Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://winaerotweak...

windows11-21h2-x64

8

Analysis

  • max time kernel
    312s
  • max time network
    305s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/08/2024, 08:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://winaerotweaker.com/download/

Score
8/10
discoverypersistenceprivilege_escalationransomware

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 21 IoCs
  • Drops file in Windows directory 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 26 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies Control Panel 29 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 40 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winaerotweaker.com/download/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc66253cb8,0x7ffc66253cc8,0x7ffc66253cd8
      2⤵
        PID:4244
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
        2⤵
          PID:1264
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:656
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:4880
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
              2⤵
                PID:2972
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                2⤵
                  PID:4668
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                  2⤵
                    PID:3892
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                    2⤵
                      PID:4672
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                      2⤵
                        PID:4688
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3164
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:428
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                        2⤵
                          PID:1200
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,15838008021882527562,13393471927354280419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                          2⤵
                          • NTFS ADS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1492
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2756
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3228
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:3560
                            • C:\Users\Admin\Downloads\winaerotweaker\WinaeroTweaker-1.63.0.0-setup.exe
                              "C:\Users\Admin\Downloads\winaerotweaker\WinaeroTweaker-1.63.0.0-setup.exe"
                              1⤵
                              • System Location Discovery: System Language Discovery
                              PID:4272
                              • C:\Users\Admin\AppData\Local\Temp\is-84GL9.tmp\WinaeroTweaker-1.63.0.0-setup.tmp
                                "C:\Users\Admin\AppData\Local\Temp\is-84GL9.tmp\WinaeroTweaker-1.63.0.0-setup.tmp" /SL5="$A035E,5100998,832000,C:\Users\Admin\Downloads\winaerotweaker\WinaeroTweaker-1.63.0.0-setup.exe"
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of FindShellTrayWindow
                                PID:2600
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweaker.exe /f
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:3028
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /im winaerotweaker.exe /f
                                    4⤵
                                    • System Location Discovery: System Language Discovery
                                    • Kills process with taskkill
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1624
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweakerhelper.exe /f
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:3292
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /im winaerotweakerhelper.exe /f
                                    4⤵
                                    • System Location Discovery: System Language Discovery
                                    • Kills process with taskkill
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3168
                                • C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
                                  "C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe"
                                  3⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4920
                                  • C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
                                    "C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe" -profile="C:\Users\Admin" -sid="S-1-5-21-2842058299-443432012-2465494467-1000" -muil="en-US"
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    • Checks processor information in registry
                                    • Modifies Control Panel
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2916
                                    • C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe
                                      "C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe" -
                                      5⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:1832
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winaero.com/windows-7-games-for-windows-10-anniversary-update-and-above/?utm_source=software&utm_medium=in-app&utm_campaign=winaerotweaker&utm_content=getgames
                                      5⤵
                                      • Enumerates system info in registry
                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                      PID:2880
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc66253cb8,0x7ffc66253cc8,0x7ffc66253cd8
                                        6⤵
                                          PID:4464
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
                                          6⤵
                                            PID:4432
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
                                            6⤵
                                              PID:4924
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
                                              6⤵
                                                PID:928
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
                                                6⤵
                                                  PID:3376
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                                                  6⤵
                                                    PID:1728
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
                                                    6⤵
                                                      PID:5824
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
                                                      6⤵
                                                        PID:6036
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
                                                        6⤵
                                                          PID:3120
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                                                          6⤵
                                                            PID:1920
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                                                            6⤵
                                                              PID:6320
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,167702676193095553,13781359702812822498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                                              6⤵
                                                                PID:6368
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SendNotifyMessage
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:984
                                                    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Modifies Internet Explorer settings
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2396
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4084
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3928
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3912
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2712
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1920
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4176
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2364
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1576
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3168
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2956
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3356
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3348
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1948
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3916
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4972
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3956
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1340
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1380
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4868
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4464
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3648
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Enumerates connected drives
                                                      • Sets desktop wallpaper using registry
                                                      • Checks SCSI registry key(s)
                                                      • Modifies Internet Explorer settings
                                                      • Modifies registry class
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3636
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:828
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4140
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2756
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:436
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3936
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2360
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2728
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:644
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5048
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4136
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3852
                                                    • C:\Windows\System32\rundll32.exe
                                                      rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\aero\aerolite.msstyles?NormalColor?NormalSize
                                                      1⤵
                                                        PID:6208
                                                      • C:\Windows\System32\rundll32.exe
                                                        rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
                                                        1⤵
                                                          PID:6328
                                                        • C:\Windows\System32\rundll32.exe
                                                          rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\aero\aerolite.msstyles?NormalColor?NormalSize
                                                          1⤵
                                                            PID:6408
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:6456
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                            • Enumerates system info in registry
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:6636
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:6644
                                                          • C:\Windows\system32\AUDIODG.EXE
                                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
                                                            1⤵
                                                              PID:7032
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                              1⤵
                                                                PID:904
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:5228
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:5400

