Analysis Overview
Threat Level: Known bad
The file http://Getwave.gg was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Modifies file permissions
Executes dropped EXE
Reads user/profile data of web browsers
Drops startup file
Loads dropped DLL
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry key
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-02 11:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-02 11:22
Reported
2024-08-02 11:28
Platform
win10v2004-20240730-en
Max time kernel
344s
Max time network
349s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDEB2.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDE9C.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmsszrdgw014 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\.md | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\딛⨀谀耋\ = "md_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3774859476-2260090144-3466365324-1000\{894F28E6-15DA-4C49-BB4E-989BF41B62DA} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\.md\ = "md_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\딛⨀谀耋 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 527575.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Getwave.gg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7c2a46f8,0x7ffc7c2a4708,0x7ffc7c2a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7144 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae2af5e0-c7c7-45de-b849-7d99f14941d0} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2472 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f3a71f-0332-47c2-8104-1f8e57041835} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2744 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2920 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e021aa3-f588-4ba1-a524-b5c60d3c92b2} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=896 -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 2860 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {015d3a3e-419c-45a7-9580-0742644c75ae} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4204 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4424 -prefMapHandle 4412 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1fceb5-aacd-4198-9347-143610eaa566} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62630f05-28cf-4435-9be9-f753c1de369c} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1214172-c89d-4554-b020-778f42ad190d} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5736 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e7d8dd-eace-45da-aa1b-b795c4ede12f} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_Memz-Download-v.1.0.zip\Memz-Download-v.1.0\README.md"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_Memz-Download-v.1.0.zip\Memz-Download-v.1.0\README.md
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244694 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8abb0c8f-fc3e-41b9-a600-3601d5e61c55} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 23680 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85319617-3e87-4939-a074-936eadcad409} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3348 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3300 -prefsLen 25063 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0942041-d2cd-4173-ab1b-25d67906285d} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 2 -isForBrowser -prefsHandle 3732 -prefMapHandle 2852 -prefsLen 29412 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9327480d-9ead-4483-b871-70e5b21a8d76} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4264 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4232 -prefMapHandle 4236 -prefsLen 29412 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaf53d05-5bc4-4836-ba08-caabc6d36201} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5116 -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5028 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20fd353d-608b-4364-903f-a035fc78bb7a} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5240 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd625609-3c02-4268-b7df-5fd68b25ab56} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5464 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a116b99-f406-4c20-ba14-32cfab7c47de} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x4f4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 97051722598026.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vjmsszrdgw014" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vjmsszrdgw014" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | getwave.gg | udp |
| US | 104.26.2.170:80 | getwave.gg | tcp |
| US | 104.26.2.170:80 | getwave.gg | tcp |
| US | 104.26.2.170:80 | getwave.gg | tcp |
| US | 104.26.2.170:80 | getwave.gg | tcp |
| US | 104.26.2.170:80 | getwave.gg | tcp |
| US | 104.26.2.170:80 | getwave.gg | tcp |
| US | 8.8.8.8:53 | 170.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 184.28.176.42:443 | www.bing.com | tcp |
| GB | 184.28.176.42:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 42.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| GB | 184.28.176.82:443 | r.bing.com | tcp |
| GB | 184.28.176.82:443 | r.bing.com | tcp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 10.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | waveexecutor.com | udp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 119.235.232.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| N/A | 127.0.0.1:53810 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| US | 8.8.8.8:53 | 197.205.238.44.in-addr.arpa | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:58996 | tcp | |
| N/A | 127.0.0.1:59001 | tcp | |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.129.202:443 | th.bing.com | tcp |
| GB | 95.101.129.208:443 | r.bing.com | tcp |
| GB | 95.101.129.226:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 202.129.101.95.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 208.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.129.101.95.in-addr.arpa | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51015 | tcp | |
| GB | 178.62.86.96:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| CA | 167.114.35.28:9001 | tcp | |
| DE | 136.243.214.137:443 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| DE | 185.220.101.133:11133 | tcp | |
| US | 8.8.8.8:53 | 133.101.220.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6c3a0da38ed31721bf66a6e7519f300a |
| SHA1 | db05166b0c96c42e4f89402f1eecb0ce00c5ff7a |
| SHA256 | e13bc70f7eee42221ce6f2ebe017538484dbc6ec1059450cae7c579dcb8e6199 |
| SHA512 | c38a4e591360ae323d9be207ce2af8375ce3797bd16c3da2b8ed96c480d64fd1fd3062b1cd178f7be2f01477b68fa3404c021903c51abaecc90881f96bec76f6 |
\??\pipe\LOCAL\crashpad_3204_FYTLNEFQSXXKNWWB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f424846d13eef75a8065348e647b5c3a |
| SHA1 | be8a5c387e75f166f933402aca3f6e6f2129e4cf |
| SHA256 | 40be99629f284d8f3b43c24811b93d372757306f37adbaa90e785ff2604f52cf |
| SHA512 | ffb2097c52a3baf18361348787dcb92cd10da54a25d85600184b0182d50f08420d91ac031141871868602ca788cd0eac66e302e8ecce220b2f707f8741e3d178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00c136cd85b2f447fcef54e4823fe14a |
| SHA1 | 33f8060f193f8b383f175e18b9458d78b985630a |
| SHA256 | ec5161843d4bd73640fddc181aa416fb1b39e43932ad0a46cadfba76612c14ed |
| SHA512 | 33cd86e0c3b97d3fbaa3e6b962b587b4135a60bdf85ea4882fcd2b30997b0adcb34e8baa46c12f0acd3c9a5bb51ea84a9386093173d1e1ac3cc1ad64b2fa3e50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2d10c86c3876008b70ebf3d15a61c60 |
| SHA1 | 2526b037e487828efd7089330f16110ceea7336e |
