Analysis Overview
Threat Level: Known bad
The file https://github.com/glnklein/Free-Fortnite-Hwid-Spoofer/raw/main/freeSpoofer.rar was found to be: Known bad.
Malicious Activity Summary
Cerber
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Themida packer
Executes dropped EXE
Checks BIOS information in registry
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks system information in the registry
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: LoadsDriver
Runs net.exe
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-12 12:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-12 12:49
Reported
2024-07-12 12:55
Platform
win10v2004-20240709-en
Max time kernel
336s
Max time network
345s
Command Line
Signatures
Cerber
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 35004f00300048005300200020002d002000310000000000 | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 64004f00620048005300200020002d002000660000000000 | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 38004f00650048005300200020002d002000330000000000 | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\freeSpoofer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\freeSpoofer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\freeSpoofer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "1183c991-4414f82e-f" | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "037ec1f8-94a1f557-8" | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "90f7a1c8-33aad01a-3" | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "f1ce88f9-9b205907-9" | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "79a0998b-70d889c2-d" | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemBiosVersion | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "183fba5d-7fa09cb0-7" | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Desktop\tools\applecleaner_2.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/glnklein/Free-Fortnite-Hwid-Spoofer/raw/main/freeSpoofer.rar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7898874681445730952,13985957209602796120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\freeSpoofer\" -ad -an -ai#7zMap23041:84:7zEvent13919
C:\Users\Admin\Desktop\freeSpoofer.exe
"C:\Users\Admin\Desktop\freeSpoofer.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c start C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Battle.net.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Battle.net.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start https://applecheats.cc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://applecheats.cc/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pause
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c net user administrator /active:yes |start C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt
C:\Windows\system32\net.exe
net user administrator /active:yes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" start C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user administrator /active:yes
C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE
C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Users\Admin\Desktop\freeSpoofer.exe
"C:\Users\Admin\Desktop\freeSpoofer.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c start C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Battle.net.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Battle.net.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start https://applecheats.cc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://applecheats.cc/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1250414283006439567,10839342601314764251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pause
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c net user administrator /active:yes |start C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt
C:\Windows\system32\net.exe
net user administrator /active:yes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" start C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user administrator /active:yes
C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE
