d5c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd324db2a83d070efa601d128523a9cc
SHA1 bf68a892774600e03e35bea73b7e0811ef5a203c
SHA256 b21d9a1d834850d3d63c0c15cbdb946ad227a4ee0d69de177e28b09b93c83f00
SHA512 4c720e91eb50a9be33740af3f74e040e2942668e5b07e46620d18b657989dae9381ce0db5d53cb83bf373069abc3b591181bc1bc28deccd6eb6ae810225386a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b1fa7e5011f9f3f482bcaa86e46a790d
SHA1 b68dee44d80dd2b4a7fe71cdf644ef92b7769409
SHA256 3323de280cb0d1ce533b6c6a846e0ad3af535355fb00d67fd8c1f1a1f521eb3b
SHA512 2e19b3371378fffd249a3e8c5efd3425d8382b73c673d519009753f89802f6cefe67d8d8470a0e52ee0f68b64f7f4a754d46c93b26f8868d49dc2625d01358e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 56c5641907ceed848ef811af6bfcc482
SHA1 e771f515660ac7efdc3bfec90e6a0bd4c20ee3b7
SHA256 3698a32bb05f8b7cfb0bf87be8b36d2b3eeffe97aba107332ca132cbc5425da2
SHA512 83473baa079f8232ddec982ca562d4c8b1e7d90a21d7a71babe851197e2a5393d989d5796523908c3d2362a42f0d7b54d511f36133dda71fd5e0f6c25cf32097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d4417ed6ce7ccd9f63c706e78ce4a09d
SHA1 bda01e922fd65b5e2a4ec621f2f92de5ecf327db
SHA256 3617285f3877082901efca607d03e53c30629a1066c9f72bb07f4ffb2f439704
SHA512 52b323f8672bc161b8e820229fbcf2d6000a048e1ced18ba4e1acaf9ff0e5eea231d37d05326cfabb0c098d53c6e1b8b1fb583346019968f5ddbf33faf681727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 771fb63a5a3b9cdd190990898c8dd392
SHA1 6e0ed4bfaa473211ec1d7751f393004b1c0d9f0f
SHA256 056afd5b59130cfe8f2a14d8844b54745308dbeaafaf3a2ab075269705e520c6
SHA512 a01e87f1e25800a47e4bc42d262ce8f7a15da99944a19c062296f78a4a221fe173f71f922c4f6526bd817e61aad1fe7e203979c8bb619a25ae21dafcceb12351

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1dd2d5e54ed547bd2abfc7eedb87bb10
SHA1 452e9f380e066c5fb2d2d606da5819944eb34db9
SHA256 2d30e14516ddc12607f168742cd4b775196d27473be424f37bbc2addf4c7692d
SHA512 ae5fa669cd3812b770f5093c32749c1a2761d63cbb1880a42a7e145dd684a3b20291373796227dda7e1ec137f3295c3388be4155b85727074e859c1bfc5aa4cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 b9bcf30f6721dfcd6c9d44a13f8c248a
SHA1 f63ecdead5735a3fc099731638df7b020f61cffa
SHA256 f7594a55655c72a92f9252832e525a67b3cebd6feaf119301a03459a102eaf50
SHA512 6daae0965a6b2560927102e3a06feb24b5c36654b542057807e35478271bf2308aa5c641d16a1939dcf1a44e12232122138e15c6d837bb817b8fa0bcbb2305f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f27119f70eafbb590eb7b490dd0eae9
SHA1 43eb4193d6759633756b13f34a94833776933b41
SHA256 63bdd6b10e51f8e1d12460b89e55a57b532e37d903e91253c24953b3df4e84e8
SHA512 29c4565b4fbdcba6bb9f335f522a26fc42c3f08f99f09e9ea48a9791e10853ca5563ab719347ef0c85be3a2badfe5a11b3a9cc14738da03fbaae7627146c3c12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 36620742c509d873cd8e61bdda7c87ef
SHA1 25212fee26736f80c46b8e0e7ef54ebd65e07448
SHA256 7a856c65429108816d74af3b20d1683948978d2bbcd896b472999f1403d8244f
SHA512 ca508b5b9557f26639c98e7ca2aedebbe16907ec5d2820d625173d665bed34d17e32237e4d30cc2c584492be2307440dc065e02d70f9d7a83c5632552ede531a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\482e8abbef9c0889_0

MD5 9fa9e00a1acfc3309ddcdeb5d26cb54e
SHA1 7b9eae2fc57906c7f790b481c2ebdddd99273fc3
SHA256 4349ba7379fb7732a0ae79b55090ce518fb29e9bdea9150ea83d493dc4d0e102
SHA512 8ae89a49ea698b99c011b8037fe27b0b12664d754e5f327010fac8c8b6a971211c21fe88d11608fa7ea4b896dc188695495a3f3da99beb48e2c60799887b6ed3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bacf34e9b8dcbfe8938a8515d781b391
SHA1 5bcd6f66ed1ff7aae3e63e32a9bafd38e049005f
SHA256 48585de51ec92323765162ef8553405dcb2963c608425c4fa83a611689e7328e
SHA512 b2cb652af724d66a754072c098e7813b48a47a9be49c5b41b8f81bc5b8861c6bdd5d31dc0064ffe1c92a7849525b930798e239f5bb6317b4b91a6ca357e55f50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 b5580e59173498084b800c510f214b7d
SHA1 f4d0642faf6cfbdf7441dec428770e81b0e3ed01
SHA256 63fac3696d830dde086f093cd5ca329b0d08801ff47bbbfff6082944504ccc20
SHA512 8c3c8d5819a1d37c2d7027498f0c34e9d4a8197e449239e73d17cc669ad1449633f4325d6c1b5e310577e895f51ec2c672751226a613bacbdc437237d8ca5985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 ad7c854f05416583cb8058b1ae97a922
SHA1 50a8b3dc4c1fe8dec93d5f0b339a0906b572f5c7
SHA256 73d711ce39c5c7ee575c3e1a2f2c02768d2aa87c7876af126b3675d863478643
SHA512 7e4e670d36e54f83f0b672664699e07686c13cbc9695c5b76304b896fcc5e324dc32e249012e7b8409a75d7f39bcc5c568cba3387cedae76659b3457598431fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b64a062e7f1399e1_0

MD5 7adb9114238b22f9054469394369bbac
SHA1 578b16f12da9effd2367620a880eef68ed620b7f
SHA256 1fa7b31ac37a1baef75cdbb3ffdf3a3fefba956edc76e0d36273fc1f16fe3375
SHA512 e3934c98dd87b5f154c380b1e7e30886d9c7e9410a49496dd310954c93e9fd18f7dd1f4a9be0f0669371d8cb3b41d909ef66e9c784ca5a89ebf5c5b4149b7372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 40b69190ddcea6c78dc5a5c0a7933d97
SHA1 e1ed4c6a506ff6237ecfd374704164bccbbfc5aa
SHA256 d420a89295849cffbeaf48804498003ce25e207bb845a4a9a371cd02867af283
SHA512 f6f38bfe938f55c0e77e8bb58115108de1da22c08c4edd2b511ba816a30e719f62d6e8c90b51a609949b4b5a1b286b20111c406cbb6b38c5fbb28804e28a0413

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 334e30785db9bbfd3ee071c6974a98a0
SHA1 8eb557817f01f6bd5b6ba2cde03fdb01fcdf03a6
SHA256 2cd6545c68ad49fd10e195d23e568a0d9d146c5443520f7bce70ea46db839f74
SHA512 dde03edf9f37893d1f7f9a8d61443ebaf5f0ca6038907c684374f6faa64f7a1a2e801d1b133f7af393542e8ac277af70127c472ac81086caf31a301d2a6f1b2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1acbc71653e61c35_0

MD5 8cffc11791ae8535b9c9c1c0e257ec6c
SHA1 75144d8de1d1323f4090f0c7cd793ba5e7d15775
SHA256 33179bf1fd3801da6e005cf7f2d9598ace562dd3e7c711dee8617268f5699958
SHA512 ec58d5935a8c797bceecb44617d54426cc0ceb2cd29f506758278143ff6a6c7f00c6ecc3ca7f803a3951239c6b483a204be9361ae9f1dd52f4e64e1d1674de89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ebfe668988ecc3ce6a963b63f81a5af2
SHA1 ff1ddb9ea433acc481cf385e3cb8efb513f276c6
SHA256 9b84f9c99cddee686b09699fa0011dd9f1a856a5dc17a8139dc8988547dadbc0
SHA512 de14a8575789e64e5c61ef4fa2d7fcf50c1d55cd98c5af37ac7feed2d0bf3253b00d0ebc8ecb31b78a3f7a91cd22f3fc3ca5245cba1f81879ec4fdc79ada991d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bf7e9.TMP

MD5 625d26cdf107cf25a2fafed1d56973d9
SHA1 33e674d7a89c1ea99abeadc2de3b57b974e68c12
SHA256 a33a860ced40580b268dbf3efc5a829909a46b7af4dbc038cdd0d4d73f0752bb
SHA512 b9dcb061e07732d6cac9bf14612406c3ae4e1d76b335c5dfa6d880fc8ef65cb944bd2ccceb17e69a42a68f7010977d0d97132a8e6ae39b58ccd80bdf3fc0da28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d75be73cfac3a99a86a9e3569954fc57
SHA1 7d99ae22b109d7dfe3b4a2f31f45ceb49872b0fe
SHA256 efe8de513a80a1a1262fbabaae574a9ddfd828e797d45a28d1a4ed21ec6a5f82
SHA512 e48417b6b6cf77d50278e6b9f800022e5996cb560ca8186e991043a78c364c76f00c13117bf4e1539bec764c0132c79992024886f06b872ada1679ba73ef8996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b757b3d1f9dc400fb14135e6049f07a86ec39f3\f9abdde9-62ec-45d0-803d-2ec607c8803f\index-dir\the-real-index

MD5 8521f70d3bda9251bde2d1c4da530b55
SHA1 c4f8a84b4e20edc7a8fc73a9440134f3f47c9e44
SHA256 a941b2cddcba087a40658474633bb49842b78dad818457b644ae5e7d0ed24c14
SHA512 1e915ee8f23b5fbe6cd1394ed4cad7e1edf519815aa21257e46a0249681f73d8958e30006a001be8f59c75ac9472bb7d5fc0b3d8bf6b74807e65232d344acf05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b757b3d1f9dc400fb14135e6049f07a86ec39f3\f9abdde9-62ec-45d0-803d-2ec607c8803f\index-dir\the-real-index~RFe5bf8c4.TMP

MD5 51c92115616e0f23442d09a03d1a6fd6
SHA1 931082c69dd3cb8606067269c7b8df5a3fb46346
SHA256 56b6a053a1a12534fb81bf2f97956dd0cccedb72dd63a97d253dc86686411792
SHA512 7df4fc1a54bc3de9d3397ae8db80fe1f4ee2294ccf375f6c51c253b1d45d4883e505683fc4dfa297585a1125fa7904a85df41a151ab1f8ba93937d9f5a5c156b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b757b3d1f9dc400fb14135e6049f07a86ec39f3\index.txt

MD5 e2eaa05eb0ef57d591f535137e625c66
SHA1 ec3c1b5471ef482bc31e4aa45a7c488774fe0a42
SHA256 df97b75838eb8e75dcb2ec5b901c01426bf801b9c80e7b384ec0c0bdc62ef9ae
SHA512 c43fd01a2ac1a694476851b4b988689bb45626aee88f6a03220f9e3dc34877d9217ecbe47aa97655d90c0b32f9326543933e413dd9e7992415c9e9a621d91432

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b757b3d1f9dc400fb14135e6049f07a86ec39f3\index.txt

MD5 2c631d6b715ffbd4f4c8fcacaab0f3be
SHA1 0a3a59acd5529273aa308b78674e82c787230bf5
SHA256 8daec4709ef4e04778ba32c23be793243551c9773d87a56aaee857e6cc88140a
SHA512 4f6c298a649ed91becaaaa7f8e556d127adcf388ff0fe5cab3d85106c5cb1b955e152ff0c23e9f86b964c3959812ed0b39647fbd4a95d814b43b34105f622099

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6169397238ba390c4ec29d370937409f
SHA1 e1efd1fcb7c839df6c78d668b3719a4c0ebd9d4e
SHA256 ecee82c2f63014af430ddddd1ce20887145e917d10d89ae3825144cab904070f
SHA512 6c872e71b28122112b06a7d68d2299662813d810c19a43425760cd095ffb707e1a3113cb81385cc0300660ebc40e94514391c2b5dd6bb1ad302c8a75ba30b463

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4c8ccfe5e4b1445865732f8de9a8e562
SHA1 99cb078858c772df9e814b759fbdd71578ba2d4b
SHA256 0528120f7bd28302ad3bef874a7bcdb88032a364377cc7f1c01001fd04b50135
SHA512 69819bdb929f4c049306832b707cbf8b7b1849c660d26019c9a23dd8387596e9ee4a0f8172270cf3756f25918c7443a1490574f65882f1d145315ba1a0d7f7fe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dbf6271303f77e5cb23a8010bc7cff45
SHA1 a3ef4eb75e79db95777a8fc0eb4ded6156d169fc
SHA256 035e590210c0782c54444c7874b4773070940d05236c4cab7d4e772748b3b835
SHA512 7750c1d2fcd22542b9eb2c2b892d98e7e70548d4aaed72558ddedab5e4072351ee4993d5083d18dc743d47570f2790b72bcd4a58ec3e6c900a29d0c9167ae49f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5032715d5d104169_0

MD5 cb81fed707ecf4217a60cab23a774716
SHA1 a68899d6b7fe7ca6afe62140fe0afee2630e6dd6
SHA256 4c7b22512b1a865d0ee6f7574e14442225db4ae04a6fdd8dd84f2ff4e3eac718
SHA512 7627990d8ba8049db52c16a8d17671a40547cb709563fa3eebbaf1fce729154c9bc04b4b8d1886f77be8746fac4e2f61aeaf4827d5a108898c0cd7ed4095eaf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

MD5 40b1b034cc7d9880865a653cecc4be3f
SHA1 2579a1e08f24961154731c612db9855f474b448f
SHA256 048c5d15ca4796c14e43e2c4e914fea004e0ae37a93d3ef3443f1c254f467b64
SHA512 09a9d89dab4e38ede7f04736e11470ec7d834232843edf188ff4cc79e5d049e6b53fc6fafe0ecca4f2e8c836f7d10549fb915a58ee6100f977bb1627be13077f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

MD5 fba6d5698cb17858266351332a7641f0
SHA1 9b67d9b9fa6e47b11d2ae8cd98fb84580456d847
SHA256 9bd85806f4172e3b8dee79d93ec31a270c50aa6544c8f8716a498cc3f107d2d2
SHA512 d9e8fb8a8c82e176c35cb66e2453b5e87f97befd11e68cb08c37974a46c1dfebc512a410aa980fc7f21f34d6e1a0947c71439a4aee7c2253121e677ea222d610

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8efaf556838c0a94_0

MD5 973282d934488a6fc14af8b3c32d7d75
SHA1 ffde090b8910d139d15ab8540f546f97eb6440d3
SHA256 1b75cb7657bb786eaa8c77e43ff1959a6fe4a69022a841aaef78d160977d4335
SHA512 370ae9cd5f46c065e3342eff85cca220e595b08081cfc8a6db3c0c2e74ba33fad97bcf1bad733e0bc5905c72c6716c326add2c074fb6846a3628cbeaa48cec54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eafdef011b18f148_0

MD5 67ec1823d1c30e264f09088c6e2d202e
SHA1 c5a622f509b95448bee5aa055b101ec76f3853e6
SHA256 9688ed9cabaf9bef5a4491ddca33b14189bdcd68c92ec2b33857cfe8e3578265
SHA512 342424c8f7c8cb39b65e51bdebeaac7da9b11abf937e44350214176c6fdeba3542861722fe4afc47f81939928352c8fad99965f1a9d3dd04807f2b339457d2a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 b54914c75efa3592611cbbfa76ce9485
SHA1 3e79f8ef68fd8a5877c2b7af48a0ed1db1c86e30
SHA256 42c0c2a5fef6667022344473fc789660f9bb8f5416cf2302c1cdd3c8c9f649cc
SHA512 861b9709760bd558a95e936bed0195576a40be2e26391238deaba95b6ea8a4c1ce54f5ea7e4d9fb22486fa78afadd39044b6c7b6ef2a5e83383e50a4e79f2b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 0978fbbe6273e966809105f0631280d8
SHA1 a6a4ae40b4b30092f28e732809b4786adf88c144
SHA256 42752cb662c3c773523a0284c166d9b2e4f09a3e008c8ee0edf072c8db4a63c1
SHA512 06799b9ec5020ee474c6fda67fd0905f5794a7e24dd390acb72a540b2f9dfb2b67f4e0012d415cbc593839b9b2fcf49153506001cebe17798b89867bac0e8732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7951b9aa00a8b4d1_0

MD5 36979505f82096729927621840f908c6
SHA1 61714f3b6976ca872b4c1bba1bea7d69136f25fa
SHA256 00fd87b07b6b754cae96e77f021fbf4a9538b6165126b361bd1f3f06c902188b
SHA512 e7c9ce0675aa7ad07ce7dcef21b78aa175e00b4e2926c903b55cadb23efee8f4c24be9db4c3146453f23e9b06c5edb54cd7944befa9fadcd36605f8dc1481475

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 757cdb531b7568f2955f5b047d7f957b
SHA1 5b97f0c94fc8777dbc509f8e404dfe73a31cb188
SHA256 ab6ff52acd7e306af2e9feeafd2b67ef6f0c63859552ed37f96a8b991c910306
SHA512 d9e07393fa8da4cb4a2d4318f6d8f9c9376d2867af8f1b7079bdca7987dd0412eef85755a18dc4b69e567ae73c57ad5a8483117dfefba6dd479a07b2b0e2bfe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 b733bf74ba5ab02e528708a8d983c6f3
SHA1 f1475fbcf4bd0581ef104493aef0cd1de641c314
SHA256 b995c25a8dd855b5e48acea826af5cf3e0976fd2a27579593e99cf8e1b9b073e
SHA512 cbbd3a0cc0a838b382504658e3b22ec0f77e91c71f928a079f942cb25a69f175ef93502c5b54ae85b8a0fe608cd590e86aa11238db5d0a09d564b7354ee8f507

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ad8760711f2bb72_0

MD5 9647cfd17fc73004c39ff1e17be92599
SHA1 6096697287ec0957a38e754a14d54abc75c05501
SHA256 ebc0b711348481759c730ea6e95f87a3d9be5e865fcbc3c95bfba326faddc95f
SHA512 7d17589ac94f37dda8bdd5f3a41e96fe06800384582877ab7962866b327ba93a8a7a1a6cf2b2aac8c77d823e86898e4438081660d884a44afe1567730e2432a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78f998719ca7d3c1_0

MD5 967d03277edacffa8995cfd5b1c9c0c6
SHA1 73cce66e403e81d3ad364e028c79b2387f2a115b
SHA256 2ee0c8353f7c554caf3ed3c0f5d1912f3ee6a70306b91c209c858a92d7e0a695
SHA512 2e3ae6e78f658a7852ecfcb5c53f9af1d6f83acabf8628c0ed5fbfb1d99e40c4e6eb735cd04da1ca9eba49555c8f29b41fd631779391ab5cbd6738486d2da98c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a32e24930f82fa3_0

MD5 0a2884991a5f6073c92e10e41640d920
SHA1 93fe8e0f35eda67e30209682f66e5a58bd6764a2
SHA256 a3727fb46c2e0272737df70ba8d3becc6cbb78fe2def02d42f400fc94c277cb6
SHA512 a81ba5dbe90bf9e672635ba608ccf6e354a1bc619a2dc9540c2e50dc05ea8d97970e329a4bb562aa75c017e12b36045b86115b5f8217b4fcb7e0984c90a1119c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 b2648f7a6c1f51c22b760121b665c09d
SHA1 80c7f028a478c6870b7023a5485ee47f6a3d5e4b
SHA256 2807fa2d68b8aacdcc454add3239247f9033ff1bbd39ef930d82e13d517dd17a
SHA512 4e9083e610226131327fb7112d0c154874fe1d3ee5f7bcc6537ae22a2e644adc755be6f3966354cabd49d0f15f20555c8a7936c3031d3a5d00ed8765c20f3495

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d63234cae7246b3_0

MD5 5d8ed1629a0092b1b65e0b16884dc583
SHA1 2a88f6266cac790e398c89fd849dfeb469fb319a
SHA256 55fd4c5470aadbe36c4e0f453df1679c2744caafe2fae938e8e38a86852411bb
SHA512 459290942a67b02b09f57451fdd1dd6bbfb4a5c7ea854d2f0c495951f57a4045a1e81d8892057cf9a4fb9d9b9ec404bbbae886ee4b2b6d290b84c5d1ce60d637

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 c651d2735d53c0bc6f371541cb82e401
SHA1 5b86fe0ec0ac2dda916cc999f04e65da168b10b2
SHA256 9d07304681820ad7108693441416bcfd381454113a994732ce3a7dcc7d82c472
SHA512 3d8bdb960e4772919b5c749ddacbe335c96c98ee7f5203e0ee73f0167582c6b598dd41898002368ac3ef68a6ccc8601ed7523340a627f72d9da66ac7d7aaf46b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de828ae97bc184f_0

MD5 c4807eef0674f1e475be22144d43484d
SHA1 3d45de88c3a922bfe8f6ee10c307888637a29c1a
SHA256 60fb4d0719cffa92cc4c672daf86ae778a58bae9c6556877ef2e84a776410d2e
SHA512 7ee2df95aa8714694799530046bf3016f980b8288f9280c39a68d86d6c9fd56315eca02332d554fa00ad8dbc400ca464b92a754e655981b8ed894da13d328694

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

MD5 555a02aa6c70a28896670c198e499c05
SHA1 52de0f43ae529188031f67117dc4114632751a22
SHA256 98cee6f2ebf08a0a2582f25a7a5f20fe20f56399b1a1acc42ddccfab8642f829
SHA512 e572820d3c3d9de69e480a9c51005c14625c9d2ffa545396bc4d01e52dcf95682920d733d7d318b4653e3ccc0c6f8e4a931141b4946a3b43a62589da477a4f65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 b1a2c8e503e9485678fc7e1ca85b37a0
SHA1 31657ee87b168971a2f70785a367fdb63e42a6aa
SHA256 ae528242d50eb6280daa2440844391a9129179fcb110deafef4bed41d0f2cbf5
SHA512 aaa0ccb6da540caac9093d6905e818e80087d1669c8cc859b811ad0f91a91cce93f3b8a4dbbf9f6a777641b16ffeb008bd0d49471e02806bb66b1e7e5a3eaeff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84f7b82dc51ad591_0