                                                                  Network

                                                                  • flag-us
                                                                    DNS
                                                                    winaerotweaker.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    winaerotweaker.com
                                                                    IN A
                                                                    Response
                                                                    winaerotweaker.com
                                                                    IN A
                                                                    68.183.112.81
                                                                  • flag-us
                                                                    DNS
                                                                    8.8.8.8.in-addr.arpa
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    8.8.8.8.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                    8.8.8.8.in-addr.arpa
                                                                    IN PTR
                                                                    dnsgoogle
                                                                  • flag-us
                                                                    DNS
                                                                    www.bing.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    www.bing.com
                                                                    IN A
                                                                    Response
                                                                    www.bing.com
                                                                    IN CNAME
                                                                    www-www.bing.com.trafficmanager.net
                                                                    www-www.bing.com.trafficmanager.net
                                                                    IN CNAME
                                                                    www.bing.com.edgekey.net
                                                                    www.bing.com.edgekey.net
                                                                    IN CNAME
                                                                    e86303.dscx.akamaiedge.net
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.16
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.22
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.26
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.21
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.19
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.15
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.24
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.18
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    184.86.251.25
                                                                  • flag-us
                                                                    DNS
                                                                    172.210.232.199.in-addr.arpa
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    172.210.232.199.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                  • flag-us
                                                                    DNS
                                                                    r.bing.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    r.bing.com
                                                                    IN A
                                                                    Response
                                                                    r.bing.com
                                                                    IN CNAME
                                                                    p-static.bing.trafficmanager.net
                                                                    p-static.bing.trafficmanager.net
                                                                    IN CNAME
                                                                    r.bing.com.edgekey.net
                                                                    r.bing.com.edgekey.net
                                                                    IN CNAME
                                                                    e86303.dscx.akamaiedge.net
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.33
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.120
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.131
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.129
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.19
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.16
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.32
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.8
                                                                    e86303.dscx.akamaiedge.net
                                                                    IN A
                                                                    23.73.138.18
                                                                  • flag-us
                                                                    DNS
                                                                    nexusrules.officeapps.live.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    nexusrules.officeapps.live.com
                                                                    IN A
                                                                    Response
                                                                    nexusrules.officeapps.live.com
                                                                    IN CNAME
                                                                    prod.nexusrules.live.com.akadns.net
                                                                    prod.nexusrules.live.com.akadns.net
                                                                    IN A
                                                                    52.111.243.31
                                                                  • flag-us
                                                                    DNS
                                                                    ocsp.digicert.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    ocsp.digicert.com
                                                                    IN A
                                                                    Response
                                                                    ocsp.digicert.com
                                                                    IN CNAME
                                                                    ocsp.edge.digicert.com
                                                                    ocsp.edge.digicert.com
                                                                    IN CNAME
                                                                    fp2e7a.wpc.2be4.phicdn.net
                                                                    fp2e7a.wpc.2be4.phicdn.net
                                                                    IN CNAME
                                                                    fp2e7a.wpc.phicdn.net
                                                                    fp2e7a.wpc.phicdn.net
                                                                    IN A
                                                                    192.229.221.95
                                                                  • flag-us
                                                                    DNS
                                                                    ocsp.digicert.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    ocsp.digicert.com
                                                                    IN A
                                                                  • flag-us
                                                                    DNS
                                                                    ocsp.digicert.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    ocsp.digicert.com
                                                                    IN A
                                                                  • flag-us
                                                                    DNS
                                                                    ocsp.digicert.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    ocsp.digicert.com
                                                                    IN A
                                                                  • flag-us
                                                                    DNS
                                                                    ocsp.digicert.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    ocsp.digicert.com
                                                                    IN A
                                                                  • flag-de
                                                                    GET
                                                                    https://www.bing.com/qbox?query=https%3A%2F%2Fwinaerotweaker.com&language=en-US&pt=EdgBox&cvid=9a34b814d4cb4d4bb7342b88c5c0c9b6&ig=2ac28874f4e64b4abc4e577f3c7325e6&oit=3&cp=26&pgcl=4
                                                                    msedge.exe
                                                                    Remote address:
                                                                    184.86.251.16:443
                                                                    Request
                                                                    GET /qbox?query=https%3A%2F%2Fwinaerotweaker.com&language=en-US&pt=EdgBox&cvid=9a34b814d4cb4d4bb7342b88c5c0c9b6&ig=2ac28874f4e64b4abc4e577f3c7325e6&oit=3&cp=26&pgcl=4 HTTP/2.0
                                                                    host: www.bing.com
                                                                    sec-fetch-site: none
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: empty
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                    Response
                                                                    HTTP/2.0 200
                                                                    content-length: 147
                                                                    content-type: application/json; charset=utf-8
                                                                    cache-control: public, max-age=300
                                                                    content-encoding: gzip
                                                                    vary: Accept-Encoding
                                                                    x-eventid: 66b1deb9d9864bae9108bfe490bdf34e
                                                                    useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                    content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-uPV49fx49kElG5VoyZtZjYrUl1zDYNJ0sHi48a1Qxfc='; base-uri 'self';report-to csp-endpoint
                                                                    report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
                                                                    p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                                                    date: Tue, 06 Aug 2024 08:28:41 GMT
                                                                    set-cookie: MUID=2EFCFB9C3C1A6A9307D2EF4F3D396BE4; domain=.bing.com; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; secure; SameSite=None
                                                                    set-cookie: MUIDB=2EFCFB9C3C1A6A9307D2EF4F3D396BE4; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; HttpOnly
                                                                    set-cookie: _EDGE_S=F=1&SID=37E4B69EECB96B3428C0A24DED9A6A36; domain=.bing.com; path=/; HttpOnly
                                                                    set-cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; HttpOnly
                                                                    set-cookie: USRLOC=HS=1; domain=.bing.com; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; secure; HttpOnly; SameSite=None
                                                                    set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; secure; SameSite=None
                                                                    set-cookie: SRCHUID=V=2&GUID=D2D9061B6020467AACEA68D744EE640F&dmnchg=1; domain=.bing.com; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; secure; SameSite=None
                                                                    set-cookie: SRCHUSR=DOB=20240806; domain=.bing.com; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; secure; SameSite=None
                                                                    set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Sun, 31-Aug-2025 08:28:41 GMT; path=/; secure; SameSite=None
                                                                    set-cookie: _SS=SID=37E4B69EECB96B3428C0A24DED9A6A36; domain=.bing.com; path=/; secure; SameSite=None
                                                                    alt-svc: h3=":443"; ma=93600
                                                                    x-cdn-traceid: 0.10d854b8.1722932921.4cd75500
                                                                  • flag-us
                                                                    GET
                                                                    https://winaero.com/updates/tweaker.txt
                                                                    WinaeroTweaker.exe
                                                                    Remote address:
                                                                    68.183.112.81:443
                                                                    Request
                                                                    GET /updates/tweaker.txt HTTP/1.1
                                                                    Host: winaero.com
                                                                    Connection: Keep-Alive
                                                                    Response
                                                                    HTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Tue, 06 Aug 2024 08:29:42 GMT
                                                                    Content-Type: text/plain
                                                                    Content-Length: 9
                                                                    Last-Modified: Wed, 03 Jul 2024 13:33:58 GMT
                                                                    Connection: keep-alive
                                                                    ETag: "66855346-9"
                                                                    Strict-Transport-Security: max-age=15768000
                                                                    Accept-Ranges: bytes
                                                                  • flag-us
                                                                    GET
                                                                    https://winaero.com/updates/tweaker.txt
                                                                    WinaeroTweaker.exe
                                                                    Remote address:
                                                                    68.183.112.81:443
                                                                    Request
                                                                    GET /updates/tweaker.txt HTTP/1.1
                                                                    Host: winaero.com
                                                                    Response
                                                                    HTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Tue, 06 Aug 2024 08:29:43 GMT
                                                                    Content-Type: text/plain
                                                                    Content-Length: 9
                                                                    Last-Modified: Wed, 03 Jul 2024 13:33:58 GMT
                                                                    Connection: keep-alive
                                                                    ETag: "66855346-9"
                                                                    Strict-Transport-Security: max-age=15768000
                                                                    Accept-Ranges: bytes
                                                                  • flag-us
                                                                    DNS
                                                                    www.paypalobjects.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    www.paypalobjects.com
                                                                    IN A
                                                                    Response
                                                                    www.paypalobjects.com
                                                                    IN CNAME
                                                                    ppo.glb.paypal.com
                                                                    ppo.glb.paypal.com
                                                                    IN CNAME
                                                                    cs1150.wpc.betacdn.net
                                                                    cs1150.wpc.betacdn.net
                                                                    IN A
                                                                    192.229.221.25
                                                                  • flag-us
                                                                    DNS
                                                                    42.36.251.142.in-addr.arpa
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    42.36.251.142.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                    42.36.251.142.in-addr.arpa
                                                                    IN PTR
                                                                    ams17s12-in-f101e100net
                                                                  • flag-us
                                                                    DNS
                                                                    lh3.googleusercontent.com
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    lh3.googleusercontent.com
                                                                    IN A
                                                                    Response
                                                                    lh3.googleusercontent.com
                                                                    IN CNAME
                                                                    googlehosted.l.googleusercontent.com
                                                                    googlehosted.l.googleusercontent.com
                                                                    IN A
                                                                    142.251.39.97
                                                                  • flag-us
                                                                    DNS
                                                                    cxcs.microsoft.net
                                                                    msedge.exe
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    cxcs.microsoft.net
                                                                    IN A
                                                                    Response
                                                                    cxcs.microsoft.net
                                                                    IN CNAME
                                                                    cxcs.microsoft.net.edgekey.net
                                                                    cxcs.microsoft.net.edgekey.net
                                                                    IN CNAME
                                                                    e3230.b.akamaiedge.net
                                                                    e3230.b.akamaiedge.net
                                                                    IN A
                                                                    23.218.70.53
                                                                  • flag-nl
                                                                    GET
                                                                    https://fundingchoicesmessages.google.com/i/pub-8660790925544760?ers=1
                                                                    msedge.exe
                                                                    Remote address:
                                                                    142.250.179.174:443
                                                                    Request
                                                                    GET /i/pub-8660790925544760?ers=1 HTTP/2.0
                                                                    host: fundingchoicesmessages.google.com
                                                                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                    dnt: 1
                                                                    sec-ch-ua-mobile: ?0
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept: */*
                                                                    sec-fetch-site: cross-site
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: script
                                                                    referer: https://winaero.com/
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                  • flag-nl
                                                                    GET
                                                                    https://fundingchoicesmessages.google.com/b/pub-8660790925544760
                                                                    msedge.exe
                                                                    Remote address:
                                                                    142.250.179.174:443
                                                                    Request
                                                                    GET /b/pub-8660790925544760 HTTP/2.0
                                                                    host: fundingchoicesmessages.google.com
                                                                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                    dnt: 1
                                                                    sec-ch-ua-mobile: ?0
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept: */*
                                                                    sec-fetch-site: cross-site
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: script
                                                                    referer: https://winaero.com/
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                  • flag-se
                                                                    GET
                                                                    https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif
                                                                    msedge.exe
                                                                    Remote address:
                                                                    192.229.221.25:443
                                                                    Request
                                                                    GET /en_US/i/btn/btn_donate_SM.gif HTTP/2.0
                                                                    host: www.paypalobjects.com
                                                                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                    dnt: 1
                                                                    sec-ch-ua-mobile: ?0
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                    sec-fetch-site: cross-site
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: image
                                                                    referer: https://winaero.com/
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                    Response
                                                                    HTTP/2.0 200
                                                                    accept-ranges: bytes
                                                                    cache-control: s-maxage=31536000, public,max-age=3600
                                                                    content-type: image/gif
                                                                    date: Tue, 06 Aug 2024 08:33:20 GMT
                                                                    dc: ccg11-origin-www-1.paypal.com
                                                                    etag: "5d5637be-2b"
                                                                    expires: Tue, 06 Aug 2024 09:33:20 GMT
                                                                    last-modified: Fri, 16 Aug 2019 04:57:34 GMT
                                                                    paypal-debug-id: 7c560b8947f60
                                                                    server: ECAcc (lhd/35D5)
                                                                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                                                                    timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
                                                                    traceparent: 00-00000000000000000007c560b8947f60-33e6e1abd4d45569-01
                                                                    x-cache: HIT
                                                                    x-content-type-options: nosniff
                                                                    content-length: 43
                                                                  • flag-se
                                                                    GET
                                                                    https://www.paypalobjects.com/en_US/i/scr/pixel.gif
                                                                    msedge.exe
                                                                    Remote address:
                                                                    192.229.221.25:443
                                                                    Request
                                                                    GET /en_US/i/scr/pixel.gif HTTP/2.0
                                                                    host: www.paypalobjects.com
                                                                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                    dnt: 1
                                                                    sec-ch-ua-mobile: ?0
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                    sec-fetch-site: cross-site
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: image
                                                                    referer: https://winaero.com/
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                    Response
                                                                    HTTP/2.0 200
                                                                    accept-ranges: bytes
                                                                    cache-control: s-maxage=31536000, public,max-age=3600
                                                                    content-type: image/gif
                                                                    date: Tue, 06 Aug 2024 08:33:20 GMT
                                                                    dc: ccg11-origin-www-1.paypal.com
                                                                    etag: "5d5637bd-5a7"
                                                                    expires: Tue, 06 Aug 2024 09:33:20 GMT
                                                                    last-modified: Fri, 16 Aug 2019 04:57:33 GMT
                                                                    paypal-debug-id: b880d2d92dd3b
                                                                    server: ECAcc (lhd/35C3)
                                                                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                                                                    timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
                                                                    traceparent: 00-0000000000000000000b880d2d92dd3b-a0ab302186978f60-01
                                                                    x-cache: HIT
                                                                    x-content-type-options: nosniff
                                                                    content-length: 1447
                                                                  • flag-us
                                                                    DNS
                                                                    174.179.250.142.in-addr.arpa
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    174.179.250.142.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                    174.179.250.142.in-addr.arpa
                                                                    IN PTR
                                                                    ams15s41-in-f141e100net
                                                                  • flag-us
                                                                    DNS
                                                                    ssl.google-analytics.com
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    ssl.google-analytics.com
                                                                    IN A
                                                                    Response
                                                                    ssl.google-analytics.com
                                                                    IN A
                                                                    142.251.36.40
                                                                  • flag-us
                                                                    DNS
                                                                    97.39.251.142.in-addr.arpa
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    97.39.251.142.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                    97.39.251.142.in-addr.arpa
                                                                    IN PTR
                                                                    ams15s48-in-f11e100net
                                                                  • flag-us
                                                                    DNS
                                                                    25.221.229.192.in-addr.arpa
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    25.221.229.192.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                  • flag-us
                                                                    DNS
                                                                    40.36.251.142.in-addr.arpa
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    40.36.251.142.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                    40.36.251.142.in-addr.arpa
                                                                    IN PTR
                                                                    ams17s12-in-f81e100net
                                                                  • flag-us
                                                                    DNS
                                                                    168.179.250.142.in-addr.arpa
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    168.179.250.142.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                    168.179.250.142.in-addr.arpa
                                                                    IN PTR
                                                                    ams15s41-in-f81e100net
                                                                  • flag-us
                                                                    DNS
                                                                    googleads.g.doubleclick.net
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    googleads.g.doubleclick.net
                                                                    IN A
                                                                    Response
                                                                    googleads.g.doubleclick.net
                                                                    IN A
                                                                    142.251.36.2
                                                                  • flag-us
                                                                    DNS
                                                                    36.34.239.216.in-addr.arpa
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    36.34.239.216.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                  • flag-us
                                                                    DNS
                                                                    41.135.221.88.in-addr.arpa
                                                                    Remote address:
                                                                    8.8.8.8:53
                                                                    Request
                                                                    41.135.221.88.in-addr.arpa
                                                                    IN PTR
                                                                    Response
                                                                    41.135.221.88.in-addr.arpa
                                                                    IN PTR
                                                                    a88-221-135-41deploystaticakamaitechnologiescom
                                                                  • flag-nl
                                                                    GET
                                                                    https://ssl.google-analytics.com/ga.js
                                                                    msedge.exe
                                                                    Remote address:
                                                                    142.251.36.40:443
                                                                    Request
                                                                    GET /ga.js HTTP/2.0
                                                                    host: ssl.google-analytics.com
                                                                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                    dnt: 1
                                                                    sec-ch-ua-mobile: ?0
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept: */*
                                                                    sec-fetch-site: cross-site
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: script
                                                                    referer: https://winaero.com/
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                  • flag-us
                                                                    POST
                                                                    https://region1.google-analytics.com/g/collect?v=2&tid=G-E1FNYQ7R2R&gtm=45je47v0v9131562146za200&_p=1722933199881&gcd=13l3l3l3l1&npa=0&dma=0&tcfd=10000&tag_exp=95250753&cid=1267729695.1722933200&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1722933200&sct=1&seg=0&dl=https%3A%2F%2Fwinaero.com%2Fwindows-7-games-for-windows-10-anniversary-update-and-above%2F%3Futm_source%3Dsoftware%26utm_medium%3Din-app%26utm_campaign%3Dwinaerotweaker%26utm_content%3Dgetgames&dt=Windows%207%20games%20for%20Windows%2010%20Anniversary%20Update%20and%20above&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3239
                                                                    msedge.exe
                                                                    Remote address:
                                                                    216.239.34.36:443
                                                                    Request
                                                                    POST /g/collect?v=2&tid=G-E1FNYQ7R2R&gtm=45je47v0v9131562146za200&_p=1722933199881&gcd=13l3l3l3l1&npa=0&dma=0&tcfd=10000&tag_exp=95250753&cid=1267729695.1722933200&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1722933200&sct=1&seg=0&dl=https%3A%2F%2Fwinaero.com%2Fwindows-7-games-for-windows-10-anniversary-update-and-above%2F%3Futm_source%3Dsoftware%26utm_medium%3Din-app%26utm_campaign%3Dwinaerotweaker%26utm_content%3Dgetgames&dt=Windows%207%20games%20for%20Windows%2010%20Anniversary%20Update%20and%20above&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3239 HTTP/2.0
                                                                    host: region1.google-analytics.com
                                                                    content-length: 0
                                                                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                    dnt: 1
                                                                    sec-ch-ua-mobile: ?0
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept: */*
                                                                    origin: https://winaero.com
                                                                    sec-fetch-site: cross-site
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: empty
                                                                    referer: https://winaero.com/
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                  • flag-nl
                                                                    GET
                                                                    https://lh3.googleusercontent.com/Aa4yxTEzptv8d0-2XkwrNGRx4Ai_29Vdl7NUpocC-N6QGkqMZbJru7NvSM2Euve-DxU4uKUaiOtMfJC-PzfbMNW5rdvUl5b57aKqwv_NUUr2DlzWXag=h60
                                                                    msedge.exe
                                                                    Remote address:
                                                                    142.251.39.97:443
                                                                    Request
                                                                    GET /Aa4yxTEzptv8d0-2XkwrNGRx4Ai_29Vdl7NUpocC-N6QGkqMZbJru7NvSM2Euve-DxU4uKUaiOtMfJC-PzfbMNW5rdvUl5b57aKqwv_NUUr2DlzWXag=h60 HTTP/2.0
                                                                    host: lh3.googleusercontent.com
                                                                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                                                    dnt: 1
                                                                    sec-ch-ua-mobile: ?0
                                                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                                                    accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                    sec-fetch-site: cross-site
                                                                    sec-fetch-mode: no-cors
                                                                    sec-fetch-dest: image
                                                                    referer: https://winaero.com/
                                                                    accept-encoding: gzip, deflate, br
                                                                    accept-language: en-US,en;q=0.9
                                                                  • 68.183.112.81:443
                                                                    winaerotweaker.com
                                                                    tls
                                                                    msedge.exe
                                                                    116.1kB
                                                                     5.9MB
                                                                     2319
                                                                    6131
                                                                  • 68.183.112.81:443
                                                                    winaerotweaker.com
                                                                    tls
                                                                    msedge.exe
                                                                    7.4kB
                                                                     98.9kB
                                                                     52
                                                                    112
                                                                  • 184.86.251.16:443
                                                                    https://www.bing.com/qbox?query=https%3A%2F%2Fwinaerotweaker.com&language=en-US&pt=EdgBox&cvid=9a34b814d4cb4d4bb7342b88c5c0c9b6&ig=2ac28874f4e64b4abc4e577f3c7325e6&oit=3&cp=26&pgcl=4
                                                                    tls, http2
                                                                    msedge.exe
                                                                    1.8kB
                                                                     7.2kB
                                                                     16
                                                                    19

