Analysis Overview
Threat Level: Known bad
The file https://nezur.app/ was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Cobalt Strike reflective loader
Contains code to disable Windows Defender
Event Triggered Execution: Image File Execution Options Injection
Drops file in Drivers directory
Boot or Logon Autostart Execution: Active Setup
Downloads MZ/PE file
Sets service image path in registry
Creates new service(s)
Loads dropped DLL
Checks BIOS information in registry
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Enumerates connected drives
Adds Run key to start application
Checks for any installed AV software in registry
Installs/modifies Browser Helper Object
Checks installed software on the system
Modifies powershell logging option
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Checks whether UAC is enabled
Looks up external IP address via web service
Checks system information in the registry
AutoIT Executable
Drops file in System32 directory
Enumerates processes with tasklist
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
NSIS installer
Uses Volume Shadow Copy WMI provider
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Opens file in notepad (likely ransom note)
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Delays execution with timeout.exe
NTFS ADS
Script User-Agent
System policy modification
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Scheduled Task/Job: Scheduled Task
Checks processor information in registry
Modifies system certificate store
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-24 14:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 14:59
Reported
2024-08-24 15:19
Platform
win10v2004-20240802-en
Max time kernel
1200s
Max time network
1201s
Command Line
Signatures
Cobalt Strike reflective loader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Cobaltstrike
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\128.0.2739.42\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\MicrosoftEdgeUpdate.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AviraOptimizerHost\ImagePath = "\"C:\\Program Files (x86)\\Avira\\Optimizer Host\\Avira.OptimizerHost.exe\"" | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-G5E9N.tmp\activator-2.0-installer_tOPS-j1.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_51192115.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files\McAfee\WebAdvisor\UIHost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\File_001.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Avira\Security\UserInterface | C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\AutomaticRestart | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\GuardOptimizedEntries | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "4" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedSoftwareUpdater = "true" | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "79" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Date = 09005400060003001400530006001d0002000400 | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\UILanguage | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\BootOptimizer | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\General | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\MyA | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Installed | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\RegistryCleaner | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\StartDelay | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\ExternalNamedPipe = "Avira.ExternalCommunicationTaskPipe" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "42" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Subscription | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "81" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\CleanupDelayed | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UploadAllErrorReports | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "15" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\General | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\UserInterface | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\LicenseState = "free" | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "2" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\DesktopCleaner | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Detect_HDD0_SSD1 | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\LicenseState | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings\Installed | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface\UiLanguage | C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\UpdateBridgeEnvironment | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedBackendCommunication = "true" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedOpswatSdk = "true" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "51" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Name | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Value | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UploadErrorReports | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\JunkCleaner | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Subscription | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Serial | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Check | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Beta | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Launcher | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "8" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "68" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Value | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\LogToFile | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Number | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\SentryProject | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "0" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\MyA | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | href.li | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | href.li | N/A | N/A |
| N/A | href.li | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Modifies powershell logging option
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_628C24E6093BD8689234B284FA0C5088 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_F05D3660043254C832D7781D582836B2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7850C7BAFAC9456B4B92328A61976502_38590CBD9D46EC592DBE935F05B25EE1 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_72BCADB7EE100ECA692C6EC1A866B75B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_38590CBD9D46EC592DBE935F05B25EE1 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_72BCADB7EE100ECA692C6EC1A866B75B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_628C24E6093BD8689234B284FA0C5088 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_F05D3660043254C832D7781D582836B2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49855FCDFA62840A2838AEF1EFAC3C9B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49855FCDFA62840A2838AEF1EFAC3C9B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Avira.Spotlight.Service.Worker.exe.log | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\vcruntime140_1.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Avira\System Speedup\de-DE\is-DEUF1.tmp | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sv-SE.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-el-GR.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\af.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Trust Protection Lists\Sigma\Content | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Locales\mt.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1852461143\installer.exe | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1852461143\jslang\eula-nl-NL.txt | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\installer.exe | N/A |
| File created | C:\Program Files (x86)\Avira\Security\is-965GS.tmp | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| File created | C:\Program Files (x86)\Avira\Security\is-0A4VO.tmp | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sk-SK.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logicmodule.dll | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Locales\kok.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\ms.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1852461143\jslang\wa-res-install-sk-SK.js | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\installer.exe | N/A |
| File created | C:\Program Files (x86)\Avira\System Speedup\is-E2QJN.tmp | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exe | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\win10\identity_helper.Sparse.Internal.msix | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Trust Protection Lists\Sigma\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Avira\Security\is-M3BDH.tmp | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| File created | C:\Program Files (x86)\Avira\Security\is-DPJ0L.tmp | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Trust Protection Lists\Sigma\Content | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Linq.Queryable.dll | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dll | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\BHO\ie_to_edge_bho_64.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Avira\Security\is-G9EPO.tmp | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\microsoft_shell_integration.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Linq.Expressions.dll | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ko-KR.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\installdate.luc | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\msspstatus.luc | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files (x86)\Avira\Security\zh-CN\is-N6JPU.tmp | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.html | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\win10\identity_helper.Sparse.Dev.msix | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\logging.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files (x86)\Avira\System Speedup\sdf\is-7B0JC.tmp | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\throttle_store.dat | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.NonGeneric.dll | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\pa.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1852461143\jslang\wa-res-shared-fr-FR.js | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\installer.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\msedgeupdateres_bg.dll | C:\Users\Admin\AppData\Local\Temp\.CR.3696\9a189f29-3951-48fb-b4bf-6198b634b3dc\MicrosoftEdgeWebView2RuntimeInstallerX64.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\error_transmitter.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-checkbox-checked.png | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Drawing.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8632_13368986239140090_8632.pma | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Avira\System Speedup\is-V8FOB.tmp | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\ug.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ru-RU.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hr-HR.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-ES.js | C:\Program Files\McAfee\Temp1852461143\installer.exe | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\throttle_store.dat | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Avira\Security\is-EQGTA.tmp | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pl.pak | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dll | C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\New folder | C:\Users\Admin\Downloads\Steam.exe | N/A |