MD5 48929b67d1579d391942c2023dcb085d
SHA1 ad7699fc8c552c91133b7b2f43f6e8f1c3cc82b2
SHA256 4aab645559695ab00c99297c49dcf05085f16e33ea5d6cfb0d7622cd23a6cd9b
SHA512 2ea2acac90fc72a10404edc07426b1e1f80e78bdc6b47b25fdfe40cbc1cc9178fc60e1e6eec6f7d18b82c0fbf6d2f0143bb8702b3971f450bcfe411f97f8d91e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

MD5 061544a16a6e5240141fe5fd89a98dbb
SHA1 f7efe300998be08731b98cf11fe223519e37187d
SHA256 216a0f90fd2771c750bac74c4a7d783f8d4781f943c2798683b7ea32fb3a232a
SHA512 93643adbd8994f93a2634547403e000c6cf08cb9f3386f2e95a89998bf5ec16189b4170cf67b010698efb75b9a9a14ef0c2b47ed863bea23e61394cad8c0946e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 5f8f03b8f01f30dde17d6317b43f9cfc
SHA1 78e44a289ce9f59636c55a1f737d38a0aaaa982e
SHA256 31f6ef7c758585c7362e6df6ee49e5cb66acb8b7abd065871eb52261d9c62f77
SHA512 df83b9e8106a4328f0c09fc585ecc10b20ebcfe611570a1a4fdabb5aca541addf09529b9fb699653f68207bfe3f90b3930f950459ceaddff76eea648a695410e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 3e7889562b8e1bb2851a3799d03229ac
SHA1 448b3ebef3ea028b2e0a733947dde60cd35c3d4a
SHA256 b6722c6e45224d2b42a645b428f4ec669e7864e66e174c184ca9ad7e45ac3f53
SHA512 75fae2698db1b6510efe97ec7d7db238ad210341cc1a76b7106e23d45e3fba25cabfa5ddc3f804214b732def6c093223e2a789835d1abe4ab8ee421b40c0df2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d59841049f151ae7_0

MD5 7a7a13652635c291fcdc8e6d0ce0ad8e
SHA1 4e59f38762fcd5aa1dc85c2b955eda1289ad1395
SHA256 82302294d67fbbddf85bcbd5d8b53cf649959ec13a337d6ed4fd06799bd68a20
SHA512 4661ddd1b7574fac9ee3d6cc80e46b7a956777fde03324bb77f38d57967672d91be272d3ac2b331bc458d6dfcd9c695e6169a29eef77ad97d116aff76dc0cb7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 2262741800dcaab1167eb6a63312de5d
SHA1 fe2d26b02250293ad88833904f2957849fc24067
SHA256 18c8b8c1246780625e47748fa5068bab428d5cb7d0e8600076cdcaa184545393
SHA512 b94a015677786cddf2e3cec76651a6327bef891c6ad499093cd7d8d524f9e300ff64a25d5cdb16e751449e3f8f5db9ed7e0f98a08401143cf630e8bc7b487b4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 b4cab8cf482dd388e049554aca4ca62f
SHA1 b7901e490f0fca181e4738ed7e1e3aae1d9d7371
SHA256 fd2a7ac5d9b706a5c373b778cf3e5a97e0640f4fcd1584bc8f4f8c584bbc85a9
SHA512 708cc162dca8b4bb15042521e38acf63bccf33395a83ecc641679f91ed213883263c02ff63ed470edb3073d9b92a5ed2710e857773b7bfa3a7dc2df5f26adb59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

MD5 d9a2384b47e6d4909d7d7ab05f9fd742
SHA1 6807a2c7960fa63f25b3ad2d2d7e0c3557f72d07
SHA256 ee16b0323c8a48e23d4c34959f2039e6ae91ec8ff440972bb64f575a7af00e6c
SHA512 855aff94154d8193c62a8631504e22a9b9cb50b9d487c3263e76be85e36b1c0f7e57d30ec55bdf0a9eb27438e856740b1e3b9f97501962a7941f58d6be620a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 01be1405f8fda402b6886e78e2c96dc7
SHA1 aef469261bed56f246b8538a1a3766c284ca920f
SHA256 b383f63cdfea0ed25a723e3b6be922d08b3f4669f65fd417343bc810bddacca1
SHA512 a41ee90ce9a79cd06938bb7183ee23c3e88b306f9c177d4263875de66605ba79a521b9bb101b333880cce36a7f6f4cc2c267464ab8e15e0a998769cc649fa573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

MD5 7f55e4532e984d702ff68ac182136c4b
SHA1 34d7ffe8759f8a3694a3cc2a3d848c757c4e7eea
SHA256 7d91a40ae37ef282914eedab7bab7f6d0d343575fe410575ab098d108edd8e1c
SHA512 76df7e6902234a8ffe817f58d3fd97e7957ede0f08dad6dc6ba1a743a0d8e81566a3d74f567cd271900e7e1f9d7448ff68c6b524e14962d8a53fb2b0daf8a2b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbbc3b076556d40d_0

MD5 0d6cd0b1421d5259ecb77796d260b05c
SHA1 7960e58825f8fd34b803238726db5b20f341c4f1
SHA256 5353fdcf9ba2ff55900fd2277878b3404ce23f505c89e65b4b5a72ef5d6cec3d
SHA512 b80480337e4f773cfcadf85711bbc4ad4abeefa08a31d37a627be0b372d02f88079bddae30f8940cd7e042df5531063f287c86909a5ce5fd568d974c9177d7d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0

MD5 483629e60200292832846234bcf05c58
SHA1 9e949b018e186d2c6715df3939e99f297afb7c7e
SHA256 456b695a038a7b631617e746cf387ea13249e8eb1791a2cf98f39d2af73761d0
SHA512 16c0117776e55977707727a0cc570bf526712d2d1c497740966766605ae0137558d3ccfcde1c123b781aa03cf1df0c7e237d97257e629324a62f09a289769674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0

MD5 a7c4c72e099c490bf7a9cb0fb27d130f
SHA1 d6a4fdbb21993a54461dcac05ceaad87aa3afa2b
SHA256 d943b0a6679009adf0ab1bf42c970354b2bad4da5b59dfe18af55b5692e12884
SHA512 34e8a4881f97680d75bdc4b15949765b2b89efa5bf3e62e86fb82b0c61f51af711699b979c80cbe950672b5b6bf34f9024351b6faba7553d3a7171ff78233448

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

MD5 1fc6e6a92eedc3182235fcb8b80aa08d
SHA1 a3ac3ebfbac20167aceac2b6c4c39d36d3918919
SHA256 376e02d774fc3c28fc3f12ee5cd0d1d51152d4fddd1b0151bcf018a91f4b7be4
SHA512 ec4237fec13e5dec5b17cc6f17c9db5d166ed641793e928498cb64291b795f40b8ee1fa41625b2c2b3586835e3701bf0a1840cd1dcae0c0f8d8a074ab4e91a25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

MD5 558ee82dfdc8e538a1f2886848577578
SHA1 1d4be54bae3770e6c730ced426394d4b054583ae
SHA256 366e17112e3caf5546a86957b9805dd20dd2478a195f85a9550618d7aaae8487
SHA512 e911714dde57c8e526dce82238e8e2483d9b1b37a3fb6a82dd3283ae79de377c70b9215f73f88eadaea39e9aca1662f3948d95215e256b61d8a484cc016d5249

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 92021fa60ef8df46d373c55d26a2a561
SHA1 409227c35bf1a0c87da9d4aea2e0adaec1fa8717
SHA256 49f1d2c636b239d1da2b747a28d21cd8458210fcbb871d255da217a1d718cd22
SHA512 941d9bfc8f1dc06362a438c040b4e2bd29f8c298b69675dd1c89e20cb2d99b6a1f7ab1ef67e5bbb4c85db2e7dcdcd7a3f06362221655753a4cfd14bbef64992e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 6780ab05db15955c51e120b920c84639
SHA1 a7c0e38d2525d7ca3c5774fe012ec6b378859003
SHA256 76680d549b6f478551b4e11cf4552edabcec592a5427198af859bf6e756208a4
SHA512 871b0fd1e05639e433e1a3e277808b679741a75413591b0b31367411940f91e6bea7cc1646d388842163ea9d06038f251890944fe1963fbc7b3c3dc1c60b3087

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d72e185424f47bbf_0

MD5 16bf91fe115d5e04ffcf8ef8b6ab8019
SHA1 4ef70dfbf62c9e66808a625ed34f6faa3b8a7b37
SHA256 b79e02405ef6028c6483237ca565d0c35d98dd94181e1a7c54397841dce71271
SHA512 ed6ebec09821a60d214f657187869386e182d546183d794d859f43bcba5511da6d05a0b44d917593d9b3b9e2221894fa09921036b8936d369291ef01d727f372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 e9aa5c20b7d216aa76328e509c255142
SHA1 4680790aa2fc42db15882f0a770a920358498e84
SHA256 b2314008e5ee20954ef62bb907132fabedc804ac98430bdabff02a31fa28a38a
SHA512 5a7849b13246137d282078fb8a6bbeebbb8b78e53ab15034d1f97de180663384da136064953882abdecaab505a252fc478e06c572f17769e3a0f032bc657c771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 c4cb20fa10a06714a1816a4f160c1c9c
SHA1 63b80f24164004299a61596cefe315be0a6dc512
SHA256 47b7acaa06af9993e416f6d489308d05954972e0c4a405a06e37430b8e97b480
SHA512 54a7c49f55881f2112dc8e3d3bb919c2b2310d72462a04458b5f157ee0dbba232dca01f303aa442259108309cdde2dcd5263439caeaa71e8c296d494a7415aa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 d5725953cd4060c5878868741ec06923
SHA1 1ceccf56917b61aaef86918c4867b94294e11a35
SHA256 c6c7289c3e3482406d3594ac9bd539db2c7feeaef34d44e447d312fb80ef6337
SHA512 10df3e89f8cc074f26a877b4db2ce03e6adec8ab868293ba55bb7db737c541dc4cf7732b749a53e5c060e2a3e614a2f84404f5b2dd619fe9092cc8668786a612

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 f2fdf03a534884b0ddc13a7e4fdf9afb
SHA1 2ce853d40669a3d9cb598262b77866a9cb7c489a
SHA256 57dc97a3ded2718275beda680c572b5199fe24fdbdcfa54bfdae367fcb0eaa48
SHA512 a953e725803427468002005f3bb42aeb140ad475ca123b462d85a6e9258359cc7869c2c3458d6ffd34aa000c7035338d3235a5f2b2c2237a8da8d617e7fd33cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a02229ad0edeb4e574ecb8c9bc371455
SHA1 92bd3207bf4f80bd36fb63314a631637225dc9d9
SHA256 cc168ac3d9869a2e1292a12e8a20469979048e3e2d98d4d5022cbfda6cd03ff5
SHA512 895a451e12b0ea0ae4ddc1bcac15e496847917ef5bbb1a3ee3d3abf550a969643ca5857dccbf696c523d8b85431ecf6f07a697fb92bee4b6e9df649db07824e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95d5d840cd3b3e408903805d52103614
SHA1 42c46735725c33c590b42ef4c344acd962c505ca
SHA256 96cdd37853aed538fe9af9b4285e2cc1f2f178f79512a2a21ba76bf4f89a5aa0
SHA512 ed54cd336b3246f8f0917a33c9a6acb765c341875250c09db02b3d7e94da3db99ee1e37c2b4193e2500e8f8ef01ab4fca97d2e94f04a961bfb95166962e00d91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ee165eb767037937e903b8cc4967004a
SHA1 fea38f95d522264174e5ac1673e06cbf107b71f8
SHA256 f949477780cdbd438d8eb96e0b4335ddf9ec4761b8d59774d7f1250b845e4c79
SHA512 b940fc8bb1d4ccf7bbbbdcc3d76f8b02fb6415d7816164aface40a1a85f38f07e7a158928d3bd9b849bb64a571cde204e6e4875d9d24e67242d5149a9a1bd4f8

C:\Users\Admin\Downloads\WinRAR.zip

MD5 264a685537b52cb5a2d3237f2ac49820
SHA1 d02beb7a2776aad690658bd41ac45b773dd8e56c
SHA256 aa24ce75db9c573a6e1f17923157ac37dcc080f5f248874731db78334eab76bd
SHA512 dc570151d6119a05e0812f75ce756beab63e0df7e3f84479b25454f8cbf44a6a80b3e6527c43d54841d909f801ca1ae24af8cbb93556219cccf4ef18cd391b31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 57ba77397b50b1d069ef4693c04f981f
SHA1 f9031247b2bcc8e31e76cfd162389c1e415216ac
SHA256 aa3c9df80af383cb01b54cf99f0334618a368aa8bc5f681d00add559916a58bb
SHA512 f439e1b106902b617df5112cd7730e0037ac07468368bc3795b788f5285b91572d5b563b06db53bf94672d7a67bd2e056a338c259ce5be4c18bb7493fd266ba0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4d896a9ad341f4e5a6bd1773b32e7d70
SHA1 6d64ec4a80141d6ed958bcfff5d43b697e5f7457
SHA256 6cb1e58667be242a5e6632c60b86bcff63c4769382d926e526e221487a12de77
SHA512 5cb2f8a049315ef2fe717f40147874aefcd137ac572164cd0da80c0fe7b85b9a4d0501f5a1525a4c3ea35381f28f941c3bc0d448fc4b668c0b0508cad35940af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c196ab824d9cafed2f800685ee9b892a
SHA1 f006327ce59b5f658a3af5e16e02f2c49017fa4c
SHA256 ac3424fc47cb16c241846055b27f56c2ee146d0d04f4532cc8546af9e8191f26
SHA512 54ef05b4ccc7114c1f4763b09fd73f10f453b0f884a411c919ae350aec550db15cd0b029b775d42a623bb5b17eced49f0fbbc00896b3f6a346a288417cd9e7b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf3edce984cd27de65a2472a40eafbd9
SHA1 6819ef23d3670269f6918832b4915fee9602997c
SHA256 ec4c8e2a3297f2861d29baff8826bf96a46b644e82c8321ff821de9f2c0fef90
SHA512 b8dd701dcc39dc001f5b85fb7f3b627b9d8172d2747f81448a3a1d09102db0147f3cc1575c556261a4c11968b3913544d3e9de7406154acf5c2b6f7a9bab3822

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 efbd402db211bea015bea44b6ff89b2a
SHA1 97d98f696cc339ad0cef605b5e6a16ceca8e5064
SHA256 8feebb6e488c5a300f3a689470881dc62f537b83a37fe62c6bab5f0f32332100
SHA512 bfbb3c18767d02bc230be319fbfc21ccbee15d2487abda82e9bc1337220b8a3ebca40ac10f3cace073b720abeaf51f4ccd488f92d2642f68eff7bbbf314e9671

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 8987387d20d23c1b88ee582492228329
SHA1 44eb4fea3d5a2944b9c540feb8f223d280d88e7a
SHA256 95b7d7ad2fbbf656edbed5d5d089e3af1032646aba66c815c1cdde8e682905f7
SHA512 23946aa6626c4ef0329f355e67fbeab9ba01fa95d4393284d13ff65993ba16e88eec0687e26c2868fec8c6315c8b581879f0d475b00e0328411d12937d005b38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 420eb8154d2c74b048c06d0a9e1ae5c2
SHA1 6b4f9b313833451122efe0de66f6644a8773e569
SHA256 d652402c97ed6ec5249d3e082646e7491c31f78ae62a02341f84d04e9e0b9ca7
SHA512 de991e5146e0c70ff4af76243e49aa2e97ee46cbc287a8123c0d424b7636a76fd76bce580469d5eae71e3237a748ed28d5cac4a6f273effebb2c69d716eaeecb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 2d84775ffcc589d9894127dadf6c040e
SHA1 55ec94e4530403715ba39158c06059dab455ee3f
SHA256 9fb36c5dec3e66cf54a8fb6a831cde874a2bd987c3d63339f02b7b920f448caa
SHA512 2d175c9a07198c3e5973061f18cb99dc2caa188f50eea796a2b9d3d83dd4978d1ea5433e69f57294fe1168788f5b4b35773fccf290f307a1e9620f8883d4819d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0

MD5 20c752c92f9cf73dfcc0778ae6000eab
SHA1 9c7e46ee3890138b6769a126481bc1c68e877bb2
SHA256 3bc7631e8c26dff2b97502300f8be67ee896e0849e7b8be216293e75e0e55064
SHA512 bee309189a7e66619ce8d38f10ea8e2c58a6bd779b8c34d251ee4ac977d34735fa5ce5e96de40f87ffa59d90c7c605af58a01bc5f6be9955d74f82fe3f70eb42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

MD5 44c2ca11490d042c9bf5b3703108d55a
SHA1 d2dd64cc93327ff85128941611f7fc59277f07a2
SHA256 543937f26e7860b16569b2c8c276dd88527c86cddf0c1728e1d5d03230cd15d0
SHA512 a2bf553e8674ed2fb612c59ecfe90223441ae6f9a9adfc9e01d02bfa9c50224d4d27d47131197e173af30bba3c8f9b7e117e5593e0489a076198c311ac20e7e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 3875ed0bd2acbb68ff5909c114dd7b20
SHA1 5c38df6b28caf35976479605e1c657861eb65271
SHA256 63fab1c0a2649de939307fa87372169a8d0245e39c260c00dc16943f1c34f174
SHA512 8bac28786e1592118dc60d4f4135e07dd40800eaa95e7412b58d715a4a518e8d722c7ea9726459f1d33069762654c239d62093db5a2f2433808126d7cfd434f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59fc8adf66a76ab9_0

MD5 e8c9a4ab9b36da84c6a5768c316d5d91
SHA1 441f98be30d753b6cc27fec315be98e7287d1607
SHA256 eacccbfc884248f6d60c6f7fa9b094a4a5c1cab59f46b0be0bf5b771e2a23146
SHA512 0fcf357e0e431f8921ff6fd62dbcbcf82da101b6ccaa0f71e1f559d5a172b0e8d1e78bbc0b39dc2d6531c98d8c6cf94e4f6bc09e2f4e6356b475a9a8ef7da1a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

MD5 f134ad6f9162b893d0dfac521abf3db1
SHA1 c3116cbd7ecf8d23c8ba9382fa8654e396cef35b
SHA256 1741eb3a19ec9c8e99e388fceef45b215cdc7952ea29e6959fb5b418b835e4b6
SHA512 6bc5fb72f428dcadb9de60ebd2a90cf6663653bbe4ba3ba9c1f4de06b23c6af25289c247b25e17f896e0b9de77c770e30dfaaea99e5ee8d84e44128576be0f86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

MD5 965b6e46b22eafb1bc15842ac555f825
SHA1 67324cca370f55a7e2eb831cf41671d3d01d7cba
SHA256 f386f7e9ff77460872e6801e92e00cecc205646dfddbb86666fc6d230ecbffc3
SHA512 43b949e7a0305a29495e0a540d4b26f46d52f4586eabed7d429513de469e71d9217980bef010f52f5606337a178a0e75193fd5fbc442beb41f1098f89c60e07e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94f93ada55bda7c3_0

MD5 6fbbd766707ff86ed7ada0f508930f6b
SHA1 84484be64c8f70c731a466290f2becc767681c21
SHA256 ee3b4b8c20af37faa23101792f79961143d55ae477371c0729c693a24331d527
SHA512 d3bea19559f61ce280d1aa53c0ef2fa130e9657a0b45c03ddcd5235c2346b78542668059502ee4c75bde32ffec0a85658a6b6e7164730145238c66773bdede41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

MD5 ef0d62f17c0ca832862f366f208a7dca
SHA1 993365c962c08620b6e28752fd58793d302811b9
SHA256 dd34baa327b9a92aba97844b3aa708d5582931781fc07e923700a351e669b041
SHA512 055e8c315bdffdc9307be058413a0b08d83814bee3d8453170971fc96098f79e22ea5abb396cd1f90814a80a4922a0446aeb051bc688b83558aa0b5d5dde251e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62f20db8aae8f96d_0

MD5 96301e7aaaabda3893858c6748a984e7
SHA1 7227afeb886d5ec65d17b13cd4576a478913678b
SHA256 784478f64e81b7247f5b9afabc1c0b11b6861d594764e3992a5d929b3440a4ba
SHA512 892220e66f2c91d5eb558f2abb6a885277a62768b713477249e91814fe4351b8156703d2b75098e85fe4b6bb149598028960a8a3109eed3c8cf3552086227ce6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

MD5 8b0404fcd82d9c10b74af1e5ebceeaba
SHA1 9ec940e8e03c141d4db6b7d15e1bcc1f7bbbf465
SHA256 6e9d93e56ad06fc7f3858f764f7a33359df94b80f95249d88a67cfdd822ec1da
SHA512 b96010d8293f6ab7ac7e26223598f3ca2ccbf5f60b3b323dee74f250a359dd8f418c7e785b45d3ce1f87d272d8453f3d743879d0f22a8b805d1b2d2c139c6cbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e372ed831f9bddcd_0

MD5 158d8a20479f9e5d31a827bf708676ad
SHA1 bc4ef57b5363a4f462aad0f5cd4ab8a6e481048e
SHA256 7f3f781108395d49fccb82ae7172e6144db38a668c68cb2cc9d03568c5f42e3e
SHA512 18be7fc244f47fe34bb76010edd9618d63cebc1dd5d69aaf8fc7187908f71a2dd0f55ac97b96de2ab7504222a278dbc7ccba27f8948d2ec0b44db8bd371dda55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65a17db215bfc27c_0

MD5 2523d326ec7492c06fa04f145270aa25
SHA1 f9223d1dd63723a39c00ab13c35f3308c0eac790
SHA256 38b4d708d6b8f4bbd552165b4761497eac0ac239fba9d3b381125011ac6f6e82
SHA512 f5443734c798554e4eee5b23be16a20974514640bf96c1838aa3d39658716aff1478a83bce03617a498b9eeed2920dcb31754547a18b7731589b18adae599e7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

MD5 bf9c76492db5d0ae7276e133add1b5db
SHA1 57ee19ca54ac958bc8ef83b7cad7e72dd2790b8a
SHA256 6d9654635a6a3286ceed43a0a6ecf8e2ac2a31073f255de7d095c7e6e2be0747
SHA512 6055ba5e3340d79ea06345ba217fb973949e52011892787020076a90b9bd22b18fc71431d250211dfd2790ca12f69e48dacb624398e373ce83f6a61db5d1e0e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3656f7ddf0d78d64_0