                                                                    HTTP Request

                                                                    GET https://www.bing.com/qbox?query=https%3A%2F%2Fwinaerotweaker.com&language=en-US&pt=EdgBox&cvid=9a34b814d4cb4d4bb7342b88c5c0c9b6&ig=2ac28874f4e64b4abc4e577f3c7325e6&oit=3&cp=26&pgcl=4

                                                                    HTTP Response

                                                                    200
                                                                  • 68.183.112.81:443
                                                                    winaerotweaker.com
                                                                    tls
                                                                    msedge.exe
                                                                    1.6kB
                                                                     933 B
                                                                     11
                                                                    10
                                                                  • 68.183.112.81:443
                                                                    winaerotweaker.com
                                                                    tls
                                                                    msedge.exe
                                                                    2.3kB
                                                                     41.4kB
                                                                     25
                                                                    52
                                                                  • 68.183.112.81:443
                                                                    winaerotweaker.com
                                                                    tls
                                                                    msedge.exe
                                                                    1.7kB
                                                                     5.0kB
                                                                     12
                                                                    13
                                                                  • 68.183.112.81:443
                                                                    https://winaero.com/updates/tweaker.txt
                                                                    tls, http
                                                                    WinaeroTweaker.exe
                                                                    762 B
                                                                     3.9kB
                                                                     8
                                                                    8

                                                                    HTTP Request

                                                                    GET https://winaero.com/updates/tweaker.txt

                                                                    HTTP Response

                                                                    200
                                                                  • 68.183.112.81:443
                                                                    https://winaero.com/updates/tweaker.txt
                                                                    tls, http
                                                                    WinaeroTweaker.exe
                                                                    738 B
                                                                     3.9kB
                                                                     8
                                                                    8

                                                                    HTTP Request

                                                                    GET https://winaero.com/updates/tweaker.txt

                                                                    HTTP Response

                                                                    200
                                                                  • 23.73.138.129:443
                                                                    www.bing.com
                                                                    tls
                                                                    SearchHost.exe
                                                                    55.7kB
                                                                     179.0kB
                                                                     213
                                                                    180
                                                                  • 23.73.138.33:443
                                                                    r.bing.com
                                                                    tls
                                                                    SearchHost.exe
                                                                    20.8kB
                                                                     502.1kB
                                                                     378
                                                                    371
                                                                  • 23.73.138.33:443
                                                                    r.bing.com
                                                                    tls
                                                                    SearchHost.exe
                                                                    1.2kB
                                                                     5.2kB
                                                                     16
                                                                    13
                                                                  • 23.73.138.33:443
                                                                    r.bing.com
                                                                    tls
                                                                    SearchHost.exe
                                                                    1.2kB
                                                                     5.2kB
                                                                     16
                                                                    13
                                                                  • 20.50.201.195:443
                                                                    browser.pipe.aria.microsoft.com
                                                                    tls
                                                                    SearchHost.exe
                                                                    1.6kB
                                                                     8.4kB
                                                                     16
                                                                    10
                                                                  • 68.183.112.81:443
                                                                    winaero.com
                                                                    tls
                                                                    msedge.exe
                                                                    5.1kB
                                                                     59.8kB
                                                                     30
                                                                    66
                                                                  • 68.183.112.81:443
                                                                    winaero.com
                                                                    tls
                                                                    msedge.exe
                                                                    6.3kB
                                                                     83.4kB
                                                                     39
                                                                    92
                                                                  • 68.183.112.81:443
                                                                    winaero.com
                                                                    tls
                                                                    msedge.exe
                                                                    4.1kB
                                                                     60.2kB
                                                                     29
                                                                    67
                                                                  • 68.183.112.81:443
                                                                    winaero.com
                                                                    tls
                                                                    msedge.exe
                                                                    3.6kB
                                                                     74.4kB
                                                                     33
                                                                    82
                                                                  • 68.183.112.81:443
                                                                    winaero.com
                                                                    tls
                                                                    msedge.exe
                                                                    5.7kB
                                                                     145.9kB
                                                                     59
                                                                    158
                                                                  • 68.183.112.81:443
                                                                    winaero.com
                                                                    tls
                                                                    msedge.exe
                                                                    5.0kB
                                                                     35.8kB
                                                                     22
                                                                    43
                                                                  • 142.250.179.174:443
                                                                    https://fundingchoicesmessages.google.com/b/pub-8660790925544760
                                                                    tls, http2
                                                                    msedge.exe
                                                                    3.7kB
                                                                     86.9kB
                                                                     56
                                                                    71