| File created | C:\Windows\Fonts\is-4FMFM.tmp | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.CR.3696\88b9bff8-46b8-43da-8a61-449a9d4f22d2\avira_system_speedup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-0O9PV.tmp\Avira_Optimizer_Host.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\memz-destructive.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-5UK5T.tmp\Avira_Optimizer_Host.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.CR.3696\797675de-6127-4034-b474-f575117fa231\avira_spotlight_setup_lavasoft.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\File_001.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-G5E9N.tmp\activator-2.0-installer_tOPS-j1.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.CR.3696\ACSSignedIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\activator-2.0-installer_tOPS-j1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\memz-destructive.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\trojan\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\avira__sptl1___lavasoft.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\ACSSignedIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\setup-.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-G5E9N.tmp\activator-2.0-installer_tOPS-j1.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \Registry\Machine\Hardware\Description\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-G5E9N.tmp\activator-2.0-installer_tOPS-j1.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\128.0.2739.42\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Avira.Spotlight.UI.Application.exe = "11001" | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\128.0.2739.42\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\Avira.Spotlight.UI.Application.exe = "1" | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000 | C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\System32\NOTEPAD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Drive\shellex\DragDropHandlers | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\launcherVersion = "1.3.0.0" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Windows\System32\NOTEPAD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\7zip\\7-zip.dll" | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Desktop\Setup_02024.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\ProgId\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Windows\System32\NOTEPAD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\bootstrapperRebootPending = "0" | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343114000000010000001400000055e481d11180bed889b908a331f9a1240916b970040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b68851868140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b434719014000000010000001400000055e481d11180bed889b908a331f9a1240916b970030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34310f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d819000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c0000000100000004000000001000000400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a00300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a03000000010000001400000002faf3e291435468607857694df5e45b688518680f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343114000000010000001400000055e481d11180bed889b908a331f9a1240916b97020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 14000000010000001400000055e481d11180bed889b908a331f9a1240916b970030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34310f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d820000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b434719014000000010000001400000055e481d11180bed889b908a331f9a1240916b970030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34310f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d819000000010000001000000091fad483f14848a8a69b18b805cdbb3a5c00000001000000040000000008000020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343114000000010000001400000055e481d11180bed889b908a331f9a1240916b970040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 | C:\Users\Admin\AppData\Local\setup51192115.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 619762.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 463334.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 578302.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 950218.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Steam.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nezur.app/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4176 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4 0x3cc
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,8847716591045204346,18243752733858838018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" /p C:\Users\Admin\Desktop\Nezur\Launcher.bat
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Nezur\Launcher.bat" "
C:\Users\Admin\Desktop\Nezur\compiler.exe
compiler.exe config
C:\Users\Admin\Desktop\Nezur\compiler.exe
"C:\Users\Admin\Desktop\Nezur\compiler.exe"
C:\Users\Admin\Desktop\Nezur\compiler.exe
"C:\Users\Admin\Desktop\Nezur\compiler.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,12927610950612197756,2690328544505944733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
C:\Users\Admin\Desktop\Nezur.exe
"C:\Users\Admin\Desktop\Nezur.exe"
C:\Users\Admin\Desktop\Nezur.exe
"C:\Users\Admin\Desktop\Nezur.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,2637315039364218182,10007424117297434165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Users\Admin\Desktop\Setup_02024.exe
"C:\Users\Admin\Desktop\Setup_02024.exe"
C:\Users\Admin\Desktop\Setup_02024.exe
"C:\Users\Admin\Desktop\Setup_02024.exe"
C:\Users\Admin\Desktop\Setup_02024.exe
"C:\Users\Admin\Desktop\Setup_02024.exe"
C:\Users\Admin\Desktop\Setup_02024.exe
"C:\Users\Admin\Desktop\Setup_02024.exe"
C:\Users\Admin\Desktop\Setup_02024.exe
"C:\Users\Admin\Desktop\Setup_02024.exe"
C:\Users\Admin\Desktop\Setup_02024.exe
"C:\Users\Admin\Desktop\Setup_02024.exe"
C:\Users\Admin\Desktop\Setup_02024.exe
"C:\Users\Admin\Desktop\Setup_02024.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_51192115.exe
"C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_51192115.exe"
C:\Users\Admin\AppData\Local\setup51192115.exe
C:\Users\Admin\AppData\Local\setup51192115.exe hhwnd=721472 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-8jA2z
C:\Users\Admin\AppData\Local\setup51192115.exe
C:\Users\Admin\AppData\Local\setup51192115.exe hready
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "PID eq 4456" /fo csv
C:\Windows\SysWOW64\find.exe
find /I "4456"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\avira__sptl1___lavasoft.exe
"avira__sptl1___lavasoft.exe" Silent=true AcceptEula=true LaunchUi=true
C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.3696\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira__sptl1___lavasoft.exe Silent=true AcceptEula=true LaunchUi=true
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /Xml "C:\Users\Admin\AppData\Local\Temp\.CR.28096\Avira_Security_Installation.xml" /F /TN "Avira_Security_Installation"
C:\Users\Admin\AppData\Local\Temp\.CR.3696\ACSSignedIC.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\ACSSignedIC.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe --silent --allusers=0 --server-tracking-blob=YmIzNmJhOThjZTQ5OTljMDQ4ZmJiN2RjMTllNjRmYmExNWYxNDU0MzMxOWNmNmQyYmJhY2YyMzU5MjEzOTBiMTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0wYzE5NTUyYTM3NjQ0NTljYjM2N2I2NjNkYTBlMGZiYiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MjQ1MTE5NTguNjc5MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiMGMxOTU1MmEzNzY0NDU5Y2IzNjdiNjYzZGEwZTBmYmIiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJhMzA3N2M3ZC03MmQ2LTQ0ZTgtYmQzNC0zOGY2ZjMwMzE5NmIifQ==
C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.104 --initial-client-data=0x334,0x338,0x33c,0x330,0x340,0x6a8b1b54,0x6a8b1b60,0x6a8b1b6c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=364 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240824150605" --session-guid=3ff39a47-b094-4f1c-9b8e-ffb36f635a23 --server-tracking-blob=N2U0OGI1MDg4OGRmZDliNTQ2YzRlMmUxMDIxODNiOGI1NTdhODcxZDhhZTFjMTlmNWVkNGZlMzAzNmE2NTY4ODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0wYzE5NTUyYTM3NjQ0NTljYjM2N2I2NjNkYTBlMGZiYiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyNDUxMTk1OC42NzkyIiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiIwYzE5NTUyYTM3NjQ0NTljYjM2N2I2NjNkYTBlMGZiYiIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImEzMDc3YzdkLTcyZDYtNDRlOC1iZDM0LTM4ZjZmMzAzMTk2YiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1406000000000000
C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS43586F3D\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.104 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x69ad1b54,0x69ad1b60,0x69ad1b6c
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\How To use Evon.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0xd04f48,0xd04f58,0xd04f64
C:\Users\Admin\AppData\Local\setup51192115.exe
"C:\Users\Admin\AppData\Local\setup51192115.exe"
C:\Users\Admin\AppData\Local\setup51192115.exe
"C:\Users\Admin\AppData\Local\setup51192115.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "PID eq 4956" /fo csv
C:\Windows\SysWOW64\find.exe
find /I "4956"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Users\Admin\AppData\Local\OperaGX.exe
"C:\Users\Admin\AppData\Local\OperaGX.exe"
C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe --server-tracking-blob=YmIzNmJhOThjZTQ5OTljMDQ4ZmJiN2RjMTllNjRmYmExNWYxNDU0MzMxOWNmNmQyYmJhY2YyMzU5MjEzOTBiMTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0wYzE5NTUyYTM3NjQ0NTljYjM2N2I2NjNkYTBlMGZiYiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MjQ1MTE5NTguNjc5MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiMGMxOTU1MmEzNzY0NDU5Y2IzNjdiNjYzZGEwZTBmYmIiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJhMzA3N2M3ZC03MmQ2LTQ0ZTgtYmQzNC0zOGY2ZjMwMzE5NmIifQ==
C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC89EB75E\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.104 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x68651b54,0x68651b60,0x68651b6c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xd64f48,0xd64f58,0xd64f64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8136 /prefetch:8
C:\Users\Admin\Downloads\File_001.exe
"C:\Users\Admin\Downloads\File_001.exe"
C:\Users\Admin\AppData\Local\setup-.exe
C:\Users\Admin\AppData\Local\setup-.exe hhwnd=721706 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-error
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "PID eq 6052" /fo csv
C:\Windows\SysWOW64\find.exe
find /I "6052"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Users\Admin\AppData\Local\setup-.exe
C:\Users\Admin\AppData\Local\setup-.exe hready
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4880 -ip 4880
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 3476
C:\Users\Admin\Downloads\Steam.exe
"C:\Users\Admin\Downloads\Steam.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7892 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\.CR.3696\9a189f29-3951-48fb-b4bf-6198b634b3dc\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\9a189f29-3951-48fb-b4bf-6198b634b3dc\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU934B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUY4MUM5QUUtMENFQy00NzBBLTg4MjUtOTlBOTBGM0VDQzAzfSIgdXNlcmlkPSJ7OTRBNkQxQUYtRjJCQy00M0ZCLTkzNkYtQTk2QjBBNjQ1MkEyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5RjdCOEU5NS1ERDEwLTRCMDgtOTUzOC03QTk4QTUwMkM4MjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODI2MjYyMzcwIiBpbnN0YWxsX3RpbWVfbXM9IjY4MSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{EF81C9AE-0CEC-470A-8825-99A90F3ECC03}" /silent /offlinedir "{177F6789-A4F9-42BE-A6F1-48C5C35FD090}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUY4MUM5QUUtMENFQy00NzBBLTg4MjUtOTlBOTBGM0VDQzAzfSIgdXNlcmlkPSJ7OTRBNkQxQUYtRjJCQy00M0ZCLTkzNkYtQTk2QjBBNjQ1MkEyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTgzRDBGOEUtNTg4My00OEM0LTg1OTAtMUFGMDg5QzVGQzc2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzIyNjAyNjYyIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjcwNzUyODYxNDQyNzM1Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4Mjk1MDAwNTkiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\MicrosoftEdgeWebview_X64_128.0.2739.42.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\MicrosoftEdgeWebview_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\MicrosoftEdgeWebview_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E69B4D74-6D9C-4D90-A8C0-4759F01D4B0E}\EDGEMITMP_80165.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6c67006d8,0x7ff6c67006e4,0x7ff6c67006f0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4 0x3cc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUY4MUM5QUUtMENFQy00NzBBLTg4MjUtOTlBOTBGM0VDQzAzfSIgdXNlcmlkPSJ7OTRBNkQxQUYtRjJCQy00M0ZCLTkzNkYtQTk2QjBBNjQ1MkEyfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7MUFBMTFBMDktRUFCNS00ODRDLUJERDctRDczOTc3NUMzNzlDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0o3VmlaamJOeXgxR1ZySFcrUmQvUGdWaXpuRit0cXhpVXRXWG9GdEloZlU9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyOC4wLjI3MzkuNDIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODQ0MTgyMjg1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4NDQ2NTEwMzAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg1OTQ5NzU2MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODc5Nzk1MzIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTM2MzM4MjYxMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlZD0iMTczNzUwMzQ0IiB0b3RhbD0iMTczNzUwMzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMSIgaW5zdGFsbF90aW1lX21zPSI0ODM1OCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Users\Admin\AppData\Local\Temp\.CR.3696\797675de-6127-4034-b474-f575117fa231\avira_spotlight_setup_lavasoft.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\797675de-6127-4034-b474-f575117fa231\avira_spotlight_setup_lavasoft.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240824151039789.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V4