MD5 89ca8d0f03860d655b5aca567f6e4312
SHA1 cd5df5b1c32b207d7c17be7dd9f8f873b166f491
SHA256 d1969c945f2d6d7c66f1f5d76cdfc8871018bc80e72eee5d4960e934d4bdb27e
SHA512 3fe150bf38eafa6cdf584a3cfa8ef11c81219aa916718c61dfdaa8215b8464788ed9edff858becaf382b52087e391dea5a350f00422c61cdc4bb349c3bef5cae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d4ca57f3005d3f4d_0

MD5 06fd0771138ac2377f76817a56cb5219
SHA1 7685f64c4582a9d48052676bef6093467948dfc1
SHA256 8e274febcb76861cb0185837fa20d864b726464b15af4223641b6afb5dbcc5fe
SHA512 616fc6af394008f581f6b57257684ebd35331fd3a7c3d313b1a6dc6106dcb8ed50a0d0e8ae0a82d311555047696f0ff0e3cbc2ce62aa3c8682f18f5866e7ce71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000130

MD5 5dca72a4a47dd485155f23578626f93a
SHA1 9ac0fd7ea2efcfbbc9fbd40583b6671c5bbfb309
SHA256 1e465f6e713a028e1902e92661be7546fde52abcbabaf577312a6a3e403e72fd
SHA512 aaf529e1c9c3fa204806415cf317ae1d28f2af48ddd66a6e115981abae6c73b5c1e79bc4656616f9d9ed41aa589e62d04dd37bbc39fc63c0926ca49f3150043b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000139

MD5 342b20336d99fbbe189a989bc6527012
SHA1 13f6a3ce5194e6ed37b843af70ae4098186eb93f
SHA256 895abeca91c17ef29ddce3465e09fa43ac6a744a69eface1a027d98776f7a8a3
SHA512 fbe0595e87f78054923a0c8f2cbb88a1c0fa48cd8e3ed94c14dc07911245adcb8d5d269bb3e0208ce6f0e354c732cd8095e63773754f20acb605ba54231362f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000138

MD5 e88aefe4e60751eab94fc30b0bb1b89a
SHA1 0480b0b6cba418a93e748ac24002dbeb550ba53c
SHA256 cf7bc1a41ad22ce44e33e821d02adb42f088470879f565a6e83d9521c77f095a
SHA512 bea98f0e112424fce1f95e7fbc68ab0154f32d8988096f39d67081aa97497d2f3a1a31c8ef6f7f9046f45526a528a17b2961c6646e7c0740e1d1d31f8e69f42b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000137

MD5 620408e4bd9018b4c7b79fe3a1e17588
SHA1 a3642f0d4e37ed3e4a7326f5aaa962a954e3250f
SHA256 bd1063b3184a15e4de06f29e426fd3dab2e08ea3a01173c216937a80bddc7319
SHA512 c87f38de5f605fefc381051c64bbcd3e091e69c66d64218bfcbc8d89f60ba2f36c694a8b0347078bd021016cdc1093f2a50de23ba238af63632fd48b7142d97d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014d

MD5 046aa7e156dee615b1f1906d2a9b229c
SHA1 44fb4ab90a9d91bce05924876452d4082970ff38
SHA256 ff391caa02195704afe12e0b339af4f1c6c2fc524b00fdc897ceebf648e72c5c
SHA512 83b9ad869636c5d6f11d43f302f4b9eeb557b3a630f40230bd3eae04d5cea0dd3bfab6a0822e73ea584d2551e8f312396f8d50eb600909e2ee54e546b15f7c1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016a

MD5 7120a92101f715c571c8defa2670bed2
SHA1 ee36fcc35a0d6919ab2f7b1a6138c2b33be37a3d
SHA256 ffdfab06030723242bcddc956de6ebbc1f774e1c944969cb05f4ab9acfba7c99
SHA512 431030134d1f0980b24ae4770e6e77c1b05df6a72c67a7772a99a3f868dc1d2cb93bef6f38dbae9c3d7de9b13379d248e7691313039cda379e541e26d3852e80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014a

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000190

MD5 099e4aa84d0afada615dd48b28797ecd
SHA1 1a33dfbb5ade855907dee6335125cac682fd03fe
SHA256 93658c19fc7f10933b93523dd87e3e00e15437e76f85acf374be890411c84331
SHA512 b6c7dc1969ecda1564ac722677b291868951024f19c5037f06598d4304003b4af02f2e98ca102ced7b2af895068a241119302e59e645853d657b4b6a96edec18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a1

MD5 016f915263c844920f2863c538f0d028
SHA1 2f975fe7bf49a8bfd14490bc90d14134eb2286c1
SHA256 62802c61038cb03b4fb9db293048984e15bb2ccc779085868536b41e816b3095
SHA512 a498377345f6aa8f0aeaff4b5d7a9269a4e62b0ef14d2b989d95f3127735ff32f9d8658d48bc45552afea2786fcfa2e82bc0c3d0440da4b5c136c1477e6dd054

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001b5

MD5 09f5d6efa1be16eb1e3f9685e56efc24
SHA1 b713343bc0cb9820c8244a149c934815d3420235
SHA256 285efc13c91dc05bddde281f01e374059e3c52def935e18ac405cef0d072a4d9
SHA512 b230249e2cec40db9e764971e2d443d96b58db854872be305c989e277ff4757ade26b49f14c005db58df68e8b57f4a23a919f9fb80ce2f96bc419e594041b36c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013d

MD5 b48651b8cbab85d2ab3057cb428b6015
SHA1 3aa11a74bb7e54b624362b1743702468dbdc0166
SHA256 f9d6aaf6c090d0775c569cbbef7352c2a895f8050fa1daea56eed32ae66dbb42
SHA512 ce1dab9c2dd5fcc43a09aa5ef6a43133aa015476196763ae810722bf5b191597dc54f1b3fcba9e225cf4053c936b988cb330a6c199ed8b357511d5e5566e8037

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9a3486f8a06bf913ec2904e9236d0a5
SHA1 91ae7dbd85c7353f9cdd4ca36d5a4f8e77f528d6
SHA256 9264f8dea9534fd06deb334e845de4996381f6d9da3ef28f59d1c1d0e43b4b26
SHA512 882317c447779c663c931fa0e6173383abd5d889deee7cf93083a34172ab58404937b3d91d4c616c024b330edada2b51adff93c323e9e50891b6e4c6246d8543

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9aefb917114a5dc5f33be3234aafe953
SHA1 1fae72b1676a88253f238f98a6fc827aeed72ca6
SHA256 c85bb620541b4570da8f0c652eaafce59cd1c94d4b931ecfaa28254d565ae7e9
SHA512 efbbaf4a37545e5249508e858862d19697420b857862c9493b78d74dc02e36dba9dca86ab1f98286597f11dcecfb780fc35df0f48869bd489bb778988f1ccd97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000126

MD5 4020c4aa88169272e80e47c4200e7ea7
SHA1 6eb52e0dada8174d15f21749a957d3a275534dfb
SHA256 1278a57b95dfcc4ea1b34b6e11f50f627d098b3464e7cb5cc3770a2cb3f100e9
SHA512 0e1f43aab4e0506d91e685c7b35f80414de87642b3d41aeb673f4295893323b23eb1f187082a4fde27b2434cd94b93a4a84a48f7747f1da9099b2cc413a64bc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000128

MD5 bcb69b27c3c37ecda4a09546c49077d7
SHA1 986b489e1bfd92ebb4c201e6676ed89f589f1f3f
SHA256 be0b7bf22f4979cd3ede08dac74549e5a771296fdb9461a85fd0c7ee2978faf2
SHA512 0271d2c8f091cb06fa9230268275dc773b7e63527b724edce1f715d255aa41d2f77c5785e02ae5221f5dd0892ddc36fde1a35a676ee3b678688d4babab5b1834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000129

MD5 118ac39cff9e828be993490f864266ff
SHA1 ae5df00b1ffe0cc28ff84dac418a866540267d8b
SHA256 4a81760dfecd6b4890a7ad37ad772d15a7dbc8cc409fcb48a0501ee75cd55767
SHA512 88272ad598555ff57f316466c7625f53b07bcc5e65f11f44573712dcd6144a4ac2e32b11c7547b06552168299b8b7b01dadce6dfb92fc99289bb9ca562b621e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\27d6ddae-2432-4084-9b39-c1935d441662.tmp

MD5 1e733c2432ffecba621a8fe784dbe790
SHA1 5a77905f2c0bbd2f8d32a89b129623b46365d970
SHA256 47515a7b07d15bb607065bdf1951d7ad38d16c24492d10fe13bcce2a7b89cbf0
SHA512 89e10f3c6b07b2325e3936fe47f7321665098016df19f818f7aa8088cc34eb24f04e57ef354b8ab2a81d40396716501db074254c08866ac797c9691c86f2d6fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96bb56df6a59066d6b5d62565eabdda4
SHA1 040f89f505f941225eb282e2b265a53841ffc41d
SHA256 31d018ab5becebe297c90abfca20f4c2e25af0fbb7c9ddd8b23650b66c5cabd5
SHA512 74b0e31e170733776a29175e70e61ba93b1df7718d7e43eb2deed0f0cf714f1ff7da2e49f065cd8c6742ace108300906da2cb33b1bfe60fb83dbaefc1805a100

C:\Users\Admin\Downloads\Unconfirmed 26226.crdownload

MD5 f3f16a12cdaf4e3fe51bece5dff8970f
SHA1 e4bb36e12d8f566617f940c32764870e052a89b7
SHA256 f1787b9553ce260b889cbb40b456d62f2cfa01b10f7e512a3528790c65640669
SHA512 5b5837ee05f3a16c645613c5e0462b6d81d6e1dc183156b790e42cd8348fa6b391bdc84de43131cba4c568aba2be308d6e3020c829df0f11d44fd923f8cd827f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be17fe91701374efb8afff0a643bd03c
SHA1 411f9e4eed7b3f9a9782798818f3752f1a55c8d7
SHA256 81cab3339b962f6ce4070f3cfdbc8a0a25fe4ac696756e38f5ff29555b1c8959
SHA512 df091c331e6e898e4797221ac5dba138d7052fb1072b743539e5d3f55aa0f7dfbe9e862fca25bff087f664efd72b7205c5eef5c1191a2cf422edb2fc4673c023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2508a881f62714ea6d6b646b5ca6037
SHA1 5b5f53d5180a43b6019af8b41ce4bc034b5007c3
SHA256 f66ddd3df9cc6fc7eb3db0ce4529c537b44063ede03d03e7aedb9ff54f936b0c
SHA512 f6e0554cde181cc3dfc5a1fba0ec2e4eb4b2225f6468b2ab4852782bff6fbca5d352dca5fea60f51790f34647d649659b794027cbfdc6e186a4d6ec30d455c08

memory/3652-4415-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01640a72ae6c6c369b4a788b51b16491
SHA1 211f2c23305e6b14c60fc3e8cac7a2eefbe77ae8
SHA256 ac949524fcab3cf08085ea092109e2ca1d25b286ae45b6c5a8efad4c3a19f3fe
SHA512 9ccb7e54d22c60b819078f466df95d7daefd12afd419a5992c73f253135b7e5a4f56f61a70ce3b0e355a3731d29815b67981faadce2622a63b20eb91bdf9819d

C:\Users\Admin\AppData\Local\Temp\is-DJ4MS.tmp\zbShieldUtils.dll

MD5 59d3c3a9180ba792ae2dad18b6903cde
SHA1 c8cd105d3a0e99a54d1d16f0d1f60000fa3dca8a
SHA256 dd01edbd4368ef227693723c5e427a48b264cb57bbd07d81210d6e633e0b1b2e
SHA512 d6b6358e5108654931fcb3b7920df65c4ae65d48f9ea012c3f821bb571f821e815d86feab85cd55a8ce767f2f7342a512e55d03ee4041ac0baf4ff13ad238699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 672ce96c3b348f97b29f51f25a5b3082
SHA1 305a0b262de839308051394d65f273a6047cfc1b
SHA256 3d542656e5940a122e7304f3611ec7d85211401f4902e57054d046231db02a08
SHA512 dab2319a38f92773e9200ceb4248c318359be07eb107afe8781e7a34ff0bbaabc2460e4eee7d6f4a0c156c1b3663c5387154fd8dd61e6784a0c043f7b22145d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 01fe75cc9a0f9109900ad803b14c5d5a
SHA1 9cd4b04e2f64abfb94a3407f457a906c8d12cd90
SHA256 3481cfc1d9929c171049162b37a5a01f613a653cc94b5e21ae0d9f4076b3d44e
SHA512 0e90dfbb0a80b4588aab48981199cf87a59be77f3319a4460e44ecc02c07b59dabdeea665dda094a659b011e8d930f4e22aacc3f37a77f0ade87aa386a315d2b

memory/6292-4454-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/3652-4455-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/1100-4456-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/6176-4470-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/1100-4472-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000203

MD5 008d0ae10f41631bb124d78799baf5bb
SHA1 cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b
SHA256 a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590
SHA512 e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001fa

MD5 3794c88793d05f42f3f3a017bb15633b
SHA1 f4016ff2b343eee466b623ef69a2e7ff4dd0f46a
SHA256 05e901c5e40783bc848d0f81aa3532f042f45b24525b07c9eb7879108f40d3fd
SHA512 7344fa50640f09d6e8b30658cd321815786ae6481f865b792ad424144794699db3be1911192d22829cd3502443a6f427d73abd01312b5e83bf9308987576cbe2

C:\Users\Admin\Downloads\Unconfirmed 526283.crdownload

MD5 6e4c8f2488186375ecc5701ae74a2a19
SHA1 f4765471feb517088c50a085f75264bd43b17b07
SHA256 d45e8203cd5398582a2a13d7f1f4caf7bab60fa6db19db24a2ae99efb0b2fbbc
SHA512 4ccd80ba67e037947736f3fbb774efa4a293c53fdba8c23c6f1ec0b3fba2deed1950a638e8f53cc80fa09505f84a4c6fadf899750e1c3640fe53348d96733501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 580cd3c05f04eea20c3c6691dee6fcf2
SHA1 07cb04317f9a00e3436f61db4d3c11ba2cd6c3a1
SHA256 37b696f282dc98cfa7c41d5ad8a2cb5bc7bc30248616ccf8d7794d5a10b7a03f
SHA512 1cba6ee0ceabc55a191fdb3364db3f8dff96511b2e0f6b7eafa16b483586615991718088cb3f2e90ad1002b876f0e613fa48113cf6f54ac3f40426b919327224

memory/1224-4770-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e62618093942582f5da1e5a94b1178da
SHA1 539290812511b54160afa7b98869642f39752b83
SHA256 9be372d9c8024cc9f58b385dae7f0ddc2c6ba0606c307028e0d27a6a1601d68e
SHA512 0c6765c5e66cb357bfb5310555423ee03ae6b4a1da95a2bb8ddd056bf7a7332a1d849911da42ea8df2a30a16eea875d59ed8bd3f17763f8a50f6444e1996abdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9d9e6fa7c417e63173ee35e92d3e194
SHA1 b2ab77ccee0c4ccb36a1aebfcc4a1a20867278e1
SHA256 14eeec46d53d90ee6d397e6ec0a7b9fe135e44dfbe943353ccb9557586c4a772
SHA512 ef4e330bdff12d243ef03245d19d33320a855addf574b374458c43f2b0bfd11ad1010803a1a578127dc5c0e0c7736653df6571df7deb37f63c3039a6fd38171e

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\RAV_Cross.png

MD5 cd09f361286d1ad2622ba8a57b7613bd
SHA1 4cd3e5d4063b3517a950b9d030841f51f3c5f1b1
SHA256 b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8
SHA512 f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

memory/2724-4811-0x0000000004AD0000-0x0000000004C10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\WebAdvisor.png

MD5 db6c259cd7b58f2f7a3cca0c38834d0e
SHA1 046fd119fe163298324ddcd47df62fa8abcae169
SHA256 494169cdd9c79eb4668378f770bfa55d4b140f23a682ff424441427dfab0ced2
SHA512 a5e8bb6dc4cae51d4ebbe5454d1b11bc511c69031db64eff089fb2f8f68665f4004f0f215b503f7630a56c995bbe9cf72e8744177e92447901773cc7e2d9fdbb

memory/2724-4815-0x0000000004AD0000-0x0000000004C10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\Opera_new.png

MD5 b3a9a687108aa8afed729061f8381aba
SHA1 9b415d9c128a08f62c3aa9ba580d39256711519a
SHA256 194b65c682a76dc04ce9b675c5ace45df2586cc5b76664263170b56af51c8aeb
SHA512 14d10df29a3bb575c40581949d7c00312de08bb42578b7335792c057b83ab2878d44c87042bbdb6ec8ceaf763b4fbd8f080a27866fe92a1baf81c4f06705a0c4

memory/2724-4819-0x0000000004AD0000-0x0000000004C10000-memory.dmp

memory/1224-4825-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/2724-4826-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod0.exe

MD5 998202c3a6409f4b9f95a323e5242c89
SHA1 5cebb61ee1008f113d097f4a370d3105234314cb
SHA256 be9999e0f67761cfe4b4b68004320a18dabc3c1c0d3d474389694f2e0c4abe46
SHA512 8f43e4fb7afb4a7ab9af014a8f1544da2aee33343856203d408f447360b6635af66923ffaab7cb758b0b07eb60f8566e9d918e937befaa45bae6f14cde927b15

memory/3708-4841-0x000001EB78230000-0x000001EB78238000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5c50d3ce5b84aefeda83f2d6469ab04d
SHA1 5cc7d00d4dc7b6c8faea141beea0a799a022e1d2
SHA256 0c85b6bc99e83e7df89b571659fd6ef96d0223de899731422654e4177db6e647
SHA512 2f236f2d5a005c431816203d79eef21a14f7a5d75a8fc852f2d926479336f795366e15c1abecf8ade6a9b9735750e1b206922bb9e0804ea0a9114c07a0d6af2a

memory/3708-4851-0x000001EB7ABC0000-0x000001EB7B0E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1.zip

MD5 f68008b70822bd28c82d13a289deb418
SHA1 06abbe109ba6dfd4153d76cd65bfffae129c41d8
SHA256 cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589
SHA512 fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod2.zip

MD5 e74323fc945564b243ccea2e62016618
SHA1 1380762e4446cd5d4db50537cc0e456a5b27060f
SHA256 ddd77496d0dc6e2e2dbca2a4f3fbec86e55470142f9520ae01aeeb854679190f
SHA512 07f9aa898714b95e5ccd5bb92360a2ee4a31be0856c3840883341016ddc5bccaad6b307c262edd0e25250293d1a533d038ab14f801fa55c074aa2506eff6106c

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod2_extract\OperaSetup.exe

MD5 b45f8bb161f3791bc9aba0e0703fe3ec
SHA1 cb416eeb9c8b3f96b2b49c2668d8ae40d1c11184
SHA256 e752db2fc1075eeb6c824ddfbc7391359a5c6283ce64ebe3bc9099ade933ee66
SHA512 cd91f963317ff8e3b66c0c1d4a164884bb627ab85c3e6e00f81dccfeb524600ebf65fdc842336c948d2bd4ff25227c6b63c2e2519b4252893825649e78c532e9

C:\Users\Admin\AppData\Local\Temp\cwrfy2d3.exe

MD5 54a54683ca3521993c6857d2965f257d
SHA1 436b1da6552de24635637ad5150e5c935bf64174
SHA256 205f40cc22eea75c609e671dea732d7ac603d463ad2f50c47841cfdb251e37b7
SHA512 2a2538f708f7fec8003e2deb62f4c4dc50febf1bd763bb7d4312327642210d5b07018e075e0a423074c5f6b2cd9a6b5bab7269774769db3c0be1b70a02524131

memory/2724-4935-0x0000000004AD0000-0x0000000004C10000-memory.dmp

memory/2672-5038-0x000002725AD70000-0x000002725AE80000-memory.dmp

memory/2672-5041-0x000002725CB40000-0x000002725CB70000-memory.dmp

memory/2672-5040-0x00000272752A0000-0x00000272752E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2406141217347514592.dll

MD5 2ada940614c61329829fb101f3dd100b
SHA1 4441a58c0726a26ba05dad9541413219d6ef6d84
SHA256 ad63ddb2395cc0661fdf61aee5d968c00c833fe9a0ea533a570c2f8b5dddae10
SHA512 d1987ec85374013afb76179cb222c6ffcf2888c8c201e79b3e353c17ac140a6f5200bdfdf2955fbed1f877f871dd08794dce69087cf965e8851ccd619dfbc05a

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

MD5 b0850e9c32b789196a6c8682e3410122
SHA1 a420cf36e183fd3dd9960acc5805b5e6f2b3b732
SHA256 a78f5891edeb5de4ed9a7f3221518a216938ea5eaaef8a50a258a65fb5aecd2f
SHA512 636f4cf68c7ff2ba773b61cf17b58d028621c982f6634ad16534e8b3f6c80dd91c93a9579405798111710e1d3fb46a584ae41ac193d592365b20a57ecc35992f

memory/2672-5053-0x00000272752F0000-0x000002727532A000-memory.dmp

memory/2672-5064-0x0000027275330000-0x000002727535A000-memory.dmp

memory/2672-5074-0x0000027275990000-0x00000272759E8000-memory.dmp

C:\Program Files\ReasonLabs\EPP\Uninstall.exe

MD5 8157d03d4cd74d7df9f49555a04f4272
SHA1 eae3dad1a3794c884fae0d92b101f55393153f4e
SHA256 cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74
SHA512 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 cc7167823d2d6d25e121fc437ae6a596
SHA1 559c334cd3986879947653b7b37e139e0c3c6262
SHA256 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916
SHA512 d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 09475d1810516e473931140348481e81
SHA1 9a40b7a3fbc0df2945e04f9b1f0bb6b1177c76c8
SHA256 d55250bb3148ce960ab7b4feef7be15618a2b9e49ff90bb759a8339d0b6af65d
SHA512 dc41814b68b8cf155e6ce20b323616e41aa98d96ddb182312b3983bb3353c23fd10b01bb1840b3922e914f8fff486a585934317a21cf1e0b2756c6b9784a05f5

memory/2724-5107-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202406141217351\additional_file0.tmp

MD5 dfe86cd1ab9fe5055dba3ead830574f6
SHA1 800ba6757bf301a918a800ce15a3853e3941e019
SHA256 f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f
SHA512 d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570

memory/2724-5167-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/1224-5175-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9VURN.tmp\prod1_extract\installer.exe

MD5 cbdc702ec44e244b2cb764ec3a82efcc
SHA1 3ac7e0652509171d905f06423c979a5c0d16ba1e
SHA256 2f97de96c50d73bcdcbff95fed75b2763207c8fc144d6367d2ec954c1e966b8b
SHA512 8ef13a28201c448215fc241cda74bb032c4a0c29a777de6aed32eeee8a5c428f3899a42ec74a408faee6535d08f7796d216c0bb1454fa2a67480c6a4e6ace9c6