                                                                    HTTP Request

                                                                    GET https://fundingchoicesmessages.google.com/i/pub-8660790925544760?ers=1

                                                                    HTTP Request

                                                                    GET https://fundingchoicesmessages.google.com/b/pub-8660790925544760
                                                                  • 192.229.221.25:443
                                                                    www.paypalobjects.com
                                                                    tls
                                                                    msedge.exe
                                                                    1.7kB
                                                                     9.0kB
                                                                     13
                                                                    13
                                                                  • 192.229.221.25:443
                                                                    https://www.paypalobjects.com/en_US/i/scr/pixel.gif
                                                                    tls, http2
                                                                    msedge.exe
                                                                    2.5kB
                                                                     11.5kB
                                                                     17
                                                                    19

                                                                    HTTP Request

                                                                    GET https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif

                                                                    HTTP Request

                                                                    GET https://www.paypalobjects.com/en_US/i/scr/pixel.gif

                                                                    HTTP Response

                                                                    200

                                                                    HTTP Response

                                                                    200
                                                                  • 142.251.36.2:443
                                                                    googleads.g.doubleclick.net
                                                                    tls, http2
                                                                    msedge.exe
                                                                    897 B
                                                                     5.3kB
                                                                     7
                                                                    7
                                                                  • 142.251.36.40:443
                                                                    https://ssl.google-analytics.com/ga.js
                                                                    tls, http2
                                                                    msedge.exe
                                                                    2.2kB
                                                                     24.1kB
                                                                     24
                                                                    24

                                                                    HTTP Request

                                                                    GET https://ssl.google-analytics.com/ga.js
                                                                  • 216.239.34.36:443
                                                                    https://region1.google-analytics.com/g/collect?v=2&tid=G-E1FNYQ7R2R&gtm=45je47v0v9131562146za200&_p=1722933199881&gcd=13l3l3l3l1&npa=0&dma=0&tcfd=10000&tag_exp=95250753&cid=1267729695.1722933200&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1722933200&sct=1&seg=0&dl=https%3A%2F%2Fwinaero.com%2Fwindows-7-games-for-windows-10-anniversary-update-and-above%2F%3Futm_source%3Dsoftware%26utm_medium%3Din-app%26utm_campaign%3Dwinaerotweaker%26utm_content%3Dgetgames&dt=Windows%207%20games%20for%20Windows%2010%20Anniversary%20Update%20and%20above&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3239
                                                                    tls, http2
                                                                    msedge.exe
                                                                    2.0kB
                                                                     6.1kB
                                                                     11
                                                                    11

                                                                    HTTP Request

                                                                    POST https://region1.google-analytics.com/g/collect?v=2&tid=G-E1FNYQ7R2R&gtm=45je47v0v9131562146za200&_p=1722933199881&gcd=13l3l3l3l1&npa=0&dma=0&tcfd=10000&tag_exp=95250753&cid=1267729695.1722933200&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1722933200&sct=1&seg=0&dl=https%3A%2F%2Fwinaero.com%2Fwindows-7-games-for-windows-10-anniversary-update-and-above%2F%3Futm_source%3Dsoftware%26utm_medium%3Din-app%26utm_campaign%3Dwinaerotweaker%26utm_content%3Dgetgames&dt=Windows%207%20games%20for%20Windows%2010%20Anniversary%20Update%20and%20above&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3239
                                                                  • 142.251.39.97:443
                                                                    https://lh3.googleusercontent.com/Aa4yxTEzptv8d0-2XkwrNGRx4Ai_29Vdl7NUpocC-N6QGkqMZbJru7NvSM2Euve-DxU4uKUaiOtMfJC-PzfbMNW5rdvUl5b57aKqwv_NUUr2DlzWXag=h60
                                                                    tls, http2
                                                                    msedge.exe
                                                                    1.8kB
                                                                     12.5kB
                                                                     14
                                                                    17

                                                                    HTTP Request

                                                                    GET https://lh3.googleusercontent.com/Aa4yxTEzptv8d0-2XkwrNGRx4Ai_29Vdl7NUpocC-N6QGkqMZbJru7NvSM2Euve-DxU4uKUaiOtMfJC-PzfbMNW5rdvUl5b57aKqwv_NUUr2DlzWXag=h60
                                                                  • 23.218.70.53:443
                                                                    cxcs.microsoft.net
                                                                    tls
                                                                    1.4kB
                                                                     7.5kB
                                                                     19
                                                                    17
                                                                  • 88.221.135.41:443
                                                                    www.bing.com
                                                                    tls
                                                                    1.9kB
                                                                     6.5kB
                                                                     18
                                                                    15
                                                                  • 8.8.8.8:53
                                                                    winaerotweaker.com
                                                                    dns
                                                                    msedge.exe
                                                                    709 B
                                                                     1.2kB
                                                                     11
                                                                    7

                                                                    DNS Request

                                                                    winaerotweaker.com

                                                                    DNS Response

                                                                    68.183.112.81

                                                                    DNS Request

                                                                    8.8.8.8.in-addr.arpa

                                                                    DNS Request

                                                                    www.bing.com

                                                                    DNS Response

                                                                    184.86.251.16
                                                                    184.86.251.22
                                                                    184.86.251.26
                                                                    184.86.251.21
                                                                    184.86.251.19
                                                                    184.86.251.15
                                                                    184.86.251.24
                                                                    184.86.251.18
                                                                    184.86.251.25

                                                                    DNS Request

                                                                    172.210.232.199.in-addr.arpa

                                                                    DNS Request

                                                                    r.bing.com

                                                                    DNS Response

                                                                    23.73.138.33
                                                                    23.73.138.120
                                                                    23.73.138.131
                                                                    23.73.138.129
                                                                    23.73.138.19
                                                                    23.73.138.16
                                                                    23.73.138.32
                                                                    23.73.138.8
                                                                    23.73.138.18

                                                                    DNS Request

                                                                    nexusrules.officeapps.live.com

                                                                    DNS Response

                                                                    52.111.243.31

                                                                    DNS Request

                                                                    ocsp.digicert.com

                                                                    DNS Request

                                                                    ocsp.digicert.com

                                                                    DNS Request

                                                                    ocsp.digicert.com

                                                                    DNS Request

                                                                    ocsp.digicert.com

                                                                    DNS Request

                                                                    ocsp.digicert.com

                                                                    DNS Response

                                                                    192.229.221.95

                                                                  • 224.0.0.251:5353
                                                                    msedge.exe
                                                                    1.1kB
                                                                     17
                                                                  • 8.8.8.8:53
                                                                    www.paypalobjects.com
                                                                    dns
                                                                    msedge.exe
                                                                    274 B
                                                                     529 B
                                                                     4
                                                                    4

                                                                    DNS Request

                                                                    www.paypalobjects.com

                                                                    DNS Response

                                                                    192.229.221.25

                                                                    DNS Request

                                                                    42.36.251.142.in-addr.arpa

                                                                    DNS Request

                                                                    lh3.googleusercontent.com

                                                                    DNS Response

                                                                    142.251.39.97

                                                                    DNS Request

                                                                    cxcs.microsoft.net

                                                                    DNS Response

                                                                    23.218.70.53

                                                                  • 8.8.8.8:53
                                                                    174.179.250.142.in-addr.arpa
                                                                    dns
                                                                    216 B
                                                                     309 B
                                                                     3
                                                                    3

                                                                    DNS Request

                                                                    174.179.250.142.in-addr.arpa

                                                                    DNS Request

                                                                    ssl.google-analytics.com

                                                                    DNS Response

                                                                    142.251.36.40

                                                                    DNS Request

                                                                    97.39.251.142.in-addr.arpa

                                                                  • 8.8.8.8:53
                                                                    25.221.229.192.in-addr.arpa
                                                                    dns
                                                                    145 B
                                                                     254 B
                                                                     2
                                                                    2

                                                                    DNS Request

                                                                    25.221.229.192.in-addr.arpa

                                                                    DNS Request

                                                                    40.36.251.142.in-addr.arpa

                                                                  • 8.8.8.8:53
                                                                    168.179.250.142.in-addr.arpa
                                                                    dns
                                                                    291 B
                                                                     470 B
                                                                     4
                                                                    4