C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt
C:\Users\Admin\Desktop\freeSpoofer.exe
"C:\Users\Admin\Desktop\freeSpoofer.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c start C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Users\Admin\Desktop\tools\applecleaner_2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Battle.net.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Battle.net.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start https://applecheats.cc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://applecheats.cc/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pause
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c net user administrator /active:yes |start C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt
C:\Windows\system32\net.exe
net user administrator /active:yes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" start C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt"
C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE
C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE /ALL C:\Users\Admin\Desktop\tools\alt.txt
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user administrator /active:yes
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6928069198947200398,3012654923187235274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | applecheats.cc | udp |
| US | 172.67.198.40:443 | applecheats.cc | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 172.67.198.40:443 | applecheats.cc | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 40.198.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.2.17.104.in-addr.arpa | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | resources.guild-hosting.net | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 172.67.198.40:443 | applecheats.cc | udp |
| US | 8.8.8.8:53 | media.discordapp.net | udp |
| US | 162.159.130.232:443 | media.discordapp.net | tcp |
| US | 162.159.130.232:443 | media.discordapp.net | tcp |
| US | 8.8.8.8:53 | 232.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.guild-hosting.net | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn1.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.15.3:443 | cdn1.cdn-telegram.org | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.15.111.34.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | resources.guild-hosting.net | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.198.40:443 | applecheats.cc | udp |
| US | 8.8.8.8:53 | resources.guild-hosting.net | udp |
| US | 172.67.198.40:443 | applecheats.cc | udp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
| US | 172.67.198.40:443 | applecheats.cc | tcp |
| US | 8.8.8.8:53 | resources.guild-hosting.net | udp |
| US | 172.67.198.40:443 | applecheats.cc | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.198.40:443 | applecheats.cc | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 54f1b76300ce15e44e5cc1a3947f5ca9 |
| SHA1 | c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7 |
| SHA256 | 43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24 |
| SHA512 | ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a |
\??\pipe\LOCAL\crashpad_4708_RSOJSREQOIFHTYBC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c00b0d6e0f836dfa596c6df9d3b2f8f2 |
| SHA1 | 69ad27d9b4502630728f98917f67307e9dd12a30 |
| SHA256 | 578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1 |
| SHA512 | 0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f78f61c-ae45-4645-a34c-8e49c17aca0b.tmp
| MD5 | cf28ecad96a2d54ffec10b929f2c33a9 |
| SHA1 | d9ceb140566fa7c436fa0ea596f13c5a18c0c860 |
| SHA256 | 30f5e9c77acbeb3192db1a7f9d9fc5c0809b70c3d6ebba19431eb4ca9b8e8f66 |
| SHA512 | 8a4bc202c4f689266707ddf2fea52a7641a44ea1d13b1ef21ccce20d742f614d74281136d5bbca0ba76305fbf6b97a88a56e71f0235c47be28b27e04507dfc51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\freeSpoofer.rar
| MD5 | 4de784dcf73d6a71b45f090e999a591b |
| SHA1 | a0dbb8326e1d122c8ef4f8a2bdfb3ec406ad8ebf |
| SHA256 | 94985615c3a4143304e8f85e41d9f1bd2281d073d47ade04dcac1f63d31305c2 |