C:\Users\Admin\AppData\Roaming\qBittorrent\watched_folders.json

MD5 5b76b0eef9af8a2300673e0553f609f9
SHA1 0b56d40c0630a74abec5398e01c6cd83263feddc
SHA256 d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817
SHA512 cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d

memory/7052-5326-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5325-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5324-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5323-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5328-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5336-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5335-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5339-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5340-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5338-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5337-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5334-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5341-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5342-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5333-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5330-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5353-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5352-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5351-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5350-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5349-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5348-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5347-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5346-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5345-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5344-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5343-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5329-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

memory/7052-5327-0x00007FF752C00000-0x00007FF752C10000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 2b39eb5b2195928553881acae330fab6
SHA1 76d1a229fe4cea22ea7a171ebcabb7e51b9f5902
SHA256 0739c8c882cb50b1aaac60dcd9335835bd5b50341b83743d842e024470ae93cb
SHA512 f46fa47ffb0476fba2c2e4a7cd0b993d95f4494c0a9f92a43037c62e0bfec1f937082afb0e7545c952feee1d184db68d2637b5685eb460e2e20279c8116b868f

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 696b5d615ef048284dab2de45d4aa9b8
SHA1 942aa408d1027002e33b6c7e7dc0ada6c468fe7f
SHA256 f11fed853018d2c713d23a9d1b90637aa068b6cbdf51bc14319aa6137e9d3cbc
SHA512 047cc9f6cf3fc2d4e7c75d68ceb1d3c66461139a3598e2896b55f781e46c36033a8bc28192c17fdddb2790ff9926d7847044820a15d58c027420aa2453753014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3185457f3f8c472b648125f661476433
SHA1 ad66885164df3dbe26483c2075d67ba10679f942
SHA256 79279f8b340043cdbcaaaf0127a229c0f1772ef8f7cd4dcb8d6c62f67d0eb7ed
SHA512 8e8947aa38c805c20baa3a246b91601ad71d0110d2eda0df5e43d5ec82075a2009bfd2bc95aae198c92d2ea74afb44d30000acb241119b60ba4ceda97ca08f67

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 c7ca71a7f472503fd07dd8674e70907a
SHA1 c30ba3338ccc2c5b0eec860f64064dbcb6cf698c
SHA256 70bf1ff3b3d6c8f2b0fd141253569f606aca663a21e80cd479049a7346ec600b
SHA512 11943457887df84fa6dd33e1e90ea5f88c3b938eed668bb70e7502d8017a560cdda79e9602135a3e76d276567808192c34093d07de1dc80e8262a7c931ea5a7a

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 3030c6d7537ef26e4743ff73120a778d
SHA1 c7d73194a0fb6cda8137b97c700c3dc372470deb
SHA256 bd5131e1da773c581f01a4ce62add50f3a2b6a5c7a60a2b9b9aa2ce56edfc4c3
SHA512 c07e85c0ae0f52f7498910ebfe5b4eec0424f788a433f1c703cf01559daa3a71b20fa55430dc6fa6898d0b32cf007626ce82c188ca154f1ff1f44b12610c72ac

C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent.ini

MD5 596d68eff2a6a072503e0df201bb3e8f
SHA1 375861c1fe45a7feae46acff09bcd4f826abf1ec
SHA256 a97beee02d9d4baa816316ee7ef4a82054aa2f0bfb6aa4b38613f68abc9aa2bf
SHA512 d8f2fb2436be3a12a31cececcb4cd51a7ef4fa3bc19dd8814f2309ab632d59ecebe018948f71a342c3aa64a465603bedaa74556f69bb086382398f813faf8d3f

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 7c715c918496f5e87cf846609e8be545
SHA1 14d37e9648440e808448f1754c54f9d4cd54198d
SHA256 577070bdd68222c29d0a21fe581069f82e9e0cee87b5521a98d22e4e68250216
SHA512 a00c2eaafe5059cdbe92e57e1241223d2c0a04dff954984b75930d348703d1a635d6953564551571e9dee7a6f6705121af39122bbd446b0d5724c41292255715

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 a7ceabe159e15660eef07f4d621478ba
SHA1 f86e71633cd577d01d9cb184573d7091de8a1058
SHA256 49a4c110a8ede7d42ad8f4534438641e9f4e6e4fc45a0842a6396134ef14f855
SHA512 6c159d59e1983e0119ef90f029566f6be3176393327674bb69780bb99d3f81f433633eb05932ec1ad0db56b3d98f48f81f8a5d966c83390ca48d3e410941fc70

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 5c0e891e2fe6131ee4b8f0362d48a46c
SHA1 a771f87aa112de40f72d9147c2813f49611a2fa5
SHA256 3a45a9dae5b16e2d955e9a5792ade05539c80094f739e6815a2c19cb51e74bea
SHA512 c30ec8964489feb65eb46899ef883dc4abe15274070de70f6923c9f5be47e87d70ec1036cfba6f94843105cf2fe5a77a8ef964ca8e999bb4f95ee0cc0905fe61

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 30ea0b18ac3f42f8d831f6ceaad87441
SHA1 b5cdfd0a78cdef8d42ba8c5543f9d1bfee472df6
SHA256 6a939725a1113b53b04acd081ac7b2afdd97957264c88dba8c73c7bc308a6348
SHA512 ad8ec92cfbb55d189de3fe37d4628bb166af8967df103c435dfcdba0b186091fe5b61f2843ccdeef91d91073c6a5987020133ea825316e9e90baab44dcc2211b

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 6de5fd3dfe390732943214e77ce1c0de
SHA1 612e21beb59f891fc56f686edd82f8a2d559906d
SHA256 88c100ac81ed907e2948f3567ab9c115c83544320199b96362bba8b63be31811
SHA512 a077a7ba72e10e3c4c778cbd63b6def2a9d1c9173ce4cce1d7a33df566d22042668e8dd2cf308a807e3f14361528e003148a34411edd984527f4c3034dc58859

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 b2d46d17e96cbac875eba5ddf94a0934
SHA1 0898e96df4a611d7cad3074c1be0db99b1da4bdd
SHA256 f12c71f2eea9728dc08cbb01c758ee2b335b1d8d8efffb50fa8977e7803ea233
SHA512 3c69b823b7577b791b50b85103fbe6a4e5bcfbc943367934573d32688e3a759094592db80ee3b899e14e219ac6540ece754021ad151cb27cf2152f2737e5b0b6

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 747656d48619b32775cbd47f63af20c5
SHA1 d29fdfa55a6f5532398bce6d93271b840b740a9a
SHA256 d903afeb60d0ecb8222b92be29669b80974733e38f12b524964f9274c23520ae
SHA512 f44382c2cfbd11b53b6db2c85a8e10380984e2cd14761a395f47c8588b1abeb0cc87868c8f99675b3b5c99759387d10cbdc81e8ddde3ac990bf3abada1a9946f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f2925018b58605a1bf23df5af2faef81
SHA1 2c5d2e4bc7e4d52935578595a80fa3e88dee353a
SHA256 41eb76c1a12e2158cd1263f9014c683d35c836d6b4da104cdc7a08c022b4f768
SHA512 e4480930c8020a54127d586352c805f50da16ce8f3bd85898ab24aba2d6ceb41671443dc9f10554caf86bbe78422962a9b507c5eb334ac375e0960ca14cada0a

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 135353974cbebf94b8bc48d682f8f5d8
SHA1 0d8911efa7759516fc80961ec42ed6e15764ceb8
SHA256 3da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1
SHA512 1896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 c85b6e5cbc8cd0cd668a95378cf2339f
SHA1 a53d71a00a4d1ee74de71543846ddbeb568b29a1
SHA256 ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1
SHA512 7067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 fa16d0dc50b77c9f8703b5b36d774107
SHA1 ec426639f3bf3a563491ac53b70bb5eb92e5c314
SHA256 94ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d
SHA512 b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 4be222b0796df9d496e9ff02c389c304
SHA1 a50131cc3683aed3c32847cdd0b8b976951296ba
SHA256 ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d
SHA512 26cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa

memory/2672-7941-0x0000027275910000-0x0000027275966000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 88d0f41aa508c4b2e082e253b8d52849
SHA1 dda44d6ed29820d78f039f5347963f88e2c0143c
SHA256 24559fe9ae639e71925ea13b9def1ef2d611d6be2a9e0c9c8f82332db9ec1b90
SHA512 360fcaeb3d3d7930505ade8ed6c1cbe171826da5c2d3bcc36e88ea7197cf6bf4ab6e43ffef2d41422ebe5e8d322fc910ba6be554f12181f7bc0523b22c426475

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\24b70c72-fef0-49ab-a321-9ff95b728b9f\UnifiedStub-installer.exe\assembly\dl3\08572410\2ad7c7ed_54beda01\rsJSON.DLL

MD5 fa63504382f4f3f92fa86841d9e97f29
SHA1 0bde02c98741bb24eaf501bd8e2d9738742cd042
SHA256 5f0764e1998464f63c6583f870dd3784921b752b91d8e450fe2c90153cb5e58d
SHA512 c8483d9060a6800c8dedb4d5fea7cda346f742ca1a149c3eb608823209aff1f00bfcc5b0caf9c482c7b01d75f6e198edfae3b0100cb0dca6e5b5f18336abdee5

memory/2672-9619-0x0000027275A80000-0x0000027275ABA000-memory.dmp

memory/2672-9643-0x0000027275A70000-0x0000027275AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\24b70c72-fef0-49ab-a321-9ff95b728b9f\UnifiedStub-installer.exe\assembly\dl3\d4a1f958\419bc8ed_54beda01\rsLogger.DLL

MD5 e3fa0916f33bee8a14f28421d2dcdc9f
SHA1 fd3dca4db55e81ebffc7609c5d63a4ffbd6629b2
SHA256 29aaff11e775c800575b1a5d4160daec749dde528e68bc3b6e9b340279ed991d
SHA512 fe96efd3cf162bbb766634c3d90f707d868378dd04e47aa9d55c03e03130f54827f781639383b053c9335d022ccd6b244b67e586197c2b40d193dd58a4ee8cb6

memory/2672-9662-0x0000027275A70000-0x0000027275A9A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\24b70c72-fef0-49ab-a321-9ff95b728b9f\UnifiedStub-installer.exe\assembly\dl3\56a60a98\3b93c3ed_54beda01\rsAtom.DLL

MD5 044d60780b0c40d3f9b0b5a3fc040948
SHA1 2e16c926f11ed5faae22d9af5d935748c57ec1f8
SHA256 7493f645bb04092aee30a47a681494251c79a38a941c9a3d2dee4293a265f428
SHA512 7653a0a46e3eb9331e92a09937754302f939100adbfb283242c25bf0f73f8508d6f7e9d5aa08dbbefdd14bf682ad7d0d77f4999b3274d329d281e22934c445ea

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 0195b6f2d3e0f5a4947f353e48e15d8c
SHA1 f29fb502b68a486ffee0c55ed343c15e5110e6f9
SHA256 52b9ff10c412162ce0ac5ece6cd56b1164c209af1ad8b3b8e334149ed6e4ea56
SHA512 65ba63d1645a1c507c2a8c4728df0f1f660f3574333925386f1b5b07f11e4e894d8404767a478a384d6a5910915ff040698c6c761047a4ce53a9fabd2d788bef

memory/2672-9707-0x0000027275C00000-0x0000027275C2E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\24b70c72-fef0-49ab-a321-9ff95b728b9f\UnifiedStub-installer.exe\assembly\dl3\7b54eb27\1dc4c8ed_54beda01\rsServiceController.DLL

MD5 8dcd92de516608670f57193d74824a3b
SHA1 c67c347dfa47c2db1628fab8bf9906c353f33dd9
SHA256 96db49db4dd12b9f86144fedf83ac7dc12d855c5d7e3c863fd5b1696966ac345
SHA512 e5fde81ae57e68df69fc7695b9e16d8c7d188a30a4d68ffb682a3dcfedf2c028874145815aad2f957a02b0ead6ad8f1442635dfa580339816110e7b1cdbc0c0e

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 b7e4ffb5a91b2ad5a67cc8ee50d11835
SHA1 f28e50ce00c1c32239153dbf1c175c88ec3b01a1
SHA256 43be9666a74d2d5c01f604fb3e5f62e9510a3664375265fb0a06332e6fd49abd
SHA512 419b53487403e405c217594146cc724b94f7e5de02cf2cfa9d2cb9937966f6a84d06484a7f115f31a439626bf456110479450b724bc38660c5480c88a486c8b8

C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/9148-9829-0x000001B8D9C70000-0x000001B8D9C9E000-memory.dmp

memory/9148-9852-0x000001B8D9C70000-0x000001B8D9C9E000-memory.dmp

memory/9148-9865-0x000001B8DB960000-0x000001B8DB972000-memory.dmp

memory/9148-9866-0x000001B8F40C0000-0x000001B8F40FC000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c2b318cc73a8ab4b3923e7034ed27c5
SHA1 4b06d2cf0e9aed42903f722d9392436a456ffda0
SHA256 04083528e5ea2118753a24ac3da3e6aa8f26106aaca9af0bbda172259a9d6e03
SHA512 b84a99581b7b042be1dad6c2d0819d305e9262c1ac0feabfd07c806da51cdcd461b47d3aa21e9631bebafad2ecec98fd6474e3e79562a224bfde6293c0beb2e7

memory/6924-9971-0x0000023C703E0000-0x0000023C70746000-memory.dmp

memory/6924-9987-0x0000023C70750000-0x0000023C708CC000-memory.dmp

memory/6924-9991-0x0000023C57920000-0x0000023C57942000-memory.dmp

memory/6924-9989-0x0000023C57440000-0x0000023C5745A000-memory.dmp

memory/7204-10032-0x000002B4174C0000-0x000002B41751C000-memory.dmp

memory/7204-10048-0x000002B431900000-0x000002B431958000-memory.dmp

memory/7204-10063-0x000002B4318D0000-0x000002B4318F8000-memory.dmp

memory/7204-10070-0x000002B4174C0000-0x000002B41751C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 2afb72ff4eb694325bc55e2b0b2d5592
SHA1 ba1d4f70eaa44ce0e1856b9b43487279286f76c9
SHA256 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e
SHA512 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

memory/7204-10154-0x000002B431AC0000-0x000002B431AF2000-memory.dmp

memory/7204-10155-0x000002B432120000-0x000002B432738000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 705ace5df076489bde34bd8f44c09901
SHA1 b867f35786f09405c324b6bf692e479ffecdfa9c
SHA256 f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950
SHA512 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

memory/7204-10287-0x000002B432740000-0x000002B43299C000-memory.dmp

memory/9572-10359-0x00000216F8340000-0x00000216F8370000-memory.dmp

memory/9572-10374-0x00000216F83D0000-0x00000216F842C000-memory.dmp

memory/9572-10381-0x00000216F8370000-0x00000216F83A8000-memory.dmp

memory/5980-10515-0x000001F807FD0000-0x000001F807FF8000-memory.dmp

memory/9572-10517-0x00000216F8A70000-0x00000216F8AF4000-memory.dmp

memory/9572-10516-0x00000216F8440000-0x00000216F8472000-memory.dmp

memory/9572-10533-0x00000216F8480000-0x00000216F84A6000-memory.dmp

memory/5980-10535-0x000001F8226A0000-0x000001F822834000-memory.dmp

memory/9572-10552-0x00000216F84B0000-0x00000216F84D6000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

memory/5980-10572-0x000001F807FD0000-0x000001F807FF8000-memory.dmp

memory/9572-10599-0x00000216F8A20000-0x00000216F8A54000-memory.dmp

C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog

MD5 789f18acca221d7c91dcb6b0fb1f145f
SHA1 204cc55cd64b6b630746f0d71218ecd8d6ff84ce
SHA256 a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63
SHA512 eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 6895e7ce1a11e92604b53b2f6503564e
SHA1 6a69c00679d2afdaf56fe50d50d6036ccb1e570f
SHA256 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177
SHA512 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

memory/9572-10654-0x00000216F8B30000-0x00000216F8B5E000-memory.dmp

memory/9572-10679-0x00000216F8BC0000-0x00000216F8C1E000-memory.dmp

memory/8484-10682-0x000002AE63E80000-0x000002AE64170000-memory.dmp

memory/8484-10685-0x000002AE63850000-0x000002AE6387E000-memory.dmp

memory/9572-10686-0x00000216F8B60000-0x00000216F8BAF000-memory.dmp

memory/9572-10684-0x00000216F8FC0000-0x00000216F9329000-memory.dmp

memory/8484-10707-0x000002AE638C0000-0x000002AE638F8000-memory.dmp

memory/9572-10705-0x00000216F95C0000-0x00000216F9846000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\24b70c72-fef0-49ab-a321-9ff95b728b9f\UnifiedStub-installer.exe\assembly\dl3\623b58e0\47105276_eeb0da01\rsStubLib.dll

MD5 fa4e3d9b299da1abc5f33f1fb00bfa4f
SHA1 9919b46034b9eff849af8b34bc48aa39fb5b6386
SHA256 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96
SHA512 d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680

memory/9572-10746-0x00000216F8CD0000-0x00000216F8D36000-memory.dmp

C:\Program Files\ReasonLabs\VPN\Uninstall.exe

MD5 410d4e81be560d860339e12ac63acb68
SHA1 06a9f74874c76eba0110cdd720dd1e66aa9c271a
SHA256 e4a8d1e07f851be8070dd9b74255e9dd8b49262c338bfb6ef1537edd8f088498
SHA512 4bbffeef276ce9b8fdd6d767ba00066309eee0f65e49cea999d48d1e8688c73d7011ed1301a668c69814457caad3981167a1e3fe2021329dd8fc05659103fb3a

memory/9572-10763-0x00000216F8B00000-0x00000216F8B26000-memory.dmp

memory/9572-10762-0x00000216F9330000-0x00000216F936A000-memory.dmp

memory/9572-10769-0x00000216F8C90000-0x00000216F8CB8000-memory.dmp

memory/9572-10787-0x00000216F9370000-0x00000216F939C000-memory.dmp

memory/9572-10798-0x00000216F9460000-0x00000216F94C6000-memory.dmp

memory/9572-10802-0x00000216FAD20000-0x00000216FB2C4000-memory.dmp

memory/8484-10835-0x000002AE63CD0000-0x000002AE63D2E000-memory.dmp

memory/8484-10854-0x000002AE63D90000-0x000002AE63DA6000-memory.dmp

memory/8484-10855-0x000002AE63DB0000-0x000002AE63DBA000-memory.dmp

memory/8484-10874-0x000002AE64500000-0x000002AE6450A000-memory.dmp

memory/8484-10873-0x000002AE644E0000-0x000002AE644E8000-memory.dmp

memory/8484-10875-0x000002AE65170000-0x000002AE651C0000-memory.dmp

memory/8484-10876-0x000002AE65380000-0x000002AE653A2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d2360082080482989ec176326b20b61f
SHA1 43a5c21db146c98df73b8883ff607782884ca152
SHA256 db79520ec5601866e6b017824aac6671f01cebccd8b3ad86f9854a1998a7d204
SHA512 9345f27577f3316b3181144450d1f92e948ecb259a0c6d5ae8f1059cf90a665c49e40da797196d3d047d4b4e302e2756fb4654c27559dc01c63dd0458e40e026

memory/9572-11493-0x00000216F94D0000-0x00000216F9510000-memory.dmp

memory/9572-11507-0x00000216FA9F0000-0x00000216FAC70000-memory.dmp

memory/9572-11601-0x00000216F9420000-0x00000216F9450000-memory.dmp

memory/9572-11602-0x00000216F8D50000-0x00000216F8D58000-memory.dmp

memory/9572-11606-0x00000216F9510000-0x00000216F9536000-memory.dmp

memory/9572-11611-0x00000216F9540000-0x00000216F9568000-memory.dmp

memory/9572-11628-0x00000216F93F0000-0x00000216F93F8000-memory.dmp

memory/9572-11650-0x00000216FB580000-0x00000216FB828000-memory.dmp

memory/9572-11665-0x00000216FA920000-0x00000216FA94C000-memory.dmp

memory/9572-11682-0x00000216FA950000-0x00000216FA97A000-memory.dmp

memory/9572-11701-0x00000216FB2D0000-0x00000216FB350000-memory.dmp

memory/9572-11715-0x00000216FAC70000-0x00000216FACD8000-memory.dmp

memory/9572-11732-0x00000216FB3D0000-0x00000216FB446000-memory.dmp

memory/9572-11770-0x00000216FB9B0000-0x00000216FBB26000-memory.dmp

memory/9572-11799-0x00000216FA980000-0x00000216FA9B2000-memory.dmp

memory/9572-11834-0x00000216FB450000-0x00000216FB4A4000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 8825f10dd5ab58255cbd39d127b7f027
SHA1 dd70b8c907c985016b7ac4569dbcc795094af609
SHA256 79ab06d09f21ee05de1303d93be977876fc2db1736b968b3c5bbde3777727937
SHA512 48e01ce540f7b5d7fd0b00c91a4b64e84acc2636e5e31e52f34978a6542aff28674d4ccf550a40454df341b4fa39a854a1748a51809107a642e08ea8e8dc0348

memory/9572-11858-0x00000216FA9C0000-0x00000216FA9E8000-memory.dmp

memory/9572-11889-0x00000216FC0B0000-0x00000216FC0DC000-memory.dmp

memory/9572-11920-0x00000216FB4B0000-0x00000216FB4FE000-memory.dmp

memory/9572-11997-0x00000216FBC30000-0x00000216FBD30000-memory.dmp

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 d13bddae18c3ee69e044ccf845e92116
SHA1 31129f1e8074a4259f38641d4f74f02ca980ec60
SHA256 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0
SHA512 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 10a8f2f82452e5aaf2484d7230ec5758
SHA1 1bf814ddace7c3915547c2085f14e361bbd91959
SHA256 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b
SHA512 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 afb68bc4ae0b7040878a0b0c2a5177de
SHA1 ed4cac2f19b504a8fe27ad05805dd03aa552654e
SHA256 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b
SHA512 ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43

memory/9572-12114-0x00000216FBED0000-0x00000216FBFDA000-memory.dmp

memory/7244-12199-0x000001CF1D230000-0x000001CF1D256000-memory.dmp

memory/7244-12200-0x000001CF1EE10000-0x000001CF1EE3C000-memory.dmp

memory/7244-12201-0x000001CF376B0000-0x000001CF3770C000-memory.dmp

memory/7244-12222-0x000001CF37B10000-0x000001CF37B94000-memory.dmp

memory/7244-12221-0x000001CF1EDE0000-0x000001CF1EDEA000-memory.dmp

memory/7204-12230-0x00000185F4650000-0x00000185F4678000-memory.dmp

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/9572-12271-0x00000216FC5B0000-0x00000216FC6C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

memory/9572-12378-0x00000216FB530000-0x00000216FB56A000-memory.dmp

memory/2672-12600-0x0000027208020000-0x0000027208068000-memory.dmp

memory/9572-13063-0x00000216FA890000-0x00000216FA898000-memory.dmp

memory/2672-13064-0x0000027274C30000-0x0000027274C68000-memory.dmp

memory/2672-13084-0x0000027274C30000-0x0000027274C60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\3887f318-da24-4a8e-849a-a794cba616ee\UnifiedStub-installer.exe\assembly\dl3\8c77bca0\a7384e02_55beda01\rsLogger.DLL