                                                                    DNS Request

                                                                    168.179.250.142.in-addr.arpa

                                                                    DNS Request

                                                                    googleads.g.doubleclick.net

                                                                    DNS Response

                                                                    142.251.36.2

                                                                    DNS Request

                                                                    36.34.239.216.in-addr.arpa

                                                                    DNS Request

                                                                    41.135.221.88.in-addr.arpa

                                                                  • 142.250.179.174:443
                                                                    fundingchoicesmessages.google.com
                                                                    https
                                                                    msedge.exe
                                                                    8.1kB
                                                                     143.8kB
                                                                     61
                                                                    120
                                                                  • 142.251.36.40:443
                                                                    ssl.google-analytics.com
                                                                    https
                                                                    msedge.exe
                                                                    4.1kB
                                                                     6.5kB
                                                                     8
                                                                    10

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Program Files\Winaero Tweaker\WinaeroControls.dll
                                                                    Filesize

                                                                    428KB

                                                                    MD5

                                                                    08dff3b716f7382929f613439cf9e835

                                                                    SHA1

                                                                    fcbfb0748fc5fc2315c336c2a582d399f0451659

                                                                    SHA256

                                                                    59f92064ff838dfbb8a52392b3bc427ae54daf9e1f6325e880cb1010456a5ee5

                                                                    SHA512

                                                                    d6cd9cdba81879c608796b9b7ceb5f99a06a91ed2d3b779e8c219defccdd45b2c79082b2b2fbfa995acb26954cc8b61708c81e26666403dc0295078e5cce2003

                                                                    Download Submit

                                                                  • C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
                                                                    Filesize

                                                                    5.2MB

                                                                    MD5

                                                                    99c3342a209d92e537879699108f8288

                                                                    SHA1

                                                                    58ebfcc943cc6abd064dd176f79a1e8fa04759ed

                                                                    SHA256

                                                                    bd2eb1ade28a7a3023b8e96ea1d44c82c7df50fcbac460c63c05ab11d7849bb4

                                                                    SHA512

                                                                    76b1a5c27f724297f247c32b40c7c05f0afde0f19aba31199f7b82ea5b0b52b97bb718eb757352c35d9683162d94486c888a04ffe5d2d6de1e072b090de14dc0

                                                                    Download Submit

                                                                  • C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe
                                                                    Filesize

                                                                    330KB

                                                                    MD5

                                                                    8e0aec38406afacff9487529add32c74

                                                                    SHA1

                                                                    4a7973910178147b217107db30610bf3416f2745

                                                                    SHA256

                                                                    c789872a6141e19f9cb71abb8260c8303a2ac48dfd86f36912a4649800a78d39

                                                                    SHA512

                                                                    a29bac662446c238c787635654a1787471c484c5887cca5838361c232dca1d32220b50f36fe918b39db7d6f1976f0584332386340e96a7f85e2d71123014e62c

                                                                    Download Submit

                                                                  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winaero Tweaker\Winaero Tweaker.lnk
                                                                    Filesize

                                                                    957B

                                                                    MD5

                                                                    a895c481eb685bdf81f1d2b49b69d3b8

                                                                    SHA1

                                                                    f2b7073b70576744659a7208e6419b9f24cbe1aa

                                                                    SHA256

                                                                    0bd241d32a22ebe5b4a8f1aab6b3aa3a566e0367dfb947c08e47b2ee849b2217

                                                                    SHA512

                                                                    36777ab576a7796f359883a185076dfd4ecca937dd72e869d61c3e727f4d8986a7e39003815ca49c88970695f9fa8e72956d95cf5b70223557ac068cd7ca766c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WinaeroTweaker.exe.log
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    b4e91d2e5f40d5e2586a86cf3bb4df24

                                                                    SHA1

                                                                    31920b3a41aa4400d4a0230a7622848789b38672

                                                                    SHA256

                                                                    5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210

                                                                    SHA512

                                                                    968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    026e0c65239e15ba609a874aeac2dc33

                                                                    SHA1

                                                                    a75e1622bc647ab73ab3bb2809872c2730dcf2df

                                                                    SHA256

                                                                    593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

                                                                    SHA512

                                                                    9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    14ca834b924778d8f3231a79a5a4ac55

                                                                    SHA1

                                                                    ede34d8927e7de7a82eb7d055d9163955b19bcc8

                                                                    SHA256

                                                                    a05f0f9564e1f71efa399df476d40a9851a4b0fa6c0f3592de77a1c24707f7e0

                                                                    SHA512

                                                                    6601b36e64a5b3cd87615f0c2241dc7ad2f31426895f560e2183a328942d16aeaed5bb0c7cd3eb01717f6c6d6233a5b0355185d0087813527cdd10b9cd641928

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    922ac5cdb4bccfb75cea3666c8d11dae

                                                                    SHA1

                                                                    82572dcfbd5178cdd5be483848563beba7046b1b

                                                                    SHA256

                                                                    092fbefe4a5236e76c2e91d9175bb8464f79d537265ba79d7ad13bbaa14126dc

                                                                    SHA512

                                                                    46cba86976f5e39434e4f33f426f3a56d54b46dd8b267a85b3061c6da9cbf6a03eb0c9d18fe917ae01eb25ebac607766623ac0141a9fe7a3313c65a76010510e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    228fefc98d7fb5b4e27c6abab1de7207

                                                                    SHA1

                                                                    ada493791316e154a906ec2c83c412adf3a7061a

                                                                    SHA256

                                                                    448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

                                                                    SHA512

                                                                    fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    1995f9a43605147aa63d35285949daf4

                                                                    SHA1

                                                                    d35ab860e2d1d75d27be4e214b4949b52260a3ba

                                                                    SHA256

                                                                    8bd6d1583efbcda3336fa66f9cc710b237206a5201ad6550c8af2586a5af271e

                                                                    SHA512

                                                                    9989e8bd1414b1e77ef09cef1fdc6908da0f50e74e926e6928e623d6d4ff544c63be1151c272257a45013e7348ed9ed5ec1631b7776ea8f287c31de37e3113ca

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    623caeedf78e884a9bf4cd6133f07d3c

                                                                    SHA1

                                                                    97384fcdabed1ce1f8b3ec633b734df13994c0e5

                                                                    SHA256

                                                                    55392b049d7b587c1df526f98495c406e7d004f60cec0d77636621f523f314b8

                                                                    SHA512

                                                                    05960d6d022c11b41514be1e65e25bd8e8690e9f28da31a6040cba4417aa5fca0ee191fd0cd69f2936864efa9d8b737362c575a33395ef6f4c23af964d23c1a8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
                                                                    Filesize

                                                                    1.0MB

                                                                    MD5

                                                                    9314a4ee9e223e1a075aa80d5aae7bd6

                                                                    SHA1

                                                                    7123818a8330d29bc36e8cfe7daac4790d0e1997

                                                                    SHA256

                                                                    0a132b88a2824470229cf8efdfa8e617f0455da946baa9fcf5192b5f282bd526

                                                                    SHA512

                                                                    08f0125377051dfa809d0dbd329748288e87c8b7ebc98930c6609a0408b1bfc2253dd6af65e77018eebb59050d6fb92056d24d08fecf497a85012178cebaf06a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
                                                                    Filesize

                                                                    4.0MB

                                                                    MD5

                                                                    2b8f2ca020d5d2c30eaefc4a4aa8841a

                                                                    SHA1

                                                                    6ee163702c5974de1fead066898b3be1f32573b9

                                                                    SHA256

                                                                    5a759535df77ba72bbfe00a8a703009dde5983242a809e5922360961021dfd80

                                                                    SHA512

                                                                    5417cd538118b7bbc7b6ffc60a13b2149d45d428702da25450b4d199b681c9d1da2c65bb11e63ba5d572416f95c2eeaef395f178c5ff815994cc223f6b6b73e8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    336B

                                                                    MD5

                                                                    45187e089dc83fb89885c3dd3409bbd3

                                                                    SHA1

                                                                    acefe35ff424ddf987b16ccafd534a2486830329

                                                                    SHA256

                                                                    b49eab3ba7b2cbca4905c487eeb97e443977575eb534b22e41b17b2f04f13a8f

                                                                    SHA512

                                                                    cdee7353b88827608a288c842b154a12088f928fb33c090ce1fec773413a8d309a61eff031fe28c493c1a1cf9f16f6aa8747aa098d0ed90954c2b2ade9907806

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
                                                                    Filesize

                                                                    24KB

                                                                    MD5

                                                                    4b569c5cfc4ceaaf7952fd6c69ac8542

                                                                    SHA1

                                                                    96005a9d80111a399009a8361858e3b905578510

                                                                    SHA256

                                                                    9f530ab7f6aa00341d4d10638218eb3660a5bb2d9c888c7f0331bfe0fdb47970

                                                                    SHA512

                                                                    ba97dc6bb35ddb4fc7ae8126ec9fe84460464c102efe5bef32781602eddc2bd7bf1294eab0cad485d84cf6b22b1f2bf81676e03cba59e585974687c7ae06fb23

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    7bf336403dbafc5e1907e13803e5a234

                                                                    SHA1

                                                                    5ab8653740b969850e21adc3f65bd8e15a7ef48b

                                                                    SHA256

                                                                    a892fc87155551d826b57e259fbad01bd554680f1a9f997591f0886e6181d872

                                                                    SHA512

                                                                    e7b3eb9eb8fbc72b932c7581f9c79ec6ed84a1a681f8de50e3d315976a85e2181c30a4a2b6e346244fafd5534a594918d2251f1383b1d223de84866ff152e4a3

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                                    Filesize

                                                                    116KB

                                                                    MD5

                                                                    306139e9aeac4b07d6a4a3c6349c3e93

                                                                    SHA1

                                                                    e612a6e84a7bfb3935a3b8d2a4e4613bb40e390d

                                                                    SHA256

                                                                    429bcb6c21fe97d7e97fdf2b4a871259e853fdd343b2c0196986e9fe31d18ad0

                                                                    SHA512

                                                                    612c2b13b4b3fd718bb91726f2676e237a5fe7524d289e5e7c6c7d8eccdb14c72dd31b31f0d0f22069d4b5c444c5644d2b0a359c470e1ee9857370e7da2b2e33