| SHA512 | 83e92a5bea27d2ea801296bee5e249f971e2501d7fb7ebb406d6ff43a75ab2c899b74864e317be4e89a4979787d5a3e600a64dece18dffa1145a991edf11d39d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4abb6abef06611724e61f184e09f61b8 |
| SHA1 | d013072026fd67554ede06c072cdbf564e343909 |
| SHA256 | a13b9759e745c70e3f36551528a89cd7f58279202cf9e8e1c2e6395251b7f213 |
| SHA512 | 1619bc364466c3d93e14cf7680aa4d06a32bf7ba4d8e0cabb5eb58a3e270bbeb9d836d068fa352111bf75eb02fca271492e5db0e5eaf15621ae130279ea07ef2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 437a4b2b6396112b2e350f915ff92a62 |
| SHA1 | f18eae5e645bcad79064615ab7d5b1cf3692bc31 |
| SHA256 | e06af68f24cef0871a318a1fd3b1734041d9cb359910a67f1930625555881976 |
| SHA512 | 69d74b77d314604221669498800eb3e16f0e71958f7c7cc1234d4d8c86bc8f4d5ae9e04983425cb6c6a002ae087ac253365646a32812330ea96141313ceebf46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2c2e6472d05e3832905f0ad4a04d21c3 |
| SHA1 | 007edbf35759af62a5b847ab09055e7d9b86ffcc |
| SHA256 | 283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03 |
| SHA512 | 8c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37 |
C:\Users\Admin\Desktop\freeSpoofer.exe
| MD5 | 57749553c159683cf8c646bea1fa7e21 |
| SHA1 | 414bdd48c6fd752f6d6100ad1c38fdecda8ffece |
| SHA256 | 5f1287749ae0d7025a05ab21ab24a6ccce54618f0890e51e85c12f76b0559d13 |
| SHA512 | 6f3138fe1628880e30e7c451f285f8090ec41463c19aaabe2f42395f366d9f29dfe86a07a9086b0da1e1c52f71746fdb82f16a86c472a209996eb94098c19c41 |
C:\Users\Admin\Desktop\tools\applecleaner_2.exe
| MD5 | f96eb2236970fb3ea97101b923af4228 |
| SHA1 | e0eed80f1054acbf5389a7b8860a4503dd3e184a |
| SHA256 | 46fe5192387d3f897a134d29c069ebf39c72094c892134d2f0e77b12b11a6172 |
| SHA512 | 2fd2d28c5f571d40b43a4dd7a22d367ba42420c29627f21ca0a2052070ffb9f689d80dad638238189eed26ed19af626f47e70f1207e10007041c620dac323cc7 |
memory/3084-186-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/3084-189-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/3084-190-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/3084-188-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/3084-191-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a870d1e22451fe178c351580fa9e31f4 |
| SHA1 | 70ae09e0a1852c76122a2fc202b9ab60a14a2213 |
| SHA256 | 50a798dbef7ab0f49c686f3408d423d2e6d09f2b3440e3cfadec288b8fbf1512 |
| SHA512 | ca5f8ff302c48d50dcf4bffddbe8155855875a61b72c3aabee4c54b24ab6bf1d558318d1278afe1103e9bcdd0605e409b69dc64ddadc426a2d5e6e27053958e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 317173c9c06d3143684b7afb3182f7de |
| SHA1 | 3500fb8997468ed6c53eb7f54b86fe172a6c43d7 |
| SHA256 | d2aca3124bd82267965b6d50f12f395e54cc7ae621273e9e74a2cd93bcd5fed5 |
| SHA512 | 7fcd79c829a848e02d21fffa7bc7471100f57c752a3c6f0c0fde86e0311608c4647fae67ebf3b2e4eabf07bb93f7dcd27fe2fe91db56c63d2c5e477ac831aafa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | ad85968ed501809773461a230647ee07 |
| SHA1 | 6fcf2dc23aec27378bdd79fc6c10901752479294 |
| SHA256 | f1825bf930e271a4119db4c0852fbe61df891359b61b5a6afbbe21925870f33b |
| SHA512 | 688bd0f36fa22dcdf398487186211bcd6f30ca393bef350d001565b096b8f6630986002a7e442f19de045da3438f3dffa8415f253cba543b9194680eb56f521e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 7072604407c4907d01527329a97f52f4 |
| SHA1 | 75a140ab0e5a13137df9328dd7486dc97144b392 |
| SHA256 | 9b6b82d15db463bcf4eb14e8889e47ccac9c40678a9bbd1fde58858f65d35fe5 |
| SHA512 | efcae29122387f986335ff12ee0ea131bb8546e176f5005f838af25ecf68be5da07784355440047a56ef3d66a4d887666aef11b912d49d0265b1382c750b5865 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13365262196213340
| MD5 | 259a521abf4ab212c759a0ef4a06c405 |
| SHA1 | b333bfc64bca335326c42174990a7f0eb784a224 |
| SHA256 | 8e179677488c54adf306ece3878bb7682033ca9741fd22c9d96043de177ba978 |
| SHA512 | cb8784ed8775b8ef6ab5e88a6105a6fe89bc6a2b0d208b7e5d63332fe6b73147dbfe8af44f71911c47d4b5d8b84aa32c30d3cbc20730ccbe0846a256dc4eecc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | ade0f96630e1c027cb9b2a5ee69993a5 |
| SHA1 | af347164dbdaccbed69958e88b456b0363cfba1d |