MD5 148dc2ce0edbf59f10ca54ef105354c3
SHA1 153457a9247c98a50d08ca89fad177090249d358
SHA256 efe944c3ae3ad02011e6341aa9c2aab25fb8a17755ea2596058d70f8018122a4
SHA512 10630bd996e9526147b0e01b16279e96a6f1080a95317629ecb61b83f9ebee192c08201873ff5df2de82d977558b2eeb0e4808667083cd0f3bf9f195db4890d5

memory/2672-13102-0x0000027274C30000-0x0000027274C5A000-memory.dmp

C:\ProgramData\ReasonLabs\EPP\Errors.dat

MD5 ecb9cbfbce3ce012cd48931cd65d13c1
SHA1 4e422256e51276eb8710df8786612116bc3b88c2
SHA256 7ce66cb1dced9a9daea5dadc7988bfb2410bcc7270886891246e32a7a81f230a
SHA512 c997d66cff0562f26747a8a50c395434d28c04a20315c658232a927ef381303b472000e430ac7fa1b12b65166f0e2dc5836ad3bfd4350c7e1a7151522754b2f4

memory/2672-13158-0x0000027274D10000-0x0000027274D3E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\3887f318-da24-4a8e-849a-a794cba616ee\UnifiedStub-installer.exe\assembly\dl3\e929f580\1f604e02_55beda01\rsServiceController.DLL

MD5 8e10c436653b3354707e3e1d8f1d3ca0
SHA1 25027e364ff242cf39de1d93fad86967b9fe55d8
SHA256 2e55bb3a9cdef38134455aaa1ef71e69e1355197e2003432e4a86c0331b34e53
SHA512 9bd2a1ae49b2b3c0f47cfefd65499133072d50628fec7da4e86358c34cf45d1fdb436388b2dd2af0094a9b6f7a071fb8453cf291cf64733953412fdf2457d98e

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

MD5 5f2d345efb0c3d39c0fde00cf8c78b55
SHA1 12acf8cc19178ce63ac8628d07c4ff4046b2264c
SHA256 bf5f767443e238cf7c314eae04b4466fb7e19601780791dd649b960765432e97
SHA512 d44b5f9859f4f34123f376254c7ad3ba8e0716973d340d0826520b6f5d391e0b4d2773cc165ef82c385c3922d8e56d2599a75e5dc2b92c10dad9d970dce2a18b

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

MD5 db3e60d6fe6416cd77607c8b156de86d
SHA1 47a2051fda09c6df7c393d1a13ee4804c7cf2477
SHA256 d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd
SHA512 aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Cache\Cache_Data\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Temp\scoped_dir4748_23042505\825cf5eb-69e5-4cdf-abcd-bed2f0310688.tmp

MD5 2f11c2007d34bbf3a369e66f9ea8f37a
SHA1 dde7ad552a28bcf08f176dac5f162313f288c8d7
SHA256 be7f6873903ccc6baf8beebebee7bfcaa50227cfc3c0fee213835d40c20f5906
SHA512 b8cd0ea8ff4dbc6c60f9ad7d8536a328f5a08f57ebbec75131bd6274eb435a3517c28fc7735c56c960c6c45cca6aeaf78fc7e48ba79eb39eeb7c072a2d597d17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\fonts\segoe-ui.woff

MD5 9a2931180d6b1dc7b33052657eef554b
SHA1 77b8f3cb5410c779206782a310990c19af2b02ca
SHA256 f424915a692bc5a458d6e7d9c99e4fe0cf5cb8883bd3516b01d4fef5da8d3663
SHA512 e839eb6fa727c6a604da142e7c823c5d8b7d8e33b3d19937da7bc1948c32893b08f0ace35c020e391ab0a9694b479b28282024c3518dac995eb87fd7aa18c631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\fonts\segoe-ui-bold.woff

MD5 52382539737f4e9913e4bf6b9966bee3
SHA1 d58d3dc5ff86fe8ff594134df53ea9b8074f6bc6
SHA256 d711a54cb4822ccf7926b1a95b7a43107fcfe8ef99a817e6906a1063657c7b28
SHA512 55f1767cfb589eca775f2849b975d8311295951f8e457be58de34983531961ce4fada3a856daed8d7cd712bd8b5fad53ceecf438949deaafb7d5cb87114ecb4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\fonts\noto-sans-semibold.ttf

MD5 dfad8b708bc7b6911ed49a6f35680b10
SHA1 44bd4f1602342642f6bbfc019cca65852d9f3ee0
SHA256 6a27c11bf011fbe565c4d5be9ab49d8535c7cfefeb3aa44dad5d1339f68aad1b
SHA512 0ee222bb6dd7882ec802fb21193ec49e814014f0ece7303c16c2fe24f94735f8d420fba59c9cd689748e89519880b723dfcbd4bbc635d2b89261cc336498e1a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\fonts\noto-sans-regular.woff

MD5 0a66f097fb9215e828bc0ada73d19e45
SHA1 f962197011fa900ec29b4bd14f624a3309854626
SHA256 8e5f3060067847d71c398a897b8f8aecadbacadec3324b41d6eec5b3014fed89
SHA512 060d79916429b617f950a86ef6783198ceb844f26e65b7d26fd667a37c577c5913ba4ef183d2ca0e7f46b3d6e13c128a5bf8c4ae7e0f543c53c051bf13a92fd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\fonts\noto-sans-medium.ttf

MD5 09dc02dbe8133545806d275a2fec2ca7
SHA1 f85d0a08f987df19288a61f18a22519ce0551c3e
SHA256 9d0511ca54de389e3ef4e8a8accdd94e6fdf73eb144f7bba2017e55924092822
SHA512 afd4ad23eaee89cdf729c8645f3d51ead449d8f9fa943a0158270857141d40c8619e3da98163b17770c09c0409536cd60c367736938645e119e60a11ea93dd53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\fonts\noto-sans-bold.woff

MD5 a65fc7725f81daa832e2ac5d4820c2b1
SHA1 a5602a3cb911cdb6ed538c22f451763d884092f0
SHA256 5adee3972bb1a6f74b582f79a5d3b4735e665c00b2e49938a4fb68755e56d9df
SHA512 f8b07d9d46733c8820cf2466a14203710f10ceba789f80fb700b00ff950e5c1f30fb035939911e4d1a4e7ab92f37ce8f6fb47f5d9ab58f5eb5031804e4ad96a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\icons\icon-upgrade.png

MD5 8f0dbfccb36007d663b552bb84db01d5
SHA1 709b15810f26fe075d1037b7d90e196f4471d574
SHA256 07b43077658e1bbc63ac5c7431fd1940f74e8231a532a055de9e2fa0ae79b0be
SHA512 064962f997821ab44b523dc6a7524b6ff21352d90fb9e13281a72ad4d09d3431173d96c71277c92cae023f91d435700169113f14171446d52e65e48b1a44f719

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\icons\icon-threat.png

MD5 02e2204d82355dd71f3e9a493087ab40
SHA1 dd3e5c7ba4d4f7d4784bb040718ced43b0ec6d57
SHA256 d6c4b23336f9539c8dfb12a44282aebe1c052a8bd2a808587c08b01809a755cf
SHA512 035814b7e5ecee257c897e4ce0aee38839760eba0b745df3258e2544429e3ba0a351eed5596ac6125b2c3ab13aafb8d3b97383c2fadb56ed315d7a0b7dd92a54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\icons\icon-34.png

MD5 15b14e66c46e0a83449fea81f4d0e59c
SHA1 c3512dc47f25eb700e21a04f0925aa9d6996f08f
SHA256 10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e
SHA512 c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\icons\icon-128.png

MD5 a3c4a97b3abf5c40532df4c73b6a0aed
SHA1 487bcc26a31f4545cada98e13532510784f3d9e4
SHA256 dc9ab4985526d23074e9cf2ee176e68dd7a5cd282c147df32733da083b7ce8a6
SHA512 71c82630413b7d9e8f2541bb036b1884c2e88ba5abee2e6abf79744951f1f2e65f7a3d82fb59c274ad7f02b3e49ee5fa2f20973410db3cc2ca92e6bb3dd42fbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\logo_with_name.svg

MD5 7077be1629422619bbe5057dea2afcf6
SHA1 dccf730b9bd0ba9fb7c505f350aa2428457bc952
SHA256 0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa
SHA512 48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\logo-white.svg

MD5 716872be17ae1eabffaafacfb8c0d518
SHA1 f2dd6d573d2fefe6ee189dafebc829098e6c973c
SHA256 824842f23358a42597e09fcc04efadd083e1bbfd6a75a863fabc413713013cf1
SHA512 a54c370a019f85be810337c5550392cd55c6c208b8ce71156c670cd6d5a62c6708f9c4a2d7370c76b0bff3c4dbdf2f99df3dca043084d3d1b552011f0688de40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\logo-blue.svg

MD5 846cbae00ad12be63ce5319c6a260323
SHA1 aa840c643cc93e70f704b2d191d4686df04c11c9
SHA256 26abe92c6ad8587e0a373ed74aba3c33f82eb2c8efefd5fba08ce66014417fa9
SHA512 6f3688b8964a38ddd081dd9f431c413656b44de3d0cdbc14a536ce4a32a1ad5fcf7a4f3f5d75b2c986e8fa647fe75cdd32bbaef27bec39bd9c4d03b328a8eca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\crown.svg

MD5 e2e93bf6f4365635d8d01a854caf31d5
SHA1 33502919a2f609b8ef7c8a18f7722d3ce337360b
SHA256 7bf49e91bda1b6dd05b94288fbd86391500557f272b4f8e0ad3a69549e7a6104
SHA512 5548d7fc0faff4ecae85888dbe938438390d478110c26db26e27f9764a3dfc3e5faf91789f84e9e76575b8f371a6cc0cd90feae6b8e3dbf317e59129b71cfeee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\close-white.svg

MD5 1fe8bf19c860d2e13f6e9f1ebd2778cb
SHA1 3a47b23b93a3b89abaee6b57fdb597a742be1d23
SHA256 39c46e8e2da43cc6f31ec85120a8879bee0eefdde9b20ce92d1f5e8733b6eb40
SHA512 a3b13146700e148dd855df06045b374ad0f887c3e7452daf480ce913e47d199425741553d9c56e01721739829a1f741d27bdb564882499b908d55af55f57ea71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\close-blue.svg

MD5 8d8bf8908be87508c56d626e0a776978
SHA1 3cad5703edacdadf1dc6fcb48fe921712b16fbf0
SHA256 9c5c3329378a3bfba29911b873f1d94239f6ac54dffe6bab113b3d51d8dc0ae0
SHA512 fc0b25c71d69c3721c104afd9ce6af91d89a92a37bf47f97e7df96187e45ed25ac08651e564a09281906e678f7df25af11aeff44b80a3fc17bf2c25c78e1236b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\check.svg

MD5 0b2e057ac7229a93f0c0815343c57ff9
SHA1 4c99a278bb5dd30203fb4f33f8d3dcfc5aae5a8e
SHA256 98ce9f3ebf75b2ca71e096bd01988540667d9e9636d5512fe17d099d9eba91ea
SHA512 daf1f0ac010b53f48a1769201bb48df13ef40531e55d3b0736925fdb81441af75f6d3f4e068090feaa6c8ece9f5168c8e44e1dc18c171aca6ef3596a596e067a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\attention-icon.svg

MD5 5232d122e13560c86cf3ff0c84ecc3de
SHA1 7c0a78dd1c15e4b50943e1101f0caa8c0405f2c6
SHA256 616cff0cab3ee3e3b69aff4423a541daba199172d2eb2b0f5e7d83e1d6e13f99
SHA512 619222dcc939be36477504882d3a6689a58f9ede708c135fc621d1b8c9d3d9bb4bf6abbecfe7c13bbbbcd7ae2f0f150baa3ac5cd5358db0c057453042484d7a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\assets\images\arrow.svg

MD5 8a4011cef8b4f6e1fe6dfd28c497ad69
SHA1 395ce130677ff0b579f1f3c7f8b45b8489490094
SHA256 31313b5ae51fffa0684dcd10537b9534413f105cfcfc3a8a39890bad5f3aa3f4
SHA512 e25314ee23995bc6d8cec92bd969b9b7e956d46e8bcf8d3ac209445c6f551d311468382f145f8017f6ab26d7cb8c9b6a0c4b3b41c5e7c3f03384116bf720ed85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1

MD5 d7a63ccfe52eeb58faa0f0aa441ab878
SHA1 050ad45533af7c85a5369c48e0ce49634ed62d65
SHA256 3a68db4a7ef75fa420da4db273d62feadf29e863800b584f97460cc6584d1f56
SHA512 583c464b95d9abe2ca9504f44bc3030c0698913470cf7a3890f1f9ae79b2477989b27b4f16cc9e61a991ca1af8b507eb9d4b812d766d6f1f0d2200a32d41c80e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\_metadata\verified_contents.json

MD5 1b01ffc2bafd0a464913805b97e1dd6a
SHA1 f64210c6b06215c5d288f26b3195c557951db428
SHA256 f14934357881f8c7340890752a4fdc0e5440c7ddeb29660ac642c9a972e5f551
SHA512 0d26c87a86371b26bdee126c4ea37fa437538391f88cd263c058e3aa64edaca91efaab01bf93f5c81d4d8df92e73469fffccf403dfb4d49267653e851fc6da20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\rules.json

MD5 5736d36e31b7bc0d59788d30260281ea
SHA1 c2810c0335d1760d2ab337db349c362596df06be
SHA256 79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3
SHA512 046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\manifest.json

MD5 36c7c3d8f8d37e17ee06d7a4ce3099d0
SHA1 ea7a3d54e78ddbb80a05888412b2f079a75e5b7f
SHA256 1b594fb15c701e51f960bbb9efdfa72198cb3b6c3aa122ad759524e2c82a2142
SHA512 990a66fa225c7f63804a5c0ca9d4d1af87bff0c1ddf55cce2557d14ebfb17f8639dca12f544fc2c5b218723622fb1be6f7779d5ce8755a562957e5361d6fc9c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\index.html

MD5 336fd61de62addda84cc9e5c283b7e67
SHA1 6b5985b920c40c61fb320f70be5f89233754699c
SHA256 6476c7b35152cbbe4906e94dada4e68faf052744cb0da74589679b86d49edd15
SHA512 2f641a563c6283ee3582c597c10be2336a18cf5e4a1e0c1a3c8b661e1ef49774145f15630b90cb5c1f9bd9439c6d64dc2bfc160763ae3d949eb0eca805bfbad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\index.bundle.js

MD5 21a57bcfd8166f1a78e93ff075073dad
SHA1 b222925084dcb825c56a1f4d061ce60d73b5e697
SHA256 5fb95e4a8b1ee5fdf974bf4fa3e0890b3d973b98598ced1fd5f4cbfa27e7babb
SHA512 5de66932e9868b16eba364c24052131fa8bad2e097c72bc51f8493b91e8380df4b4717ff97536fb3789a6cffedf198c8b5bfba395572ceadf32fa1eeb130417a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\contentScript.bundle.js

MD5 b5420e42524ff930ce283a078768460e
SHA1 505dbcb230b71985e0b75e1e323ebffe3b15f295
SHA256 a5d2108a9097c9f3fa821b3b90d79c5e4824f74ca21a18c5ff7271b05fda83c5
SHA512 3e8df8ad43c6dc59fa551719057f631d197402d7009b09be898454f28e56378c8539994a22c6141ea527f37549554dfe74e3169eb989d21e9ceb0637d22f61a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4748_1898917813\CRX_INSTALL\background.bundle.js

MD5 a0f181524d2f89830b233309e578191b
SHA1 5112f2f12100b01f242b0690a3aaf5f7e729cd9f
SHA256 727de56a3efb2b77feda4ac895cd5ab0e7f24b28ebec029b0b3460ffd5912eaa
SHA512 f4324039feb00e2109372a40927d69aa2f739d2dc8383f929689c510fc1a14bff653fe179810daa5d2a4c5518c846020ce8fdfdba403e400535a49f6976b8c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0b4f5768c461d7c661b38a59546fa37
SHA1 f331115b0885f43a2b77e42909ff48dae05802c2
SHA256 9aad5d159922bfde09a0ca83548a8df7b5ffbbd06e0f22ad8fabb744e2a6f23a
SHA512 53c52396768b5bd4ce073d43d02c742f60ef2ca18d8977d028c1865905e6f33ae33274af692cc7c6ee552d221795ca81bf3225c410c7d4c295d4b32a81e0cc9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 552074b70d0a504761867e4314fcad80
SHA1 0e4020d4560fbf3542cf7e629fe11525b9b0b8bd
SHA256 9c7c64b348fb8deb6ea72bfb8796a5531372e9b254f87bbc686f3092fcef6b06
SHA512 8000d312b6a4fb293a26a8032d4207fde10db081ed350ab5be3c65ec108b266311544e85261437120a876874fd2b5d1c5029781d3740d5ef3fc80490479e5090

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5CXYVBKPAA6ODDXOHMOV.temp

MD5 aa8a3f2a337a375234141c616619436d
SHA1 466e20ea6eba65be83fb1bcbf4adf5e67cfbfefd
SHA256 a5fb1e508630fb151998bd3e8c2ab8de9ddf6611f5eeaec070d88ef688b6456a
SHA512 c3988cd47714d96609c892e2f991cf3d370c4319fa90b0ad964ed7680a38fef772a9ceb2a0bad6fd1ad1ac07b1d4e565b718cb13394edbec9ba0352ea8905999

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35a0b22a1e815acfafb5e42e4e46d867
SHA1 06f991ede7493a3e9bae9b7f29b20ad951a3d0ed
SHA256 9ad7239e723a6f79f260c738cf087f8e31708be5ac408d4c0a3ec1dc690f83d0
SHA512 b940f02cb99c9df90748ae2a41df9ff6bee1b89ef49e2ccc3ce41a694db09220a68c441d1db9cd435af4f2dda73e57f5dbdc40f264b8c564c677de05e778262f

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Network\c18d4fed-b54d-49d1-a5d4-dd41cf843411.tmp

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\29c43cf8-c6ea-4a62-ac71-51c19e19ebfd\UnifiedStub-installer.exe\assembly\dl3\5e5a742c\47105276_eeb0da01\__AssemblyInfo__.ini

MD5 41c2657c62c2c6d96eeca9f7f3297c14
SHA1 e4c7a6370bfb92c5532a5f710a89d2dd4184516d
SHA256 e3cdca19646671feb2778d2543907aae4bfdad2049448c08105aeff153fdac11
SHA512 bb54e94e87428db74e37b461c2b3a6b9df301bec70b371d41910355ac3fb8d8046debf9f161c811fafb475460e8c8f605471bf93ba3be7a63703260be73b1525

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 86a95065966546a93acdd28f200a9240
SHA1 ee5a0b1eff77ab6b8f025851c21ca08d4d7067c9
SHA256 e1d83843ed87d1e44e1d843bac6c824fdb0c1e7c30c3428a159588d36b28a074
SHA512 9e75e0e98ed4f9c4a5e6c4c72a0fc1f3a306a82a0f9059576328fccf1a9dbf8c33776bd5148d50d1b7d82ece14f3a72953698f2e1c657b30b8408f2e6ee3a528

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\fbba2724-c266-44fe-b0f9-3ef96c6d0ff6\UnifiedStub-installer.exe\assembly\dl3\8d7a08e2\2c13491e_55beda01\rsJSON.DLL

MD5 fc1389953c0615649a6dbd09ebfb5f4f
SHA1 dee3fd5cb018b18b5bdc58c4963d636cfde9b5cc
SHA256 cb817aa3c98f725c01ec58621415df56bb8c699aaed8665929800efb9593fcc0
SHA512 7f5a61dd1f621a539ed99b68da00552e0cda5ad24b61e7dbf223a3697e73e18970e263fda889c08c3c61252c844a49c54c4705e1f3232274cbe787a3dbd34542

C:\Users\Admin\AppData\Local\Temp\7zSCA50EFBF\fbba2724-c266-44fe-b0f9-3ef96c6d0ff6\UnifiedStub-installer.exe\assembly\dl3\fbcfd1d9\683a491e_55beda01\rsServiceController.DLL

MD5 860ced15986dbdc0a45faf99543b32f8
SHA1 060f41386085062592aed9c856278096180208de
SHA256 6113bd5364af85fd4251e6fa416a190a7636ac300618af74876200f21249e58a
SHA512 d84a94673a8aa84f35efb1242e20775f6e099f860a8f1fe53ba8d3aebffd842499c7ac4d0088a4cded14bd45dad8534d824c5282668ca4a151ac28617334a823

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.InstallLog

MD5 6002495610dcf0b794670f59c4aa44c6
SHA1 f521313456e9d7cf8302b8235f7ccb1c2266758f
SHA256 982a41364a7567fe149d4d720749927b2295f1f617df3eba4f52a15c7a4829ad
SHA512 dfc2e0184436ffe8fb80a6e0a27378a8085c3aa096bbf0402a39fb766775624b3f1041845cf772d3647e4e4cde34a45500891a05642e52bae4a397bd4f323d67

C:\Program Files\ReasonLabs\DNS\InstallUtil.InstallLog

MD5 82ad0c0f342c8aab8215dd824a72203b
SHA1 1ec839033124a812aa93588f86119c3339ca0dbf
SHA256 f58c8975c43f31c8f7c949e8c4c8ce111e7b3a5949e8fb0da658c10fb4e0ba7c
SHA512 9a640d344d5a92ad572fc7d07b6173b7fbc1274540be6eccc307a868076d92350111fa7e78fe138de7979d93b22d761b143a757a305d831cf88180fbf771407e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E663C78920A8217B4CBE3D45E3E6236_75C1BD04B8F3DBF3882A89F51074A729

MD5 782dff42ec002bededd2cc8b92d27fc7
SHA1 64c9e1e5eda2f2993c4bfe3587a7a45d94644964
SHA256 0d1328c04a5ce401165e3c5200ee22624d38d310e7af8c291eac56546a49d5b8
SHA512 ce62cce1ceceb761309d35a512ebef90452c769722c61fec21b1f377093844058537dc9a49fc0ed44e88fa377e826ff239776a00f5ee4b5104f600003c356f9a