| SHA256 | 42fd45996456885289b5849c85fe39c807fcb024d8ec6f1c9220a382c05f8df6 |
| SHA512 | d493a1322a5effe6502744d639053279520de33e1f988c323fb299c233e4edb1fbe9edafb37c1f523126c153ee65ef5d6a2062d39bdb834ee78958892ec078e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8343d651a8dbc0aaaace3b06c9d2a927 |
| SHA1 | c314b1eb05e542bcfee7ec371774f5e989b49214 |
| SHA256 | c249e0fc7a7636e921b0e091adb74c610ded5bfb3088bf3c05ea3315f810d05a |
| SHA512 | fdd79c47a0ea7d08ffe5c3c50329c51f02d5b0d8192cdb197e15af4fc0699d637d82118a72c5301a5bd24ceb062581de5cc0c292102dd30db0dc68521d72dcd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe715074d4f169401246e83328833378 |
| SHA1 | af32070fadd8ef558214d2c15416981ff5dc8ab5 |
| SHA256 | 5df416b7342fa05a25b5ead0ebd55a5794464efd2b259c70f93e281c8526ec4d |
| SHA512 | f0656749cf4a86b5aec7d04b7c9ecf492f445aeebf69ff97d78d8c3cce6f2d890b269f45bdf46962efe5384d6b18f901a7830b91f9ffdb8fe6162c4a0d6e770a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6545c5247435632c9e0bc12eb10dbf41 |
| SHA1 | 2dd93e3ac5c133007414e2562e5c246f7a2d9bfa |
| SHA256 | 01295d098cf54b2bbee0d02db4cd3ab58d7bdcddaab2ba1510485675bf36a246 |
| SHA512 | 4adca9dba1db2406dc1ffa678691417f047fe3e9958257981f796ff15a6089218cc89bcb8e6b6f03bb0d19b2418cc2586e62f09fd57c1382ae34b2ac1a3019f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 1d9097f6fd8365c7ed19f621246587eb |
| SHA1 | 937676f80fd908adc63adb3deb7d0bf4b64ad30e |
| SHA256 | a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf |
| SHA512 | 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 5b6eb9202abfde97e3d691a835509902 |
| SHA1 | 515f8ea6e88d5bde68808f1d14e3571bc04d94e7 |
| SHA256 | f9ab282aea02569f9e73aba576cd517a7fefba7d90b935fc571397e710b15dab |
| SHA512 | 309f32e918aefdb51c218d57ac37714d90653dbcc4317597c1e3df67a8375b5cd7aed9dec97eeae248b29c03bb46318216a3384971357bfb4dfbc294e7f5f9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 74c0a9aceda2547c4b5554c0425b17ba |
| SHA1 | d5d2355e5919dcf704192787f4b2fbb63b649b0f |
| SHA256 | 3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d |
| SHA512 | e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587809.TMP
| MD5 | f480bbaea8fbf1725a29d0aacb5c0284 |
| SHA1 | 49f64018dd5728f3097245cd9ed4a0a7f7b789e6 |
| SHA256 | 53d5b7dd695fc93c49ac9f5dab6bf1bb1c155a3caa1390027ba58b1d2953976a |
| SHA512 | 2ac59d98f2453923a6994287bef5dc9d25fe64412288287d96042ce82de85a4f80ff6a93dc61c8a26339c5cb6d13c4e64db963774d60f88ac7dac36a4dbba2d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cacde536ae4a76d8d915d33321f8bbff |
| SHA1 | b1499dbc84f64e41e3db5013f97696be7344121a |
| SHA256 | 8457c250c2c488342a443e01fae985ec430eaf2c692108d834600d4e56306253 |
| SHA512 | f2fbe5720f38a9fe14dceb622fcecef67b343a62eb95574b1edb37a1b8db9aedbf07948079efb478b35c7d2c70f5a31645c1a916711ddbca99e4e5a924d9b54f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba213aef-5d78-44ff-ab9e-c9e20e40e1d1.tmp
| MD5 | c0510f28b708f10eda65822421bc16dd |
| SHA1 | edd5f93022468893305e2db148ba4c2543e98c2f |
| SHA256 | b4401acb31d1d408c267762569d0d30e17110a569d9416efb8a76c1f74eb6522 |
| SHA512 | e066a809d814bbf5e44a9e2afef3fb6f37a28c52d22d9419cdc893846899433532e3a0a58e7a115a6ab5214ddf53e440b4b19ca55a8784a3da7267bfd544288a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 44bc25dc7602b93e14fdffee905863de |
| SHA1 | 30b05f80ca3c9923658ce154f6f5bbfc25d162c7 |
| SHA256 | 3098bf4e631000287beb91ac141f09f074c627acb7fc001405f86f600441f700 |
| SHA512 | 324dc4c58c3640cd05acdf453f5abfce2ecfeca9a0b1d20e871138f1c6b7308a0c2ac3bf22d4a8571dea9f1221a43e17bd66889a542612623057818d9fb5cdd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b2152668d9544633805a0e84df8773a |
| SHA1 | 833d1b0580e9c23df94d0137b68bb2f81f55eb74 |
| SHA256 | dc317737f5413aee1b5636ebc5f01024a7e77786e72969cd0ecb06d8fa438514 |
| SHA512 | 0ad4a4075c41bc82dfb264d0464c889df10a12b8a8a1bb40d7885e7e4346f7e975fb1985c97ebcaaf14646ae2e335adb2fd2f0e478538cbf996986f110c2f77f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a9bdc4a337ac52003dbc715a30698614 |
| SHA1 | aeb08dc630e5383cdea27a9368b9007407920ae7 |
| SHA256 | 0e880268e192390190a0c129412930ea2e170a77424a34c6136e047295a942d8 |
| SHA512 | f5d21dba103a2e35187675d411bf4d77f73416f96315efd58df00b0bd47763e3af3d0ea2882bac833f4b47e7df103b269078ffa38d931cd06ac8345fea737590 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 58ce05c7372c81c9191abbd6f1744af3 |
| SHA1 | 0ba9b00484c02cb9b69613c61a29e319726090a7 |
| SHA256 | c8f7a2371c8c06033376b44ee60924d4be9c7871c99cc9cb4468a65770bafeae |
| SHA512 | 6e6cc3efc8ab5e63ce2ad9c4cc35de236e685c8e450c5274004ad597ea423d3f3cf6da6010468ce23eb3033fa1b0f6dd923cd39e502e7626288a4f8b231bf212 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5dd7636c5fa37b6b0a459328d2cd3a9 |
| SHA1 | 0daa18c28fbd5b084b577a864423a82909f4d589 |
| SHA256 | 2329b9ae026f62d18a688137a38ed775c8e17cdacb3d18d90d26232726aea3ec |
| SHA512 | 48599eae286ed04a20a8a05188b050f1eb8b4636564bc5758127190b9bb02434fba49ac53e12ae1733aa4b7e64ae8bdc7e5f59abd3397f801bde72dfb2c45e56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | cf604c923aae437f0acb62820b25d0fd |
| SHA1 | 84db753fe8494a397246ccd18b3bb47a6830bc98 |
| SHA256 | e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4 |
| SHA512 | 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | b7acbc2406a7f663f4fbe535b112d734 |
| SHA1 | 602ffdcae76ca3911638870f244d16ee4522a11c |
| SHA256 | 5d3df9af4acbf8773676af0ea887e966bb0f8dcccc6f4f9040d9b6884d3ba51f |
| SHA512 | 6b20ee9771a2b9234bcb4ced194b1fe58fae7ae75a3815b740b0b72a9b2a58be77b1ed20b919ea8a9675eb8f708a1b4df37ed8c013549bb85e44118f1362350e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 44d85d3d7d4abb1f602373bc8099bc50 |
| SHA1 | 0719bab41f9a0564de19e8462f99b3d7899b7802 |
| SHA256 | 099c35cbf96a80f269be68b99dc8fb55fa134d8dc950d4713259e8593210a2ee |
| SHA512 | 273865e3d60c6ed552cba99b35775eccfd742bbad019099fe8bfe417a5b07140164e2795912e1ac0df33b6e42a877c2bc15a94ae28e87912a8c0b43248529e9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6c20e6864910941dfb951c5305333f4 |
| SHA1 | d1423afd1499c330deab54a24822d98100419ab7 |
| SHA256 | 5fba5b81c073d2bdd5816fd8eb81a4558e8a93c342a5894590288d5bd6d034bb |
| SHA512 | 116acfdcbaeccea6104b23794916b0a85db5fadd5cca96f0e4dff0aa56af8e9aec0be8c707d2acae1bbdaeec5b1ba86ee4d38ad15ba2a491a92499da29441c41 |
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar
| MD5 | 352c9d71fa5ab9e8771ce9e1937d88e9 |
| SHA1 | 7ef6ee09896dd5867cff056c58b889bb33706913 |
| SHA256 | 3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61 |
| SHA512 | 6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 47abb57c0a8d9dd9f0c173b76f65024c |
| SHA1 | 67a6665ad63d70b78c43a9bd6b44406ca5f714b1 |
| SHA256 | 0dd38955ce5205a48afb6139fa0c48156b88ddfa537ab6f5837b21b3594490ce |
| SHA512 | 18f1fd7981a373470686a349aeae1875372eb65c41bbe5170cc8d40e8b86f4a2c99e0c5d6abe70bd4f0124fe035ee1d56bf4c20781ab0d587bf0a8b6c6afd752 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07cfed92-210c-4174-949e-54fd88dca4e6.tmp
| MD5 | 068d080dbf0b6196b254b71866ddbfd9 |
| SHA1 | 3fcba279df95045ac22b619b00a01468d242bb11 |
| SHA256 | 6d373ecb0c59b8687d5c834a45c862779ba1cc1579bafc1dc1d83177c14188ee |
| SHA512 | cab992ff21566bae25a17076a976544f7bd2692f25de24323c64c07b55e6019b9b44d591f2f9d9cd7a50f053ae0eaa69f7d5a3c30ed7c723979cd88f91d56d5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35ae158c211e755711259f9a39becf1c |
| SHA1 | c87b4716ba15aa4a69225937da3209937a8596d0 |
| SHA256 | ab8787cd22ae64d7756b75b5db7cd9437ed775faa6393db5740b527026637e90 |
| SHA512 | ab454fdcfc87e767100406a7564fe9800a3d1690fb20943abf2aefe3c0c4f56be9e9edf7b1628ab271769bff3a2041ef9cb80dc6554890abcc0ea548d05580a0 |
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip
| MD5 | 8ce8fc61248ec439225bdd3a71ad4be9 |
| SHA1 | 881d4c3f400b74fdde172df440a2eddb22eb90f6 |
| SHA256 | 15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5 |
| SHA512 | fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2abe23eb598fe0c68815d89fff41bd90 |
| SHA1 | 9859ac3d2ad9fd053fac65d04e1b6a0191ff7d02 |
| SHA256 | 48f91f2670cf6aa1a7c0c65ca6858e1bdd7d4cab378cb5bc510519fbd3115960 |
| SHA512 | 364847af8ed35e84283ba4246de1eef7db84008f50f7ccc5a1b94cf570333486d560f079bbbd63f00e941e44294ea621d01b510ab2a0e1ebbedac49ebe999ba9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f266bfbd286a1681f283372f44acdf86 |
| SHA1 | 2d4bd346e78aaf77ababe488ac25084f4e3a2d2d |
| SHA256 | 70bc740542c90c494ba111ead6dd29f144a22b22e1fbb082e93e571805779758 |
| SHA512 | fe6fd522ff7fcb04c59e18d20bd11d5e3a926fe93b8b6342ada46e46cba3eecc6753573020e463b142998c618f6c42d1f61020db28ed8956e2f7b609400ebb15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f2fcb86c7e2939c2ac15193a058605a |
| SHA1 | d029b12a6cf3a54e8015df937a6c2ed99477f668 |
| SHA256 | 13f96a2937c0c676a751f9927638f6c0274e2bff8cbc344a59ffffb92698034a |
| SHA512 | ededca7f5447e652910755b8b38121c4201883cd55f48cfae589518ab5630fb579cf688d9120ea6e8aaf57ae866bd64ce7994f28935228ddd22c35359752e6bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 3710dcc23bad0f30d9fd4dac5558d04e |
| SHA1 | db1e18dbe48608f2b704f403dffd91ff8a759cb4 |
| SHA256 | 194d49e39c86e76e14ef9b32decc6c2b888189ee4f1a8e39a258c4ec92119f04 |
| SHA512 | 135bb66fe8733e74d6b8b4ea2fa799b44fd772321ed82232e2c57687a39cf4e03b616705f3f5775981af8e93fa2ddce897b4983bdc2eca5e3f8a874b3a6b3631 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 88f2162a656b5f352b185be78b85874c |
| SHA1 | 9e1ddad74718bb8d3d42eda765fe2434f6a8c027 |
| SHA256 | d221fa01f10bf0bfd9f92d1129dc7108c30e7acb3af2066f0c59e73de7686df8 |
| SHA512 | ecb6d02f96405c935b540b13102d73de1197e639a88b117693da7356c40acd92ddee8e2bb43ee5b76a8fb2361b3b04b8feadebd763bc290d4487ce50633d8998 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\45c26faf-69f1-46f5-96f3-84302bf15bb3
| MD5 | bf7269391d7221d40319a78b817d40ad |
| SHA1 | 1d910f34c54f52d29e526e4cf8afc93ca21b4a45 |
| SHA256 | 21516b277142fde2342027796595f4703ef1dfc34d7fb5fcd849e47dfba67b05 |
| SHA512 | 00525b603e7bb9c5cc38b999094477cad383aa90da3f38a3c87c5c17072d2d68d0022c806b57b9fab32bb36d4666bb97da848427d8afaf333f2efb573e21a2aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\96704d6d-23a4-4759-9ac6-315179f14ee0
| MD5 | 2ed0d80cc8aa5e425db85e284478943b |
| SHA1 | a8cf0a048dc15dd421859c5a4e175d0b757dee38 |
| SHA256 | 0ec8cc342bfa60ba7fbb316a7952565a8c67d74636a6899298ef1ee6b4855b2a |
| SHA512 | f89a694ea7ba8b9962ebe421a0da8177a87f5f746b265552b1444cd469cab7a21432507d716b12863b17eb1720e013a3fec4132d2f10dba2764de2ea933d1e46 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\39b7c550-46c9-4da1-88d6-43c6955f4c60
| MD5 | 1dd5d2f5095fb4ba6f6757fd100658d7 |
| SHA1 | 23ced47045be556004a08644da9017ae64fece90 |
| SHA256 | d3d7743daaf75141c106b3da6dbefdd14041de0f3c94aad7ca947bbc7390a573 |
| SHA512 | 8ef45f397567963a435fc2a0944bf7a0c460a5dbe118c79706aa472dd41af16f15ea106ee2768641a34fad1cdd04828c0c38f9026b1e1d334751460f87df98f6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\activity-stream.discovery_stream.json
| MD5 | f13c09a7e7d012fbb4a7c9f28ee2c785 |
| SHA1 | 5429e867e0013d6b4738e486bffcfd4a412aa080 |
| SHA256 | 71496569e3ee404b3f5bfeccc9dbf643dcc63737ca7ec133a89389e7c03ccc18 |
| SHA512 | 04a6701a3b6d7aaa00a7e72f073bfe62cb0bc2b5a33b023110432e2d444b58b9018a656a37d6c4b40c35550f906310f23dfa79a370e57e38c7106a04d48efed3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs.js
| MD5 | 09311e314b8605c1ddd0f7c8919dd428 |
| SHA1 | 36e685591d2d9ac7ddf451363eb37b7f452161df |
| SHA256 | e91c074e6e42487e2c60dfead6b6504e73191ccd4637155d3c8b87c230ed1a6b |
| SHA512 | c5ce23e1ccc996024532cbbda27eccd8bc57fc6093f01cad917e75c9064f3044ef94bbc7eb8b0db1c977e31a2c4caf961e343925885cc2af2cd4afd303e1236b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ae41826a5da1ce433f5e02fde1b8507e |
| SHA1 | 8c95d6882bf5d933e94d4c3e12f914849c135a96 |
| SHA256 | 94bbe2b33b4992a04db0c016ff539222e5890c3d15d7ab6863cec215c8865da0 |
| SHA512 | cdf5d2cf7108ff8d3fde5e6b769b00d225b2efb60433c7a1896ddbd62e53d3ec895e36d2083215f467261ada16d1ca4f765ba9c472c73d4a4cff81a9daebdbcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 88195d08e36c54cbf39c33746579c4a0 |
| SHA1 | f25d811719ebeeb6f9a425841d8576cfb0abb621 |
| SHA256 | 0a3eef772b9419d290181c1779c06fe42b5c2cc865f158b13b3f2446921f52b1 |
| SHA512 | 74976bdb7d7b810cd7e55217e62f9c9d29e10f736a1d1b6f6e3fb0dc40772b1e7e4034f6caa20b775ddb49748f54cdcbcf2c5de983af1d310924552f4a27cf37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs-1.js
| MD5 | f077f94f4900192fd5b038e131b6ae96 |
| SHA1 | 4bf2521dde35faa503a4e45b500f386ddf518763 |
| SHA256 | 9225feb03856f09c4bfde4606d90d6c8c893709e57688cd1e3fd63829f4fface |
| SHA512 | 782c8dc99b3f431b3c44610536f9f9899925c8f332046944ff5dcbd182eb2aded732f391f52ac11da57a8d70b903346220a07c0690381ff71b9486ecdf87195e |
C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip
| MD5 | 76d0a1d84cca5c2404c1799556106891 |
| SHA1 | 378a662c54fffccc1f2bc3cc72dcbb66e27c2779 |
| SHA256 | 23b8378ff4073b47a9542c744e506ac2fde0cffba27a5ae8140f3856c9ddb6bf |
| SHA512 | 7931c992d09301f22b8c5dc861e35d4e98432f79d2ea48be07e24366ab6302ba8bd2fc85fc8e8af889da46f1588d33419c41afa8f4d46b60ed1d6d50531e3f4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7f19b793bc5e1c40bf9c94069681a247 |
| SHA1 | 0ab958fb2d8e194fcf9f8661b7178f7bf13c00bf |
| SHA256 | 675c3f472ce7678b5dc51eed2421a20235538b4d3a9cf88be92f6b5effb781a5 |
| SHA512 | 10e744a7ff66e0c12ee7edd2963eda37ede8ab520f6b61c0eaa6ff3a1d195c2b6cd6333fce11e3cfe8273ae43a7d76eb0ae8508c8e0aabdd461f171cfb91b0c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\scriptCache-child.bin
| MD5 | 182245e2424abb1498c41041be3c7716 |
| SHA1 | 324e21d1e74adbb55071c9df79892aece754fbeb |
| SHA256 | 42ff48fd0bc943147ca7ab52d3b46d1beeef06aaec775c33e302effdda976506 |
| SHA512 | f28def2b4ce4b8e5ca627904589717d3d5f9643b90cddcb979475c02d25a97cc30818e0c36184c8d83c3b74624a2e3f0745dddca67a0e7c37314baa86ebfb885 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs.js
| MD5 | 9dbde3d38675bd043114baf9d19e570e |
| SHA1 | fc184ac31c4e0190a8d3c6be40f3c4f57e86b047 |
| SHA256 | 274f69506127fb0de7b94162d3a9785b0ccd05c23abf6ad6f2fd572e5cfd7a91 |
| SHA512 | e985a8fce2eaa2d3a385dae50e07f2418be5a48c2b309e1199b8fd888edcb3433ee00bfd31f5eb63bde722059f7e6c169f0c27d7f95325604a42380660ff9daa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\scriptCache.bin
| MD5 | 691caad2e42b620e97a8dce4aa41ad61 |
| SHA1 | 3fb0cc870d17d5cac7987cda5257082496e0452c |
| SHA256 | 37a234fdce9b1be57340f249c6ea62c56f72651a5275f5826acab1c660ee736f |
| SHA512 | 7c04fb8f353cfe64bed25d38ac00968d527493c367f4b72ce2fef45ebb6c796f6becfec9a3e65d1639be88fd299726c088e5fd99792e720a1dd9f90a44a7e2f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\xulstore.json
| MD5 | 49f654e1ae328a347d69a907fe9bcef0 |
| SHA1 | ea34fb5fecf40026f2fab193cb470e78357581f3 |
| SHA256 | ad5e986296c80e20c6a42b272b4bfc1900e6f0b1e0f6bac4162e0a00e67dcd9b |
| SHA512 | 7dc6c9eaf34634301e57b6d17ce76a87682bcbbd9594aa88d767ae3f8bef9fa2e21cf7e12b68d13649d33e1b90bb36bcf0303bce350f6001efaa47ad1ceda06a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\urlCache.bin
| MD5 | e767a0b24debbd9bcdefff103bd27730 |
| SHA1 | 439d5437c114e7e73af434431f9e1e2f4e3e5448 |
| SHA256 | 526963b909f34c63971c75dbbfd6669fca085382781da1b6bddf913d3e764311 |
| SHA512 | 8eb8d913fecd4f5e9adc15313b0fe847725d991454dc1472898a75127fd9fde0438f2c526ead3b564b14d1af9a250f9431265eaf1db6359a5f48edbd27371e3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\webext.sc.lz4