| SHA256 | af340fb76a30daabed7aa6e38dedd1b7d5b25fd15b64901960a4f3a748c1b4d1 |
| SHA512 | a52464c2fda4055cb7bbd2690fc0c45dcdbbb9338c234594df98fc15bd628b825bac7f7d0f717d992873a231cdc90f3700283649e13f152f3bd15d1c8870345d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e6d055237cc5ac8b34e2616da0e1e391 |
| SHA1 | 0ab1fe501cfaf1266be8ba01c79bf33468b9dfae |
| SHA256 | 21de8724287101fa4f2d99127c971545025185122f35ff9ff6cc5bc11b885909 |
| SHA512 | 59b22aebe2d3979bc29a8ae34df813f9f12321a8cac855e6258e6b6965c53efbab75f2c6a531d5c3b844ddbffbafed7639d750592db716de7452ce05876e48d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | d43bee3dd3ea24d88e30c441c39ca1de |
| SHA1 | 581ce1f8beeb267c5995e6a3c436e8de28f88abc |
| SHA256 | 847c66de0a593402e676ae20a606dabccad2f36062e01698fa4b074aec013265 |
| SHA512 | 31134e0f73583c4101d749c9ff9a5b8f058de34457a26b62ac393b3f98d5eeedc35f10196c50c7eb8fd9bba4e353c67f0f44f68860027860c2659525260af024 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 6686172ffcc559e73d31eb2afad3fd08 |
| SHA1 | 3a5122c9d29104b5b3459318b8a24a48a670184f |
| SHA256 | 4f74eedf79dbfe5c4245fc9e79823a1efaea43c7c215cdec5b0a9aa54da128b0 |
| SHA512 | fcf8c0185c460ecb9b2bd4e0b21ef1294dddb1ecd9a28dbd8566afd41675f35377754786085032c7043402b21c03e9fe4e87ef930521cac9268766ab6154d4e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | b0d5ad5ec142c1f88a21a5b85e0eb3a3 |
| SHA1 | df3f3af8d14e996e7dcb4a9d22fc0d17ee52ee10 |
| SHA256 | 8596fc656e4e86e70e80dbd6e52f1a32e9ceb56afbc056fb21bab9e852134407 |
| SHA512 | 48c4dc4019e8f58f3051291b50737b7a5090d82a07d63b92b2efd77a4915cbe6c52cbcad4217389a9b12d0197d352ba189dcbbbf1771df551432e8cae8d0759f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | a5100d0996c63b5649b36c29dec80486 |
| SHA1 | e57732ad2dd0754d317478c920a43e9898928f57 |
| SHA256 | 8018b15abcff6928b1f26be57cbdd1f1a2787ee59b712c6d3d8117e921bcf930 |
| SHA512 | d1e3ffc8b4fe254031ac90d7898f95389733d7449f23604fc294fa5644e48405006d6acc5faa3cac8111bf25d06b517b15730cbe0e89783f9faf5b0e3b0d74bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 6fdfa70d4b02b4eccdd5937b0eee977b |
| SHA1 | eef1a2abcb335ce94f73827ee793237ccd07f684 |
| SHA256 | f90621bb115dc383f2c7798e529aa4f94430e4721ce58b212f673b06591ae7d6 |
| SHA512 | 0a1c41e613e0e7a7331817abd85b9ed0a17b5b2e0acb4c5ffc66d6f55d27266ba8b237149f00952eb6c5a688038aca33e0df7d025af0ff01a5b94330b6828e2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | c4783a861d95134f1c8b7dbe9bce5e2f |
| SHA1 | a0a5b2099359214c30ae1272bc8ea7239048ea2a |
| SHA256 | d5b580cbd8ef4a1ed164bc6e164c827938f56d0577bc1261ec99454558715d9d |
| SHA512 | 257e56ad2cb8c55bf71662332f6da9a8e1ddfe1b9967189c5bd5547e5a0be6c39535fbc3187394d97b7eda1814e05e7e251df364502830c2bdbd9c30bd02ec5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33a861b31d1e5da81ae509a983e4b7bf |
| SHA1 | 8a942e5f9a2c90df39d6ed8b04bbb64d713e0827 |
| SHA256 | 6b19c70dd06a7f7f36a5cba484e2cafa40019746f72e4f060e537601d072966c |
| SHA512 | 04164dd76aa529b6d3911f10835a5c9d98e0fe9999ea4403cd8a55b2790ef462f656e4d1e786e7c7603aa6d0ba492360222bd991fcd2bc31841726af37dead3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 9786b84d535c348037bfc0af6cad9af9 |
| SHA1 | 70233bda2d9868648479618bcbfe5fc5d96bddfa |
| SHA256 | 6e97e86ee1c908fd737f9ac0cf5ebc34a95e33d47f2cb58148f67aed8af9ee14 |
| SHA512 | 6ec9633c089f79899c9989074575d1a5c10b104cd1916597994ef30bbdbeea3b32d39303666870c759439873eaf4400dde24a3ad6dfbfc99d48c6841506c1a02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 6acdcae5bff38b5f02dab8987f8d4989 |
| SHA1 | 7b96e1cc4ef39b8133fc61f366e2b784a2a72108 |
| SHA256 | 509d80a8b8e5b5f0352a356fce3f84fca1b2b7a10c987dc6602416bb41b6565b |
| SHA512 | d37e333e0313be190fad640a9cfc8259a90cef92b8d230e2462dbd7af21fa6deef8d3a1c3a5c2d6a1ba86d2883322eee8cbc49139cd6b28221e5cf46aeb54829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 5bcf01a100018b0b1800c60316916f14 |
| SHA1 | 82461356567aa396886a799f36f439fa4da3c2bc |
| SHA256 | 829229eb1a5f18ccfbe785c8889447b9a50da859fd87b0bd996560310f8e4a5c |