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.InstallLog

MD5 c80d4a697b5eb7632bc25265e35a4807
SHA1 9117401d6830908d82cbf154aa95976de0d31317
SHA256 afe1e50cc967c3bb284847a996181c22963c3c02db9559174e0a1e4ba503cce4
SHA512 8076b64e126d0a15f6cbde31cee3d6ebf570492e36a178fa581aaa50aa0c1e35f294fef135fa3a3462eedd6f1c4eaa49c373b98ee5a833e9f863fbe6495aa036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 be45ef2ce7694cc32aa69ad624873c13
SHA1 e43a264ae454257abcd588fc9b875edb68756f33
SHA256 09f5ffb3ad13e9a0ddbdf4df040acc7d67cbdd757d0d536d6e69b7217394efed
SHA512 8b83c0a465e9b42f32ffac9380aa47b1f25f9f40c2cb71ade379f5627b60b9aeaa984c24706b2ba029a2ecd07e949d172f1cc044f6d0bc1213b805e68b2ec1b6

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Network\Network Persistent State

MD5 b29dd1e4b7f00b443954f7d1608e0413
SHA1 006910269b606624b7307e6a3f3797f3efe01fe7
SHA256 f410fee9856e1c8e20db163fafe2df7bebde541f3076728c3ebde9161a52930d
SHA512 ff893d8dcd1d6446bc9382550bcd7f8d9736f2114dc10b4242aea6918a55e50cdd05a863e905356ad797f742d604bdd2ead3b440ebf155cb7d50e00127320286

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 238a914e57492b6331b021c76a34d167
SHA1 341e57e81479c0ff3c892ae074cc3bbe4668ea94
SHA256 b6876c8cc052f4acee534625e78cf7c552b29e6b996b3be3f6111db91785e85f
SHA512 c58b7abf39a0fba46902f108116d44bcfcbabcd7aeadbad93c96a190f9e2401a35e1ae4bcfad0e4c87009b193f705755709c97d50394693f72417f38b3d1efee

C:\Users\Admin\AppData\Local\Temp\65ead63f-f905-4d88-873b-75b79fa181bf.tmp.ico

MD5 ce47ffa45262e16ea4b64f800985c003
SHA1 cb85f6ddda1e857eff6fda7745bb27b68752fc0e
SHA256 d7c1f9c02798c362f09e66876ab6fc098f59e85b29125f0ef86080c27b56b919
SHA512 49255af3513a582c6b330af4bbe8b00bbda49289935eafa580992c84ecd0dfcfffdfa5ce903e5446c1698c4cffdbb714830d214367169903921840d8ca7ffc30

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity

MD5 b55245a6c7afafac76911cdb7c1eefcf
SHA1 ee4a1fa5dac82c1ac9810d721d4a35586bac984f
SHA256 212ea378d5b61ffbcd004f156bb97d61021cb2d38dc2d66bd40b77d6ae51e2f4
SHA512 508cab5bdf0e93f19477eb4787ff5cb775155ce8fb8337bc79570122f269f28e452331b4576625326d776c3316e5bc91e7dacf94207e53df083f18b26b1f216e

C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS\77433d12-2a4c-456b-ba93-ca17d2b29abf.tmp

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity

MD5 6c4f98f86acf2fd4282d2061cf962e06
SHA1 f6f939bf660ef02227244e59ab75591468d6ba1b
SHA256 e112da78a52997cc1d7a217c711d710a1421cfe3cc6bf0da59a27d0a4defcd43
SHA512 9c4d44b7c6300e191a7fbee1c949f4dd0b3007941e4c7f76514d08c2f2768f156173362a828e6eb188b765dcde0f8f5aa58ef4825aabec084bce7117437948d0

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Network\Network Persistent State

MD5 7ce264aa6cf2e3012faef39da02b7027
SHA1 8e6f1ca6e4311bb4dace8101d6694d4c1eada3b3
SHA256 94588f7d3caab4de0d1abe6ce6823c4015ec4921a9f8dfdeb1546cbff6c93657
SHA512 962bd22e0915d18e0debc48cfadca2611c27c2d32562eaf898df593b50041b810e0b7a36e527f011b37317e6e6972fe80d7e090ec430972516c83ae635c9d61c

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.15.1\Network\Network Persistent State

MD5 582cf8301cf4f790d4a4b73799e093f2
SHA1 ea88e508ddea92049d6a0d4386923bd357dbd395
SHA256 9d37e796c92a2a219d5842032bb3132436dcdf828ac5c6faf396de9b6dc48470
SHA512 8ffad4fe7c6359599ca7a53e9be9c140ebf27c299a415937ff40b6cf3863b888569fa8e6e21bc7164c7012a28e027996bd245d29d397b43dc57bd044a57586e3

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Code Cache\js\index-dir\the-real-index

MD5 2b5f407240b7c595ea0d8d95a4bb2792
SHA1 9b234183d6414a630a2e5cfe67d21c987a9f2b1b
SHA256 a3d4ed4a690a7891e59e6a1925d721f8f68490ccbf24a0f12f882c2cfd76a423
SHA512 f0c3ab63880969a2655cceb7738282eca46afedddb8095582194f264058529ae8227fba832da348b979ecc8cd1884a8faae028e113a50c573de6b39953e9a334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

MD5 635efe262aec3acfb8be08b7baf97a3d
SHA1 232b8fe0965aea5c65605b78c3ba286cefb2f43f
SHA256 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06
SHA512 d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 57a09a381255b716f97d35162e6d03cf
SHA1 2c3896bd47340403f67d2fd834ed396609806b58
SHA256 91762de21a32bf7714921e215cf564232ea09afc529b620584de7e16dadfeaf0
SHA512 b10bbbc4c552f31aa18458d0eeef6ddc656d7e9b9d99290e764e4a60c0f26f118969bfc0050cf3b710c7cf75486739499c7b9ea9fefe792a20192a67bccfba26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 a9ee0092a50e4443e7cd01cefdc6d95e
SHA1 18614eadee202eae00c3f22267d18cf648446b93
SHA256 78c268c35b00d23224cb9ad9ee70426c943d41d4635d558756ef83f985e7cc9b
SHA512 d4db3c81cd081d582017bb678ecc7edac4641c840300b802c88d433a9f79fb709176bb8c11af35d55562ac0a82b25763477e3a6b2784456a5f4b8be625d165a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 5d0e354e98734f75eee79829eb7b9039
SHA1 86ffc126d8b7473568a4bb04d49021959a892b3a
SHA256 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e
SHA512 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

MD5 77e89b1c954303a8aa65ae10e18c1b51
SHA1 e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73
SHA256 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953
SHA512 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

MD5 2923c306256864061a11e426841fc44a
SHA1 d9bb657845d502acd69a15a66f9e667ce9b68351
SHA256 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa
SHA512 f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

MD5 eb63aad3cfbfc8e4570b89c9f2f651c7
SHA1 c4ae7ad4c021508f7721b16e82efd60826b1e96a
SHA256 dd2ae4d6b1cbf32b75433ea22afa1022f8aba05f521447bfd9b186694a022467
SHA512 df0ee255da8abac46386a70ae562d30d7e898bf7070e9082ded20546cac552ef951b77b5fb8b12f907828c65409f6450258791eaa1e0739c89810cfc3ad07db4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4

MD5 30a274cd01b6eeb0b082c918b0697f1e
SHA1 393311bde26b99a4ad935fa55bad1dce7994388b
SHA256 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
SHA512 c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102

MD5 f0c0412e4f7e8ebf6e1c8738622abdf4
SHA1 7e5433f4d55ff103426fde504031eea535b3d55d
SHA256 a67bd5961e1d3fba115d8d04644accb4df135aefe880d03d7e66c404c85b47de
SHA512 5d228fe7f147e41b874a167942c017c130cccb61fa05f80cdab0911dd5e0185b8974c93ae9877c5d0beace13fb248bfdf717b29d450b12e08e2230c806232638

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000244

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000243

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2defbd1dc1e7b53b_0

MD5 331ee5aa798de705b4bf5cbe1d50d7c9
SHA1 44734492f20d1dda8509dd0965fa4261bb3cafde
SHA256 d452022ea0c4d8d3be4a746e8c38c38f0e815ddebb6a7b01352f5696f2fff09b
SHA512 4a3018fc24a8bafdb54eb3e77864f68c442a41b509113ed4e7c6d987185559241d36c507d1826097611e26fea2bc848f2cbf7b7ea559772c21780a12d86104b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79d56535d9ac7e3425e9a771386a6f5f
SHA1 c73e6da485571282987f09d19be128a34656f26e
SHA256 cb226f531088e257fb50e3d0068e8f7bcc4782ba70f1cf5641c80bca6ed3c02f
SHA512 29157d26cbaf54c8abfff4fe7cdfbb28b6550a146229f763e8c67c4630efe237fb61bf895cfbeb0ebccc8b85c94a9f8c1fce430dd38b30d32f72ad9ff1e6a64e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ffed120fe243cad69889f27efc73bb9
SHA1 5d8e13eda3dce7c1eedfacb0f9dc634ac086057f
SHA256 4440c946a3453c75e7e09447e581f2473036059f234f3cbdcadf48f9f0cff40e
SHA512 be099b8e7cc004400120f45081cf6d6ef524d20e971882e3773d47ff888abeb7d79c251797bde726bab2ff97c46d3560bc659ba1c42fa4142891c71985c1fd41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 76f41d516d500fd3886185a7b8700f7b
SHA1 c3b5183438c7788045fa4b8fb144fd27ac7b1614
SHA256 3be32df30cb07ef09d6aa4550ec2355763b8f0c8af0f68de68cdca3d7a5d321f
SHA512 7e5e885b6cffc11d4ab47974717fafe2b85bde48d0f3e899d536ab32d8005e5278341799923940d6fa86951cc37e1d53dcf45aaaba3ca64260a2eedd45441403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1af1aee4cee42c9_0

MD5 ec9132da81de93c7d7bc3df97c0f7c1b
SHA1 3c4c531df55bef8bddc94ea09eaf12091c9c8e88
SHA256 f5f451c61056f0711e4daf69e82cf5640a3d20a32aa7e7ec7b018333f374de60
SHA512 436bccaa695d0cee517cc3db4dffbb961ad11af4c890acf6bcd6d73a4437da43db4747585d935bf1e948f49a28f8dbd27111fdd8d4c9aaffe3380a35a61c923a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70faf906ee2b1c1e_0

MD5 c1126b521dcf24b3c06f4b2b86ec9d84
SHA1 9f592e6a6661e7c01fb675f7ee5e85f3a56f0122
SHA256 c61ae3d9e1deff2ef098ec8451c62c43c1f416f8b6b474edd0e19f5f538f04f0
SHA512 025a8b6415a950b15ca8f98ee815df081a2efdfdafa34c11b659a8ed22400b5bd1c16f393c340c6d3c267de9ec1af4adca3322bc016d0b79fb4bbefa32636b3c

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 95cf106a384c34f6d6d1390d7e96cf82
SHA1 20796b9a4baee76073b871e04186d2ce74671656
SHA256 ff7277c820f45842365b6d7746a95c6542215ca980512ac886b1f57847783fe7
SHA512 f10685991c94ff5eb2d24b7cdf4cb11686794191f8a2bb573e7296121595b65efa03868a170977b14065b5237504df58af3af167301c7054b5ca797739ff6a96

C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS\Network\Network Persistent State

MD5 db9e99282e3417b4edcef29b4c2949a2
SHA1 d30fc4a84c52222f5ef6c406c96467422e89e75e
SHA256 d149a64eeeab9b95fe934c18de51db24f518192daa1ef6ee7fd0ef50b2116881
SHA512 45b5f8678e4687d021d67b98d0bc131b3a4c9c4150695f39529b1874860d88f5500e2912ac2b453d206b6cb6cc83877186bd285a11e5acb049a2d1d0cc216b94

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity

MD5 c3e16269ab39426d90e1f5c76ec11a3e
SHA1 b71d0f55bfc566ae8162d4d8cdf6971cbfd5bc16
SHA256 d8caa4d708c26b5e66340cc4c59e2db52f2f1de9cd7e4fd0d74b064d23aad1d1
SHA512 b98e5b4089040b11d0936a45d1a60aabcbcaaabf549a6b4448e8481ce39ea15996f83aeacd4b4217755f6c961e9269ee5dcd1322a79a41ae775b95a9d9d56d73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

MD5 af7ae505a9eed503f8b8e6982036873e
SHA1 d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
SHA256 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
SHA512 838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d5

MD5 cefce9e96f711cab237d5fa47586eed0
SHA1 8fe6afca7530d0028d8424f8200635d7600ba0aa
SHA256 1239804add39053d3b424f9b765aaaa17c62c7a5f7f3d42b40389919687c9ef9
SHA512 41ad826f13d79e385fb5beda99c37197c0446e7e29054c7649b8f94f204c46fee09da7b9cfed7bd5ef6f56ca4d91c8fa2a1bc4ddcb41692286742b3fb612fef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6

MD5 a75811bf6c28746b06109561a6ce87c3
SHA1 e223239a78d5b55564b3633f7103231c221c40ff
SHA256 3beb3e40c244a4d262d9cb8cd026ab8de2db89001c637ed7a5d0693a45e80fe5
SHA512 2437837dbc0e0f947df9a76c3f3b08476ee9f5c6c33e74e567a2c6c6883bb1088df77f34e19b27a82f0999a13ea41ec90dc30125a05d2bee555cc3eea1e33dfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

MD5 9bbb0a8ef24318c9dbc5d6acfcbc40bc
SHA1 1c3f445dfad233430b32021ef115e55785eb11d4
SHA256 6e2ed828546fb833589bd8d4bfcecf5a23a089d6f8d50f160089957dab0e7244
SHA512 73755b5c5b0caf8973add29101c1a61ab8a9d87b68cf27667252f016d6de9e38c93f621d83afd0245a093afe34704d3ef2798da47e922606e9f0ca242b3d230d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da

MD5 d21b2e21ebf57cfbdce64c6e10dc0f28
SHA1 16db28f34e89f6f2a178b3a2c5d9a0ff937bc624
SHA256 9362c93ce53cd9717e33b80f1b6117f852af9ef8cdf65b90a2ea606622324589
SHA512 4d285a2eabed871ac4d361a7b385b9f1bd3284f673bf1ba6843a7fe210957d2df2fb722c515b54adee42292588acabd8a4a3280562c5699c6cd6c31b6c15c6f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4

MD5 a85372488fed1c5551edc2bb9ae1cb31
SHA1 1afce6c24e103c7040f6f761af897048ea5465af
SHA256 c2e9ac3973fb11ce9c8b020f7359913ebfc3daf80be512f049fdf8c5abc48d1c
SHA512 85f3153911678157e899cb7fff90df727de7bc047227f2ebab644ee679f81b47f31358c32a2f2f260bf2d353f44144b739ca8328c58443b42bcc6ca4f1dc62ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e6

MD5 289482a73d014f56649fe6ec8fd8684f
SHA1 cfdfc642ef6be52541f701a1bfe6f33bbeb5eee4
SHA256 f1c3bf44a47f44f36d3f46e1f590d4452fb3715d600f5294b1fc2ed39ed30174
SHA512 c008e0c799e25db1e434d9e4c34ece416d4ea8991de6820db2a0405a5b546220f3225a6b8a176fde34b2c4c984386aba1fb8ff2055808ce4bdc4165f9f44644b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5

MD5 7637f9e611f3e9b9408dc0e12ce79c90
SHA1 c6292f88a7a90c813ddc127affe0b15455211d10
SHA256 101c621ec6694e1320071f72df0b2d4dd5f62b68dc12a0c52ce6f3565ae976ca
SHA512 eb0af99ae552c4a3c4921e4266e4f093d114d7c864b0c62647fd568a0b960756ed6f9108068a202c7c68bcfca35e19a358bc5cce03d594a63d13676a3c9210ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000eb

MD5 ec997b074216690e461f7bfc2ea2f00f
SHA1 bd929d9f2e17553f5469c7516f651912c5f737a7
SHA256 754023915f69064847049f8f3bc7ba757928bd4163ab2ad42e5e3802b72dfa85
SHA512 982af5eb4e6073f5f6eefe9c8f3c8490566dcef23f78b01380502f6f3d910bbbdd385f424e71ffde852bb586e0e5250c255f2b9e5996ba931421945354aa85d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea

MD5 3d3840299e5d96232e122ed3422f46c0
SHA1 040555f702eec8c82c2dbc8e76aaa4d640d24392
SHA256 f8b1c5fedca08efb7b79d3eb80119d6af7ac093f3561ae150326186bbd826c62
SHA512 cf6051b6d83bd01d4f6910d97607ae3a0bd83a0e123fef894bd71ff0ec8f5f141faa8cdb8a6521c336c1db0b9760934f2ceca395361b7c00dc930a9c192b999c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e8

MD5 5aa7d897e8baeef14c1a4b37e753b7ea
SHA1 83c429b72359e4628b251be9d16323bc3f63862c
SHA256 7cc41eb097e1cc58ba33a7972776a22d03cc4d4eba0947e86b9a83f723ae2096
SHA512 c31f470c617ff10f37325e7948224af11a95c988751def0385f600288ed41176a0fbd087b66b4dd2a1bdb4bbe34c870525b93ae31747c2e4d5ee914ed0e1f943

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e7

MD5 20897540d29a4e2383b2a0d9dd255a62
SHA1 f18ca8ea7aa85158fc1e33e7b3c3179c0b1a1eeb
SHA256 d1fd16ce7471caedf25b9bd7de5b1cac4717fd444182519a0ada8d7814b13f93
SHA512 2aef8ae8acb7af6b3b736cbcf0cf2f1803270750e59f04422d0022af71c3d696ae464f7ac925ea4c8ffd5bc033bfcf844f720c61862bddd02b8b11ca9a391b49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e4

MD5 06ccacdafcb722c1613d0433e696c238
SHA1 37995abfb36cd954645ea79ae5670c724aca8110
SHA256 44ae63293602a44bbc2b03b8b098b8d8b1991e49aa6144c6c53e168bf32f300d
SHA512 3ef2e042ad6600307a67ab76b08e4c71a44a0476c06552bb9c90ded293ce195a271b9264b93099af550b5486a61f758e1822537ccdf2364bdbbdc5b9d870eb14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 7e895bec2e5f38985afea2bf9055c86a
SHA1 420701072cd466b1985304881d9dd94071c60a34
SHA256 4ed0d2040c2d7de561274a74a76236e283e4133104d6759393be549907ca46c3
SHA512 dc5d9ee01f8d0ea38a88f0bd8bfbeef2294d181ea4e64b3ffa3e75a0a2ecef76727faedfb01b5e149a3c4ddefcbe62391185c01393a0b0d814550a03c24abee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c2619c8-542d-4d51-a8c9-7998fb6873bf.tmp

MD5 400e74bc7fde6174b00586f2806ea27f
SHA1 44daeae62f42671839dd992f8d356e7b401bbc41
SHA256 82ecd85bafcd54aecaddadb54df7c8684ca73e5d06f394a14a896356eddd104d
SHA512 06f42ef2340f44328c2a46735418adbd6147fdf360d399c4734d0c910db60ba75d1922bbe0bbadc71361024ce8ade02d1fdfcc65602da38f7b2dceeb4b9c4395

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a75c5011-7581-4704-9684-e5e67aee8ffc.tmp

MD5 942bc1ab3acfd52603db01524ad19c43
SHA1 92baeb1bd22183275c675eb046ef84c4ba15d7c9
SHA256 95470c858bfce0f31e5625dde59e855527c9fec5c354be9f2f6fa885e9fc0e98
SHA512 8c3ea844cc03f03b3d07c3e1e79c9bab2be8ec3cc06630cb727614f94d23a5dc5e526fac1c21d7be5d86ede7ef89aa954d94737fab0fdd0d359cdac4b99d1b47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

MD5 55f7e6051aa45909cc0290083a18fac8
SHA1 8e1f31383bd14001f1aa2bc5735299919ede9469
SHA256 20d18c2078927395016cad2c2fbc5f39832540ad0e70ec9a856e60708fb164dd
SHA512 2c66e91a90718cbebd0a5ba3b912efd191845a76adfd7b98722b4fc682832d934323c965094ba73d1e07926816a3f099743a0cc4f3848ebfa3ed705ff746121e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3c5e685e1365acd0c77b914e862726ec
SHA1 cdb07d95a5b1115a050d21bc7d8f36ecda362623
SHA256 9af84adf38b6fd2f921b0a045b4335e7fa4bf17d114ca7e12edb75fa1ee0280d
SHA512 d0dab8bc776fdeeb7a4d7cc36f751c43a4332e55c84b77e5c3ce8aca132e5e54ed2e5ec66eea82700b198dfdec41432912bd9f13ac5e994cc3ce6574b4aa52b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa59ef6847c50d46a8663bc1b240758e
SHA1 00840cf34970124d443b313379496be8caaed3b2
SHA256 a34e8a16a6cd95eb7a7c76d8becd60860abb25b44c8b36bb095d032e88721868
SHA512 4a2c083b81ec2150214680a6cf898d6cc7dde308ce0433073dfd3fe48c77083b338a53ff23c2e5580ace606d1e0494bdf9c7113a7ef79a26d2658a8ed9692edf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ecc4570f9c5c2f18fd9c7908fc5e28db
SHA1 d77d39d46ed42d3d97238758763e6fbfdba096ba
SHA256 7653434388adac33c4342cee48d123db76fef9dc7069371b0cf97590a81e2171
SHA512 730cbfa58335ebe671e7f305d55e18c1e94767b36dc8d0f6b234877336a96d85cd1d52c391f644d08f5cdacea1cd01c037a96a45f4c381874e7bb8b51a8e8718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2dffcac29480069b_0

MD5 df6e89674543a0fd2f15d0080157fb65
SHA1 87902149be5f6942e92f04cc7c1f578d88179117
SHA256 6e2f1c2e737d9d9e5e2dfcf870de90b595ee3e49e106315ad792d36b80c9734d
SHA512 de50bc84421df2f84c617fcdd859d914b68118a042dd475059c7cc4f249969d9ed4176e7506433a5a9a0f7126048eb52b8b0260a7ed66334be1b7a5e8be67df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\beb5721bc92df722_0

MD5 72d9a3f414a85d3fd39f5db16834ea73
SHA1 e1eef056c38d655ff80c54b28f6481063a10277d
SHA256 e9793c54e7a106f6b701037a8be14293e5a64b23b605cefb6fad46b90a650e5e
SHA512 1b84a6063a1514c42d3ca929740c0893f123ec0946dc2de6ff64962b9b6c0741eec914f10f807f2935ffa8e59f783dea5d0e2e9351e6024074369c65645fdeb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e1