| MD5 | 9f03df23ff4d13ec07d8a4edc91679dc |
| SHA1 | 8fdf8df1718579354970b63eff69434f8eba8791 |
| SHA256 | 3a75af0d45b64d6e97a5dfef70346d65fcc7039d316405c8599f3ef0cd28c80c |
| SHA512 | 6a884ec72c8b3b901e8e53c7848eacf76c3f0777167de94b8ff6b737a6dac7f430afcf7628a36ea41b04b6f01e9e90eb0cfe9ee59899069946da44078cb2a463 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionstore.jsonlz4
| MD5 | 2bbbd1441febd50c47d81b86156cd378 |
| SHA1 | cff51227f6d44e4fe2f2b26b663b8dc3694af040 |
| SHA256 | daa530322ead4728578f4a9c6f2b69148e74211e85c601d025ac183dccbaab76 |
| SHA512 | b614e72cc553176db7a0b319f68e5ca7eb1faf45c8c7abbebb2fb553a1fdbc7176d55c888add3c77db336dafb3bedbb71f9534c662ca70cdad691fee7903710c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\SiteSecurityServiceState.bin
| MD5 | 68ae449a66564d9282ae299c76955bb3 |
| SHA1 | 0aade33975fa71cecf8740c68f6ed4276f6a0053 |
| SHA256 | 2893fd0a11e60fe7914e281fb4acebc313b9b3ab89374fd352954eb5e43370ad |
| SHA512 | d5f123cbb7ce0034598e4a6d5e43ab2db2c482d555eda2af1ded8200980aea31d2d0d606ce9f3d19c1bafaa741f3e23cc3b5a0278dbf889d00748b0e33419535 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\8617e1ee-0452-4212-be0d-afb469966455
| MD5 | bff4038c30f2a318105283753900b9d0 |
| SHA1 | 343db6272582345c75d3b699dc2442f6b8f6e135 |
| SHA256 | d5f24e0c87529b46bfc0c93468d8f2deafca7d698fca26e23fcc54cfc490e23a |
| SHA512 | 3b29c12636dacb2150b640ae4b66abe36ac0521672b7ad8919039f39f91418e51067a1a92fea33b329fc46293661761e1b89ede61a19df04ba15de7ab43c0a07 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\3f8e059d-1164-48e9-beff-dcbca5a3299e
| MD5 | 0e5e697ae3076705c0f50a15589a9aae |
| SHA1 | 035a74b28ddf8b2f507933e75c89128966cb59ea |
| SHA256 | 6d84c552250c5bf86ff844cd6b81f298b66b78bf52d3ddf29cdafa4dc3a15807 |
| SHA512 | 29900b801968e336527ef2bfd47c5338ee226224942c9e60d8f1ad4a1ffd0d4ab1066816f2e09dfec337ed884c388093b066e051fb8d14ab6e878cd144b5c580 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\protections.sqlite
| MD5 | 76786a4c0dd19d88d6d3ed95a293bf2f |
| SHA1 | b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7 |
| SHA256 | 1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31 |
| SHA512 | 8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5fc0111cc15140157355b6d0c8d5116c |
| SHA1 | 7c0ab73daa72d54c904cf5e322c8e2a32c2321e7 |
| SHA256 | 7c2f01934767c88bd854f0527c72d46542b49f4207789f4f297bf7aa7273c98a |
| SHA512 | d540b7a2c78d15401575ab8697956d31c509372985ec8b482e6c0acc429e947ca263a5cc0c641628a739995f9738fc7c64dc1b2be64b714abf7365c42e69d7e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\AlternateServices.bin
| MD5 | cf3e11424cb4a72076ade6c16b311977 |
| SHA1 | 9acb6acc516eac207f1cf19ebc8f22556be2934d |
| SHA256 | 9256aa012ada25aecfc31bd414bd964350a5fe626baa8edaea40d6dcb8370e34 |
| SHA512 | 473f4a52e4457e34f02133ba858ab35990eceeb36f920cfa7c862e68263a3e7cdd56d690f560c79bdb75c6fcb54e52d0dc0f2f83deea3d214403bdbbc7967f34 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | c73a0fca1935122342398874be5305da |
| SHA1 | a72153104d905ee1ee812afc3825ca482364a784 |
| SHA256 | e99d9dbd59d3f68c1e8cfde974f153d4698f371f1102ca36f407bb87f991edf5 |
| SHA512 | 4811edb546b7816fc8420887df236df1523eff4b214f353f7e3acffbdedd10699cc8474aec81fd0993fdaaee0a6c3ae3a5e0bbc62ae3c4c050763b29b48c49fc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D
| MD5 | 5b622f50b17d39a721350f5077a4efa7 |
| SHA1 | c278a79ae653177e9ecfd0d773b70d2d59fdacd0 |
| SHA256 | 71f24ac39172d56586abd176ff8ff17644414debb6bbcde74527537dfbf3938a |
| SHA512 | 0bef643a231e0f421b3b8f493991b60643393c0d4232fb72d2b8244c4f5445d3f95d49afdd2e66d624abac8edbbaad58b3fe2626d60a0d1c0e0bdce48320999d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 2ffbabf2ad30a6509b491c1d4c53ad63 |
| SHA1 | 5c08ad772fbbb36b72b9db4b41f7e8b2cbb61e6e |
| SHA256 | ef48cf4a11da611063e35c179fba2ea762af9bb858e433d219e104fbf0a0dd98 |
| SHA512 | 7b446576106e2898441d583ce8b2a998acbe3b4201c820ba5c559c505683b54ae47b2b1c5d72fcd4360469eb14c4982375bb2dc8f0291b77e7ebbd73a0e315db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\events\events
| MD5 | defbf00981795a992d85fe5a8925f8af |
| SHA1 | 796910412264ffafc35a3402f2fc1d24236a7752 |
| SHA256 | db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d |
| SHA512 | d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.bin
| MD5 | d4f974772c6fbda29ecd6f560e411da9 |
| SHA1 | a1cd0325d7e76061512e77c4d3e14f93ab8fb3b4 |
| SHA256 | ccd67b59a083acb94eae577e5f6c63aa91d690361772ceffba9ae698d971b989 |
| SHA512 | a26d6f03bd413d44d620bc3760794369bdae01ea2797df5edd47bcdc3e4b4ed84b11a884a3031ba692ed1fce17bef28a0d5576b1fb3c19c0955756adc221eb84 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\places.sqlite
| MD5 | f7fc953644c8bc47cc19f1858ddd54fd |
| SHA1 | c4b21bd9bc2962a85860c7749c6258406a573551 |
| SHA256 | 17999e7449fa270cd8b68a428a8a457373af7184788a107b81c2c8dca1716692 |
| SHA512 | fb94f209a174c6b23e017e33f2b578c95355726c7228ad51740667e49c7c2dcbaf1617192f4277c929e8c1aa20225540b8e2b2f1cd162db54bb6c6994c282c02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\content-prefs.sqlite
| MD5 | b41ed219e2c8dac47f2701562d092621 |
| SHA1 | 90d507eae3ec943a121dbe5a080412e40470b54f |
| SHA256 | cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f |
| SHA512 | 5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e60042c51b8ab516ff0f33c408608d23 |
| SHA1 | be20dffb56f2db099f4725fdda5ce6f8b84eba13 |
| SHA256 | 356ffd68ae4af2f7fb4a9d76b64d35ceddf367d6f49b3d43dd2e249ec8e458c4 |
| SHA512 | 9553c5ed6484045c4a2ae4beb54c2656d0f0a79baccb62ced19526e49ef29d9b951ae5c3554be2749c5f29a0605de61e052325704b4d2f680135166e67533d0f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 1dd6420833c9e01e9d470496b397581e |
| SHA1 | 037fe79e80cdc6b9bd17a7b7aa4f85719179d198 |
| SHA256 | 81660462beb256ed7a61cf1f8be98ddd78e2b545dea974be1480908068640465 |
| SHA512 | d1e6f5ba3804fa2c86585b7058ea827a3eaa7ce18b34bcff594e8dcdaddad06f5500036131368b105b97adaaaa05b9c9d168f80de95774f65112d747c8f1fa28 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs-1.js
| MD5 | a1c9cce58eba92860acf8120bc8eefa8 |
| SHA1 | 59cc33b7e3eb5749c5ebb7094159b35276512b1f |
| SHA256 | 433e08c456552938c45e09b6778d1a2c802b6482e1b399f54441533f555efed5 |
| SHA512 | 371603e3f499342619fe92ff055d0c406d8a5325c6f62b212e416ebae8e380a62ac94e7a7a8c15e3d5796e658981670dc0aa55a5b1a2f5f2f5f2c1ad4e67df05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c23e4baf71b7976d3cf07826a38cd59b |
| SHA1 | f96df31e6102e91d554b072a10368b5d0179bcf5 |
| SHA256 | 64fc4489975700e7d62f6d745e9e4606437bf1733adaa5aef93d336c252f53c1 |
| SHA512 | 39b31eabca6dac0b8d2b6b02cf8f43ff70f86b4108bb62d8fa9e049b067f1cde5fd20dfddffd2fb438e03959b63def40c8f1d53547a355bff6e5b8ed473d5664 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 682fba4ece9f24e682780180f27b95f0 |
| SHA1 | 968e3fbc07d0dd0834d2982f632b10d8328ff341 |
| SHA256 | d36f0afbc2c860d191b7ce8bcc407f033dfee22a46d338cccc1535f2811107e4 |
| SHA512 | d067ab7ba63504863bfa076d647c17d5b87ab86032cc02d46d3b19b7fc5ee8efada4f619ee97e0a7841b66fc6f3147a6cebebbfe5af071c79f0ad3880da78e02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json.tmp
| MD5 | 362985746d24dbb2b166089f30cd1bb7 |
| SHA1 | 6520fc33381879a120165ede6a0f8aadf9013d3b |
| SHA256 | b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e |
| SHA512 | 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 9f4309b9a87346420e5ccbea798f10c1 |
| SHA1 | 61a69deffe699f939bceb08f157f03c4c1bb7649 |
| SHA256 | 12c45d503f9ee8af312d037cf6609b049ded8dff7773100312ac0898a71eb811 |