| SHA512 | ed322f68f7989311c03a0d3ccaa77a941105050d63ef5bea8d383e8cadcc23438424226fe79b1948d80662a19a22cf671daf62a876e266d5b4b5f035a6d4a4a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 4ef9b59edb4de9cdda881437b1020df9 |
| SHA1 | dd4986dfe876f100ef266c953b05579b0553e5d6 |
| SHA256 | 0413abbaaf9f52e625f2b3a355e8f92a92e71571f5ee24fb05021975cf88bbeb |
| SHA512 | 17626da6e22c1c3f78e11b7f5e727477ff5993e6234c1f019efd4bc7e8117d0c484eb652796359ca43f16929affa76e8adf73e2cf4a7b6f8d756821dbbc4d74b |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | f8968e87704084db39b44e2d570a8c89 |
| SHA1 | fe6e310d3dfb7c576f8c8c604560accd7167b046 |
| SHA256 | 17390114413b39afbef3852b3478f6784a25ababd70b5974fc987af0c1f6c10b |
| SHA512 | 38b0ef536cc1d1d1f94a9ce542866a7b0c6107750c92e134bb0b1d5fbe3e639f7764332e0c687d6fce9ae9b7fdc06752d8381500a5180e5303c4a37658497aef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | fca179877489616aa9ce819ce368a98d |
| SHA1 | c8fa7fe6dfc9f6ee8be2bea45b196af77eb58487 |
| SHA256 | 114389ffe3cfb77ae9262a329970b29a431e45e1a632f611ab915f194ab7ce9a |
| SHA512 | a5cd2d4e37169e7c0b593b15450dea3ce11c717450f79e8cfc28e657f0144076efffd47137c610b44a508f29c1a815ae04c9e35afc192e07cb459b12aedddbbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 71e334f186585989247a9b753ea5323f |
| SHA1 | a1e0e3279e0bf007027a859da44349a5253932da |
| SHA256 | 0164bd31ce16e7c6d5357461043369f450210453d584158f456bfa30cf12c0e9 |
| SHA512 | c934054ee4087179b10fef35cf42e2e0daf4282e0da92d57b1c8664e97dc9f97715d1dfb0e45386f9f7125377646f74bfa0c52b32c14d9d9612498df011fd4f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 42c8dcf47b5f912350354f4138494cf0 |
| SHA1 | 0b37b5836ee67995bbcbc8eff1c17f69dc2eb6aa |
| SHA256 | e7ce7ea63345b543d5b45febed8be5921f4f7cb89cb76d3c89d24d528461a1b6 |
| SHA512 | 4590830040b1a71e9429098531fe8acbd959402ed002050cc9a0b760737fce7c26b64ae1f24fc73203375cceba7afa0ec495f8acf653d29f97cbd34a9d8aa16d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b1c7297f42bcf7ae81fa837d7060209 |
| SHA1 | fa2f5a7b61222705f87ffc74859187e9087e9b8c |
| SHA256 | 000333dc31ee824c09dddd5a5bedc3edf7694bf2dbbda0a36a9cacc7109ae61b |
| SHA512 | a628d188d8fc89f3da56bb6e272a188767155da653c89467e704b10eefec1818b8799732194bf9ca20d5de5ca7629817594ccd6ef923e8ca0da07f47690bf514 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 0d0c3b92f0a9e33242ef33ef276e4241 |
| SHA1 | bb30677994f9b2f9321eaed881a4fb934962e728 |
| SHA256 | f71ac1cafd9611c8faae05bf07f81d44b34c2a41920542cc789f9468ebd1661b |
| SHA512 | 08ffb157883c230b311cc5ee262006cf691f2bef8c282972749c9bc3ab84b874ad560cec2344a6b3d189fa31c4533fb4d9043b75fa0b46edbe507962a6eb6b07 |
memory/3084-249-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
C:\Users\Admin\Desktop\tools\AMIDEWINx64.EXE
| MD5 | 8690997c90d94b5a10f2fe39caa0d7a6 |
| SHA1 | ad05c719b046da3946e370409b342e3c67946a87 |
| SHA256 | 157f846e4865f27898917304ba4480f6d67a327cbb25a790f885a78b8fba6db1 |
| SHA512 | 39d2ff1aa49cdb302fd88f6903d71d0008e89ff9113eab8a3ca2b7dbc0e5604a059f8c6f798c97971149f80a379a73ea6900ad46cce5203effe5c226bcd080e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13365262196033340
| MD5 | b2324f8bc0cdc95a8ba41e1f3b7cccec |
| SHA1 | 07af9292eff214a10692a73dc7a32c8c10bcea44 |
| SHA256 | cba1c453f72a0d7d0f0e8928d1d4b867585e171b2c18f87c22ecc3812a7bef79 |
| SHA512 | 9a12e2f91936e1704aa2dd1e66e81df934bc10c7e1b710661c517db3f0ce6d25d04af842d836939800d585db7548db1efd4cde4a8712435786ea31e2cc401160 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 99c1967abe0f4b0a1c1ab84236743055 |
| SHA1 | f35a2f968ea6a49d95935f67bc565c60db398848 |
| SHA256 | 0938413871fb4817cfa0590f4344bb7fa18cdf91c1bf42fec0decfd75a602fdf |
| SHA512 | 3e3afcd47dec1b42b66bd9c62dcd78afeccdaf67b18ef23c613e9f0c80269c74c8f61f4af7fdf95eaabe39611c442393b35ba070649a0e1d8d650ca515e062f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | d926bfa2a54891efee773116df5abafb |
| SHA1 | 8f0229090286b9a7065fcf389436f7e4ea519bcc |
| SHA256 | 6abbefed8d96ad5658de38d0cabd62570d739402cb80a55efc7c3708de1dd560 |