C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp
"C:\Users\Admin\AppData\Local\Temp\is-12NT9.tmp\avira_spotlight_setup_lavasoft.tmp" /SL5="$1A0060,34139612,924672,C:\Users\Admin\AppData\Local\Temp\.CR.3696\797675de-6127-4034-b474-f575117fa231\avira_spotlight_setup_lavasoft.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240824151039789.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create AviraSecurityUpdater DisplayName= "Avira Security Updater" binPath= "\"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe\"" start= delayed-auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" description AviraSecurityUpdater "Avira Security Updater"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Update /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-9KMHL.tmp\UpdateFallbackTask.xml"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Service_SCM_Watchdog /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-9KMHL.tmp\WatchdogServiceControlManagerTimeout.xml"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Systray /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-9KMHL.tmp\SystrayAutostart.xml"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Maintenance /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-9KMHL.tmp\MaintenanceTask.xml"
C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\avira__sptl1___lavasoft.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\avira__sptl1___lavasoft.exe" Action=RegisterFallbackUpdater AllowMultipleInstances=true UnpackInCurrentDirectory=true
C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira__sptl1___lavasoft.exe Action=RegisterFallbackUpdater AllowMultipleInstances=true
C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\ACSSignedIC.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\ACSSignedIC.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Avira_Security_Installation"
C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.ReportingTool.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\.CR.26015\Avira.Spotlight.Bootstrapper.ReportingTool.exe" /TrackUnsentEvents
C:\Users\Admin\AppData\Local\Temp\.CR.3696\88b9bff8-46b8-43da-8a61-449a9d4f22d2\avira_system_speedup.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.3696\88b9bff8-46b8-43da-8a61-449a9d4f22d2\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240824151047576.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=lavasoft /Spotlight
C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6TAKU.tmp\avira_system_speedup.tmp" /SL5="$160028,35699068,916992,C:\Users\Admin\AppData\Local\Temp\.CR.3696\88b9bff8-46b8-43da-8a61-449a9d4f22d2\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240824151047576.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=lavasoft /Spotlight
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /F /TN AviraSystemSpeedupRemoval
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" -umh
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C copy "C:\Users\Admin\AppData\Local\Temp\.CR.3696\88b9bff8-46b8-43da-8a61-449a9d4f22d2\avira_system_speedup.exe" "C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /F /RU System /SC WEEKLY /TN AviraSystemSpeedupVerify /TR "\"C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe\" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART" /RL HIGHEST
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -validatelicense
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -initbootoptimizer
C:\Users\Admin\AppData\Local\Temp\is-0O9PV.tmp\Avira_Optimizer_Host.exe
"C:\Users\Admin\AppData\Local\Temp\is-0O9PV.tmp\Avira_Optimizer_Host.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-5UK5T.tmp\Avira_Optimizer_Host.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5UK5T.tmp\Avira_Optimizer_Host.tmp" /SL5="$C025C,1552217,832512,C:\Users\Admin\AppData\Local\Temp\is-0O9PV.tmp\Avira_Optimizer_Host.exe" /VERYSILENT
C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe" /Install /Silent
C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2449078124867217269,14544540033218311608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12104 /prefetch:8
C:\Users\Admin\Downloads\activator-2.0-installer_tOPS-j1.exe
"C:\Users\Admin\Downloads\activator-2.0-installer_tOPS-j1.exe"
C:\Users\Admin\AppData\Local\Temp\is-G5E9N.tmp\activator-2.0-installer_tOPS-j1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-G5E9N.tmp\activator-2.0-installer_tOPS-j1.tmp" /SL5="$1301C8,839193,832512,C:\Users\Admin\Downloads\activator-2.0-installer_tOPS-j1.exe"
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component0.exe
"C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component0.exe" -ip:"dui=dd06e985-ac7f-4567-b0c7-3752f03c29fc&dit=20240824151222&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=58f9&a=100&b=&se=true" -i
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\ij0ywfbg.exe
"C:\Users\Admin\AppData\Local\Temp\ij0ywfbg.exe" /silent
C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 1576
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 1576
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\installer.exe
"C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp1852461143\installer.exe
"C:\Program Files\McAfee\Temp1852461143\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe"
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe" HandleServiceControlManagerEvent 7000
C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe" HandleServiceControlManagerEvent 7000
\??\c:\program files\reasonlabs\epp\rsHelper.exe
"c:\program files\reasonlabs\epp\rsHelper.exe"
\??\c:\program files\reasonlabs\EPP\ui\EPP.exe
"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1704 --field-trial-handle=1708,i,4598515899156131889,2394479427073960643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2084 --field-trial-handle=1708,i,4598515899156131889,2394479427073960643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2296 --field-trial-handle=1708,i,4598515899156131889,2394479427073960643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\program files\reasonlabs\epp\rsLitmus.A.exe
"C:\program files\reasonlabs\epp\rsLitmus.A.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3324 --field-trial-handle=1708,i,4598515899156131889,2394479427073960643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,117772236002083961,18128202115422140582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:8
C:\Users\Admin\Desktop\trojan\trojan.exe
"C:\Users\Admin\Desktop\trojan\trojan.exe"
C:\Users\Admin\Desktop\trojan\trojan.exe
"C:\Users\Admin\Desktop\trojan\trojan.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Users\Admin\Desktop\trojan\VC_redist.x64.exe
"C:\Users\Admin\Desktop\trojan\VC_redist.x64.exe"
C:\Windows\Temp\{5E83B06E-EECA-4E4E-8D0A-84480FB015C4}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{5E83B06E-EECA-4E4E-8D0A-84480FB015C4}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Desktop\trojan\VC_redist.x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576
C:\Users\Admin\Desktop\trojan\trojan.exe
"C:\Users\Admin\Desktop\trojan\trojan.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3296 --field-trial-handle=1708,i,4598515899156131889,2394479427073960643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6600 /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3672 --field-trial-handle=1708,i,4598515899156131889,2394479427073960643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3770530220578275544,4398358227431777785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
"C:\Program Files\ReasonLabs\EPP\ui\EPP.exe" --focused
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "C:\Program Files\ReasonLabs\EPP\ui\app.asar" --engine-path="C:\Program Files\ReasonLabs\EPP" --focused
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1684 --field-trial-handle=1692,i,10125790033910739776,4211344258368668006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --mojo-platform-channel-handle=1792 --field-trial-handle=1692,i,10125790033910739776,4211344258368668006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\Downloads\memz-destructive.exe
"C:\Users\Admin\Downloads\memz-destructive.exe"
C:\Users\Admin\Downloads\memz-destructive.exe
"C:\Users\Admin\Downloads\memz-destructive.exe"
C:\Users\Admin\Downloads\memz-destructive.exe
"C:\Users\Admin\Downloads\memz-destructive.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\MicrosoftEdge_X64_128.0.2739.42.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff61fec06d8,0x7ff61fec06e4,0x7ff61fec06f0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,4997971316052789249,3915621856450607500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\elevation_service.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --rename-msedge-exe --system-level --verbose-logging --msedge --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1B63E94B-5468-47FC-87AC-7C445EAB225F}\EDGEMITMP_843ED.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff61fec06d8,0x7ff61fec06e4,0x7ff61fec06f0
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x234,0x238,0x23c,0x78,0x240,0x7ff7ac9406d8,0x7ff7ac9406e4,0x7ff7ac9406f0
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7ac9406d8,0x7ff7ac9406e4,0x7ff7ac9406f0
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --msedge --channel=stable --delete-old-versions --system-level --verbose-logging
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7ac9406d8,0x7ff7ac9406e4,0x7ff7ac9406f0
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7ac9406d8,0x7ff7ac9406e4,0x7ff7ac9406f0
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7ac9406d8,0x7ff7ac9406e4,0x7ff7ac9406f0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2bc,0x2f4,0x7ffaf85f9fd8,0x7ffaf85f9fe4,0x7ffaf85f9ff0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2072,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2080,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2600,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3632,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3720,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4716,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3592,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5596,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5488,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5724,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=6172,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=6176,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=6652,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6680,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6996,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=7092,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7448,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7436,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7780,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5444,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6120,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7580,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5140,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.42\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5140,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5976,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3960,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5688,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7664,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5676,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7740,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7828,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3624,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7508,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7512,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7644,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7620,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=4436,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzU4RjhDNzctOUEyNi00N0E3LUFEQzMtODM3MEIyQjc3NjE5fSIgdXNlcmlkPSJ7OTRBNkQxQUYtRjJCQy00M0ZCLTkzNkYtQTk2QjBBNjQ1MkEyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswMkE4RDU1Mi1CRDczLTRCMDctOTk3MS1CQ0U1ODIwQzEwM0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9JTVCJTIyLXRhcmdldF9kZXYlMjIlNUQiIGluc3RhbGxhZ2U9IjIyIiBjb2hvcnQ9InJyZkAwLjY0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjIyIiByZD0iNjQyMyIgcGluZ19mcmVzaG5lc3M9Ins0M0Y5NEE4MS1GNjY4LTQ2NzAtODQ4Qy1EMzJGMjI2REU5QjV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI4LjAuMjczOS40MiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIyMiIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY4OTg2MTA3MTIzMDgxMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwOTcwNzc4ODMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwOTcxOTc4MzQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1Mjc2MzQ3Nzk5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYjBmNzMxY2UtZjcwNi00YzgxLTkwNmUtYTA1YWEwMzQ3NTdkP1AxPTE3MjUxMTczMTMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VFBCQnlnWWhadkFiZHNDeTVpNURoVUQ4cFRBejRMMXA3Smt5QmpmQ1UlMmZPZ0VITUlJZHFreHJqbWxaSXpoQmcxYTVFaVI4TUJjQmpmQ2JGSjBiVWc5ZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTI3NjM2NzgwMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYjBmNzMxY2UtZjcwNi00YzgxLTkwNmUtYTA1YWEwMzQ3NTdkP1AxPTE3MjUxMTczMTMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VFBCQnlnWWhadkFiZHNDeTVpNURoVUQ4cFRBejRMMXA3Smt5QmpmQ1UlMmZPZ0VITUlJZHFreHJqbWxaSXpoQmcxYTVFaVI4TUJjQmpmQ2JGSjBiVWc5ZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mzc1MDM0NCIgdG90YWw9IjE3Mzc1MDM0NCIgZG93bmxvYWRfdGltZV9tcz0iMTE1MDMwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1Mjc2Mzg3NzE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1MjkyMzk3OTM1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTc0MTQyODE2MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEzMzQiIGRvd25sb2FkX3RpbWVfbXM9IjExNzg2NSIgZG93bmxvYWRlZD0iMTczNzUwMzQ0IiB0b3RhbD0iMTczNzUwMzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDg5NyIvPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMjIiIHI9IjIyIiBhZD0iNjQyMyIgcmQ9IjY0MjMiIHBpbmdfZnJlc2huZXNzPSJ7QkYyNzI2MDUtREVENy00MDUzLUEwRkItMDkwMUIyMDg5RUM2fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjguMC4yNzM5LjQyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC42NyI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezFBNDgzRTNGLUNGNjQtNDM3RS1BNzYyLTU2RkM4QzREMTUxNX0iLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6008,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=8032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6760,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6372,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5628,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=7088,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=3980,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6316,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6908,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=6180,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=2444,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=8412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7584,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6320,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=3988,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=8204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7840,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5180,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3912,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=8604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7232,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8008,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=8604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6336,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=8536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8548,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3844,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6376,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7040,i,12477059255095218598,17719772806537686033,262144 --variations-seed-version --mojo-platform-channel-handle=8064 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nezur.app | udp |
| US | 104.21.63.64:443 | nezur.app | tcp |
| US | 8.8.8.8:53 | 64.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| GB | 18.245.162.13:443 | assets-global.website-files.com | tcp |
| GB | 18.245.162.13:443 | assets-global.website-files.com | tcp |
| GB | 18.245.162.13:443 | assets-global.website-files.com | tcp |
| GB | 18.245.162.13:443 | assets-global.website-files.com | tcp |
| GB | 18.245.162.13:443 | assets-global.website-files.com | tcp |
| GB | 18.245.162.13:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| GB | 18.244.114.33:443 | assets.website-files.com | tcp |
| GB | 18.244.114.33:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| PL | 77.73.129.64:80 | 77.73.129.64 | tcp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.129.73.77.in-addr.arpa | udp |
| GB | 95.101.129.218:443 | www.bing.com | tcp |
| GB | 95.101.129.218:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 218.129.101.95.in-addr.arpa | udp |
| GB | 95.101.129.218:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | nezur.org | udp |
| MD | 213.232.235.119:80 | nezur.org | tcp |
| MD | 213.232.235.119:80 | nezur.org | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.235.232.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | startertemplatecloud.com | udp |
| MD | 213.232.235.119:80 | nezur.org | tcp |
| MD | 213.232.235.119:80 | nezur.org | tcp |
| MD | 213.232.235.119:80 | nezur.org | tcp |
| MD | 213.232.235.119:80 | nezur.org | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | 118.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.240.56.149.in-addr.arpa | udp |
| MD | 213.232.235.119:443 | nezur.org | tcp |
| MD | 213.232.235.119:443 | nezur.org | tcp |
| US | 8.8.8.8:53 | nezur.io | udp |
| US | 172.67.74.136:443 | nezur.io | tcp |
| US | 8.8.8.8:53 | 136.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 95.101.129.202:443 | www.bing.com | udp |
| GB | 95.101.129.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 202.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | softlay.com | udp |
| US | 172.67.149.193:80 | softlay.com | tcp |
| US | 172.67.149.193:80 | softlay.com | tcp |
| US | 172.67.149.193:443 | softlay.com | tcp |
| US | 8.8.8.8:53 | www.softlay.com | udp |
| US | 8.8.8.8:53 | 193.149.67.172.in-addr.arpa | udp |
| US | 104.21.95.246:443 | www.softlay.com | udp |
| US | 8.8.8.8:53 | fryboldlymalice.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 192.243.59.12:443 | fryboldlymalice.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 12.59.243.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.215.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | softlay.disqus.com | udp |
| US | 199.232.192.134:443 | softlay.disqus.com | tcp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| GB | 13.224.132.2:443 | c.disquscdn.com | tcp |
| US | 151.101.128.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| GB | 18.245.187.41:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 2.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.128.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 192.243.59.12:443 | fryboldlymalice.com | tcp |
| NL | 178.132.2.122:443 | ss2.softlay.com | tcp |
| NL | 178.132.2.122:443 | ss2.softlay.com | tcp |
| US | 8.8.8.8:53 | 122.2.132.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apponlineboutique.com | udp |
| N/A | 127.0.0.1:60912 | tcp | |
| US | 104.21.54.89:443 | apponlineboutique.com | tcp |
| US | 8.8.8.8:53 | 89.54.21.104.in-addr.arpa | udp |
| US | 104.21.54.89:443 | apponlineboutique.com | tcp |
| N/A | 127.0.0.1:61138 | tcp | |
| US | 104.21.54.89:443 | apponlineboutique.com | tcp |
| US | 104.21.54.89:443 | apponlineboutique.com | tcp |
| US | 104.21.54.89:443 | apponlineboutique.com | tcp |
| US | 104.21.54.89:443 | apponlineboutique.com | tcp |
| US | 104.21.54.89:443 | apponlineboutique.com | tcp |
| N/A | 127.0.0.1:61364 | tcp | |
| N/A | 127.0.0.1:61373 | tcp | |
| N/A | 127.0.0.1:61793 | tcp | |
| N/A | 127.0.0.1:61829 | tcp | |
| N/A | 127.0.0.1:61834 | tcp | |
| GB | 88.221.135.33:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.129.234:443 | th.bing.com | tcp |
| GB | 95.101.129.234:443 | th.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| US | 104.21.60.113:443 | filedm.com | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| GB | 95.101.143.219:443 | r.bing.com | udp |
| GB | 95.101.129.234:443 | th.bing.com | udp |
| GB | 95.101.129.234:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | evon.cc | udp |
| US | 104.21.27.176:443 | evon.cc | tcp |
| US | 104.21.27.176:443 | evon.cc | tcp |
| US | 8.8.8.8:53 | fonts-cdn.nexuspipe.com | udp |
| US | 8.8.8.8:53 | fonts.nexuspipe.com | udp |
| US | 104.21.27.176:443 | evon.cc | udp |
| US | 8.8.8.8:53 | guidonsfeeing.com | udp |
| US | 8.8.8.8:53 | scriptunc.org | udp |
| NL | 23.109.170.75:443 | guidonsfeeing.com | tcp |
| US | 8.8.8.8:53 | d1now6cui1se29.cloudfront.net | udp |
| GB | 108.138.212.179:443 | d1now6cui1se29.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 176.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.170.109.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | thdwaterverya.info | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | bedirectuklyecon.com | udp |
| GB | 18.244.140.110:443 | ghabovethec.info | tcp |
| US | 104.21.28.93:443 | thdwaterverya.info | tcp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| GB | 13.224.222.113:443 | bedirectuklyecon.com | tcp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| US | 104.21.24.208:443 | pogothere.xyz | tcp |
| US | 104.21.24.208:443 | pogothere.xyz | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| ES | 157.240.5.35:443 | www.facebook.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 110.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.212.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.28.21.104.in-addr.arpa | udp |
| ES | 157.240.5.35:443 | www.facebook.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 104.21.28.93:443 | thdwaterverya.info | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 113.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| US | 8.8.8.8:53 | max.maxtrackmax.org | udp |
| US | 172.67.176.146:443 | max.maxtrackmax.org | tcp |
| US | 8.8.8.8:53 | tepadas.azurewebsites.net | udp |
| US | 20.119.16.44:443 | tepadas.azurewebsites.net | tcp |
| US | 20.119.16.44:443 | tepadas.azurewebsites.net | tcp |
| US | 8.8.8.8:53 | 146.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.16.119.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feed.rtbadshubmy.com | udp |
| US | 172.67.184.145:443 | feed.rtbadshubmy.com | tcp |
| US | 8.8.8.8:53 | sdk.ocmhood.com | udp |
| US | 104.26.6.228:443 | sdk.ocmhood.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 173.222.211.8:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.ocmtag.com | udp |
| US | 172.67.132.191:443 | cdn.ocmtag.com | tcp |
| US | 8.8.8.8:53 | t.ocmhood.com | udp |
| US | 172.67.72.9:443 | t.ocmhood.com | tcp |
| US | 8.8.8.8:53 | 145.184.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securewponline.com | udp |
| US | 3.93.251.206:443 | securewponline.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 142.250.75.238:443 | google.com | tcp |
| US | 8.8.8.8:53 | 206.251.93.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 142.250.178.145:443 | csp.withgoogle.com | tcp |
| FR | 142.250.178.145:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 145.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 3.93.251.206:443 | securewponline.com | tcp |
| FR | 142.250.75.238:443 | google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 104.21.28.93:443 | thdwaterverya.info | udp |
| US | 8.8.8.8:53 | sakpot.com | udp |
| US | 172.67.75.230:443 | sakpot.com | tcp |
| US | 172.67.75.230:443 | sakpot.com | tcp |
| US | 8.8.8.8:53 | 230.75.67.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | getmyfilenow.com | udp |
| US | 172.67.204.186:443 | getmyfilenow.com | tcp |
| US | 172.67.204.186:443 | getmyfilenow.com | tcp |
| US | 172.67.204.186:443 | getmyfilenow.com | udp |
| US | 8.8.8.8:53 | 186.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | flow.lavasoft.com | udp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| US | 8.8.8.8:53 | sos.adaware.com | udp |