| SHA512 | fe3488312b5dfab8b198c3df95fccb57b8fae760ee6e18b3b086880e07cf0f306ad7021ffbef64d7d2199110425ffd3df1b65c9a3388d9971ec16a4e6b9159f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ade708cc137c19218ff577a6e286cf86 |
| SHA1 | 799c941cd08c28e46e50d25e8a44eab15b1956a1 |
| SHA256 | c9c16326750dd6cf19b7b251b0df2b32bdc2a8d4ee437f7e2a91fbf46b379e2a |
| SHA512 | 515875d9689d54a3eb9c848f73b7c815c13c5c143e2e459efc8fb4ea984f1ec421c45084712f82880f50c8519f245848bbdedcfc1da5836d81f89542e4ca141a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0
| MD5 | 6f7bab668d133b768bb3d55d15a48248 |
| SHA1 | 8c650c2a192f9224435a06127d0bfad17873130d |
| SHA256 | 7f994b233c62f2b0a2f52ab55f16b0b7bf4b2783af5411006e9304b72723adcc |
| SHA512 | 61005933d0e78da11c1983a06c80fd1745ca9bf351855183bcfe3e6af8867cd80e2061ab71848a1cf49ab9dcad62f7bbe938031a138c7275e1d3a31ddfccb7fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0
| MD5 | 727941c68060168a53b18db4fb970728 |
| SHA1 | 4a5ab4ee15640ec8e6763a3a297230f171109151 |
| SHA256 | 471b2d3443ce59e563b04cb5938f45188278f307490aa3d27b6286f4c9d8c091 |
| SHA512 | 9b5384ba4716a39ccd71119004a2ec8a38fc1c4388aac81e782297e9d1b3561b4f5c29927013220b085e467b51fcfa4cd3b370e70827c063b29f47642c6ffc54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 712ef4d64ab5f1155ebc72243b7d607d |
| SHA1 | 6d3a547df11af4bd6d3eed0db6f857b641801e8b |
| SHA256 | ca85d1ff237a8871f59ceb0de5ad1d4b744b5e23905271b728715bff4619f422 |
| SHA512 | ff5ebbd624c5414333b129398f4833d5675abcd0a91aaee2ae0125bf6b68cf526a859868fb209318939cbea58f5afc2307f1aef8a349907ea1557dbb754c308a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 639256ae20a428fa1f70cd3441b435d0 |
| SHA1 | b7029e2a81719f1dc28dcc7b780ae48650c729f8 |
| SHA256 | b1431c31c8b56817b58bdbb914c1c5cb7745129e5f04a62bd2790119372ad6f2 |
| SHA512 | e7ad9086089d857f7a07fa4b03909ce33c0d37b94dbc8f4c2f6a7f1b5660d50cfd9dfc79943777a5462d82ee8b99492c15f04104304fcd6ba1b011e9e82a01c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2a2ea4987d45e0f_0
| MD5 | c9db2b0c39af28684bdc5cab4dc3a5ea |
| SHA1 | 60679d1dca77dde9e092566f887a4b48f70fe508 |
| SHA256 | 7a2660429117b2070130112781a8ca2b112b1c1748e6027efc8a581b3a12e5db |
| SHA512 | b1fa2ca388d26187415b6a169077c7e12d8512a2bad74563728fcf1ae940fe76262e7f744e14667aaef92b73c782e50e8a08673d346747c554280f903c0dbd4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | c3977651aa3a378116d4c5544dc4b269 |
| SHA1 | 84c0e02519472ce025cd3fda3105c58650d720de |
| SHA256 | 5592f7fd017a07ba950bb7a592073138d6a708608caf2f2bc92938cdaf04a6ca |
| SHA512 | 88c2985cfb6938524ffb0f72575f08debd1a84f48f73f194b0ed5d1e35c5b82f0cae755edc996830c08b55d6dd14d2f7053a38a2640a19d0e932a8a9067bffd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0
| MD5 | a65ac37e53b225dd153ba558ac2896c2 |
| SHA1 | 8686d8954335bac125484ff7ecd2dce7a9d8dcc4 |
| SHA256 | 48641da3877a43b0a93aededa386e64ffdae9554076755326244bd9d458adc0e |
| SHA512 | d47f5526a7d27e838840f27bf0529da4ee1a5618eaafd644b45b89fd6bca16e58f34017f85ae65f81955eec4688270fa9ee90a4f7a381555e7a16c0911d36a17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2ad24f3a5efdafde4be99c562f5db921 |
| SHA1 | 91cfee1185cb4998db26ac9919a85ce4462cee38 |
| SHA256 | 548777b307da8933acd22a7463f3d5e9cb1af6f2d955e4ff0498639a399de4b9 |
| SHA512 | dcacf918f3186c7368e52dacc9513ad81740bf3cd6410c03dff28879453ff55966af58fe3ef986c6ffb3f5ae8d26838912045320e7aeb6681ec8ee6a642c8e28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b5e5ea1cb1adbf8374002a9436f2a795 |
| SHA1 | a7349f7411f18c07298a032cc9522922d2b93aef |
| SHA256 | 0cc7b07109f6632d96a258fc190ef17a39acfa029b37be808d1bc780d330a6a7 |
| SHA512 | bc5dceae3b8a73e211c7d8a892db001665c2411aae4d2ce2abf6f239ed0cfe5561c2d96cdf4330a719b89e4a8ba565f1ca5fd7c80402af3f20f75fce0a92243f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 773a0992600cbbf5962b1b2d84cb4f7e |
| SHA1 | 1aef331a5bdacc24cc6d488b8ba13792c3d4d1b1 |
| SHA256 | feae83482d06235f21c224e775f7a153de5fb11a46ca815f88df852aff2e53ed |
| SHA512 | 401ae9d119de0a895baadf30a6eb0aec0371322d6ef9011b0f19858f8d1750a0078e975a08ca9b4ca915a338dccc0090a61b2d2a43c3b7f19125d6290c1cbe09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | d55af88c49b9910a897f95047cd82313 |
| SHA1 | 9d671c7b9309ef08a2f418b0638f6ebb45941fd4 |
| SHA256 | 091c3cdba6c7b013bb176f8207befc643b73790519161bc6e7118e6e84d51c4d |
| SHA512 | f39f46410e3d98db6169405b959803cee7a17fdebe05f3c423ddb0fed342f922bfb2ad8585ca748203007d773b4b0636a715e2cb368bfe73a9a5b26dddae95a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a78f01bc3669fda3_0
| MD5 | b39825acdb79f88be0d3e4e7eca76630 |
| SHA1 | 8a9eed3c8d6b3d9c3fc5c982b3ed4c576e7969b3 |
| SHA256 | 204a1a65e604577d477cc52996cd399af02a769fd9de5fc4339c6dc8b6e9139a |
| SHA512 | 502a889f0f2681489ec1d56454df2dcc3132220dcf42f192a3b8c8b6f2aa8ca5f2bc5bffb48d5e53acaee6c0db03ce0a14413a4d17903009ace04cab0ab36902 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b55d03180926b54a_0
| MD5 | e32b3ec87294cdb4d91ab71a768c77bd |
| SHA1 | 7d9f22c767b0dd7b2f3cb6fc4494186b180bdeca |
| SHA256 | e1aefa0d81773fa44db97802156586a340e70093a7d01f38ed75859155dcecf4 |
| SHA512 | 7efceffaa8f653dd3c54c2394526fb388bbc19930374accbc7a512426d3eaae2aa02b9c43c4c59c19b93127a928504a9cac65594232bc538f13f95b852d1943f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0
| MD5 | 8f9b3bef190661a4cdca422c9740962d |
| SHA1 | 11885a9375d9cb83736b1eb9576344acf8c5d902 |
| SHA256 | 2e24cc9be74139e72990316ed325b2aceea7bacdb2743038b626bc6fa99f1d33 |
| SHA512 | 5b7a3c20fced612becb96e45e740585f5e78f30bf280ec1e96a01389f0d864e467f5054d5d5a1191fb0df508f12a1edc9593935f905dd97c6138b6d53879bdbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | a8d6164b314ea2844cdebf072d6bc53b |
| SHA1 | 4b8a80bcd364615b550af2eaa0fdfdb172f7bdea |
| SHA256 | 1399c2294b1a182999a834e86d4e6ec8aa26778cdefbc39bc47583f3441eda9d |
| SHA512 | f0fbd58ab03f8ac8a33881f57e599fe45f344c2fe58e68134f46b11204f3a60952280e7ec9aa9d79efe67ad9316e2befec86b2511efe7f4be6690174d7eb6b8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21f51c239dd10a40_0
| MD5 | 062b5da8c60686966891fb70c3cebeeb |
| SHA1 | e8fcba605910dd3459f7e7f00e3a6623c7e2fd68 |
| SHA256 | f58f62480533e1ba3788c03ae938858fe4d28b20b8c76a4bb0ed985403235c2c |
| SHA512 | 420f7b7176eb4051264cd4c975a8a46d68b817fa5b85f4518f5d280bf6ee14eaa8589975d11243c92da2da2c2c8758e0ae660b1b2f368b73d7e9e4ef38f36779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | 4e89f129604cb10603c65c32c81c3a0f |
| SHA1 | 7947a8bbddc4fac79f65c4e40bf528bd33236c53 |
| SHA256 | 7061d9edc5be8b1c90c91bf223a1c4ed7310436ba73e323bd0ca1935b95c739b |
| SHA512 | e81d66319a0ccbd35d7f83533c764f34aefcde9525fb67e09d32b65e86833fd3f63694da2213bc71b6461e8ef8d534b83c2cc69b056f67ada4ad3b5058d2a5d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0
| MD5 | 881bce03e9858cb907b670a3189ce5b7 |
| SHA1 | d9a15e6141b6cf71cf8bdc8c78ef91f42b249324 |
| SHA256 | dedbe3c7c6afb976796aa906d7ff37595250d52af121b95d455503f0a6275335 |
| SHA512 | 898ba2dd227cec5a2fd87ceb47a22d6e26ffc1e6881d340dc81a7ec8f9529d751381e3395ecd1b6781b5a1030328282180bd7c4065f0bad2214cbfb828cd4451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a614899219c1f2bb_0
| MD5 | 259df2dfa17d19b415115b4935cf19c6 |
| SHA1 | 0c515c4b8c0f4bf4595e802f59c7f810708c7e6c |
| SHA256 | d9bce2ca2f36a09c9634a59f05c56b9a5294a31795c65768377c659def8c9c35 |
| SHA512 | 71b858f6d63f992fb60b80c8ffeb860371c2b4ce640e00f7df33e7dfb511026d3ea5a1e9f9202116ecff28bfece7bded38dbeed1543da9e2b6dbb759ca12f560 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0
| MD5 | 8c1290b90785fc97e3f1f8dd80a2b7d6 |
| SHA1 | 0e23828e3cfba25655f9c9dc5432315318632e4d |
| SHA256 | 98f7a55c122f168d6813be4f0d87cc1ee8fda5b2c46ac6a1996b4af911e76928 |