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
                                                                    Filesize

                                                                    422B

                                                                    MD5

                                                                    a1a8b5bc1594270c89004bad25e2f0b3

                                                                    SHA1

                                                                    10a10c72bb8a1bcbd812e3a667019d0953eee19b

                                                                    SHA256

                                                                    01f43c96729df75a225f0932d58182f5bc36e2647037dc6fd1147e00f1d51b7b

                                                                    SHA512

                                                                    18b0849811fd8342dc83a18487dade04bbd6113d611ebda46274b33b77d2b8fde46fc59379bc2e99a235f1199c45f83ef48351070ffd6e480add12b46d1cd38b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
                                                                    Filesize

                                                                    28KB

                                                                    MD5

                                                                    dab46028ab7939d7b3cd550ebc1f4157

                                                                    SHA1

                                                                    bca942e8b53e283f674a2f251ef425bb41930faf

                                                                    SHA256

                                                                    45f617376338eff741def8928c3e7c916f760ea6fa6710e83eab38f1d31e0ab1

                                                                    SHA512

                                                                    540f69a8ef4e804d4c88f53fd7f76663741d71887fa3a7208c796f703e0298d4856ac1c2ced0ad6f1ea7cc02257369689c2e7ddea860f8b265643d5c515b6c2a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                                                    Filesize

                                                                    331B

                                                                    MD5

                                                                    367deab4e931d4a3d54f16ec1fb2945f

                                                                    SHA1

                                                                    fe61aa85f39d23c7dfbfcb3a64a95ea9ac276861

                                                                    SHA256

                                                                    b64d77353042eb381a1af23fbf45c38824add03df1ff70aa9cb4ea8ea4a32d37

                                                                    SHA512

                                                                    3fe3eb36d7ae82cdc39a263ef22b71dfd28a369771047d05b39f926903cad6e66ffac84a2ef90622421d89b921e94a69ff4e4907f46ad1907d3caf163ee7f283

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    180B

                                                                    MD5

                                                                    00a455d9d155394bfb4b52258c97c5e5

                                                                    SHA1

                                                                    2761d0c955353e1982a588a3df78f2744cfaa9df

                                                                    SHA256

                                                                    45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                                                                    SHA512

                                                                    9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    211ec623cb793d49cceea393b05a9533

                                                                    SHA1

                                                                    82c26088791438ce28a418f3e07c7fa8aad3e5a3

                                                                    SHA256

                                                                    8243fa09254594828955566dbe733a5b36fbbcb3a28c42b3516d813c5f7366b3

                                                                    SHA512

                                                                    0c1ec3a9e4e7091911e3a9c90fe219b7ee1bc0b5d95a09fba84fe004cfaeccd7f7f0abfb3c8bcd52770d843db7e96cc3c420fba99aee4f51d20ced030b97ab26

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    9432c74334a18d6c8a41004c5d0876df

                                                                    SHA1

                                                                    7503a6196bd8df4963c3310d5cbcea504fc8ff48

                                                                    SHA256

                                                                    4462e8ddb23526af5620fd100b266d41bd35941f33275e77d49998d46a94261f

                                                                    SHA512

                                                                    af5b019a92be8045a0cc320888b7d50e567fe47f7f7b09f175d49aa2e1c2701d18d686d87e1cd8426fb97d0241d659a1c672f4b63d99b8156d3f2eccc36b1d7c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    9567d096760f1b7cd3b2fb98724ed32b

                                                                    SHA1

                                                                    b283a0d2ed1ff88a12ae8c41508249ed2f484342

                                                                    SHA256

                                                                    d9874551d3891f60446829fbeff5b2065b20e3191c12f9bc1ce6d66a51f4106c

                                                                    SHA512

                                                                    dd9a41bbe9e5882dca6c0235daa4ceaffea140beb4edd9890dd51a5ea141a95fec4ab10bbaed6d03e67a1c553e5b140694938c44e63d11e78fb18fd5fe3b34c1

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    26a35db2cda96e627425a1b72ab6d0b0

                                                                    SHA1

                                                                    72f724e3cee0ffe7af59022392cf7cb3aca9e3f8

                                                                    SHA256

                                                                    ee6afe2f039a177ed4de2054ba133fb7e541c9909b9ac8a09045d63d63ff6e04

                                                                    SHA512

                                                                    654927b6544f19fa1de3b10982ff727357b91f9d5ac4490296f1f2a9527f1f5881f92ed6f24e69fccad96b37f21cec24eaeb62f13070e3466ad81e2df2eeae15

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    3b9f3af9b7ddd1d5c600d2f2d3c80a90

                                                                    SHA1

                                                                    73f56646a4f0b5226abeee20c1b017ea72ae6782

                                                                    SHA256

                                                                    5a39cfc5cb038de2ee5687b4a8637e4794ab7b466c13309c3b81d39b6c76c401

                                                                    SHA512

                                                                    c9e32f0667eae9958275444f2a9af55e144b43d4a76f7a3c296aa5657813f2f5a04b049fa3bf1d2c8ce1e93ed653f5df135959ab0bad026dde9b1e46acb87bac

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    149152a2f0917eb1bdb62268e7667a54

                                                                    SHA1

                                                                    b24054fac938798ef021e992420d46ed1b7f725d

                                                                    SHA256

                                                                    13adf7a48fcc131181bff9081b758c7d3c7ee26ed384f33cf39ced9a0afbb50f

                                                                    SHA512

                                                                    ceee8b16ea6443f7b20eaa389fc425305ac97fceb8a3523b9b16bc00e0cd5998ebe205894118016106e2ee203e9b18244edc68d8b98ba0efcd7ff43e1a357205

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
                                                                    Filesize

                                                                    175B

                                                                    MD5

                                                                    6153ae3a389cfba4b2fe34025943ec59

                                                                    SHA1

                                                                    c5762dbae34261a19ec867ffea81551757373785

                                                                    SHA256

                                                                    93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

                                                                    SHA512

                                                                    f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
                                                                    Filesize

                                                                    319B

                                                                    MD5

                                                                    d1712bfb5c221cb71972aa4df8902483

                                                                    SHA1

                                                                    8e42adf587c4d6a7fbc8f6e63ab573ba8a404235

                                                                    SHA256

                                                                    5996510e7eaa7a472aaf9614a167260368f09a45e71baf385a8abcaa1557d95b

                                                                    SHA512

                                                                    c8d8852e6cf14bcd4d6e295f62fbffd5710c7ec687cb138f1a33dbf96d384ad636a49176189019c195e2dd9fd78a670876cf2991cdced12fb608fd6a6dcc3de2

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367406511328491
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    f3d3b82d29cf4e5661077d17187443df

                                                                    SHA1

                                                                    75feecf99000b74dcde29786d60666bc017a6954

                                                                    SHA256

                                                                    d55d3983fa1f5ce85b4352bd1b18c1c26ee4ef144b14da040cdb0af1ee7dabdd

                                                                    SHA512

                                                                    7cf57fca78fa5779e0616888efa674f50903a74425eca885ed1ca28cfb80fe758e48ad91d49dcb93a2fedcb728e001bda7209d7dcc98e2b610952b1f6ae7c1e8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
                                                                    Filesize

                                                                    112B

                                                                    MD5

                                                                    2eb175f2766b262292f3c4335a67e383

                                                                    SHA1

                                                                    820de21a000ee2d3cccacf39b0157f57be4adddc

                                                                    SHA256

                                                                    1377bf290cc29a184322ebd8219699a16ec15efa6a95fbb06d0a2de26e497069

                                                                    SHA512

                                                                    99a99b204f884bddf7e5415438c3862f9a2fe0a30f882d791ce035c5686702c685e16681fd5217be85e7442cb521729a60cb44f858e6660d78d6a9b0a642f0e9

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                                    Filesize

                                                                    347B

                                                                    MD5

                                                                    ab75d64edc73b550501215930ccb1e67

                                                                    SHA1

                                                                    0a66eea1ff3551ed704800756788a80112f6542d

                                                                    SHA256

                                                                    bea853fc63154b5de053cfc4a8cd40804ff78990c3640f1e568f2a55e5b14f51

                                                                    SHA512

                                                                    b59633d257102ba9cd7cae75c57d75b0bbdf4661cf6d4b270f112524089723c84c28b9592290819f82086a6c59057475066e535e8244e7583f58f3daf5f7e509

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                                    Filesize

                                                                    323B

                                                                    MD5

                                                                    2f8724fdd7b4aefa42f1514e19a87a77

                                                                    SHA1

                                                                    ac361a8c83958f4555e26e5b1ca27cabc8903333

                                                                    SHA256

                                                                    cb9eedea9810000e338e789435949663d417e55735d41b64bd239158061cef05

                                                                    SHA512

                                                                    d24e5057c7d2fc56ba42d2b76ba197c6f712582cec905a4528c9da85170543f08a1b8bb08a29eb7a5ca6fa8b82c5b52afb3177f1bb0c4609b4c841294db25991

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
                                                                    Filesize

                                                                    20KB

                                                                    MD5

                                                                    89b8a9b7285aa0e973fa6bee80fc9a0a

                                                                    SHA1

                                                                    46a5fc0a4acc6606a054fb121ce6e0b3125b9d4e

                                                                    SHA256

                                                                    6f725a6bdb75a66309e1dc3635f1d9b96485065a752ef4f8e4a5337f3512885e

                                                                    SHA512

                                                                    8cdb8680094ec45b31f5590e09a8bf17f8c2db30205d8fe370d160dc6e21d7860dc883e7d123cd25041551110943439bb1ed179c9eae6a8b74b2dca7698c4b49