| US | 104.16.213.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | 130.149.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 8.8.8.8:53 | 94.213.16.104.in-addr.arpa | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 104.16.213.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | package.avira.com | udp |
| US | 8.8.8.8:53 | filedm.com | udp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | webcf.quickdriverupdater.com | udp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| US | 8.8.8.8:53 | 81.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.freevpn.win | udp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| GB | 18.245.162.76:443 | download.enigmasoftware.com | tcp |
| US | 8.8.8.8:53 | 61.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spyhunter-download-v2.b-cdn.net | udp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| US | 8.8.8.8:53 | download2021.pdf-suite.com | udp |
| US | 104.21.57.28:443 | download2021.pdf-suite.com | tcp |
| US | 8.8.8.8:53 | download20.pdf-suite.com | udp |
| CA | 198.72.111.246:443 | download20.pdf-suite.com | tcp |
| US | 8.8.8.8:53 | 76.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.111.72.198.in-addr.arpa | udp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| GB | 18.165.201.61:443 | webcf.quickdriverupdater.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 8.8.8.8:53 | api.my.avira.com | udp |
| US | 35.190.25.25:443 | api.mixpanel.com | tcp |
| DE | 3.70.32.10:443 | api.my.avira.com | tcp |
| US | 8.8.8.8:53 | 10.32.70.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.25.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.140.40:80 | msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.143.227:80 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 40.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 8.8.8.8:53 | 62.218.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| NL | 185.26.182.118:443 | features.opera-api2.com | tcp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.24:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 24.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.11.18.104.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 95.101.143.176:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 176.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| US | 104.16.213.94:443 | sos.adaware.com | tcp |
| US | 104.16.213.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | package.avira.com | udp |
| GB | 2.18.109.81:443 | package.avira.com | tcp |
| US | 8.8.8.8:53 | webcf.quickdriverupdater.com | udp |
| GB | 18.165.201.3:443 | webcf.quickdriverupdater.com | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 104.21.57.28:443 | download2021.pdf-suite.com | tcp |
| US | 8.8.8.8:53 | 3.201.165.18.in-addr.arpa | udp |
| CA | 198.72.111.246:443 | download20.pdf-suite.com | tcp |
| US | 8.8.8.8:53 | download.enigmasoftware.com | udp |
| GB | 18.245.162.5:443 | download.enigmasoftware.com | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| US | 8.8.8.8:53 | 5.162.245.18.in-addr.arpa | udp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| US | 104.16.213.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.16:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.24:443 | download.opera.com | tcp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 16.216.145.82.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 172.67.204.186:443 | getmyfilenow.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| US | 104.16.213.94:443 | sos.adaware.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| GB | 92.123.142.218:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 218.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | package.avira.com | udp |
| GB | 23.46.73.175:443 | package.avira.com | tcp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 8.8.8.8:53 | 175.73.46.23.in-addr.arpa | udp |
| US | 35.186.241.51:443 | api.mixpanel.com | tcp |
| US | 8.8.8.8:53 | 51.241.186.35.in-addr.arpa | udp |
| US | 172.67.204.186:443 | getmyfilenow.com | udp |
| GB | 95.101.143.210:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 210.143.101.95.in-addr.arpa | udp |
| GB | 95.101.143.210:443 | www.bing.com | udp |
| GB | 95.101.143.210:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.34:443 | r.bing.com | udp |
| GB | 88.221.135.33:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 34.135.221.88.in-addr.arpa | udp |
| GB | 88.221.135.34:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | kmspico10.com | udp |
| US | 172.67.138.231:443 | kmspico10.com | tcp |
| US | 172.67.138.231:443 | kmspico10.com | tcp |
| US | 8.8.8.8:53 | 231.138.67.172.in-addr.arpa | udp |
| US | 172.67.138.231:443 | kmspico10.com | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 104.20.94.138:443 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 172.67.138.231:443 | kmspico10.com | udp |
| GB | 88.221.135.33:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | href.li | udp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | 26.78.0.192.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 13.125.203.66.in-addr.arpa | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs206n166.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n158.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n158.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n165.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n111.userstorage.mega.co.nz | udp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 68.26.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.37.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.89.30.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| GB | 88.221.135.34:443 | r.bing.com | udp |
| GB | 88.221.135.33:443 | r.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | www.kmspicoofficial.com | udp |
| US | 104.21.59.48:443 | www.kmspicoofficial.com | tcp |
| US | 104.21.59.48:443 | www.kmspicoofficial.com | tcp |
| US | 104.21.59.48:443 | www.kmspicoofficial.com | udp |
| US | 8.8.8.8:53 | 48.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 35.186.241.51:443 | api.mixpanel.com | tcp |
| US | 35.186.241.51:443 | api.mixpanel.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.209.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 151.101.65.91:443 | images.sftcdn.net | udp |
| US | 151.101.65.91:443 | images.sftcdn.net | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| GB | 108.156.39.15:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.148.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.6.141:443 | cdn.btmessage.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 15.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| GB | 108.138.233.27:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | f298e66981a14e967cdd8a4fea49ba38.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| FR | 142.250.179.65:443 | f298e66981a14e967cdd8a4fea49ba38.safeframe.googlesyndication.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 54.77.206.203:443 | ad.360yield.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| IE | 54.75.251.201:443 | id.crwdcntrl.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| IE | 54.195.242.20:443 | ap.lijit.com | tcp |
| FR | 216.58.213.66:443 | ep1.adtrafficquality.google | udp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| GB | 108.138.233.27:443 | api.privacy-center.org | udp |
| FR | 216.58.213.66:443 | ep1.adtrafficquality.google | tcp |
| FR | 142.250.179.78:443 | ampcid.google.com | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 27.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.189.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.206.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.242.195.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.251.75.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| FR | 142.250.179.78:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | udp |
| DE | 23.88.8.125:443 | push-sdk.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 151.101.1.91:443 | articles-img.sftcdn.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| FR | 185.235.86.116:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.248:443 | ag.gbc.criteo.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| FR | 216.58.215.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 116.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| DE | 162.55.233.29:443 | sync.richaudience.com | tcp |
| GB | 23.36.168.202:443 | ads.pubmatic.com | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| DE | 162.55.233.29:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.168.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.233.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| GB | 92.123.143.216:443 | player.aniview.com | tcp |
| US | 18.214.118.225:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| FR | 51.178.195.213:443 | ssbsync.smartadserver.com | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 54.235.220.110:443 | api-2-0.spot.im | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 34.250.109.179:443 | match.prod.bidr.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 54.165.19.58:443 | sync.srv.stackadapt.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| NL | 63.215.202.140:443 | equativ-match.dotomi.com | tcp |
| IE | 54.229.103.28:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 89.149.192.200:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 89.149.192.244:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| NL | 154.57.158.116:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | 216.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.118.214.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.109.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.220.235.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.19.165.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.103.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.128.147:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.128.46.52.in-addr.arpa | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| GB | 20.90.153.243:443 | client.wns.windows.com | tcp |
| US | 8.8.8.8:53 | 243.153.90.20.in-addr.arpa | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | rum.browser-intake-datadoghq.com | udp |
| US | 3.233.158.31:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 8.8.8.8:53 | 31.158.233.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| FR | 142.250.201.174:443 | drive.google.com | tcp |
| FR | 142.250.201.174:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| FR | 172.217.20.206:443 | docs.google.com | tcp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filehippo.com | udp |
| US | 199.232.209.91:443 | filehippo.com | tcp |
| US | 199.232.209.91:443 | filehippo.com | tcp |
| US | 8.8.8.8:53 | cache-05.filehippo.net | udp |
| US | 8.8.8.8:53 | sc.filehippo.net | udp |
| GB | 13.224.222.112:443 | sdk.privacy-center.org | udp |
| US | 151.101.1.91:443 | sc.filehippo.net | tcp |
| US | 151.101.1.91:443 | sc.filehippo.net | tcp |
| US | 151.101.1.91:443 | sc.filehippo.net | tcp |
| US | 151.101.1.91:443 | sc.filehippo.net | tcp |
| US | 151.101.1.91:443 | sc.filehippo.net | tcp |
| US | 151.101.1.91:443 | sc.filehippo.net | tcp |
| US | 151.101.193.91:443 | sc.filehippo.net | tcp |
| US | 151.101.193.91:443 | sc.filehippo.net | tcp |
| US | 151.101.193.91:443 | sc.filehippo.net | tcp |
| US | 151.101.193.91:443 | sc.filehippo.net | tcp |
| US | 151.101.193.91:443 | sc.filehippo.net | tcp |
| US | 151.101.193.91:443 | sc.filehippo.net | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 151.101.1.91:443 | sc.filehippo.net | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | c.aaxads.com | udp |
| US | 104.22.55.232:443 | c.aaxads.com | tcp |
| US | 8.8.8.8:53 | news.filehippo.com | udp |
| US | 141.193.213.20:443 | news.filehippo.com | tcp |
| US | 141.193.213.20:443 | news.filehippo.com | tcp |
| US | 141.193.213.20:443 | news.filehippo.com | tcp |
| US | 141.193.213.20:443 | news.filehippo.com | tcp |
| US | 141.193.213.20:443 | news.filehippo.com | tcp |
| US | 141.193.213.20:443 | news.filehippo.com | tcp |
| US | 8.8.8.8:53 | contributor.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| FR | 216.58.215.46:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.55.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.215.58.216.in-addr.arpa | udp |
| US | 151.101.1.91:443 | sc.filehippo.net | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| FR | 216.58.215.46:443 | fundingchoicesmessages.google.com | udp |
| GB | 108.138.233.27:443 | api.privacy-center.org | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | e212630a8e0f3c92a8db65ce2ac39507.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| FR | 216.58.213.66:443 | ep1.adtrafficquality.google | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| FR | 142.250.201.162:443 | partner.googleadservices.com | tcp |