| SHA512 | 5d7057078e7298e4b2a55cb39fd3306c7c368696ca18e19dededb9b35316b3ee94a2985dedc2439aa277ed932ae5e242ad870e30594457f01835a529e59ef5a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
| MD5 | 9e02552124890dc7e040ce55841d75a4 |
| SHA1 | f4179e9e3c00378fa4ad61c94527602c70aa0ad9 |
| SHA256 | 7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77 |
| SHA512 | 3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 76dc3f8c01b5c305199c1249bdb25c6b |
| SHA1 | 2646260a75a02a0f47c2e88a1b5916a7f33c3027 |
| SHA256 | 055e623fe9ee2cad1c402029ab7d97cd919d0355aba1d606946da626b598a8a1 |
| SHA512 | f08c51df368458d9bbc52cd8b744ed330e9c0abf72248f7c31755eca60cf7a19711a64d834ec4d05d9ebbf402531874561e6e0ee1cfe4908c42552b66a30e296 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b196fbce2e68021a88220074dddb3ae |
| SHA1 | 1120d9e8b5d5d9a8edff827b157937330bc930db |
| SHA256 | 87dd0eeb98ced09e98b271518a99bee125810ca313e85a0b67e365945a4b79ff |
| SHA512 | 2d75b0a752121757d4c0005d7e20d524558ef3623e86e888cb74c14612bcada9118a97cdebae7a9d30f28872a4599e172c824106fc50010e44c7c784f431b801 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f53b6c555e22cab81987779e5fff9e15 |
| SHA1 | bae45634c5f2c7cb4993c1451664204572e358f6 |
| SHA256 | d7b27dcfffd1bfe06ca5be72ec395190c6e00e30012339574d49081f8127e3e5 |
| SHA512 | 66adc097ba55ac3e8598c52c27e5fb520ba8de11683315af7a074b16a401c3d43f4645ec88c648e992b766f86dd33c3c4435396fae8ee72c8b26d07cdedcd7b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 561027c7f5f91577b07067e208b12332 |
| SHA1 | 10108671f6472fd4506441e34265cfcbdade9f4b |
| SHA256 | 1e23adaf83591a891eb3fb9a65ab7fc21fa90985e5c5f5f55e0221b03290be70 |
| SHA512 | c5caed9359e7aafcfde66cfbe96f271ba65f1ddb9a3a516bbdd61167acd58999ebbe1f3106ce00dad6b8ce07c5e095de071d6637388e6662e4e90a64e4aba142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | ca27923986447745810849e975265b5d |
| SHA1 | 0b21bafa12cd1a7eb220c85f77d07f8b0a24922b |
| SHA256 | d441a9cd526b61901b48ef28bafc61f71d1ee9b6c6ca5a670d5f86dbd301f481 |
| SHA512 | 71d96f71e19462a6a8d4b08244ddf361251099af8556b6cd5b7cdff7f2701d7fe818e4e8a4d7219900a1052492861794e9a7e9a17e29d1485857212576b7828f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53b6225aadcc350c7a9a28b1c0e197b6 |
| SHA1 | e45cd3d1ac5cad51d052ecbcc8171c876503a600 |
| SHA256 | 258cba7e66fb8a2bc4cb5c70db1c6d9015907dc1a6aa098269a5ddf4eb119fbe |
| SHA512 | 6d7304b15be3486685d9012870fb9cd59b4c6a3278a2525efa13267f2ab2f57137c3e8f08a29a78f3668a6e74cac48f4ae375728a5d23386cf96454892970732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9098d33ee7c24a671719fe814c792de7 |
| SHA1 | 558363de72d314abaa9715752dd7334bdbce45d6 |
| SHA256 | 24f454dec039b406256639d5b419e11a6ac6e318757815df64ffe7e9155bc9fb |
| SHA512 | f6bd454a75c79ad209ec993485de22a0520b8657624e6479e07683cca21ec64a87c0f171f5c6c2dfb2cab0d6243815e5c0947de08e8c2c3226b625b3835165e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b40073c0ad07f4ca85969f27f64e1516 |
| SHA1 | 32a11c1c2bf29423f0054928495615667e12c839 |
| SHA256 | 09dd39b67ef7da5e9e1e77c279710dd052c5dbd639493b24c2fdab7411457d07 |
| SHA512 | b68be306cac5c66aa00f5af81daa43509cc3b2449136737ccf8e2518a9f6c9791a87a6d7776f2d8cfcf0cf5b82db491e7005549388907418e006b2b47b01de0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c6ff7148b5b29e4cd4c307b68d831c53 |
| SHA1 | 57caf26598eb3c7572d3c6ffac013604467472c3 |
| SHA256 | 7ec5484e8adf0254d85da5aa5304bb00bc7161341070c1b9449e21193840f72d |
| SHA512 | 200416bf199bbe30904137e50334db976542e10a4db5805707d97ed3b7cd78057599aa96fb725442112ef21818e20407bc852dc579accffb04f1dd3235b6e08f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c518d4c95fd7ee4b46992146073f2089 |
| SHA1 | 65cda3c378a4f03e82fa6bcd9c51ffd1f5376e55 |
| SHA256 | 149ca5b3c475c9449a441ec7f4cb06892db2dfef80ad2a24d5aecd53bdcbfb9d |
| SHA512 | b7ef68dc13301807ddf140b07f2713eea2341079286a68104e11b6473555dc902d43e050f6c799d1afe43faf7141eb3e6fbb5f5787fc552ad6a323fc3ff88921 |
memory/3140-578-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/3140-579-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/3140-577-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/3140-580-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 5f5c9972f65ac63c264e607072c64576 |