| SHA512 | ef9113459721e55a7faffb44b08044939d6ecac7f8422c11c1307a53756313cadf0c746cbc6db9f913d6b684b690248dbe677cfa04ad8872f3068eaa8c45e090 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5d633e0040ccaff_0
| MD5 | 392afe5bb96b2e35f24383e8727ef9f3 |
| SHA1 | 4a6c3edea7186fe7118ad9728acd0dab03d08c1b |
| SHA256 | 0d3ae6762e58ae6b1165a524ffce8b22888eec7469340e4f7e9dd90c6b9c69fc |
| SHA512 | 5c2ada9a0a0e1374484bd0d397336c9cf58e54198034dedbec4def23a93b4871b3253628c4dd59fe221865abc8f47c07672081b070d1cebe463edd0c52ad92f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0
| MD5 | 78f7ee35829d7bc8b2c65f83ce09f9cc |
| SHA1 | 5be7f68be1b131e71a06f1f222d04dbd0e1d624d |
| SHA256 | c81a2f987dc9a1a98c7f75702a6f3c67464c8f95bd7240129d4bd89e0bf09b7c |
| SHA512 | 81d6ac286fa133e23d3a4a8443460f6b06266069a1a90fb49bcc045a6b29118bbc3383d35d3a531d9cb0e5d0c9ac0ac35d724d59d85ebabffb4cf3538838bd35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | 2d72e7b1e95cced2c31843c4a7645561 |
| SHA1 | de4c2a47916a731048db3df0f18ce9dc8e473f3a |
| SHA256 | 580576f1415a1980eab5a09195816aaf6a2f49928fb02cd3dc8c7459dcddd7dd |
| SHA512 | 7af4b9c96fe2fad676a88fb875f94f060a7acfa2f0d603824c3fda67ed6ed5e79ba202581d0b50d78744cddbe29986577815a6a2b5a494133a48d4065950d44a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | 272e8e950d077d24a154b228141c511f |
| SHA1 | ca6923cc20fa0c45e394708f38a25adc94033071 |
| SHA256 | 40eae7e072d6cc5ccddc2f44102c13fded4704518aff5efdb536d56d263185c1 |
| SHA512 | 5725976df3e0bde3fee59a387916e5e3afa5ff9722f0f9c270be4215db3b462c52b58f86db912c6d073003c4e672e3008ce5f8bc7d3f5859f9fb424ba28f4baf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 4102209634e02eaf9f5df46e5f6e26f1 |
| SHA1 | 5fae3ad98abd4fb626e70a3d2dda417be0c94d28 |
| SHA256 | e283fbbb0e8bacc03aca96a395fc374d5a1640caed748b269fd96bfb6ed3f25f |
| SHA512 | dac9e5fc86d92dcce71ad8f7948f52cf85f5db6c2fb0efe11e29903829c5ae5a8a8ba2ae565dec90f60468d0c5ee7b2c124fbbca2a5b3f27cf77b5d4127c29fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0
| MD5 | 39e9fa8c8ee6ada8c9e16bb734dbfd6f |
| SHA1 | aff90daebae562859a9ef215dfacec05ca1a2634 |
| SHA256 | efd442da6644f3984af5f6fd59d80c2752c22f77f2e673086033759c0e00c7d9 |
| SHA512 | 3c309449b9ff187b5633c420c87d6333ccbcba2b091b02567837b89e8e7cdee3e8ec6450404b69390ad1d543f4c2e02e0d4694448c493825cf3f775afd5209ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
| MD5 | 83a71d1ca232ab940ff417e1d4074bfd |
| SHA1 | 14311c53d5c7aae9a272b85e810a9c77006da0eb |
| SHA256 | 67dcb504eb75b23be01c7284d649b5088f1137230b60a2ff6c337826b440ff02 |
| SHA512 | 9f965f8539d99667458a088ef42477e6081d9424f294719f864a0edbed4da63a01d0f5e8892e3c469c372a86ffac9fa1d117bfe6e6e2f2aa5c77b582a81308cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | 40fcb9d4056f0062d89d4daf9dd2170f |
| SHA1 | b287c284e8e6f6164f524fbfa6c40de2383c15b5 |
| SHA256 | c8436e731c8130a8bd03cf006cabd844663ccd73e47e976f3e3e4dc1c0241d6c |
| SHA512 | e65215530a712091c2175deb8b0265ae3d39d4860a39c4345ff15b66a2c79f67befcdca91e8185beedd39f877db4f4716f00cb2936e3b12ed8e274ba3cca35a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | 7e0273959fd59959b80dc55a68e878b8 |
| SHA1 | 992699ededf111bf0a4aecd127d37427f27560e5 |
| SHA256 | 107448c4248f231fb0ff71e5a3b1d489d1c8fd84fa33c3ca62d0c43447ebe9b1 |
| SHA512 | 400454b33a294eef6368b41d36a4b33656b50a394bc72d933bfc54e58c9f84715da678dd4b6ccfae9284e464e07852217202f24dfc9d1331373569b43564b576 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0
| MD5 | 9facfd2614249a91ec984e4e396562c5 |
| SHA1 | 3373c4f46e3e0960eddf4d5502cc9331a54a3883 |
| SHA256 | dfe815d4a8bd6d065e923f37735cd0f31034209b9ae9eb693e50d3004feb25f1 |
| SHA512 | 7b12230d90c5502361ea4161d14aadefdd6e97cbedf8a9b8ffeba43a98af45064605d24db3ec176799926fa40a066ea15873575c75be7835989f0a9d120e6310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | 23ff6e7d67f95ed0f1c945dcc1c07949 |
| SHA1 | 9fdba9a624e5ba5157763483c5dce186491a3c40 |
| SHA256 | f8f2359eb3643f4fb8ca883e46be531b8854d8835f3b45d271fdeedbe121bcbd |
| SHA512 | 39c55e2785fef51d6da39c431573c4f93fe67191ccab9cac791fe83b52b6ed1f66961d7d1ba755e70efd09754f528a357a152f0e23d4c101725832841f45611f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5a84e076a086d05_0
| MD5 | 85f20822941071f695e806b58b3b8aa3 |
| SHA1 | d73396d705456ccdea2a8802330fe50c9744415f |
| SHA256 | 7ea155df9fe7ffa70080d61134f6e8cba5d056274685199ca3a2da6b0c8214d4 |
| SHA512 | 79a15f3a913e5ffac5f844bad29215a2af4e19ac285570238336248c3f72b4efa3085d3d878b554cb6f8abf9bd98a1d721179ec01b278ebc217706eaa982ae42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b0f1f57b276bf39_0
| MD5 | 5b4eb77795246c78e6a076ae5c1cd6cd |
| SHA1 | 2325e338e16d0986b42388e0f38ccf52dd76e0a1 |
| SHA256 | 4a84b725681d97496c108e94ee0a0dbcd13b9d3d08291ab40299b2ef76fc3d5d |
| SHA512 | 37934d4059c7b62d90e9421af982b36a4d7356cd1ef353ed6d3996d2635427aba9026c0dedcca29023533862160ec7cfbda5013920b7928aa42091c77f037d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | d4f0ca356f0e80b148284b240cb1c394 |
| SHA1 | 47f720ed28fbef85f0116bd1eee29c8de7b10dac |
| SHA256 | a8779435ef65bef020890e2d4ddb7a604e3d299a9bad26f658fa7cf49800b7fa |
| SHA512 | ddd6307d86092a8a11137c9dd2803d4a85f89e0c1bc67f9a20950aa965861c35ff2236547598d18a577dbe10bc35e9e5f087f879fe50c5e7f803de8e9e04f8ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0
| MD5 | 3e70d0897b0e5e64b4a6ca80866c2363 |
| SHA1 | e7b264c7c0c2d37399b19b1342f0bff926dd68e7 |
| SHA256 | ca69effab9ed0022ab40cb335c55360c01ef15be3de1d9d86a72a5fc0716d14d |
| SHA512 | 025b3fb8fe82402489b6f4846f54c193295f143c358817ef64de4c79798e75124373183b391ae1825d6c04ed1588bde6a3a6053e60de850dc9f716862aa02e68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0
| MD5 | f437d04531a81efa376d04309f372e4f |
| SHA1 | d5de833b7966e577970ab6da305ae9119039ea50 |
| SHA256 | d0514af64420b170c6af7893627e9015726cde21871c865554fb21b538c09b8b |
| SHA512 | 90e07e3d606f15f0a8fc35eb082555303ce3a5d74109478974f868af841e8515cfc05d8c487b02e7110ee0d862c430c97ffde97514f39f0e3d8deef1e2ffe114 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0
| MD5 | b192a261aeacfab5952a807a25a011c1 |
| SHA1 | 6b22190cec8f7fe7f7a8c1903fae590713cca069 |
| SHA256 | 5746dfed9f4b29d0c06dc89e53235f06aa304678abbd5958f65c3e028d380539 |
| SHA512 | bedfff8550ac1174dccd616221c5d9d63331de4fd8b44d66555472239a5b81454c1291fd86d0e1988fc7a7f5b13ab9a04080c2006d657a4a28835d9acd693571 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09d79a179a16b061_0
| MD5 | 7be025d56047c32b42c9f3b29c5b0386 |
| SHA1 | b907f43cca589ddcae8bd0cd8b5dd1691150a440 |
| SHA256 | 13e0334d2821e2e564e5a712d8415060d4a5a66e0bcc65d9f5c649dffd37483e |
| SHA512 | e2bed4aab77227ebad5bd31fe1afbcbde5c3f6ccfa2f6df60f23833b511ee6f45677e7fdb17f4245256eea49143c7ca9949373f4495cf4e8a18e47c9438ccf10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53e580371de8f7a7_0
| MD5 | 11a0f770faad0be179372524bd852992 |
| SHA1 | 8a4256d8c836d1a920978d4c44d05185d3a907e4 |
| SHA256 | a788b4db2db1bf30543c27b2518ed7fdb493f9b93f4b4973660b69383d8fc8cb |
| SHA512 | cc5851dcdae4443180f62fb678fe210bbf16d139ae022e98186ae97fae535bbd0edb0934796cb08f68aa7415ee8864bf88a564225904f0e70d4263b21166abcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de21d3b2eef456db_0
| MD5 | 2b1ba2ac00d5840a19bf99f4e405ef05 |
| SHA1 | 3630f7432ea79adb1ca0de319adba2dd8048ce01 |
| SHA256 | eb6af1b750c1cc960ffcb42aeecc6d96a5166b5962d342c5a3a9b91a4455ade9 |
| SHA512 | 52b7fc53dbcf8a534b7e8ed69f3dc591880c522ea4fb4b87c528d865896bde2415967168d4eb765322a4d305ad74dae4ac5bc076968e77e2dff6db853a1a9595 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0
| MD5 | c47a712b3b61c8b987b7cfd705e6333b |
| SHA1 | cf8692a115552864cabd10cfe89c396e8c28f4a2 |