MD5 d43bd1443647353d20c5ad2981a06f4d
SHA1 b735c2e738b7e29abca3ce266e9737af0c60b411
SHA256 001e5c77fa7ddf97bdf6b7ebed33b28603055f4f5bbfd0ba46c8c3e42235fb0a
SHA512 f35d4d33a2a4d99c6bade7e92e889231bf7acef16c1309d620474cc4d8b6e9b01664e7efbff7dd1436085e5b6832c12418a9963b9c8823e6ffe0030ccd2883ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e0

MD5 4e226f67abdd1c3aee0d0f4bbb029c2a
SHA1 5916474a89a6237d30bbda06d9887cb9b6f2aacd
SHA256 7a6d0ba627980794d613c64e55825f1d8e3418f2cfc2e3d31816bb71023e9400
SHA512 13ff4aa13a323d3d52641ec4f1530ba4d5e3adda5e509a8d5a975e69faf1c7ebbec29d79943219192550100cd2ba0a5172c212bef32b1176d60cd9c0454151fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

MD5 324752ee6deef7895d600b450f17938a
SHA1 f9ef19c147bbd20068dc53973b1959c9d812d271
SHA256 6da226fc705a04c1ef3a24bc492dd037e393c7f4491c5447f4bb44b02057bfee
SHA512 93cd8fa9ff095157dea7765e34c250f4a402a4c0d9d6fd7cfc31048aac4b31e7ec3d20bb94731d709d8013ce6d2c48c44e5e7edfc1749679720557eda41801ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f1

MD5 f5f5a9edfbb3f8293c025616cd54f4fb
SHA1 ac841428a2f358ca8a7dcca676e68dec5d470ddb
SHA256 3634f682f41b505490a0491d649b079e0329948992f4668bd3f6a8bf607e7ae9
SHA512 4a2bace1d3289e29a8a0f7aa7e9c8fc8d26634c480fc4c792f8061dab1f4a75ddc57b5f3b9c382c0433433be6f26963821c40288ee43644fa566bc62cbf0bd53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000104

MD5 af49f1836fc955902602b3f15b738c30
SHA1 5e664e949afdaf2eaaa823fac5db332691b17606
SHA256 052ebd48c498fddc17020033cdafd51a9b334b17b9ed09583ad0da915cf061a4
SHA512 3b5f6c896be4a3a97f1d1d7ef99cc0e30f946037ad65beb89f0c8a736750bc85ee26032df670d62dab72010135efc0e74696470711405fde17b14ac0ae44d419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101

MD5 8a885d48741cdfe6c046058c05e85363
SHA1 173ec0886f3bf8cf6385cbb0e4651195f72a039b
SHA256 f6a218666d8b901b946f789813da8a7e6b722a2eff9b68d3d82c049b368285c0
SHA512 c4c47ea4430ce88496ee40e210b76a5d3277eca79d16ba1919aef1a97d2ef52e9112e47542ea41b0ab9bbdd763b06b1d33060901c1972851cbb3264955d7840f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 80c2f1c115f37e3ddb77bde1ff241e7b
SHA1 5ae01bfe670e4e3ee7dccbb4ad6624eb363fefc0
SHA256 3f4f52c9173a440b24ccd427d884feb2d14d067bb04e7d02ded7a6d45252d58f
SHA512 0bac6d3c4001d6c336a6e1100a3c0315236c763317d746f8f43a37264bbeb2b5abcbfa14a23c9d916ee28114b7ce8d84bf3c92059072cba0e095418a5ced0f73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e72f412eda35737dcb3ca14cbea7a6b1
SHA1 296ed68787a367b583470e5a84c7a760eba9a984
SHA256 0cd95ffee0354e7f3e110b94004e393e6038874cd113fd2029c8dcc2204270b1
SHA512 6826366e1fa81333fb641dd84f0d7e7d7d5e3ce4c3258d94e0a5a0533db51152585e602f7ba9d3f8fa974398beac78d2a21c2bfc6b0924df9cb5f3b502c5d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00002f

MD5 913728da90cf90d8e78af59c60b47c3d
SHA1 f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e
SHA256 b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82
SHA512 3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 380cc94402c1a4a4705d8b5bc4b21858
SHA1 fa4fe089dd3d38326ada7566ae8f2f6bb568f79a
SHA256 bc38899d7f6997dafb90d76baf583bc87385d5e1f7364f8de177e1ac184c7a69
SHA512 3658609fc3b6e9c6d22725c92fbdc692b8e1d6d5fa9c9fbfb70e9fb83deae3799a8f3cab0e937de496e9d8bb6aad728a1a594a0e5a9f23dbedb9b02a3f6a8202

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\932bd3e62c447d9a_0

MD5 b491026c6f92ada5d5c84bd209f9add3
SHA1 b5a170d3fcaf516e9e2b79b12502f4ccc374f906
SHA256 5cee8d46e27b81c0624166d139b32a73da424159dff0b88af047fe322dcfe1d9
SHA512 625e3f6c91299379ce409753b0d53606ff29fb400244d55eaf54dd4a69c754db17f804e94857cf92fe7765f5b127ecbd51fc7862aa5b38f780d9964bc8ba5cf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7f8b1d10aeed54f_0

MD5 6d9655d1cc39c4cc545fe796e80f413b
SHA1 f085d7d8069648f880de94efb9d388aeb89ad434
SHA256 3aee9557570922c1a43690024ce7e59e21af2c7561c7d06b4252424d706320ea
SHA512 6f1067f7daa7e9ec0ed055ff7dc8b4d6a516c57e868eb674cdcd8bc92bfcd0fed30a68b83c5c8df37e8e36fe4654986d9e07fe8fd9d083193081787d15f560d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

MD5 1596946392fceae2121a5f98d9fb83d2
SHA1 66c1abcb10d1d1cfc3da2e4d766e89207779241f
SHA256 5eedc3ceda09d5f1905a9573640f782462cfbd69926557c6ab69f5a96f620dee
SHA512 3b846688666cd78ff19d149cdbe67d9ff186441852edfc3422d4891eb5dc6d2f9ead0feb57821b5b6de7fb08bb1c95cb9f0754f827d03b2ca71edf7eee665199

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fe

MD5 c78a7d1510b623bfc1a879c2ce17a815
SHA1 d1157a515404afa5435dce120ad8aaef9b224594
SHA256 ee1095396dce80ef009616bb361c7f76f00e19cadd7dd6d83a989f02d7524f1e
SHA512 94a566207854238aea2446153fbee092f503b2414f94ff8c29123bfee5c96fd90f32662e84a3555d0cddff98e91a4002675611a8b735a7ffa5b3ceb67258b49a

C:\Users\Admin\Downloads\d587a600-56aa-4a19-8da0-f9094cac6103.tmp

MD5 b781c05fa7a85b9b03131a43b76b43a2
SHA1 f0203b61c1701b0afff34ca05a77975bd8cf7c8a
SHA256 13cf084e5c55ccaa526aa24fd0ac532d6c52a6f38f51dc7a66f786251b32e44c
SHA512 ac6862d1eba9b0d6e86f4a1082df3b9f505643bebcf90da410ba681a2bba82bb7090ca3318e88eb42afbed17a359f44b08d1f230a76f021a021eaa947bf11a5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a857cd92d811d26e267181aea4501054
SHA1 a1c5a8dd43c1e2b3a5621432adcde52fa5b0ed06
SHA256 acb7e1b76ab54ab548c526e8de4cbaec5d5e89ac8ee788e82f7efa55dd2067fb
SHA512 904d9ce5c815dcad0220285f90c0b4a547dbeaedf063c637dd25e6cae6aa3189dd42beadfd5a2789eb82f2002fa88c768f10a52aef9bdf0f8957ded51a7b086a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7ca2dd5a8041742b9d0332f700a88fb
SHA1 5695eceba8f3f9f93751c0c0fc4d735660799d4e
SHA256 6b735bc163d4dde6cd0f02a77c144774097e915d41439acacb250a434ef470f2
SHA512 6a945505cb92a8c0c09433b2fe3859e03b0ab7ae7377efd258ff514ce8d13e8b825f1d315c09aef47936bbe5845588edf2bc8461502be5be663423e2b13db6ac

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 097dda756d22f0cb546a476aaf089131
SHA1 ccfc2a977a0ac54352796332b5d2597b70f6195a
SHA256 90b1a7f637f27d2985dd81badde3dd89f07b39729cbdf48011c726adb2f1f0dc
SHA512 b3adfceea5665dc3c6471ecc9d70d39de7a294c36b0435b9c9ed6638fbb5a597cac7d7f066bf6cc354b0ff5f450bb19650c8a03efede9623265ca75c2883688f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78e7f4cacbad9e1786964e7dbf00c20a
SHA1 50edace1d6b65a8b5194d141b15dfc01cf4cb86e
SHA256 b1da85014c9a6bc014f432f18a1e93da1ba0a9325d7fc8bfd82be9476854ec0e
SHA512 6bfcc77ae9e110205621179ac660202f23513e86e2448da1b17cff969ed150e3ebed55007a5f2f7ab095eafdd483f282a6a0341deb184a1589a0accc5a04a891

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 56f81e99fbc66f1daf67af7933cc3b74
SHA1 54e09468bc7cf665cfa7acf10f828217532ec890
SHA256 d8e4c4795530e65b9aea52b53679ea285618fbadc0e39c88e66a979e104f86c2
SHA512 0d4e8079923548d8dfdc05ab85212dafd4138f500133ed69771eceabd4f274b4a0b725c6c8d91a1161d27f70240c89c25ac8de2e5b9fa0398e2cc74f7c01fdbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 36ecf2db88d427e48c31389e5bc61dd7
SHA1 68a79767d2622f75f997bdd306af185bc178ee3d
SHA256 48241bf2cdfcd026a998bf362a2b547f6c9d54e2ffc68baad458e0b2c393ece1
SHA512 8d3deab48ac95f5fdd7e283010ae52bfee32498e48c5c619ad7816e6523ac4739bde695f92e99facadf66357a2d6c41030de55622035f95061d8f60191434309

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\21b3b6a4-f101-4fe8-99ad-61a877f9a00f.tmp

MD5 282f1bd691726896adfbcca988ed7df4
SHA1 c1988dc665f736cb3150fcac86b615503fc52db5
SHA256 5fe57487765cbd1317124d1c424c8a93a02bb2268088ceb4f2e86edc7233a80d
SHA512 b8c90b717910d2975777d95a1d5cc9b15afb7e23997fb0529c1901f6e669db60b1a6865f025c919a29872165c21da6b9eb6b1c858581e76822bebbd10bc376cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d6d302f1ff2ce23d61cdddae91abd892
SHA1 43686ee82c472da7b99c1258b5a68c970ef6bb08
SHA256 9bc80ee4c996265ca8115e462f7355ac7837e267fd7a019ab9dd0a7d7cff6f75
SHA512 c47d6738a7274386b4c8b4b2ba0697e7e6019884d2d9512362577e74cc37b6ccb1a9905a044bcbbef0d0fb4e8b34ef381c6da777c766a18333d72cb2472aead9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e2

MD5 ef5f6cd2b2f58323aaae0d7ed6015064
SHA1 134de335b1ffc5980376712ac1ce1151e095c5d3
SHA256 b454135cba8ef3b7f398d8409edf5efe6b9924bf0fdd6bc466f868c7a29d008f
SHA512 8585b163cb0e3a34edbb000213eed55bc6dd6c6e9ff6b811135bef0f0c62cc6846f972272f58d480011406dc4b4baaedd8d883b2ca59360039891430275685a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31db80f59620f491_0

MD5 b683de24a3ca1fa553abcb2a5dbd94f3
SHA1 3961d7366e89734f10499b57412eb43d35aca522
SHA256 e023e2bfb58194575606eaaa85ec12229595ec4c7a38926f1b41c13d1ff93703
SHA512 14d47a57f1775b7d91375957cbc15488557442bae6ef59bfc418c62fe640d1e9ead1cdeec2e791623fb71498b1ae4d8b3a9dc142384a04fca75b73ae3059c047

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00029e

MD5 271aa829d4ee3960b052d1e8e96541ae
SHA1 3c2f47a58201c0dc0104b11da2fead60054eb7d2
SHA256 73b567eccb4e9b2257334d383e9584546f49ac27d893357e2bda2821faa770ac
SHA512 f50b5d261e909e4b3d4cdf99c567843c4b624f0ed9b7dc273167330f84dc544c5ecdf8cc0709db47be7398c70c26deacce5603523e9e6914cd3f66748304723b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0002a0

MD5 0bdcec76aa728671e80cf0579e717d8d
SHA1 9a050a3a824424850ee1c5de812c9f2aa6695e57
SHA256 21041421151606932513e30246ab1a4d1af6e273169c9d89bc582f9d2fac76ba
SHA512 377ccf6232796e95d1e30ed7b98da70f2268c7131e1897e0fc71afbc0b1c92220cc3eb76917facd93590f769e7b5e8bf9d476882d2a8844751e8bcec097670ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00029f

MD5 ff6234db6253ffce9f8bd239ea8ca0d8
SHA1 dad28fc56220d1b8ddd121eb995174e04c76379e
SHA256 2b09720da008931a971b8c877b926df025683d441f76644892ce7d7cde7c607a
SHA512 9f9fcd8a96ff1a5df863105fc8b24b9e427f50de034cd15c970b8a826b59df4c3b614a269a5f39978803ab639735659c33a98cbc90e89c48cf633653ceb123d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fbde1b47-6330-460d-9c0c-c1c90e3ff0ba.tmp

MD5 61ba662f34ac97fb3e22e0d954cc25c4
SHA1 1060971b76ee37307d872a9fe101a4fca5de7287
SHA256 c5ccfe5cebb637a5831ea2216aa362841ca7d4cc3340afda3f439e84137dcb2e
SHA512 595d32b4e6a167153dd0e444e98d352115d1bdc2e3b50a0c5c9a90e2171d3c9bb0ea32dc22a3755e5b6871e15f6287bb38a93ca93686f28cfc6fbe51c2d6f525

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29ae6246f9f1785ce92039e03acb06ee
SHA1 e9efc3fb12de2bd92b5b0b161c588ab777465ce0
SHA256 b023b98e5da11830e52d0c918881444489e1ae4ff8dc376e854223bac220314e
SHA512 97de82fec4f278f98e860ec7022a35dad82c519c12e7c9fa7fa403730692956a25af2fa6cf3f973adaa0bb4c5f35a579ec4b46fb226460f468a6eca6027b1598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00003a

MD5 b8046a942b00491bcbb12f80a2a214a0
SHA1 6ee5633f06e6be76e12cd1bc8202e7a0f2288893
SHA256 62c3e9ee7c36278922faa04824cffa010b7f09dcb6d024c45e77f1c8272a495d
SHA512 cac97a36ab57615318251763105a9a1ee7399f9574f0ff3f2cfdaf8ea0bdfb3c8c449bfbc8358a159a5ec39a3e79e345890b887d52dc5bf59a93c60e821a0e70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 649055ca7d13289c9401c477e73e2114
SHA1 8534f83572f96c9dc046814c5b67a9283b2a6c74
SHA256 cc66adca654f27308b1bb75c2162065c67af2cc14095c2a84e0916ae4598aec2
SHA512 6c667c67bcb75ada6f5564a6fba1571e2ef40480dc945bed4a367a1132cd0dfbf50a2ca4ff0088738c08dd90cc6d4c15346edc3457713d6cc45a362dd0ec3cf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dbdf000ae5d5c7322df3442d77144436
SHA1 a52ecf18500668cf161abc625c74270b9bda4856
SHA256 67e58455c13799afdc58a884d6af445adc2809d36d594291e46923511063d2a9
SHA512 732b0acd2c684a7d0e0269b92066afb46c92b4aa896f1d1679266b81c5febbc8de5d229c198382e1508c7751ec0ab5d6a8a9b43feaace164d8c1c22829f1a3e1

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 73fb6364c64174bf52658035343d2723
SHA1 9b8e6677df5fb76dba11e5834627d2064a002ba6
SHA256 3349d4f0f982db1cfccce0e6c74c75f186368e1b8de13821b5edb86269e39817
SHA512 52d502088689f58f3f745bf779de325efa19045a610b9367dbcbcb0aa6b422b14eaa665c9679197355f6198fc05583d5ff6b4693d4860ecd8602b1bd4fde554a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6d17f4881e0bd55e21be07cb65960657
SHA1 2a42ef6276f8ee9d5a3f82ba7de119171e390e15
SHA256 bed6ef30153ef1c08446292670dd57552b7b15c15d4dc4164d20432084b40343
SHA512 64a9a0e03b81655c16ce4f1aa8cb6f65a6883fe9b0671bb2e33c571162317c2f75b3be38f5df7c3cd8ec61573cfb5caf9fdfb56e55ae70093f9bf7ea0b51a30d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55d3a7fa37aa8dc589db8ca18847057f
SHA1 2dd2dcb8e4b34fd1d1144be4c6e5a95d1906aa7e
SHA256 00844096e0864e39ba7ac479426f8f5dec5c5374d9ce7964e08bb0ee184d3e9b
SHA512 03b1fca1a62e757b61af88be24ffe3729b827fa04c1603c49d218e3ec890ad9bbb7fc3b2e3f13d32f9925bd7ae4c96b27ce0bb6f591c909805f08fa2a224c4ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84cfa9780ffe289b3c28335c37311a38
SHA1 8c1394bc3e32ed3bae2ec13299e10ad0171e1152
SHA256 a1c0d0c8020706f1ea01af994cbbba85bc2e1245fcd537aa21e1307bd734d831
SHA512 dc26407aa16cf7351d2444eab5c04964619e48819a0f36866521938e0bf386542f0ac7d40083f20584c25f95c843b27705e534e1464c99f95053c06af5fa1693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0002c6

MD5 0bff31d5c52298e5aee51f34dc81883a
SHA1 34f6505bdbfd363433916d9ceb6e3c8d0ce4a2f8
SHA256 cba0dbda379fd6fb1c2246c98b7f4ece970b824aff97e82a9a375a820098bd29
SHA512 758db476e7517cebe1f3b44810d4eccbdbda06611f543ab6f18896b68337529558dc78b8a70573de3fdfd25abdf738831a7e19bcf1655c4fe139b947fb7cd90e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e6ea2568db5a4f5a41e38509b30aa6d
SHA1 e42de292b6ef6015fee73c228dc0fd44ae0d70c2
SHA256 019956db31c66e089be10365c02eb11bb6853514257d81f75448107ee7301ddf
SHA512 cf24d0c0a6f362303676563bfbaacdfe2abeb74c35f0583c05e37859a95e5eda64b6db9d9755909431d5b5546bb9635dc54e16196c3aca7766cdda6f12066603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

MD5 f7c0e32a054c3cd01031b0fd27754927
SHA1 107441264051a9079929ed661a901f9601386586
SHA256 928e8a9bb9407148b2ee34c6a1884647afcb19664dd04c88e73cfdf05e24819d
SHA512 2f0c49d25b7e88b56ca378931f23b35d09c5d4bee54aec92212dc36563b1fe7bd99533557d6b11ea8170c52b5790c755350eb499d0ea965028dda5ab982bd834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

MD5 773647c3c088ffd8e3f2d6381df83b24
SHA1 78dfbfc2c596cfc908277167e146270927bc3dbd
SHA256 fd3212ee53caae486cb2674aab45c1c93fc69fcce9c3b5d5983a0640ea6cacb3
SHA512 14f0da16e695c6fe94e066468637ca332788e473518753f2595ad26fabd97fa22a9f4735a655f0f1dd3872cd6ad4afeca38b560ebbdc0bd3193fa317892d9eed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0002c7

MD5 3d814d140924443952a323e07039e375
SHA1 e5e055da0d1584a8de5cbd94fceed1f32cfda4bd
SHA256 c091bc6aca3e590a57cf4d83511fedcbf2aeebaaadcb8426dd267518d836986f
SHA512 a33a6e43997ec33f11d9f8483d05833e24aefc1b6d5261abf7e345b753a24c3b75500cc9018d6304ef4a08d0b397c0cea3046dc3b9c09e06a695e045b1d5621a

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity

MD5 9cecba7dda3d62004a8097cb1dcb2887
SHA1 cd0e52ff92d6f718f02b6af79014d5999c22df03
SHA256 a6b9be5df26c0702ea4ef97edbc5d85f337d8e2ea00d46efa0b1404679c3c33d
SHA512 2cd17c40c24ac7f609ec9b4b243298b660e8017e25a987ad4bddf43337b352a5f104523f32daa05a75d319f28eddde938cad2a43bc1b224893f3383dd30da471

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7467177c0488b591db0ddd71535c9f5d
SHA1 038485452631a58aed6eeada7127e9ba6159e1c3
SHA256 1a53b323384ca63f2e4ecedb816060ae057e7d384edc62537acbe308343c6812
SHA512 e0df5207b2931302d2f5453abbf0c5926ada69354a05365d886f75cefa0fae7074a59aa645af3097282cf7bd39900794a1a917faeb041949de5f1370d3b89691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 02d2624f79b21e1c339319b0eb178ce7
SHA1 93906994a4104287055876f5c7bf12a33fcb1520
SHA256 e65b599a9f1a3a8c653afcdf0b63f6e8e89fe9424347ea372587d6e4800de05a
SHA512 83b80f00c8014114b75ca9e5237a82567e35776aff9a1bf93619f4bf153cff4f1cb8cdfc294d3a4e572417dcf02132bf193e75c90340b540afe7ea4dd3e3c40f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c6b8a908f1302bc870754d5bcfb4cd3d
SHA1 982c35b92b74d246effd972e68e5b33eac3d0cac
SHA256 9f4d615903911f404033f68c32c18abcb5b4ea08b5e42fb5405561108cf451b9
SHA512 9179039a0c559ed7029b6f97582965d1fe3364dfd2b7bab5b90534549773ee1e9d15b0a35981e0b04a3923fe4b1570cebd3e108adc288b3bccdd7027e3b2c25b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 df59ee59d6949e5980c7c0887565989f
SHA1 bfbeea71a6af13d9e6ff2e6c32a972975b01002e
SHA256 c4b98edf2ec39bfe32eb890f6c0bedc62d38e9745c4ce871aba9e0e66287eb2f
SHA512 378e82bcc69e5a83de34d5177c534ba7c7a686ad5d2062f99ceb17d7fcb41ab926a3d0f9f80251c0785179bc1c398d6d4e50276d419704f7201df1fac0c49b3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f9ffbec5e2bdb971e47f98791a3d6788
SHA1 6f8029558084947d885bff0dfad8ca330cd3fc60
SHA256 f121ed200c0f32ecbcf2956a644b3ec81912583d5e8e721dbd5496fe81c40960
SHA512 f2ac2f51d6943fba3bcebaff56f5203d86f42a4d0f54daedceebcfb256010a7e1c5ab180704afc65d6493d05a619d2bf567d7e5619b1aa305ee7c365d1433fa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6795bde71e1542d2b1b6d6bc97b81b1e
SHA1 4ddac20a3d07005d768ff1bd1c104cc035ce4d63
SHA256 22f4a7dceec9a8c03b634907c6df7655e080a0920c758d23d2c7140e41193025
SHA512 5ada33adb3be062392aa03fa45204bea25dcd57e239ca78d0b75763fe81867183678dc91fbe643dd9391a9426364a04463fe33044e53bbb338b0aeb59fa450e9