| SHA1 | 9d84385f8e8bf337bc647eabb4e00b3763ca70c5 |
| SHA256 | 4ea5c6296a4e344eb8cb9c770d0dc0d483e97b53fd59859c2c178d16cbf4f94c |
| SHA512 | dc011715e0a5ff0a7d7c3106b57db5b5572ea6d4b74fa2a04216e85c7a24b44a52bf284c2bcb457f6ec0183268206650fdc19ac07d9ea8f26320357124d88ccd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | af7ae505a9eed503f8b8e6982036873e |
| SHA1 | d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c |
| SHA256 | 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe |
| SHA512 | 838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 86b73ab5f530be7984b704414f2a711d |
| SHA1 | 8e297794ed7b6f5ea476d14b5270df12e8f3e42a |
| SHA256 | 1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f |
| SHA512 | 468f8d4ae9419cacdf913fba2da37055e3469d935d7b7b362717cf17d2c4c27882ea3bb34510273312dd80dc2dea05775ce65bc3f9d1048f50aad4b27e8188ac |
memory/3140-591-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 63a94abb30126570d75daa3cfa625fd2 |
| SHA1 | cdcd527e56935e2cf5e979c92588892ae337fd50 |
| SHA256 | 9c3ef951aa98b46a38044ba52dc2912439697719fa6850255e77db28d499b58f |
| SHA512 | 2e18d7d794900758728c7e9197b3a4d9c3df41cf40addf05a8964e468d41642a125aaac90afbe88e09eb2758515ebcb9b8f5693f279e6a64a48a5bfdd9f102c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 709199329241af6565ff9647762ecb79 |
| SHA1 | 2b2ce61b505f57d6e6e7a179d45fa1b4ee0634d8 |
| SHA256 | bf95260685ff141dd90227e75659ff11edac6e60b7b897c5638a778015bcad0c |
| SHA512 | 5a8c5f7da77f4ea16ef5b06896c149d38cf7a831a96edc8d3d42f8cbef88a20b0be5971f5baa2ef97221e85ecc2275ad5088cac58ad7c73b3b155a85af4785c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 9c1283510cbfaca7e8e531b4336cfcb0 |
| SHA1 | 500285b207303d5c569595e055891b7964d7c405 |
| SHA256 | 33714bf8b8291cb0a726b156b0be60c317bf900812f483b714ef94bcf2db8644 |
| SHA512 | 794917f221c72ba02089f7fdcf60e9518fa4e77a4ebe9721ed9a27731341c2c5be63931b76a2223ca95ae0120e2e0d3a2b7f75d653b9d53eeea46f8f6fdf418e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | c86148d2d825ca014d4d1312195172d5 |
| SHA1 | 417287c872c3fb419b39c4d2d6c1208904093edd |
| SHA256 | 1d9d2cb29e07816ec51064a7a1cb754a129544c1482723f237c4fdcc54702808 |
| SHA512 | 1e372cb5bd5da1330c9d0a8199be41a26b07a950b8b7de94ba21e693798aa2bf22a1ab999dee62602b7c1fb1cd837a9728e51202c43c0772989259df82adad8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 57de6d6cb74ef45508f1bfa04589d952 |
| SHA1 | 43f564cc15ac70f107f2076b1535c812aaad4292 |
| SHA256 | 7d5a74904b65595d38a7dac3f74b90e7aa582e302a2e446239338b83992de0af |
| SHA512 | c9222718f3cfbb64fefbf66faacb25eccde0f125a3cead87057507103beb64670f191b62bf82e1e160506c9d96e7c2576213ff07818debe12c5fe79be109af60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 2a0b5da6166ad4b50c461647a29fe427 |
| SHA1 | e198444731b76661941cc4628024324dfbd728c4 |
| SHA256 | e2f6d4e250b3032229e3105e4a0fc3e849c5184ff0e366a3877b0c7a4b9618bc |
| SHA512 | 60cb1582b1c65fc8fe8796be3b6aed9e4c48206a4b2534f15a292fdc694bf9a0502184b4bce182784cbbd41dcb9a7cdb28086c5fb2e78e379242537c84be525d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 5e67f28dca1f3c7d65b77738f6b77a79 |
| SHA1 | 000533c874a6c3df4646f722d2a91d7132cbd2a6 |
| SHA256 | 1a6907cb7e23d1425ca2263fc726ade424b0f01fabac9adf5dd60c6bdcd88b24 |
| SHA512 | af556dab9272321d32f5a8dbfbbd1f3c8bafd981c1982c57e909ee8b5b3c46d7b29e046d53dfd54e32bdde11f4b30ecce02c8a942bc40f11fc0402e08cd310f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bf136ac6c31a7c77ede5d72bfc2b4334 |
| SHA1 | c20ade5872884f807cfe64f5acefa0105e46523d |
| SHA256 | a6c675dbd75e17d47c2e0895eebdfc09a5b4356003a9d4586bc9ef5763f3936f |
| SHA512 | 5da1941317ee2ed0c2329d8ac4efa47d1917ab044c01a988c4ff05214ad42d72778697aa847442a55c7e98346c2bcadf078eb52ddca8792f3cf4fcfceb08b423 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf1737659ee1bfb21773e8decf4b8bf8 |
| SHA1 | 6b55d3b5ecfa6f7cfc4fa34f1b69d2ed68375370 |
| SHA256 | 13ad684ec5169cf43782ab6d064e0dc6dc381bf0725966be9241eae5932f2823 |