| SHA256 | f60f9a52048d570363f7c4ecd1ae11a207f2d10f1a2b587903e3aef8f34092ab |
| SHA512 | acb2fc298f3df7424d5069395e22166daeaa5378e720c8ea2420836c2fdcd097729595bb3f34865cde16014b89a3a6961695b3ecfb051a89f68bab66854267e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0
| MD5 | 4726925bbce0a0db757e1f1dbdb92354 |
| SHA1 | fe218f68be8fc5e9b7b9df3411c72416c8cc7b19 |
| SHA256 | c1182917e7436bae4ea846e124edbc748ae9aabce20bd6a6f4340ae8e72c2bd1 |
| SHA512 | bcf382ad12254b415d11a4ec7aab59120be18aa33dcabfd0ea70bf27e83a8948f3efec0de312f3546439c9201d36b32ba0ce298ca5129d7a1d1b431b4bea8430 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0
| MD5 | d8acadf1e44266df1857bd88b2867f9b |
| SHA1 | 0deb3cc1c85e7f052f051f4752a571d2e811230c |
| SHA256 | 32ab9a550b9fe02f3e4a45450c3336f0ab4b3d88024a0b29f9347105fee02b2e |
| SHA512 | 7cc83dd43b12d7d8d83535fee7fc7ce42eb71c070506d2570c9d043fae672f6bd98e7896e441ceaaefbe73416911b92c86320759281b9989ddbdad641ed777bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0
| MD5 | 689e955c07c6b484dcf85cc13efe9451 |
| SHA1 | 2e53c2bd49ce2276149a77a6d2f22195c51db465 |
| SHA256 | 061a694ebdf62c5ad5eab7083169fb3146f11ab5801ffee218d082d8f3565dce |
| SHA512 | c76f57ffddb9dbc4d2a10ea2179aa4ed2a8ca20ead2d1a23c8649fedd9979eeabba69f80594509037b9dcbf192c01d5f98e8b4888a2f6b5f07a5706868c531dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0
| MD5 | 3a3693f1c7bf0824cefb24349b4306ac |
| SHA1 | 4e582e711d3ec7787bba827874448ee4f74f2b92 |
| SHA256 | 5345e1961fa2d967bf6183d311d9860c71a9532c8a671625ce2dccde471c949e |
| SHA512 | 685337a47beced3d54368eb93a7e3b7da2f19ee7602016cb6ecf27d8ac53e0e1a8733d4c302ca9eac272c487a65cc0d1ad1bb7e69a14262fa98ac8a6d258eb8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0
| MD5 | ad46ee209677f7a23497e4d399ec6add |
| SHA1 | 558ce57f821313e4554a612a0b1b344883ea6ebb |
| SHA256 | 6760834c83adb0cc5d0fa65f8df4f746d85238ddae340db59865fc207d044abb |
| SHA512 | 9fa02c903e93d0703fc25c7a115774d4d44d34a843f60c0612229f358749c42a5947f582861ea83f6ac29073e208d71d2ce0ab6eac224c484ed40e762f1f9167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
| MD5 | ab3f1b709cf5fda6bdac5440fbb41f53 |
| SHA1 | 3712b5998ffeae0e2b0f871bd2a296d1bad2ab8a |
| SHA256 | 1dc36dd5da3279968bfa3ac63c60ec16701e7c08f72d5f0d55f7ac7357a8d7fd |
| SHA512 | 1a68745d3ed8e7ed7c117ee91f81a258770bda2178f1d1153d44498cb589a4142df16420bf0e6a1213114baf4aa363390b59420a5b4e1aecabe8f40a5179f5c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | 8d6d87a4adb93f44cc393517c4565a05 |
| SHA1 | 04bfcafc5a4e47f0e64812e82e9043168506ad3b |
| SHA256 | ef6e8a012d70392501017a9fdb71c91f60f4bf5add64b9b19df565bfd8f6edb0 |
| SHA512 | 1af55d70ef922808c6022821fd1a0b38dc5e7671f9f15a9d87de971c016c304d23711f90fcd832f213daeb649ebf4f837a4ced79298e71f2c07f233b00d91dbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | 37fc32f3400a542020888415b501e212 |
| SHA1 | 5e681466529cca95b300f0d4de1b613b197706ec |
| SHA256 | e7da259a218643a586c8c2afdc47c8c5588dce741c054c7b7128d32010a35d10 |
| SHA512 | 09a3370d3a782c08b9a672797e047837e994c985cbba2cc2c8b803f2170021f93dcc0148f2477b4d43cd563d6727bfa27b6675c01724be12712c852eb272b518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0
| MD5 | 18e2e4f8a4f750b93ec716f7ca7dcf2b |
| SHA1 | d0dfd7496054453e52a7937bfc935c36669a6b1e |
| SHA256 | 8b0c785571dbc63a6f919f19108f05aef238b149166d3ef221f6b583b5649096 |
| SHA512 | 04bd2cbc9de4ffd23b82b8a8c402d45bbf8511e8bca8fda459d686e4e29e385197d023e4f1bdb1d5a3f8a4aa3fa0793c95e94cc25d9a7317b68a9f91e35e59e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0
| MD5 | 38104c2949fec5f133a50e69e56504e1 |
| SHA1 | 66c1b24db469fbaf4f35957182a3dae744e058bb |
| SHA256 | f2f3cc78ca9c3ffb8e5bbab76cb4b4ba8be379e252df66f6a040461105bd4cfd |
| SHA512 | b37c059fc7ff47d7ec570dc37a6882b12bc892deea0b9feea7a71f2b051b7cab2bd759a125da2e2853f576cc22e1779ecfacc4cff1a9f55b05b59968aea9e5b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0
| MD5 | dc0290faa61d1cf70468a277ae721935 |
| SHA1 | 1406cc021b414c922408671c55da581753a5e39c |
| SHA256 | 9bf2c7ababffe4881c8b4760e31b19a29eb3b28c7e9f41ddb6c0492866459430 |
| SHA512 | ab5ce5ccf827ea30bacc6f4357f3a1486e05032e736a7d10b35b4e7d8cca4165aa9fcf976ba694396d4347d00386c005dc619a14f340e5f7cb6da2368abdf5e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9ce51a331903892_0
| MD5 | 840f0a0c89ef6d4ad1d8e179f71c1a05 |
| SHA1 | 67d0fbaee12bb0f07571815d9eaa3596caef6261 |
| SHA256 | 584c2a3d705a8e3a88ea55f358a4c1bc925d606af437f517ebfe1ce75f2b4591 |
| SHA512 | 089f7fd7acc57470f6c80e437d9b5f6964db3261ac7b7cdbeecf2fb357461ae0033062e43eb89519b42a17d77a8b2f16d08f5613495dd310ab12a94ea8952807 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0
| MD5 | 396c84b798bd711577924e6d23c8894a |
| SHA1 | 3782920d37d2cf7966c6cd425b6d5e7d75a3497b |
| SHA256 | a7637224846a852f1f8666e52d65a4676a73b1ffad54493304265fe350850cab |
| SHA512 | 3669862e830cf03f515b87f780023a7619c4cd3f4852126d2fbeaf904a53732f6dbaa80ff99d6167d344160a91e8d6b40393eac7b1827fb31a24fc0e42eff302 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0
| MD5 | 75fd7d6c448e8ccea93f079d10c4dbb2 |
| SHA1 | 802718fda5b2443af3f34ec483bc5a8c3b5d077d |
| SHA256 | 190a4b18cd4ec96aad30391f35ac097641e128000a0f37a77c1ca6fd439fa3fc |
| SHA512 | 4bf190efca032ba91e8efe3dd773897bbf69a39eede90f2d298ed5d7f4fa55b4f9e7a66c006e668866e260a652636518bf4a98c0f24d6edfe633ab8a70fe676d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cbd83c2e90693c9c_0
| MD5 | 6bccc20ee680723681ec31a9283acd43 |
| SHA1 | c68a67cc62a6806ad98f4bed0a0c8751f56be41c |
| SHA256 | b81a0b9e79d38a7b20aced13f08fbe956b862fdcfa03fb18819c124265404b75 |
| SHA512 | 6e74d3ffce7fc0c05b1c56db815d6b22098dd17ec391882bd537b9526cbea2001aae2a78ec97cbb7c65c4ab97a637ed2eca552eeeab8b09f9bef8808d5901812 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0
| MD5 | 94d155fe7d20cf5f4b0ca242d3904e00 |
| SHA1 | f59e9fdb017a26f713b47144bf5df2c19935c59b |
| SHA256 | 4b4642de202cb6f8881522d71a2e59b750682d25f1960bc54237c33cef871083 |
| SHA512 | 0ef8e23cbd19ea892512b43b7d9d1da4f7e1144e54dfafcd05e480f0fdbedcb5b7770e08cc0934440d099083fbc94788ea5d5ec5ad1b3652a73163ca6d85dca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0
| MD5 | de785247a601a406c21713b706d2bbb4 |
| SHA1 | f7cf33b4b3713adc05a002c87db93a96b3afd305 |
| SHA256 | 5e6e54cec1b6587ee616f84f1869d250b96a94a844d363df4dceb48eb353b7c8 |
| SHA512 | 9b9bf449a6e577f629af8ebbe649bf675210c10f68c5528356bdc5f283c3b3400b732bb504f43276401787ba6646323a00ded23b74ffb576eb8248572f78cdca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
| MD5 | 4a8bb5b55bcfbeb856e53d416d8e429f |
| SHA1 | f75abd2a62c4c343595b15b67123ab82c02821a5 |
| SHA256 | 4915290475ba7d41871fb0a3a4e8eb0c73cb9a674c5a7bf814ed58675368bf06 |
| SHA512 | 67bd30fe244e817e330fd5de7546bc763b206239ead05b7f590eb2b261a9c50dff2b0e858c0e7ff60895af743abe9eba2cdecec6f2401d6a480982d9d623ef85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | 8a4bc644961545d3e163b68a3d08a8ed |
| SHA1 | 85ff1a0f64d358b2bbfc095c21524537f3871e68 |
| SHA256 | 9bc62e4f736f9d394c865e1a8b0ce05b64b45410c6514ee6ef93758a752257ab |
| SHA512 | b458d6d5b5c8a9a7fc221da1f70fa85560ac2e52e6031b4ef123508fc7d85e0826a606738c2c5bf0c11e18b40d266c6afe421774a414d03a8597f1076eed48ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | 2e9110c6277614bb28fba7f418108b13 |
| SHA1 | 139b4e62de50078aabb26dc60616b2d61840c519 |
| SHA256 | 3901566adac7441e789552b24d8087ff4c918625e58bf511bbac1f1841a3269f |
| SHA512 | 6f07a189f8b4d3adf117e4fc0201bea34e9b09f0f5e6265266432c91d545695d5a70ca7b25f1a07e7d4148a191929be64bd97f397c209d0bc42eb05e894d845a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 017975d305729c957b42440bb7cec4be |
| SHA1 | 4ecd64ae942d7994b18210b09e72b9a12c6ad7e3 |