| GB | 108.138.217.110:443 | hb.yellowblue.io | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| FR | 172.217.18.194:443 | googleads4.g.doubleclick.net | tcp |
| FR | 142.250.178.134:443 | s0.2mdn.net | tcp |
| FR | 216.58.215.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.178.250.142.in-addr.arpa | udp |
| FR | 172.217.18.194:443 | googleads4.g.doubleclick.net | udp |
| FR | 142.250.178.134:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| IE | 34.250.109.179:443 | match.prod.bidr.io | tcp |
| IE | 3.248.28.220:443 | pm.w55c.net | tcp |
| NL | 63.215.202.137:443 | dclk-match.dotomi.com | tcp |
| FR | 142.250.178.134:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 220.28.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | ms-cookie-sync.presage.io | udp |
| IE | 52.210.151.160:443 | ms-cookie-sync.presage.io | tcp |
| IE | 52.210.151.160:443 | ms-cookie-sync.presage.io | tcp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.151.210.52.in-addr.arpa | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 199.232.209.91:443 | filehippo.com | udp |
| US | 151.101.193.91:443 | sc.filehippo.net | udp |
| US | 8.8.8.8:53 | widgets.outbrain.com | udp |
| GB | 23.36.169.82:443 | widgets.outbrain.com | tcp |
| US | 8.8.8.8:53 | 82.169.36.23.in-addr.arpa | udp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.firstimpression.io | udp |
| US | 8.8.8.8:53 | ecdn.firstimpression.io | udp |
| GB | 18.244.179.8:443 | ecdn.firstimpression.io | tcp |
| GB | 18.244.179.58:443 | ecdn.firstimpression.io | tcp |
| US | 8.8.8.8:53 | cdn-magiclinks.trackonomics.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | l3.aaxads.com | udp |
| GB | 99.86.114.24:443 | cdn-magiclinks.trackonomics.net | tcp |
| GB | 23.214.146.140:443 | l3.aaxads.com | tcp |
| US | 8.8.8.8:53 | www.aaxdetect.com | udp |
| FR | 142.250.179.98:443 | www.googletagservices.com | tcp |
| US | 103.224.212.213:443 | www.aaxdetect.com | tcp |
| GB | 23.214.146.140:443 | l3.aaxads.com | tcp |
| US | 8.8.8.8:53 | tcheck.outbrainimg.com | udp |
| GB | 23.46.74.20:443 | tcheck.outbrainimg.com | tcp |
| US | 8.8.8.8:53 | widget-pixels.outbrain.com | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 58.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.146.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.74.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | mv.outbrain.com | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 151.101.194.132:443 | mv.outbrain.com | tcp |
| US | 64.74.236.255:443 | log.outbrainimg.com | tcp |
| FR | 216.58.215.46:443 | fundingchoicesmessages.google.com | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | mcdp-chidc2.outbrain.com | udp |
| US | 8.8.8.8:53 | 7ee4a361c797e41514e2b2e6724b90b0.safeframe.googlesyndication.com | udp |
| US | 64.74.236.31:443 | mcdp-chidc2.outbrain.com | tcp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 64.74.236.31:443 | sync.outbrain.com | tcp |
| US | 64.74.236.31:443 | sync.outbrain.com | tcp |
| US | 8.8.8.8:53 | rock.defybrick.com | udp |
| GB | 18.244.140.44:443 | rock.defybrick.com | tcp |
| US | 8.8.8.8:53 | 132.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flint.defybrick.com | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 54.83.110.109:443 | flint.defybrick.com | tcp |
| US | 54.83.110.109:443 | flint.defybrick.com | tcp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 44.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.110.83.54.in-addr.arpa | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 293e666a9ad1e11ef48984356cca69fc.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cd.connatix.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| GB | 23.46.73.118:443 | sync.teads.tv | tcp |
| US | 104.18.41.104:443 | cd.connatix.com | tcp |
| US | 8.8.8.8:53 | d3kqopei796qks.cloudfront.net | udp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | fra1-ib.adnxs.com | udp |
| GB | 18.165.229.199:443 | d3kqopei796qks.cloudfront.net | tcp |
| US | 151.101.129.108:443 | cdn.adnxs.com | tcp |
| US | 172.64.146.152:443 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.73.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.229.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | img.connatix.com | udp |
| US | 104.18.41.104:443 | img.connatix.com | udp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | tcp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 104.18.41.104:443 | img.connatix.com | udp |
| US | 8.8.8.8:53 | d3419h2vl8o3m4.cloudfront.net | udp |
| GB | 18.172.155.162:443 | d3419h2vl8o3m4.cloudfront.net | tcp |
| GB | 18.172.155.162:443 | d3419h2vl8o3m4.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 162.155.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sc.filehippo.net | udp |
| US | 151.101.1.91:443 | sc.filehippo.net | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| DE | 37.252.171.21:443 | fra1-ib.adnxs.com | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| DE | 157.90.0.38:443 | s.richaudience.com | tcp |
| US | 8.8.8.8:53 | dl5.filehippo.com | udp |
| US | 151.101.65.91:443 | dl5.filehippo.com | tcp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| GB | 18.244.140.87:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.140.244.18.in-addr.arpa | udp |
| GB | 18.244.140.87:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 52.11.112.37:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 37.112.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 92.123.142.66:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 66.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| GB | 18.154.84.124:443 | update.reasonsecurity.com | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| GB | 108.156.46.101:443 | electron-shell.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 4.9.231.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.84.154.18.in-addr.arpa | udp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 101.46.156.108.in-addr.arpa | udp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| DE | 37.252.173.215:443 | fra1-ib.adnxs.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| FR | 142.250.201.163:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.129.101.95.in-addr.arpa | udp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| GB | 92.123.142.66:443 | sadownload.mcafee.com | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| GB | 18.245.218.100:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 100.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 8.8.8.8:53 | sentry.avira.net | udp |
| US | 34.211.8.195:443 | analytics.apis.mcafee.com | tcp |
| GB | 104.103.246.204:443 | home.mcafee.com | tcp |
| DE | 18.195.247.94:443 | sentry.avira.net | tcp |
| US | 8.8.8.8:53 | 195.8.211.34.in-addr.arpa | udp |
| US | 34.211.8.195:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 204.246.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.247.195.18.in-addr.arpa | udp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 34.231.9.4:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 76.205.219.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 92.123.143.232:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| GB | 99.86.114.64:443 | config.reasonsecurity.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 232.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.reasonsecurity.com | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 235.0.22.104.in-addr.arpa | udp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 35.186.241.51:443 | api.mixpanel.com | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 35.186.241.51:443 | api.mixpanel.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.143.227:80 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 95.101.129.218:443 | www.bing.com | udp |
| GB | 95.101.129.218:443 | www.bing.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| GB | 20.90.153.243:443 | client.wns.windows.com | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | mc6.reasonsecurity.com | udp |
| US | 52.43.110.0:443 | mc6.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | sub.got-to-be.net | udp |
| DE | 178.63.248.57:443 | sub.got-to-be.net | tcp |
| DE | 178.63.248.57:443 | sub.got-to-be.net | tcp |
| US | 8.8.8.8:53 | 57.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.110.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.129.201:443 | r.bing.com | udp |
| GB | 95.101.129.201:443 | r.bing.com | udp |
| GB | 95.101.129.225:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 201.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 44.219.205.76:443 | track.analytics-data.io | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 95.101.129.208:443 | www.bing.com | tcp |
| GB | 95.101.129.208:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 208.129.101.95.in-addr.arpa | udp |
| GB | 95.101.129.208:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 20.90.153.243:443 | client.wns.windows.com | tcp |
| US | 8.8.8.8:53 | 4.26.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.143.227:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.129.234:443 | r.bing.com | udp |
| GB | 95.101.129.208:443 | th.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 95.101.129.208:443 | th.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 95.101.129.208:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 130.211.34.183:443 | api.mixpanel.com | tcp |
| US | 8.8.8.8:53 | 183.34.211.130.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.143.227:80 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| GB | 95.101.129.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| GB | 20.90.153.243:443 | client.wns.windows.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.129.217:443 | r.bing.com | udp |
| GB | 95.101.129.217:443 | r.bing.com | udp |
| GB | 95.101.129.217:443 | r.bing.com | udp |
| GB | 95.101.129.217:443 | r.bing.com | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| FR | 172.217.18.206:443 | clients2.google.com | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | dispatch.avira-update.com | udp |
| US | 8.8.8.8:53 | dispatch.avira-update.com | udp |
| US | 8.8.8.8:53 | v2.auc.avira.com | udp |
| US | 8.8.8.8:53 | v2.auc.avira.com | udp |
| DE | 3.66.146.83:443 | dispatch.avira-update.com | tcp |
| US | 35.190.49.118:443 | v2.auc.avira.com | tcp |
| US | 35.190.49.118:443 | v2.auc.avira.com | tcp |
| US | 35.190.49.118:443 | v2.auc.avira.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 130.211.34.183:443 | api.mixpanel.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| GB | 95.101.129.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| GB | 95.101.129.201:443 | www.bing.com | tcp |
| GB | 18.154.84.35:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.49.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.146.66.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.21.175:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| GB | 173.222.211.43:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.42.65.89:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 43.211.222.173.in-addr.arpa | udp |
| GB | 95.101.129.224:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | offers.avira.com | udp |
| US | 8.8.8.8:53 | offers.avira.com | udp |
| DE | 3.70.93.204:443 | offers.avira.com | tcp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | 204.93.70.3.in-addr.arpa | udp |
| GB | 95.101.129.224:443 | www.bing.com | udp |
| GB | 95.101.129.202:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | fra1-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | fra1-ib.adnxs.com | udp |
| DE | 37.252.171.149:443 | fra1-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | dcdn.adnxs.com | udp |
| US | 8.8.8.8:53 | dcdn.adnxs.com | udp |
| US | 151.101.129.108:443 | dcdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| GB | 95.101.129.202:443 | r.bing.com | tcp |
| GB | 95.101.129.202:443 | r.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 95.101.129.202:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 219.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| FR | 172.217.20.206:443 | chrome.google.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| GB | 20.90.156.32:443 | client.wns.windows.com | tcp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 32.156.90.20.in-addr.arpa | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| GB | 173.222.211.43:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | api.my.avira.com | udp |
| US | 8.8.8.8:53 | api.my.avira.com | udp |