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    204B

                                                                    MD5

                                                                    3234ccc59b69799c74fc93e580d98f7f

                                                                    SHA1

                                                                    72b641fff99f0a5632e062162504131ec9facc50

                                                                    SHA256

                                                                    d7d23d66ab3308166d6f205064a776af30c26820a9d3f13dda3b7f016ec1fb66

                                                                    SHA512

                                                                    035f526ea5aa93f37eceecc97b716939cd5f548861ab57f27867730a9bae44668cd9c11355ee6d7993db108b145b1b2afa25534c59cb4e8cf029a27cc83508a7

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    3fddf92518f957a799d8a432a658a58b

                                                                    SHA1

                                                                    c3b06e860591f4c0b57989fedb9485d41c41b7a7

                                                                    SHA256

                                                                    aa6d6d1d8a90b4100e88a935ea34e8d1fdb44bee3acf05aedef87531fed3a8ba

                                                                    SHA512

                                                                    97336c99388e8135f9048b4d87968be061fb4508bae4095f19e140cea877a7724c1310141551479dba503a123368fb37fa55ecbf7fb869cbe02facce5d804806

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
                                                                    Filesize

                                                                    128KB

                                                                    MD5

                                                                    57fa46bdbefeef415c510fb5b3b68f8f

                                                                    SHA1

                                                                    dee719480305a1ad000aea4792784a61a6d447cb

                                                                    SHA256

                                                                    ac6dc30a5fa64c49042cc51c59ee95472d016ea40a5b3e72ad4d848b1aaf86f3

                                                                    SHA512

                                                                    3da1bfef06882da613acc08dc6cc5b5e39a77ec8dcbf8d9db495ec1f8584913a34861dfb6d7b3c2848c403b1dd3f9fc273a04f5574364ec2a0c4ef0bb4f48270

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                    SHA1

                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                    SHA256

                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                    SHA512

                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    aefd77f47fb84fae5ea194496b44c67a

                                                                    SHA1

                                                                    dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                    SHA256

                                                                    4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                    SHA512

                                                                    b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    9e77cbf669d7ff943193af0a9ab9bcc0

                                                                    SHA1

                                                                    d3e1750b05a1475a07ddb55d8f9890d7b507b73a

                                                                    SHA256

                                                                    2edbf342db65d537ad6d65fdc092e3b1c3dff020273392cdd08280fb0c3b24aa

                                                                    SHA512

                                                                    086bcab5dfee0ad9b9ad448451d1f0a6db46383ac25a68c0853f776fd0517354e2ad6e5f81a2d4daab80feb3c2985a1eaea45a8654ba30736c54bf8d50757aa4

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    ba4041f386cf02704b823f0737c159c0

                                                                    SHA1

                                                                    94c951f0f63bf47238cc28a7ecba2ed4d6e7771a

                                                                    SHA256

                                                                    3b97b849bb1580f523af70bb7a883c241cd84c83440b941effb8056edf90778c

                                                                    SHA512

                                                                    ca113cc0d30bbd7915c57fc54a07ccae8313ed56e65e612e61a958a7549ebc89f105dc73c6f5ffc3632d846ff86c249d5e3cd8453e65b9721d76df4a7408df0b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                                                    Filesize

                                                                    319B

                                                                    MD5

                                                                    191c88286e81430dfdb362d29397558b

                                                                    SHA1

                                                                    531605e169bff48e8d3d4f7a6639ee7d4319da25

                                                                    SHA256

                                                                    abcdf9e852e69d630065c37900ff67e3045029d37c25eb25c9b594c7b3dc8e31

                                                                    SHA512

                                                                    0e589abdb6d436d4be425afe7ec8bae4287b3ebca694809011827478191e55eefdf30c5160f81c25a7a0088a149d06bc5c9e4dffbb1cfdd8fdcafaf382f6c242

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                                                    Filesize

                                                                    337B

                                                                    MD5

                                                                    18d174f5da76e5f10a095f88caabf05e

                                                                    SHA1

                                                                    d998525e23a2c0a65d54a0e6f617ca499b4a944c

                                                                    SHA256

                                                                    07a59d1240bb895f0fefaf42f786cceab351c53dc2c0caa485b3dc36d7737086

                                                                    SHA512

                                                                    2470bffea143905705c9bfbc0fc3ef5025f2639b138317006f1a38e8c73517d9e32246d628ceeb61f16ac8a53b2af4853cac8deea9839966a24e8ebe84704b73

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    9939f326c7050a6d9276f5e28e4a2ff2

                                                                    SHA1

                                                                    7b7151f0c382a07af74c30fb04cc77a4d631e456

                                                                    SHA256

                                                                    11067d180c7ad3db0c02c242d3bc235e8c3abb4aa218bfe8d68f511aa2a35806

                                                                    SHA512

                                                                    dcb8d063082c883668319404b7106078fa0387a1305e0bbbc8dc6a66f958e0e96b4728fffebd432df3384d74b0ffd30424e2578cbb4dc3e1f4bc5fc8d76e8e66

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    8a2eb05fe07ea2c810ca9e8ba2854335

                                                                    SHA1

                                                                    bb393d53d7672f997aab65b47b579ece581de584

                                                                    SHA256

                                                                    35a23c31d037b9a617b1fe4bf86a27b3ac75561e13ad658fb80437c80e44359f

                                                                    SHA512

                                                                    5329d3effd731702ce3fa9ccdeebb3ffad8b4fed82b716572d25a0a5e78b5ddd9dbcd1850c78f186000ff5d89613353781fb709dc71dfe80f7ecf7941827e789

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                    Filesize

                                                                    4.0MB

                                                                    MD5

                                                                    0f9b12aa4d1e7d585604e804e3962b59

                                                                    SHA1

                                                                    9f7ea7952349cc0a27ab0e788116075a12f598e7

                                                                    SHA256

                                                                    cdb52eb882d4005bb736f8057de752a19e69e7690a9cb8d21e5fa15576dc488e

                                                                    SHA512

                                                                    0ea95d00628f4f1a501372def1f40758d32fb2b0eca32a0fcecf750ab02a7b856934ded503ac5d17371377ffef0d0c7a5832d91a10f3163b47d4f2af1cf11e3d

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                    Filesize

                                                                    11B

                                                                    MD5

                                                                    b29bcf9cd0e55f93000b4bb265a9810b

                                                                    SHA1

                                                                    e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                    SHA256

                                                                    f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                    SHA512

                                                                    e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    50c26504d421e32577ef30b007f3d6c9

                                                                    SHA1

                                                                    2767a3f18cbe1f705525312c702211ad20865e73

                                                                    SHA256

                                                                    9161fc767429913f08be0d785921e616d8a667da91f64383643de38c1232d23f

                                                                    SHA512

                                                                    d28162ad27a43aedccf39cee99fe6ef0198662a09b3e15d2c319d0f4fb7949d57830472cc961dac6198205258bd16483ac319f34b546cc1132a76810ca9f6a96

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    63fa9dd750e6d9fff353856110169b61

                                                                    SHA1

                                                                    3519fa14eeb706cc9924b2be9515c6362b69ec83

                                                                    SHA256

                                                                    e434213bd51e214a7598ed0e30c7bcde62d54533df5475d9d79c87219fe92458

                                                                    SHA512

                                                                    4282cbf329949ee1ad587482ddc81d2a75cc27d4a95ba35c56a92a64eb2570f99c677c9bbf6027cb7eae9299793492676d210c6ecb8e4525942c3af1f049f07f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    13c9efbb0f6719b815fefd6df2dd1f03

                                                                    SHA1

                                                                    36ff1f430392301bc59d11af50a7fb3385adf94f

                                                                    SHA256

                                                                    1efb425f9d0c468015790927591bb133800772fd11375f5f4af43424f5833f04

                                                                    SHA512

                                                                    3e1f555aafa53d00afcadc85c0dd64bc238946aa0dc1c39f77d99262cb1f3b005a32df0ce57b1b77af5c03f620fd6ec1c068b9f45ebdf2c960c4fa6c31e079c6

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    7ab7043dd757cb2a9790ff26775ca18d

                                                                    SHA1

                                                                    9416e03d5352cf2a15c69e5b461cc6c024089078

                                                                    SHA256

                                                                    dc937f290bf48e29892a5a7bf5deab5d3ac1ef943da032f7f4f886cae315c42a

                                                                    SHA512

                                                                    1fe3df205c55aa5ce3af6f3aa77abe382e5fdf0f9f726036db6ebef8071f0e5c715533f40fa826b305d90cd756f1d39d29b59803654de200783cf91962330655

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    380f795b11b7818307051eecbddc7abb

                                                                    SHA1

                                                                    1ae148395dadaa95bf45f480b39a3c0668fcf77f

                                                                    SHA256

                                                                    f16b5192f6afa8dc9257b86ed11f2154e10be0e203bb5fdbdda054ba68c32030

                                                                    SHA512

                                                                    b6052149bed2cb8b40f11e482eed3f26f13310e5d8a0dda9460e410489a9cb5630228cf651fd775ddc801fbf851c7ea3323916d3b433dd1c24fb5da075d28f1e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    0ad704caaeb2f8c7c5ccb78060af7878

                                                                    SHA1

                                                                    f938271215daf9bd1cbd12c5849425b9f882d6f4

                                                                    SHA256

                                                                    5f0f6cafa2777eb37d66db89e62b0f3d4d24935cf432a162c3fba939bba31f3d

                                                                    SHA512

                                                                    acee91bd2eaa496ef76b18bf4045a50df68f3d4148993ffbbf9972e0b0e19ee4ce4a2ff6f8a13c425cb885969000184a9d56bb627ce3e53a4e83ada7cd154ec5