| SHA256 | 6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668 |
| SHA512 | 216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 3f78316b5485dea877ff986c00eb6b0d |
| SHA1 | 0ce8623b7e34098655883d3674b4265bd73bbb64 |
| SHA256 | 0ef4b35cafab7842d4aa4eab3e9fb270d8d89011125c08d49c5260c3cc246929 |
| SHA512 | 1056a68735f58a8b6795f28407fd03e645d2fa09bf6fc73d47f6db09e4ea57704a70094a6b70daeaee4b2c747e648958a1b569bdb489636c7cdd2ce01b2eac12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 6cde00d4c70f65945125b46ffb494046 |
| SHA1 | d86ea8b9520beaa539c88febbaa73c14783106b0 |
| SHA256 | ff91dfca2f1749052b460ebc05256cc222dc8ef7408aa515661bffcf65b20f88 |
| SHA512 | 9a423e5f783c1f08085577fccd454b9be7952636710c95b98b99795b4fd790c3bf1d8bb22fc39288521890d0038ba5e157f57bb7d9ea0e745544c2db5ef6b2ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | e947e95a0fd8df1e8c8eb7cae1f96f09 |
| SHA1 | 22f36705b4a47f05fae77201e936a5c65cb05bfa |
| SHA256 | 14fd0b00467eea3d8b863e4aceb343135fa64e8a3b4098d58765199a9d2062a1 |
| SHA512 | 24b9a4b0b5ffd6ae11ea6cc76d88da96cd0579254dcd463e1bc5ddd99d9850773ae861594ad053d4d07882d4970267aa3789940a4eba63c0543588cd9b293dd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 6477b004369b3c1e2c12c86ce18c5a7a |
| SHA1 | a08ce1638c9f70f8a93a06cfddf54cd33c29edf6 |
| SHA256 | eaddd5d0315f4be8339b7049cf264b95173ab3250c2d26e5879d227aeaa0a4c8 |
| SHA512 | 0bb4a948d8fe48215793ccecbf522cdda6506a08ffb2614b4cb5449be5fd79ac8a11c57d3c140a1ae97a1ade8a28722834c8dd29bc95629a0937ed08f1f1c64c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 14c460a1feda08e672355847ea03d569 |
| SHA1 | f1e46ac6abd71ebbcdd798455483c560a1980091 |
| SHA256 | d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f |
| SHA512 | cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | b55ea81a7b6f5e1657c7535e62f30414 |
| SHA1 | bf805e3e1b6235f0c6841890d1840216db0cc9a7 |
| SHA256 | aa8cbe99245455317fbef1b94bf3395666473a709fc008f21bb0444727ac13ff |
| SHA512 | 1b1ce12a2120bf0e587d89d1474791c8385cad118f7c2b791f07792e1a790444faa8bfdab38316a0e7deb40c45cfe7a91ee6b8b62d0f326d3e76103e4b4e7c3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 7d10a6106e8f9e85ae68e310ca2b8433 |
| SHA1 | 32046f676521ae8b100c0ef88e5e19e1cc49cfe9 |
| SHA256 | 0c00f8f0acc2ac3079edbb2fcef864743e5ad79da49241f6f28cca83984f7204 |
| SHA512 | 78bac570118c28fad9bbe3ab261668743ceb81a0229c9bb2267db4228bd9eab1bac1bb07185347cd3fb80a6af62e15e587278a577f215020368399be897864b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 9ec8ba204f6c45d71c998a0ce1dd714e |
| SHA1 | e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c |
| SHA256 | a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a |
| SHA512 | d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f0c7bbdb857a88db579e97fa7f92655 |
| SHA1 | 00fa60df848235fa1a2f119da905974ee0effab2 |
| SHA256 | 02a7c8c97e758f07c5010fa7e4b1b0ceea9e205b7f2c050d26762fd8574a7351 |
| SHA512 | ebc2fa4db3a1c2d8e8b629a017a57f70b748c6f1a4f8f1b0fccbcecac030646ab6c8ff7d79f65bfa3fc90018c634ceba00ec4a1eff11e022a28ca9bcb6f6330f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dab44d11a651f57fc67d2392ef4d91b3 |
| SHA1 | b6361ee99a13b8f1070286f1fda118f27570e393 |
| SHA256 | adcecc8d13822dfa21074b753504d3f2b9eb23d605667d5e4502f4d05e6b6a36 |
| SHA512 | 31eee59e9a3596a55cc014017bdce5921a0b2d37fb7d5cbbd40a2cb243422871c7feb3bc815ec541ab15ffc901336b8b9a11580e7087e3c0ffd2fb8c0bebda93 |
C:\Users\Admin\Downloads\Unconfirmed 527575.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/5476-2668-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2aa085be7bf4ffccf334032250346bf7 |
| SHA1 | 97b84eaeba9f667d5b536e8414c3313175f68f15 |
| SHA256 | f7196da442dfcee0071b082d085ab0ce8c988080c37ecc1ef5d5b6c432350116 |
| SHA512 | 72f7e1280314f519e4b7a2944a522f694d9a14bcde1d49b5ed265026eeefb22f1e3a9c9262826d799524b57ec3cea71d0e4656cbc68e38e2d16a96aa1df9cba1 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 5d5b321f08b2f251d6bc191e24a0eea4 |
| SHA1 | 63f5c6142968ba56d144d1482dbdcfcfe782e449 |
| SHA256 | f38f7f359c8b009da3e32ddd88ecdcb4a26f1c51acf1b5c5bac2d3ed0480ec88 |
| SHA512 | c9e4828098034b190b2e68e8419edbe99a0797055e7e2f6bb33a1fcc723b1bace909fce9c44af809c7ab9d336c078080226b853a3232af8a71ac29dc54f732e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae70052f4c640230d96f40d1f4e0ef55 |
| SHA1 | 348e13e4b48c85d545f72adda0cd5567e30f9332 |
| SHA256 | 320abd03a8f99d3a3c3f7ec4f551c58c7a2e14c6a4e58cf1e64578ad05b6bfcc |
| SHA512 | e1a1f83b3cec2bbdd5af63375e91b30526eb2cb425f170956b9c93332db138b2c1dab422cf4a111a6073ac0d617f6a9ebe335601f04704f2406a6500f1bb3860 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd2d7936de9e6547315de7a5a15b83be |
| SHA1 | c46c8c8a28872cb1c6a1409fd2a46eb62980f7fa |
| SHA256 | 59a35399ef4ca9bf053c8a1e2ebe26501cd0d9dd7c44808e540fb1afee2adf9d |
| SHA512 | 3bd382a93f6203605293eb6ef88250edd8753b6db520dc33a4d617c965005e929c887c9222f96c45e380e808163ac2342727270b9cb2661458fdb5563205c479 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/4884-4118-0x0000000073EC0000-0x0000000073F42000-memory.dmp
memory/4884-4121-0x0000000073E00000-0x0000000073E22000-memory.dmp
memory/4884-4122-0x00000000000C0000-0x00000000003BE000-memory.dmp
memory/4884-4120-0x0000000073E30000-0x0000000073EB2000-memory.dmp
memory/4884-4119-0x0000000073BE0000-0x0000000073DFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 635ef58fadc15b01601882cc4379d79f |
| SHA1 | 4581f2ac93d821860a558dbd6a3f485e8f65ff47 |
| SHA256 | 87d1363f978aee5b93542f8a0af43e1d2e6bfb8b6b78c56ec01aed34fa36defe |
| SHA512 | 6e9ea0ec139220195514e855d880d9cf1cb13fb0ff6190375fd1c0541d7b4fddc7ee520f6d7c4a2b42c9286239201000ef695fa7336bd56c5f2b2960fc5d16f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6fdb518ff5b0302d0c2046161c1a8252 |
| SHA1 | a9bf9158e2164e95d2fc3f6e34976719a2bc99ec |
| SHA256 | 3325eebd4e11617058939ca289e8bb9b3c787558e40413048760827f5eae0213 |
| SHA512 | f36a1127cd7e55caaf9806cd05a032760aa6a7083ac60aec1f9c8d4866066547e70d891bffe00a7a33ee0241bb6d93c0ba9d920b5f9920180aa2bb636f8fb9b1 |
memory/4884-4144-0x00000000000C0000-0x00000000003BE000-memory.dmp
memory/4884-4150-0x0000000073B60000-0x0000000073BD7000-memory.dmp
memory/4884-4149-0x0000000073BE0000-0x0000000073DFC000-memory.dmp
memory/4884-4148-0x0000000073E00000-0x0000000073E22000-memory.dmp
memory/4884-4147-0x0000000073E30000-0x0000000073EB2000-memory.dmp
memory/4884-4146-0x0000000073EC0000-0x0000000073F42000-memory.dmp
memory/4884-4145-0x0000000073F50000-0x0000000073F6C000-memory.dmp
memory/4884-4153-0x00000000000C0000-0x00000000003BE000-memory.dmp
memory/4884-4169-0x00000000000C0000-0x00000000003BE000-memory.dmp
memory/4884-4174-0x0000000073BE0000-0x0000000073DFC000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | d80c8a9879fcea3353a549b900acdf5f |
| SHA1 | 30a0b380fa40a44a33a1195c1f43ebbbc4c37c90 |
| SHA256 | 567deaca0367a638d28f1aed7b0dbb39f6854a34ef5a5699dad9a7bdf9ef9807 |
| SHA512 | a3c9efab8b27ac849aa4db5d2b3d52bc66d1d0c78911440062bf0ca49429df9a4c16508eb1bafa518001e07374a55c1df35c071c7f1226f07ec43fb10d299b0a |
memory/4884-4195-0x00000000000C0000-0x00000000003BE000-memory.dmp
memory/4884-4200-0x0000000073BE0000-0x0000000073DFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5b4777dc65f325f9f479f5e7dbf08ee1 |
| SHA1 | 6fce130f32b8a3d5547815d7013263742ca4ea15 |
| SHA256 | 3dc834f6d308cefcc00469dda0fcf1296db6cd8ba5043c9237a521f31b13550c |
| SHA512 | c42dce720a1766a56dbc3004c1cb9ac0b1f2ecb61c96d40356fd7652ca35ad3fb874cd6be256270254699bf73ad30b64bf9f81a2ab91a5dd5c56a60362f0d9a8 |
memory/4884-4258-0x00000000000C0000-0x00000000003BE000-memory.dmp
memory/4884-4270-0x00000000000C0000-0x00000000003BE000-memory.dmp