| DE | 52.28.229.77:443 | api.my.avira.com | tcp |
| US | 8.8.8.8:53 | s3.eu-central-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | s3.eu-central-1.amazonaws.com | udp |
| DE | 3.5.136.197:443 | s3.eu-central-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 8.8.8.8:53 | 77.229.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.136.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.avira.net | udp |
| US | 8.8.8.8:53 | sentry.avira.net | udp |
| US | 107.178.240.159:443 | api.mixpanel.com | tcp |
| DE | 18.195.247.94:443 | sentry.avira.net | tcp |
| DE | 18.195.247.94:443 | sentry.avira.net | tcp |
| US | 8.8.8.8:53 | passwords.avira.com | udp |
| US | 8.8.8.8:53 | passwords.avira.com | udp |
| GB | 18.172.88.84:443 | passwords.avira.com | tcp |
| GB | 18.172.88.84:443 | passwords.avira.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 84.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.avira.net | udp |
| US | 8.8.8.8:53 | sentry.avira.net | udp |
| US | 8.8.8.8:53 | api.my.avira.com | udp |
| US | 8.8.8.8:53 | api.my.avira.com | udp |
| DE | 18.195.247.94:443 | sentry.avira.net | tcp |
| DE | 52.28.229.77:443 | api.my.avira.com | tcp |
| GB | 18.172.88.84:443 | passwords.avira.com | tcp |
| GB | 18.172.88.84:443 | passwords.avira.com | tcp |
| US | 8.8.8.8:53 | avira-pwm-extensions.s3.eu-central-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | avira-pwm-extensions.s3.eu-central-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | s3.eu-central-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | s3.eu-central-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| DE | 3.5.139.140:443 | avira-pwm-extensions.s3.eu-central-1.amazonaws.com | tcp |
| DE | 3.5.137.197:443 | s3.eu-central-1.amazonaws.com | tcp |
| US | 35.190.25.25:443 | api.mixpanel.com | tcp |
| US | 35.190.25.25:443 | api.mixpanel.com | tcp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | 140.139.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.137.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 18.172.88.119:443 | tcp | |
| US | 8.8.8.8:53 | 119.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| GB | 95.101.129.202:443 | r.bing.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| GB | 95.101.129.201:443 | r.bing.com | udp |
| GB | 18.154.84.35:443 | sb.scorecardresearch.com | tcp |
| GB | 173.222.211.43:443 | img-s-msn-com.akamaized.net | tcp |
| US | 20.42.65.89:443 | browser.events.data.msn.com | tcp |
| GB | 95.101.129.224:443 | r.bing.com | udp |
| GB | 95.101.129.202:443 | r.bing.com | tcp |
| GB | 95.101.129.202:443 | r.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 95.101.129.202:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | ecn.dev.virtualearth.net | udp |
| US | 8.8.8.8:53 | ecn.dev.virtualearth.net | udp |
| GB | 23.46.72.162:443 | ecn.dev.virtualearth.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| GB | 23.46.72.162:443 | ecn.dev.virtualearth.net | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.142.59:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | 162.72.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.142.123.92.in-addr.arpa | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | deff.nelreports.net | udp |
| GB | 92.123.142.202:443 | deff.nelreports.net | tcp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | virustotal.co | udp |
| US | 8.8.8.8:53 | virustotal.co | udp |
| US | 8.8.8.8:53 | virustotal.co | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| DE | 185.53.177.54:443 | virustotal.co | tcp |
| DE | 185.53.177.54:443 | virustotal.co | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 35.190.49.118:443 | v2.auc.avira.com | udp |
| US | 35.190.49.118:443 | v2.auc.avira.com | tcp |
| US | 8.8.8.8:53 | 54.177.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| DE | 185.53.177.54:443 | virustotal.co | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| DE | 185.53.177.54:443 | virustotal.co | tcp |
| US | 8.8.8.8:53 | d38psrni17bvxu.cloudfront.net | udp |
| US | 8.8.8.8:53 | d38psrni17bvxu.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| GB | 18.165.158.27:443 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| IE | 13.69.239.72:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | virustotal.co | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| FR | 142.250.201.162:443 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| GB | 18.172.88.110:443 | sb.scorecardresearch.com | tcp |
| GB | 173.222.211.43:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | 27.158.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.38.21:443 | virustotal.com | tcp |
| US | 216.239.38.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 110.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.38.239.216.in-addr.arpa | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| FR | 172.217.18.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 104.22.0.235:443 | api.reasonsecurity.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 35.190.49.118:443 | v2.auc.avira.com | udp |
| GB | 173.222.211.43:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 173.222.211.43:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 35.190.49.118:443 | v2.auc.avira.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| GB | 95.101.129.218:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 52.182.143.211:443 | browser.events.data.msn.com | tcp |
| GB | 95.101.129.201:443 | www.bing.com | tcp |
| GB | 95.101.129.201:443 | www.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 95.101.129.235:443 | www.bing.com | udp |
| GB | 95.101.129.235:443 | www.bing.com | udp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| GB | 2.17.209.138:443 | assets.msn.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 52.182.143.211:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 235.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 185.89.211.84:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 52.182.143.211:443 | browser.events.data.msn.com | tcp |
| NL | 185.89.211.84:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| GB | 173.222.211.25:443 | img-s-msn-com.akamaized.net | tcp |
| US | 52.182.143.211:443 | browser.events.data.msn.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_2204_DDFSZQSSNIKKHZCR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e6368a06bc1b3ea001ae01b947cca410 |
| SHA1 | 4bbe1722102d5a39830f3cd769a1501cdaeb9f6c |
| SHA256 | 65908441806186276e511a88d33d5f55b7e5dc8ba5c7f32ed06d4194f86d1d6d |
| SHA512 | 0e0093aee20faa5d729738af332b27b41fc0840a864ad15d8e7a9cfacd2695545d44fc6e410fe4ad1b233be31b41e0b2768f7d829301e0b58914b8d1c11e65ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 051623ed1c6c7fd39b84d8754d4bf56f |
| SHA1 | dd0904a4ce1d5d97f69fb11d8a44d65fc2ff17d2 |
| SHA256 | 608f54f9e895f5832476ac2602c11baa8e333d897e0c6473d3416f88bcd424bd |
| SHA512 | b647ecb3c3e954b8825c4af42176954cfb174d83e7d0afc60830af3942f39917be9873f3d64887fb613ae077196f56daa9dd1ccca1ff7e045af32bcdcb717f01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae3bf6d0d63400d3771016e3bb8bf996 |
| SHA1 | 70ce26741f85db996e52ffbb5e14082fd5be3fc1 |
| SHA256 | e400dbb3cc8e9b9622cbdc9ccbbf7e920ffe7e250eefb085740102a2c1a2df67 |
| SHA512 | 8ea9b150be4c70b1f9d52fc1a09062125c2db3baf2f1132e5523c71ac127a75b0fa1cc06e8901cb1f6c72b131cae04d348ba53f702a4fe4b0002d0ceef54d69a |
C:\Users\Admin\Downloads\Nezur.zip
| MD5 | bd241a63dc21715e0c0e4e0db32cda71 |
| SHA1 | 9e4832f23ae8232fce7fb0cb8b41fc525d5c6526 |
| SHA256 | d1fd4a6680902769d39157959bcdc2b816d5f0ebff8913a02046936323c2ec8e |
| SHA512 | 96194db9892e02d51aa2bdefc9cbdc06f499a5b3b8f415a80ece184cfde3e037b5e12be9a5de2e3bfc33ca8b9ecd13663242c3b6c5636951f647820c47ff33b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f0cf8d8fbb62de1331e6f2de7507dfcf |
| SHA1 | fcb81c63cbefad6020f45027647b87e8bccbab1c |
| SHA256 | 57366e316330063e11d6d12482510174dc26067af342f7be548b9aa11089ca92 |
| SHA512 | 5661bcd3d7abcd49a766b50ba8ddbc530b7aebaf58482f34c4d60bf803ac190f9bfc5f0cbcddbd5101651b0b1333774d6264f4d5a7c2a09ed1fc646da1e9d3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bda83df6edc65cd591687f06e10724c6 |
| SHA1 | 3e042a67b85552ea2ba22aa7b7afcd7acd100b63 |
| SHA256 | ce921a5ab95814d2f947ec96fcc2f68400c807ec3594f91a3695b6efb8833f7b |
| SHA512 | 0965a43b999c81ac64a8b8f7d7d05dfaa06818f4346c4cabf055f1140aaff3e511ce1c453c405a8d82c1eaab6a18fdf58a2d52f0fb84156d6841c2f2de2bdf33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adfb161b4fb032aa325f42e6121c3793 |
| SHA1 | 382ee68f376a410847001b560683bf52cf15c981 |
| SHA256 | 2e02801920f183fdbe97063b259dccf3416078973697ead455d3effd0292323b |
| SHA512 | ae92d25f2ec9516c84f171edc42fabd8eea1a11e186d38a6b51faba2b7f6d019048d250def26aedc30454d798c36c2c6a97f0417d6a89626c4d57b4e11ab4dea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bdac68bfacc93ef8559bf39e49bfde1a |
| SHA1 | 535c0ace9b1203c1af77718bead978611b4b2b48 |
| SHA256 | 7291c05153e632996cad4aa0f2aecf28dd20791ca229ba9b3f7c6a4a6a241d00 |
| SHA512 | a4eae0cc7380c175feb997eab8e2dda23ea450d196877c41a189701eefbf3e1c0efadd8bd8773dcda7a1d6359efdd1b5d662a1f831f1b55d544f6e18d0091f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d60d.TMP
| MD5 | 1c7a86fc76a22b156e06f204746aacd9 |
| SHA1 | b2e7a291054c30be1bc4a2b751c41149ba1bfe4d |
| SHA256 | 3389be91122850faa3795dea9a6f771fa9c0031ed9b5598ef21fc9eea25b97ef |
| SHA512 | d62882b35b4c523e661989ecccf44d4a1f2232e1727ebe8e307d6254e351ba7d1b73effcda4d327dfa235316d3b5f3bd1eca795bebf0ce62ae5c9e6674bd7225 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8c9be813bd81db580699c55362c683d5 |
| SHA1 | 3d99e7cfb88928717340e86da0a0a3c1a0ca8859 |
| SHA256 | c44c5f7b85877aeb7b62be18629d6d9f0f07b790df209ce373f49cf4908ea794 |
| SHA512 | c48adfbc29fe9474da7556057a38c42e0c620da559cfa220c8864634ebf153f98a38b6f46cb15f0dd9e4f2b97b97f215c850fa932733984ea522faf30314a7d0 |
memory/380-415-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-435-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-450-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-451-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-449-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-448-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-444-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-443-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-442-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-441-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-440-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-439-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-438-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-437-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-436-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-434-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-433-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-432-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-431-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-430-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-429-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-427-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-426-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-425-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-424-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-423-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-422-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-421-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-420-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-419-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-418-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-417-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-416-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-414-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-413-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-412-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-411-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-410-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-409-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-408-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-407-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-406-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-405-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-403-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-402-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-401-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-400-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-399-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-398-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-397-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-396-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-395-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-393-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-392-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-391-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-389-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-390-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-447-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-445-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-446-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-428-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-404-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-394-0x000000007F520000-0x000000007F530000-memory.dmp