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 f2e51b1a9b3e3be89e854a2e0d7f3bc7
SHA1 5d9aa861213c9df546e834b3c1fda41de0444685
SHA256 0ff469a3fbe2f283ecde8c1a84654a6f18d12b9a0abdc9ade54a0f0a53a2aca1
SHA512 54fdceee76970073f430689ca54086b0de597169017b31962638063800cf6c2e871bfc37d11fae4271b7c1c29376a2f439f0fd5bea51d3950507191223d80cb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5902f52c6054791416e9d7bda94b047
SHA1 7c94a58e047a65aa7ca5e151d748543af792cb41
SHA256 a21c8b331c5b70157e07ba17b9631b8f81ee209ed96f736c00f9b0ea02ed1cd2
SHA512 65808b0593d7557f095dd87e24c80481af2e24e1d8cb4db03de1d91c7ed1e5e341bed6f46999d1a705455b9818d1ffc64fc9eeeeab86af5e6bee148da50d642e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20c9d155b7e95e71c990331ce9be7f61
SHA1 15d2b8102074333e74485c774e0dc2f19e58862b
SHA256 a1439b9227b49767cabd17b6f9f898c7edc6e70bece812fb8e94c5a9ce770420
SHA512 6be3957c463a61063c228182df1585e0311fa5f55e31ebca0edac7276c991345b1da73bd6f5a8f8eb28bd06236feef84133699921e6d39ba714259115d2e4c97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 556cda488dd7bcf4e5ca3506cae1ea8c
SHA1 db4d2875e17a56c28d68861dcc71083f18cda97d
SHA256 7bebcfd2513098426e621957788286f2ded250ce537aceff6fc0faf5006dd8e6
SHA512 b113a509f8463331928f5b86ad5d36c6351117d39f57f23bde0bdf49db95fb198945c29c3377b8577de9948b2fbfae6aa52bc46d79511303673030dd958f5ac7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc8112a1ad28e4e1499b550261405430
SHA1 adda79a744f822ebbecfd8dad929fc545961b68e
SHA256 520127edc852b11cae834120e5880d6a9e50244779a8c5e7a7e6c5967cfdf13a
SHA512 354b51dc85f9281f4fb23cf2e0e62aca81e7a12ff39fdd2a719de5af6810422d1f3f76135d2f8b13ee48f7dbf37e3eced15646acbeeb574efc835c1993e4c53d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0b6b31ef3c8d671b021e6217d0f51a2f
SHA1 14cbcd51d188c759f9db01f7fa63d2ab30baa838
SHA256 af66f8dd79a6a69e283117fc09ac5caac336aa9c295ecfd86413204d13211fc6
SHA512 001ffbe05ffddbf41d6e629dc4a6b4a1c47dfc1d839cecb99ca1faa7ab626274588bbd31670a4628221a2ea4999697ec14e4ef45104ac35cce86b45ae40c74d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3acf0b7a0cb4886a48804d2b38341074
SHA1 86f161f5a7838c0ccbf9a8076dae5630eac1d369
SHA256 df941ac096c87cb81b2037b5409a45edf6b0ff2e5714d89d6814ec112287bdc1
SHA512 13b10ecf717e1e39ad06f5074d275f07356516342e79bc970bf6b811b0ca9afe1e1aa530dcaed1e17b9c8acea0d42f26e879732f9fff0fbdc5fb7a5eedc6eb84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000100

MD5 4b12db6d2e668994aabe467aa21bbec5
SHA1 7a66b9871d6dcdb7860718346c625bc52ee78292
SHA256 cb8bcea5d477e01493f293726c3ace742f7fd9ac52f5c5ed89809f82f7980be9
SHA512 60e5c113ec10d8c7cf46e4e3ece1517535d04771ff52e5709f9da7d6a1cb7ca031da3f0e11c875971a11a7b711ee7c33909ef3387def44c09a69244477d4e3bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f3d8a3b89a1d60b4d149021c3735d425
SHA1 856289c02c1bb87045a4c06c794e265dc4e0f910
SHA256 89526dc6044f78f841efabdc22a1a4d6c9435d3b6b0fd9da2516f11effcc3b40
SHA512 be916c45c014493d8ca0b5848f59cc3c7c707bc6326995de5125f9bb991ec8b2a38846dc820d737adb3c5b16a87c50615cc922707742f9eeb642e4a7b3b99d6d

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 443b9d671ea4e98e38cdb23683443b87
SHA1 2714450644e9c5eb5e0810fe666e0d356c9a9cde
SHA256 67bb27748dbbde5ee6a430b256df416476542c35d472d248b75aadc0a3af40cf
SHA512 cd226cd765990317805c5008a5b215fadeba46090814c6dbac4fabaa6c87ea099ac100709ba8fbe23a60db952f18cd807ac5b13366beb3e9cb0d8973bfd1746e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5de567bb59d2778394e9a25d47e4872
SHA1 0cb454cf8508d453850bb4d9fdbc670ecbffa098
SHA256 308a84ccd43a2ad8cb7edaad2567d26e56a5cecfe86062659b209d6652004635
SHA512 70da81933b2e8d03c39de5c973c3e1b3c4eac7eff86f2cb56acdab95c64b379b6ccd7e11cf24f32c018287feae9d67dcac6deb3e24167abf1ca032495a89d00a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\74b1645c-075d-4766-9542-8bbbeb57b4a0.tmp

MD5 57cb0071bc7495b0408216cc7350e91c
SHA1 a6f7ae78793a6811d20906281d5b6c81d36cc6f6
SHA256 a87b854dc73b62f8560c6d542c2e2cdef6b5d8e42c9bd3efd569634861a32d8d
SHA512 915c98a07b7e96ec914ba6e6642fd81b9a307dfd4bb533d3619b953d6f79830835ecebf04d5512eb8ca32bb74c0419ef430719060964f271c1b579544cd5d077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\4b81e534-f0f8-46db-bfcb-598bba71c1f0.tmp

MD5 a36e9e4606a1a5ee16ea8104cf1a5c7b
SHA1 e9fdbd0d5e058441e42da0a9443c10b08b4501a1
SHA256 226522107a0e534d988a5cdff6b410f66d4f26b03ce28ea915041920f7f4047b
SHA512 12ed66f9f12dcbac9bdfa98c5ec58ee6d6abe8327cde11fdde47e838ad0dfc21ae37f48d0bea85d6aa126553e560e2de0433151f6a5d2dd3223850423f931ce7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5972a7b50e208545b2a260367c89197f
SHA1 c35807f8b795770025965f6ed27af23906664e93
SHA256 92332ed55f095457572d54a564f24c86c657725e2d5db6b6f76f1ed4fb547082
SHA512 fa886f87c8892d8d65827a678f8bf6532b850d03ec0ee16d207ba5db1a0158ee95d7602484e9800eb722624c6cf67429faf48c43e78fcd58b5f519c05b53a225

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6fe02b73e1b030d052a43fa211e004b1
SHA1 36e7b88ed8d3726d322f42333e77499233bd6a52
SHA256 d03148a35f69d1e7b954262459ab23f291a5b1ab4306f011fe472a51aa286f0e
SHA512 9e1469745ed5f3c5dcbaa9f44c3d5608758bcb410d3248427fbf880bbdc59c4b6eea30a2c2e021141d9be9079894c71a7e5f6e78f29801dea9c61943b89951c9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 0725cb3a349c92601408d7c26b2dcc58
SHA1 8dd517bdfa6aed15c3ebf67539baaa33c05157b0
SHA256 19a901e22db6887394344951bf38b07a697b36e18feab74a1f5d6b2710d6063b
SHA512 020fe61e8e936c5754e4d0c2be4e6c78d3a1d1dec2de9796b4b60e934da29eaa62a049356c6b97a44645bf2910f0b12454686401f67788790918d78c18e7df7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00035a

MD5 d4e436a4eca7a636d7c2d89310b5b612
SHA1 8416a6f77264346d44f1d770fa5406221f7da054
SHA256 f05c5d61e82743e6509a36a41ba2dc4888a5ab79a0f192422b2622ae978289af
SHA512 9c71b955cd4c21c9ad497bb44744a698137de47c386a2032d1619a7cecd6c600e376f734a164f1541caaeebc2f47e3244765ceb71595c6c9682c0960ee0940a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8189b6a039db49be611c8ee1f89a2fc
SHA1 a70d4f431b08cab33a8b9668464c81728407e296
SHA256 dda7ffd62cea57450a02e344f891e6709336bd90d18f2a0cfd4ac05808bb2417
SHA512 cb8a068cbd2cbb878b01011b2ab8d1a9b99d01f64deec4d736b137409e095f6a0f7d2dcdd9d48a65543a784ac97ae76959a17dd8eed37d3fac02f40d9cf93d3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84db65fb71ada7518682ec0992165545
SHA1 873cfd97026c01981baf81a3cf7a06e86ca433db
SHA256 b0757826789c8129c576e5eee8970bd89c4c9073100326515eec8c1f181f4771
SHA512 71d2d04f143233167cc69c540d8d98ca9b18a367e1a71155a79108ec8002dff213015c2776e15503184feb3981149173274be7422009c6f5b70a5acc234c6f1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d4f1016d2ab369725c464538650a0b0
SHA1 3bc01f6b2f5cf21d7587f8b81d7739af245a67cc
SHA256 81cf588ff66fad1bd2ceb85cd463ebe75231aadf264c1924331552abacd468c7
SHA512 4e895e79faa289981930bc309f1339e748ad84d8ca84d39ac1489f4e0ecb97d8f2977ce245a5b1cc42159d0f5016c1112784b800fade8792f87fcc53bf80f9d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 59abdc8ada9628dc006bbe2a831f36ee
SHA1 7b341ad0396f84deb96b6e157496b6ad8ea5c3bf
SHA256 3b8a53a7bc4a89b5643989a6564740bdceea27a2b171606dc9f540ef3a256734
SHA512 f5c8067a91fa616c867854af8643a8c32edbf05e2bc69bd26c743c6366622920bd257db1dfb80e0ea3d4a3b73436b0c6d1ebb92ee57c2f483e2ae9d7214d2c02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c67f6def0c9a55e9cb13ef0d895dafac
SHA1 3493f27a0e55ceea6e2e6cb3befe20d11e4ade5b
SHA256 15d0254c6248c980e66948325c0b50f836012a7e9c11e9df5276ae38eb5c6649
SHA512 6f49bc534715ef175189649c315cc540bb4ba50aa3ed8509bb864d19845b9939db74eacd3989969c58370c67ff1f499f726e361326fc0d32ce6ee6d4c81ab632

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\004b74ce-4745-4bb3-9c51-4af609475b23.tmp

MD5 df0f0ab9b6c0f17e41410edc87ed7ae4
SHA1 b1661b42121aaca246492d5b694ff363ad681649
SHA256 9b5d0ae408e1be57ca6767d769836ce9715a67feb8b9a6cd17d12858ca4a369c
SHA512 1b95f2aac7a01b54a16cbb5c861871521157f2735fe6ae82c550bb51bb59374c0d3b06494fc38e4a1c2005c6a5089e038ede354259f397d5562cf7da2f3e635b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99509279b2eea74f7bacfeed3dde5a08
SHA1 237bd9d08b5960f591d84956f859e9c66dde8098
SHA256 bbb1a94b334cd412aa72c81126752c169fe5667b9b64171b8d934460321c6a67
SHA512 bb51c049db2effec1613ed4ac68b463f115e8ef9b33982571f501910b2b0567c930975e3c8da2cb9471cdbfded2770f8ededac4b38bb34dcbdae14abdc7fd17c

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity

MD5 2276bf01063df3a4d8a60f0f1fe06747
SHA1 7163cdd6359e8d4ca6c61fcaa7bd85a41d6b81cd
SHA256 f8635286792e2ed7689f5bcd1a53b36da10d2518c66e31321431500f9f6e70bc
SHA512 cf3bd95aef26f11e4fd8ad6ed2c680de0b434cf4e0152f161e0ff80465507ba7f4147cac5ec140b768f501794eb38662e65be2a545d536791878e9b9710ad31f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e7ac622f9292f818b1472a4200e6d96
SHA1 bec6720eaed4b0bf5e7c9e4f1bef6048d262f0f9
SHA256 caa989879127093fe8086168ccb457da6112912e4ebd56a34600c4bd22cc659d
SHA512 2f3d1326e7232d2a023688f655e90c8da6974e991e3d14a0f5a6cad4999060186f08c1d6531ca42c61afe570b231586d8a20cddf73110de6537c9880eb43b058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 da3085dc44f3a85198075a93cbcf2314
SHA1 355257f40e5300e9a44bd729088587654717fe10
SHA256 7b84337761c8680307fae0b0581a9d41d51c5f37782e75829250f12cc71c2117
SHA512 922f01de2ee3b4b27258ceae05e343ccdcc6a40cdc23a8d2d1c1cd2875d397e8103d8312661e28ba0c1268e584f5cf199a04b1babecd24318d4e21d7730a7311

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07f53c03d60c350_0

MD5 37c5ccb64e4e2f38e90b5fb2ec504594
SHA1 9d5440989b15538701b6a3507153d247d5425eea
SHA256 bcfb9898872da603a198efd42b0d1c8c50dbde69ca3d4df0814620ba5d6b82c9
SHA512 02d4233510fac91f878666954527221dae4bc336bb65cfecbba343cd4ee1df7b56c21b74fe5113787fabb0c2db1bdfc21b53df2db746a3aa55edb0b8476ad215

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87e1ffb07d850b0f_0

MD5 f8d37686e1121d1252087a2b1fa36d66
SHA1 f9d501ac481b09b1681006453c438f1392bcdebe
SHA256 bce5844dcb466407babecbc88d32d1ae7b4e6a0edeb10261720f5c7e7c759b08
SHA512 d759f866def24e7a652a5fd804f8cc58f090d89f154d2800df1c7148f47802c8724837c608adee5e7518dd8b180b905016ec7e1708fe71cc56fd5e61413b2e05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa6b1182bcd7f2eb04a21863ef3a6d9b
SHA1 deac8a7f287d80cf242930a4494d6ed2a21f54e5
SHA256 4b29a531515218d22645c39ac1f702d4805f3c8a2115f79a60808db0d80c6cc6
SHA512 310c6807c437311c7e6827d18c8e2f0dd23f2c3a2f281779274641e7478658d4c2f4a386b6898552408721e1e7a7f0f097a20ce7133f8c8b3d1bc9a6faf7a0f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec0532088e49f838a3940f165e1576cd
SHA1 0f78a0a3b85439838403f908450669a9d04dd767
SHA256 269f244c591cc6e81124fe5d5813ea14b0a615eedf28a9e532c8923023ae63fe
SHA512 436115b61795364f839ff609e28ca35acec10a99b6dd5429b239a861c14d53564183a4c4a90f861530eea2bf97e712adb77829f889482d5325d11902dc21cf94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003b3

MD5 5bb61b396ba60dc7b315c5e4ad21689c
SHA1 f2b43c325e1a1ae5b30cdc6cadb14138173e4681
SHA256 bc964e04a59a80109f2e5295b18479ec117d21a1379e1c85582d3e8def7d1da2
SHA512 dab48fdb486b85e76784b09a9a2f5430c4c671f3ba15d7feee0133b9a21f940abfa63b385f0c87d61cca9ed0b41c52cd60a488b0d39548c1620e016128408ce9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003b6

MD5 3fccc4bc9a9369d3725e5e6f6b3384cc
SHA1 01652d2ecdba50ea130ad57417256c74e89f8165
SHA256 e338c50cac6c323b0dc576228b09f550c4d1d4345ee9259668d4f91133dc0228
SHA512 1afa0092b7f794ae9d6dc1108f13f239863607f39dcccfa0b6af3812f0a2352f5240ef1e0004faf65755c20379da9f7cb5c5a08f96a289ed8bf172a45fbf7b24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003c8

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c645e74841a54d402ecd62bc3abd95a9
SHA1 43ad7baf11e17be7fb6f277e4023781bd59822a5
SHA256 7deb9c5b3dbfa777183ffd5752726a718b717d1ffa2ecc3672b0579c1586a2c2
SHA512 8a957add27abbd0eb5bcfd3c62286a700e23021c1f1dd5cc97f32cf47af264c8e389a4c2206f6ce0ce69a115ee33ecfb13dda36b5e6545af7b05774c26f5264a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 21958f6f37768c08c63fdf118ac6dcd8
SHA1 cac23a29f26742308917ccff0871bf2e4934d05f
SHA256 976cc703329d5a996a87f6c752d6f954c8146de8e89aedd8b2037418fdfeef2a
SHA512 e20cb67307219d9b91b9f15324fa2e7a0b790b20c7cb3683a250333ca7fadb5c322e4858da63dfe434ffb15f7a57b38bd551f24aa1c2611c33134256d8d60be8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003e9

MD5 60140bc834da90837a9a4d1530484677
SHA1 d99868b0693b332681b4db7927f3f11b3ed37607
SHA256 29c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e
SHA512 448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003ed

MD5 7004d081f5efecf03c0c612ea647d834
SHA1 078a94061a4c985e86ae97e0d2a48d7739a712a3
SHA256 6a868b68daa8a8ca842b7526832f09f10c233a0419a44f496f8607c742a71091
SHA512 1343544119d8faf01c6449b5ead6c57fff211a3dfb601f280e364b71a25e5b48c2b23f74075a8690850b14a302882d8c6ddf1bf2cab33137a212f250a454caaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0003ee

MD5 99916ce0720ed460e59d3fbd24d55be2
SHA1 d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA256 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA512 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0acc53de3c129fd6770a7fb06a21069
SHA1 3de1b4e8860ee2610f6ec5bce026a8ca779e5a55
SHA256 7dfecdffc77a45da434ac0f3df09903a89ea2492df4935286bdda6b618c93931
SHA512 88eed4b7b07059527b7fc08989be1ca3e700e3ee14f182c163d1695dbf4cfb31ca81f40325b9a6b4b86779a832b88d1fb6ee6c5ab9354ea9d303edac5c9d7280

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000400

MD5 342e152ce9d9ef895fce298a61a52570
SHA1 c2cadef1ca66600d5c2c6dcbee3355bbf901a591
SHA256 baa20b7c5a3388f6da66e839b2b187662d3ffc570704a0b9382cfd0874922394
SHA512 10196f93f2d8fcf8e7a7ff6e9706e42be64c075833331cb48d938fd1be321e8c4f926a9c888add217540380773ca2c4b269230227af8fe945344ceb6b26e40f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1800f67980b05dbfdb11be8229f160ac
SHA1 4196b6056c7ba56632dff93a96135277e2cc3581
SHA256 208a37a0a14f80242df053426fc1f1018bd4174cd244148e310555957aff49d7
SHA512 517871bfd464ddc52d810d2363c085624311bf78c15463e78513c5f2610f6ce176aa3e666741fa78a209c217496220de31ffd71fdbffcc0a8ec067dd0e4ec0cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 28bfab221cc4137b4b3fe49b927bf0b6
SHA1 382ea55d1a596188d1c5f3d36be77e5414834ed8
SHA256 a9ff08fc7af1cda99905d8c8f211580d8823225a7bce2f0b9bf8f60d068916c5
SHA512 d95af822041874b6137f2838fff8843eedb9a692550455c60dfe9f8ec58b122a1436cf5f1957a5a57fe92978c32385900e6cb9215f1c7d2098a562dc7ea00082

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c3649332b3010746a899919dfbdf474b
SHA1 d033ffeebcc7304c3047435a307c4359032aba11
SHA256 4bd373c858d48ef259eeba649b5a7f879ed68567319038898fa02e9ea77edc59
SHA512 37e9e6e071538d8108a277581dfb5c75772a07370946c6dcc9be1bdc08f80f7086d99d403c6b04fa298e9885c5788d5c482ef5972b4b53f5f27b8d98d6e40f39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 41f69a89f5366dd55b9010ac10ec87e1
SHA1 bbf3a0c526e6b1b2a851a92f4eaaf92c4874798e
SHA256 19b794a2977650cac45d168da41df11471d4a78ead4a0d0897100bc5a7905b6a
SHA512 d2f1ef8c7f68a4f25b61d7b1dd7c31fabbcf79b196fc3cbd4c922589d5e2bc20803369832564e3b861d9b2e1782218e6cc14da0449f74a2a83d2f45180161ee0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 ae16ab6eafca5caa3469e956d3d71a78
SHA1 5ea4f8a3315ac5cdbbef95fe1384e144aba036f7
SHA256 a88438cad4647731a5c7ceeee9854a4da0b2ce8ed4aeb9ea3af076e147c733cd
SHA512 37b8f7d01eedd5ec0c27997150057cf6f5f10734797c9235d7437e1c970e07de3ecc889508be6b854b39d3da2803f1a3c8e3497a6dcfbbf9eaf739678455b8fe

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 94498e61abff5bf608f022fb20593e90
SHA1 c85aeb661ca430f8f4a594b6ed44d4b7820b338a
SHA256 f65ce4684e623e169e470e49f31440d67922f28b86848af3dfcd500b756a1bd9
SHA512 9fe5d19fa8c9d531da2ce1c236652af6cb0475f14348bcf7b455f7e6fbc9276a47268ce3edcae738968c2cfe04920f41e1bcc855064822244c032c541e24f252

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2066eefa2ff764dae0edd2154e9305d3
SHA1 d924fdce96c8276e9b66938bb4b490873b5686c0
SHA256 470fd66aaee38ba58fcc6c49acd8af0bff6799b63a310e418814c72e7f93a578
SHA512 b8c6e4daf602722b1134747b03a10257dc68b2787a130774bc8e63799dab0226bffbb1f1bbd92e64255736ef07e1d623a2c5e51d0e4e2bc244164cd83f595dac

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\GPUCache\data_0

MD5 fa13fa04c96b7c0f10789404c8be2c1d
SHA1 e7884e755a2b9247caa0a0ebd7fa7ec15dd449d7
SHA256 988750f010932969a448567ad3d91887710d2a17c4ffbf6de212953ca537d995
SHA512 eb2d3e5f7377dcb295d2a14f5ff84ebbdfd1944d7d7566b0b1a691426cf86090c0688f6becddf5b84696f4fd5a4ba02859328830d645bb4828184f3de471dc03