| SHA512 | c37e691620f3a63394943d905e8bc3559244b3bd14c391e4b5647ccd615189830a0896b29b3c7b18d6e155929318e13b75246d0eaf801090a1f019fb4cb99213 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c0748fd5fed69fd96bb6d3e0332cb30f |
| SHA1 | 5f60f042fcdda38d42ca798417cc2627d96efd71 |
| SHA256 | 11ca424fa58451d4aef3681ce6f9e183732fa0c025e934ce1547611b1a9ab350 |
| SHA512 | 2e7cc3043c5d5a170e7aab3dc71364deeb043ec96d715478919390448a6a76dd534ee99ee7793aa87a8469ad36f6bda0208975041a674d09c90bef4d03c3251e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b6d2bda5a79a11779073313b8b455674 |
| SHA1 | dd90a5d5e7580ce0dc54e51e409c31204957e069 |
| SHA256 | bd383abbd1978f59336582a7d5b7a3662db583bd43ed68c6e864a837a1aff6b8 |
| SHA512 | b435058d0b8b7933f4fcf2c2c49b87f21e1892bea8d7a7512baa3301bd1cbe53da556b65221c858a0438477c718674abba753eb0ba7b01a5b05ce13cf9e8a5b8 |
memory/2956-748-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/2956-747-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/2956-749-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
memory/2956-750-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d000bd02-a2d8-4539-bc1a-f3fbac2cde31.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 93d978de0b4283f57495b59545cf4360 |
| SHA1 | a545b4f9bae3ac46a1fc8b0fbbecc9b6b79b3335 |
| SHA256 | 04cb42b49eb17c31d955cd51d2ddebf4d296779fe3a941d3334c7d8061104630 |
| SHA512 | ec262d72d9d723cf6da8c72abf4e50da4b4e392e0397d61b271413db645a5483b1caa24fbd96c4478e06419eaff9aa15972dafaf92c4ccf88fd83d1fb8975b5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 896ed027977814c4f4473c5ffcbb0f1a |
| SHA1 | cc4d833932e02da628904055c2fad7cdeb1a4ef9 |
| SHA256 | a16410e260f7fb05437e6cce7cbb0fd0c916473be176e236da3249071532c545 |
| SHA512 | 55c6bf600f45ea8dac99c7bbfff04833844d17708d7b69b19d3f32e952e6ffed8fdef55260a6af05b770dbb007fd9942f934029e3c472fd45a574c344574783d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3692966ab44a7e5b9f6f690c0eb27462 |
| SHA1 | 6aa464a9ae5451212fce0eb3598f6be6570f04e1 |
| SHA256 | b4ecc21e359cf6b7197e179531ea65c9ab80ad90f35a8917f911a7d914c67416 |
| SHA512 | 8326784342a0b46f6b7ad85a2d82a5ef4cfa793f4b3fa13d48442d177ab0bd7664313123b68d821a127f754ff31297d709f8eaaa3fab0e34079a0154ccfacb01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/2956-802-0x00007FF7570B0000-0x00007FF757A52000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a76485171c1f9cbe98e819231ab717ec |
| SHA1 | 53bbf2335d845d533fa039c65dbdb920497f3569 |
| SHA256 | facb12b1104b4ac5da683412b2901890f879d6fd379ccd16237c230bb57e048a |
| SHA512 | 1d3ffbb1d2b0786e6911e3bf474d538467a7adf90c3d27e0b100ea45a7573449bc16d25d2527eef137875d9870b1d5aa166c7686772aa193117d6b279f62e786 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95a5504b614b80e2047f9cbb57cf4ad0 |
| SHA1 | 400a0ace5bcd99485f87d52867a18fde74aae60d |
| SHA256 | 29ec222f971e9fa5e7ea9cc96328a456e6ce19072c1880b99dd8bc92a4233cfc |
| SHA512 | f6e9b7ccccd5d15ff536ab5a6e55e5e7b63e29fac2ab5c47b7139c1359b1761c2e885b2205530503c614e5992beeb29c482a3053888eec477da161012a8d4d2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 574c0caadb51a9e04a1ec2433d16034f |
| SHA1 | 8bd4f4015d64dbe0a6d628e5e681967363ad53f9 |
| SHA256 | 79052d59ebd69a8133a56fc4552a7aaf4d7ae9dad1c104b34ad3ec93a3a4dd7c |
| SHA512 | 7fdd117d23a0cfff0af11bf01b84010a4affb28b1791266bf2b69a3ec1949036d90342d939d320cb6cec8aca072a6050d8070344b61bb81fd9b499dfac9ce2f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a32170fd888e5674eaea8b2174a80607 |
| SHA1 | b2263a6bc425a9936a5d434a550f48110fe6b0eb |
| SHA256 | 0864c2b8e47d618961680ffc2e2b451bbff711336b1cb3f81bb15419f62cbce7 |
| SHA512 | cc819078c0f3a7d27051af60e878e48dcba763a6a5c87ef4f9031ccad6dcccb93add6918701eb2c7462b578fe45aec9f8bd7d4bdf4ca7850eabaf5f452f4e640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ea6101af916b8a064c91315a27925c88 |
| SHA1 | 22628eff073a96f427272e667ecb533a0f26c441 |
| SHA256 | ae55ecf0d9ceb7ec84f910e4b595c80c1c6bb5c87706c125b59ef1ca94b55ec3 |
| SHA512 | 855c268f1b7f3f3b6206e5394fcbb72679f782ddc3a344836d3717d5decdcc9c0f1062375c871c238df42297b5712266774db6e320fd8436ad24d97ba23fe53f |