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    ae1d1e9119679a35707e283a4cf7e2a2

                                                                    SHA1

                                                                    b8a320a3024e1a688e8ea83e009289971dfc7432

                                                                    SHA256

                                                                    6d2827604de933ab316b89ee1edee40c182dc8c79d06ce8e8752d5c649a4d777

                                                                    SHA512

                                                                    415964647f68ffd24a06a466f85f32b143e57b73dd5b2384ca0ed2d20cd57b9d8b4fc7b17b9f32ed638992924b2f4926047333f9499212ffc97c1dca9a7c9c1b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DG8U5NQ5\www.bing[1].xml
                                                                    Filesize

                                                                    17KB

                                                                    MD5

                                                                    cafd9ca61b89c43bb77abb8a45786f45

                                                                    SHA1

                                                                    3e2fc1571583eaeb2d130ac3e3e92fa5a0f86a6a

                                                                    SHA256

                                                                    87846a0c676a1e023f927196a7c49728e106c47408459e1fc7b6283fcff648cc

                                                                    SHA512

                                                                    11cd21d79aa9d3e88249ff9fa6c741f93384631268295de6548a33ce7fed6ca922e9ee5ca47eb19dcbf21575ae997b55d6233b982b0e607e35ffdbe2267e09f5

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DG8U5NQ5\www.bing[1].xml
                                                                    Filesize

                                                                    19KB

                                                                    MD5

                                                                    3fd9e76ca947b100478daa67385b2925

                                                                    SHA1

                                                                    286b9951682760c9bc45281f54ed87f8e3e3df89

                                                                    SHA256

                                                                    6de9c540b1b6631e98b2400331d90feb908f35bfbdf6a2f98f9c28c4ee6e1529

                                                                    SHA512

                                                                    a4ec851c7c782579b2a9fc19c0cfb9c65abbc7ce53708c6ab7a7db24f86f13f8c564fa45df0d172431400bb5c75f043ba90c83c96bfd51f5989cfb7d75320c23

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133674065939370099.txt
                                                                    Filesize

                                                                    70KB

                                                                    MD5

                                                                    7a111e9d9331ec7e57e03997ebc422c3

                                                                    SHA1

                                                                    94e63059fa440a6db81dac47ddb534175c525754

                                                                    SHA256

                                                                    e298ebf73ff66672c2f2f478fa5e0a47b8e277d4ae604bf9511f7d1100e3c6f1

                                                                    SHA512

                                                                    7b0bedf878522969e71b5c93b4496f3a6e911694000d7ab0b0dcb5ed63a2b425445fbf480c0b3a5be64041ff3bc7bc50834af1bfc896ac85d7fb08022eb07cbb

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\is-84GL9.tmp\WinaeroTweaker-1.63.0.0-setup.tmp
                                                                    Filesize

                                                                    3.0MB

                                                                    MD5

                                                                    1f8bc6b583179090e759faa5b1c97430

                                                                    SHA1

                                                                    d8ac7e18aa560acb861b37b13ae5622633bd7830

                                                                    SHA256

                                                                    e960ecec070425603934a878e09329edc9a44f2112bfb90e84b162a654074a67

                                                                    SHA512

                                                                    72244fa43407ae2f88d00cdfa3d8ccdc8da0ea663eb60dbfd37ea355a01f861559cfe20801c1f6898792b9d59d8c265cc941bafcc6ca1dd1c1f37bf23f2f695b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\is-UHENH.tmp\_isetup\_iscrypt.dll
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    a69559718ab506675e907fe49deb71e9

                                                                    SHA1

                                                                    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                                                    SHA256

                                                                    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                                                    SHA512

                                                                    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpCB9F.tmp
                                                                    Filesize

                                                                    914KB

                                                                    MD5

                                                                    5ca7ee29380650c8a4bb78db26fa0061

                                                                    SHA1

                                                                    fdf9190b50fccb07bdf7847de49dfee2b393268a

                                                                    SHA256

                                                                    f7ded57798661b3450d43a6f0b0e825e257da131c4bd196687184292bde06f5a

                                                                    SHA512

                                                                    961285ac676521623ce250abfe505986c2c174fb94fc0dcb0e3763275d59496e39e2eb66ba25e6eb7dc258479dd880fe063d16dec772d07009692a5baa9e202d

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
                                                                    Filesize

                                                                    173KB

                                                                    MD5

                                                                    4bf1f81eafa19d271f2619cda73aab59

                                                                    SHA1

                                                                    c93addea632ec24fd3001cf56c6ca933ba8d394b

                                                                    SHA256

                                                                    7b8fa30b1d7d1097597d233e2ad759f996de33439e0616efe0f8c169e7ffe771

                                                                    SHA512

                                                                    d9f9e49f455ac3f7e6aa80f3846d642375bc201ed8969ae6f6af2cd0156d7d76b26b90649b99c633e88274ec12a024b2895a2db0e12e6aee8d107975b1d65025

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 583648.crdownload
                                                                    Filesize

                                                                    5.2MB

                                                                    MD5

                                                                    455613c0a575bc31a050af6f2418d8fb

                                                                    SHA1

                                                                    225f6311e872a226cb69ccd3055d43d86d598a1f

                                                                    SHA256

                                                                    8b46861abb7266c798b27cd6e4cc95e6e81215870128f892236b7a27dfb02b74

                                                                    SHA512

                                                                    991b204b17a7bb91756479d685e6d53e4cb2c7a399a3a04037154c7ef5363cb720fc2d6d210ab2d76078041acd690adbacd927f77c1b7eb224f23ac5bd611967

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\winaerotweaker.zip:Zone.Identifier
                                                                    Filesize

                                                                    26B

                                                                    MD5

                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                    SHA1

                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                    SHA256

                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                    SHA512

                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                    Download Submit

                                                                  • C:\Users\Public\Desktop\Winaero Tweaker.lnk
                                                                    Filesize

                                                                    939B

                                                                    MD5

                                                                    df5245ec78d7cc9e7f33b6df83e993fe

                                                                    SHA1

                                                                    51046bbef2364116feb4ab6a685fb21a79388c38

                                                                    SHA256

                                                                    e922805e762f36b07694c3c29ada75928ae12dd57c21c204c2a05dc00bd10683

                                                                    SHA512

                                                                    5e584607ac54b455a50a58d290c1a9eeb14ecab6212967ebe9442cb3e6c9ac046e3ce061c7d10f0210c971e68930ae1f2aea311868fde52a810b6ed078b8b51b

                                                                    Download Submit

                                                                  • C:\Windows\Resources\Themes\AEROLI~1.THE
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    88bffb88215262f994cf78bc8d189a48

                                                                    SHA1

                                                                    22bf60e5571312dc328e0192eb074a42d1ab506a

                                                                    SHA256

                                                                    5c74009c27a29a9dc832664016ec38b7121687d328091955232cfb283e0b5d23

                                                                    SHA512

                                                                    310e1d795be902b0c9aa4da1b66c063c7a6bdb77edab1507828b923859ce12131a87f2c744cc536e66a175db7f383f7a8875a1a83aa00d7efc099795d1a29583

                                                                    Download Submit

                                                                  • memory/2396-327-0x000002AC78C70000-0x000002AC78C90000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-258-0x000002AC78070000-0x000002AC78170000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-268-0x000002AC78AD0000-0x000002AC78BD0000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-253-0x000002AC76490000-0x000002AC76590000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-251-0x000002AC76490000-0x000002AC76590000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-284-0x000002AC79320000-0x000002AC79340000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-290-0x000002AC79CB0000-0x000002AC79DB0000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2396-328-0x000002AC79C90000-0x000002AC79CB0000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-348-0x000002AC7ABB0000-0x000002AC7ABD0000-memory.dmp

                                                                    Filesize

                                                                    128KB

                                                                    Download

                                                                  • memory/2396-516-0x000002AC7D040000-0x000002AC7D140000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/2600-193-0x0000000000400000-0x0000000000713000-memory.dmp

                                                                    Filesize

                                                                    3.1MB

                                                                    Download

                                                                  • memory/2600-187-0x0000000000400000-0x0000000000713000-memory.dmp

                                                                    Filesize

                                                                    3.1MB

                                                                    Download

                                                                  • memory/2600-130-0x0000000000400000-0x0000000000713000-memory.dmp

                                                                    Filesize

                                                                    3.1MB

                                                                    Download

                                                                  • memory/2916-219-0x000002A6E5980000-0x000002A6E59A2000-memory.dmp

                                                                    Filesize

                                                                    136KB

                                                                    Download

                                                                  • memory/3636-749-0x0000000004C20000-0x0000000004C21000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                    Download

                                                                  • memory/3928-748-0x0000000004FF0000-0x0000000004FF1000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                    Download

                                                                  • memory/4272-129-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                    Filesize

                                                                    864KB

                                                                    Download

                                                                  • memory/4272-110-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                    Filesize

                                                                    864KB

                                                                    Download

                                                                  • memory/4272-195-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                    Filesize

                                                                    864KB

                                                                    Download

                                                                  • memory/4920-185-0x00000223970D0000-0x0000022397600000-memory.dmp

                                                                    Filesize

                                                                    5.2MB

                                                                    Download

                                                                  • memory/4920-188-0x00000223B1CB0000-0x00000223B1EE0000-memory.dmp

                                                                    Filesize

                                                                    2.2MB

                                                                    Download

                                                                  • memory/4920-192-0x00000223B1AF0000-0x00000223B1B60000-memory.dmp

                                                                    Filesize

                                                                    448KB

                                                                    Download

                                                                  • memory/4920-194-0x0000022397A30000-0x0000022397A36000-memory.dmp

                                                                    Filesize

                                                                    24KB

                                                                    Download

                                                                  We care about your privacy.

                                                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.