memory/380-388-0x000000007F520000-0x000000007F530000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 668b113f1d075eed0d43da420bbc8396 |
| SHA1 | 3d903045367339e0f58ddccb7414858ea174fd1b |
| SHA256 | efaa209694bb8c5857f389a4d9007245ac64acc9c91a9f6ce057560d90863726 |
| SHA512 | e128b12f9b701fa15e20025a20ea21e5d8a3df91fd20367aa8083a7b8d3a2f77de5e5aad885e41185b598b013e2b1f4071b2ae3cb339f7277b33b6429dcf5b40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 09e1ba36777391d1aaf5fb0c3332bb2a |
| SHA1 | 05f04fe1f957a45cb4494f0cd394152c8b392b71 |
| SHA256 | 205a569cbd35e0800363eee287b79da632d2736ad0534d9d14b33354ba7d8ec8 |
| SHA512 | 5658aad8105040209a633ca420038ef10c11ab913d080fc7ada4b1b1faefd99c5c5ef9c5ea1630155265fffc4bbca1d9fc570d2c85047077750e4a9171670b36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 4093bebd982661b61dbaed738614dc96 |
| SHA1 | 7b33c8ac9ab1278cb88f8970dd32a05d2c5cc9ef |
| SHA256 | b143eb1c1badf6d8e14e095a825c2cc55aaf58c656d61a650a60a9ad20af9c98 |
| SHA512 | 2b93640170ed2c839b50688cef96cd7106904db1f510b9982cf865ab69f55b5f853195a9e7a51cc8b048185f7a35ab016a9e7d1ff207485ba42996a3065a2a7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 36bc70df9668c32794e82db49950f49f |
| SHA1 | ca453a934edcdcf7cbd871cf18f40ceef2620193 |
| SHA256 | 12eb416730748f4f6c9bc10b968a9c900a18e96b6687ad3c38428cb73680bc02 |
| SHA512 | f17538cafa30c2608d2a2f0eab45204a115fb159366069455ff908de82cf8c38c044d1293d06aafe88aa7972ce51cf9931978b01db9adca780409c115b8e8f50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | a70e9adf15b43cbafb22cd1b95f5babe |
| SHA1 | 62d0466efaeb9cdb8dc8896d09c5296a7c0bca39 |
| SHA256 | 00699dc25e1541ea9ac38975cd91e58c3c2c9856b0e5f5b13e6d5a9280c5a5d8 |
| SHA512 | 0c9afee1d3dcd94ae7fe6f328009e1b16945c717d54a2807092bf34a1b97919b067af61bc4eed4c027f48e5d72091e5e2c27eb960961ea74c25f1faaf38b7948 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | e9fefd596510085a4b4c702ff9d4e48f |
| SHA1 | 2bdda33d522d8f71bb81d31b4ced1f126a4b5fa3 |
| SHA256 | 0a30a3ca028496e2bad3cd6435486836430c7367162db7f82ee5d202845d2205 |
| SHA512 | 41eb80d8611c506e4484c450db12fdda36261a3462ef2d52d23c6afc8b0990387df5fef91b55246aab3384ae5de53a1836fbed0a7d8400cc00420b22cd7b8190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 79f50cd6b6d6093485173780df8a4828 |
| SHA1 | f5231ae807db23c7248f16c2090b8e740ca00527 |
| SHA256 | f6a78b7c8f6cbf5d03ec124828cd6259243d6c0ff62bad1bab98f8c1efeedba9 |
| SHA512 | 58fc55cb62a99d194c60644dc9952246675189c785556e890a9708a6a9cf167c13194211a3a251ceca52e782e88ed65d645930b66617b56654a5cbdf787ce387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | ef45473aa03743343f39706591d8f598 |
| SHA1 | 2f40010244bd7f66a41cfe7ac20c9b73d90d67ca |
| SHA256 | cd0c68aee13c75495fcbca47b193dcc590ff8646fd2d1443470d4f45ba7d11f1 |
| SHA512 | e4a4d1554f43d97a34b78377861a269c9bcfd4c3e5264de6a012fa79e02d3cbd9d36d989d560eaed308e283ef79a0f6a17b63880e503c7c087049c354868b2c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368985179270571
| MD5 | fe6505202be0698b585b34c9f123ee8e |
| SHA1 | e02f7829878b0c1a215eb2ffc1d432bf533a1b0d |
| SHA256 | ce63c83dde0e25d71b4c0e26d05d60f8dca75aeae1f42dd1fb7f60f3ad1aac5f |
| SHA512 | cf760d137aa5226baab501d02f9cc78615aa42fef022e95115f8366a3780cbf3d5f67a38aaf1c4ca434325cee6333a633e0704fb6a8e175ec79438d75bf0d52f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 238a68b07b1dab680628ab2096386107 |
| SHA1 | 260242409a5e31899909ab6bc55c4accc5c07488 |
| SHA256 | 203819f29e57bf9b05b7c402daebbe3ef6782636f0b312b646543c4cc48cb084 |
| SHA512 | 258a34364c9564248eb63b967d8c135937ab082b068c17bf9d26b39de9179940acaa4e9804fb4583d63b947e65c3d302de97339ffd39cbb7adf8a8aa7c083370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | a9ee30f7780baa14b95420572ab73762 |
| SHA1 | e8285ca5f3d34d08a45bf738a6694e287f7f344e |
| SHA256 | 6924b55872e763f0ae3509a19ea428b38eb898f293b0e10b8902f3a8daf17444 |
| SHA512 | 1b0a8fabc28e918773c7759295739d0ae4beb27328a6a00b0faf485933b8face3b8c3721c2cfd7e8e9526cb64058d490a59adac0e61fd5b529e656b6bb3ebc09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 6117cd921cf83f98acde87c1a64c2ff3 |
| SHA1 | a0f6865ea72215c53c395932f22195d2805e9119 |
| SHA256 | e5e2739ba845937362a2d4bc8c9aec2f4b7875d9ccea1a0114607578fa353be9 |
| SHA512 | 3feefe9ce937c469851c409bd085521f712ad3e7e655ede2b9f38974b946c6d25333f4f544aec830ed6d1b6b2aecefc86ae4f6ef468c1755952fb1ad8c1b5ebd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | aa8d0e4cde18b40987f95e4237a2dfaa |
| SHA1 | e4209efa0729ba75627271ba562ecfc38ea0ba90 |
| SHA256 | 42d8dac100430ac3f7b9ae402bde3a9016fbedb33c4f6997c80ccf0533b315cb |
| SHA512 | 8e9f8a7cef3d6677bcbaecea1e247cebda48ccece1cd1e8040b3dea3f2aabd33c28b0136d17ca517fec8634b9626430bef831cdc117a5cd57c16d185405e65e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 50e4c49e4289d0addf2a490bc24eb70a |
| SHA1 | c0e854610a1542cf10d6861812a6f79bdc3826da |
| SHA256 | 63d34b22a0bc6c83419e9c6569a9773bb1020445e69da5217cade775794837d7 |
| SHA512 | 9559a643f62b3dd76bdfc6fddbc939aa8c0c32c080bf7f432b1b3245353820de69f61c774998b786a0f05f566e77649d1650c0179dd7c2dfaac5d0befca6abb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | c54ade6f627f989b762516d840e179e1 |
| SHA1 | 254f1b12517cea4e4bf227663606114691721148 |
| SHA256 | 6ef05e10957e90b1bac64b7200d673e3e410eb98a462663be840de617d3716fd |
| SHA512 | d382f9a5d90937a665a0d481b3743a6a5edc2e9dd3bb3945fbd859e923bc809741372434e44318c55a26640072c0c9079e2169dea9f3281e5301c09430527aa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 5ca63afbe3b6edffab92f5860b70eed1 |
| SHA1 | 0d0f53fa0d9afc1f96c95b5287cdaeda9b9cbd4e |
| SHA256 | 216584b08f4278e30a106f43d872358c9e62f527fa04887fed8b221bfd5ced30 |
| SHA512 | 9b89eff50f3a568f9826c63d8a3da58ac3e5289594cd6492755b20d198f8d6aaf7330b2cb7122ae8aa11e2a998853214ce66386c56d6a2f7230dcc6f393f4fa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | cf7fa34941aa27347662067e98faf680 |
| SHA1 | c29cf4ad6ac270a5d824cebd04e90a291ff67ba7 |
| SHA256 | f5409c38d218027bb575781cf187c915cf172a34b4157006979fc31b0956da52 |
| SHA512 | 98dfef3a5032349dc0be97edf3282b171f8a99c709c47d3d14d25c9699240bfe2e44b9d142590ffe5ac0a18b6f7804db19eec8e339b25b1326ded5953d2413b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a263d3920d2b74c7c4e12eb5ff45dece |
| SHA1 | b1d2772d4ff2d790c2e89bdebb8a700696e8d2a3 |
| SHA256 | 707937c5d853881289069bd379de86f62d99f458b52db8dd5d68c2a498981dbc |
| SHA512 | deb6a80d4085de9be92207b612157db2e4ffcb38dce20aa60eb2c5cad0bc5196aa135537c67fe1264fc90f5e87031912a9b42ac5b48f6d60622259de845cfcd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 996344d0f94950424945c1d223375577 |
| SHA1 | 7cf5012b8ece7ce2530bb44188a9bd5db885c929 |
| SHA256 | c06ae1512132e452d66b6977d2bb096e34d3744922809e7b8a0de0b7eba06903 |
| SHA512 | 4ec81e43292a26e1f902783bf1a79131f54a4c89bff2ea03123c5b841c56b3e2a3ffef75804b92f4c05f5e4b4e2bd5f4968809dadf92e7e8f224b8a848ce0ce3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | b0a082edb4f3c63a6eb50af18af3ff1e |
| SHA1 | a57829100e0635233fe56c26bc4ce7007e08b3ca |
| SHA256 | 5f36e7e4db876b5bec171921f42b1459479d7d38584dff085112eb6feab05328 |
| SHA512 | 7d30dc36ab4e87a0dd2551fdbc2f156717ee05a8b79febeb68cbb3b05551027bfecdbab81bc85c9b99ab5b1519f929dbd6a6b917a6e0638bc2c858b114fb0e93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | dcb92b0505b358b5064e9900e2888d1b |
| SHA1 | 5265963df10a9474a36f5c86487b5b1229bf177e |
| SHA256 | e28288d45c71bf5a51c41179330a1e060f608530aa99ff19872f7e4d656396ce |
| SHA512 | fc638ea6fd04a1dfad846df65a07fca09ae7a56fd1bbde36f2062ec6cc2eebfb9eaeba559a526f73b5ec505d54735d795f05bbdef379983a74eca29cb5668c42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 4770476dc1d944b0cd90312ba3fb1eb4 |
| SHA1 | 4dcc9f4ec3e4020c4b5218fc487c4d91ed3cc173 |
| SHA256 | 197eb371d142ae0abf1f80ba2108249c2e4d6b055975f2d92dcd04877d4d3e2f |
| SHA512 | 6866846b0186a154539b66daf4c82ee134b4a4643f4b4c0319150f6997ebc70ddd44824bbe2f43936a2f49b2dda453e5f33b4accf810a37eac119adb08d55f38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 37e1292945c11f982cf5b3b37eca185b |
| SHA1 | 100fdf2e76985fda249fa920d4b153e25de14f82 |
| SHA256 | 9f19e1d0a16f5396ab4b51ee6f6cee10a9f24df7d3c735df7037a5d694ed5307 |
| SHA512 | 2abdba084b8f342b536b1a4864599c2b12ad4a9629c236783c7fcd9338af8f7231ece746061211467f2ebb222e4b2f2d04ca91fd7a41ae9d980bc49929eb61f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 25fe59fcf595837c2c383141a5877d99 |
| SHA1 | 9de977bb26ef31c36523277cd7e8dbed94ae5489 |
| SHA256 | 6ab6565b76ca94fffd02177f831359c8acb5ffaa5780e390b5c862a611c904c8 |
| SHA512 | de5376dfb292f88c232f7b8d5732e093d26cd20c1027f570cd5f913fd893ce64de556430e2c662ea5373a087a17cc5573e18ff1c04b522a0cc7683b183433ecc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 4ac063c4ca05b705b8447d16b2df7c4c |
| SHA1 | b977dade1272402b1ea0b098ee3c3ab51a384144 |
| SHA256 | 427a3e7be03e0c08c8c86d93e859f041b44b3cb49454a5af25c718c2bb40b942 |
| SHA512 | 4345b51c8556f4d7c84844f1ed602e2a87876b5dd2f9e0418d4b33198a0ce74b3017db88f0d511348bb989a962f13dec02d5ccd5eae420870858d272686ffdaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 6bc4851424575eaf03ebe2efee6073ab |
| SHA1 | 2d014fe2feb929d03a46322645a94556ca5c9e96 |
| SHA256 | abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e |
| SHA512 | af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | fc97b88a7ce0b008366cd0260b0321dc |
| SHA1 | 4eae02aecb04fa15f0bb62036151fa016e64f7a9 |
| SHA256 | 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e |
| SHA512 | 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
| MD5 | 4517391bc8c55acdbe1f4c2f0d1c1fc8 |
| SHA1 | ac51fcf3271333d222e4cb526431817f48345a43 |
| SHA256 | 3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d |
| SHA512 | e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 999bbe34c918b5d38947c2f23e7bfb0d |
| SHA1 | 1d3a551e7bf9f1f94f3b7ca512f2bd2f9e2b3b89 |
| SHA256 | 26cf477d0d1eeeda4c24118fb82aacb4ee277304cb4d7b804b04e287c8b03f52 |
| SHA512 | 00af88465d2be78d05a85c4263ebf0ca01d8b8ced39573ca6d692e86ca48b334cfa19bb57e7ff4f5ac4fa76bf2aec49dcddc2cc3d89374f74a137bb36fd2bc9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 936759b514b5e47ed6d2787d8af21a8f |
| SHA1 | 4bd9db853e018a3b5f9f6f90f299df04fa3113e5 |
| SHA256 | 087ddab6968ab44fffbb57c96ce3194e23963747c5b8f8923719207945c910a9 |
| SHA512 | 559fb50bd569d160d03c65f9dc2cf402568eecda6330a0451c7c073c809b833f989ded3d081af22f099b8605fb8fae8260dbe5842a1cac3f846f5e89012fe9b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
| MD5 | 8feb503d057a1dfc7121b0aa2c7cc10f |
| SHA1 | 0d25b47e8482de37b7f615205b8a45162e1049d4 |
| SHA256 | e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713 |
| SHA512 | a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
| MD5 | e480fcfc00277127dd01f413bb805367 |
| SHA1 | f106b0f76798d24c6b6800f3df378d7ce1c76aa4 |
| SHA256 | fac1742ae35dc4719863ea8d1cbba216370e73a5ba3fd1f22650cf747e2f427d |
| SHA512 | ec608793a14b8fe72663a8a81bafa13767274ed0dc9550667cf7a188d0a3807d9cc51067245d1d389ebdae79c2d0e1dc63d0f985c85ba6d8860a3eb7dc0a19e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | aa0c0e2f22f0811435427c2fbdb7951b |
| SHA1 | 52eb5aecaea65ff4728d17fc32ef07f4dbdeb568 |
| SHA256 | 7cefedbb698df28db41dd9a5cece5c9d6091ba980db14d2c82f272b01a078ba8 |
| SHA512 | fa1a530404a6f37a648c7024975d1177234da87b30e7f9ec9f8f6239b9954d5d5f564405375578d4b12fe659d48309de09d8f5128eeaf98405ddf19791d7ba8c |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 5119a87b793b7dd4c9720e8f487dfa1e |
| SHA1 | 0b719f1a6f71d78abc2439680dabc3d2e04ea74f |
| SHA256 | 45fa0288b20cec4a6e8117cde77119c17cf4ffb2ece5d44b25183d10d1513fbc |
| SHA512 | 0a78de37b134b95392b533d827aa7bb4a461ad341cca77a765531d8c99f31a66c9df5381defa3cb4f87213b3329efd0f575463d24ffb74ec93ce4d7acf30bb39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 6bc44d8f3e19b6c831f25c86551c93ed |
| SHA1 | d05402c7f027d48f9a8ca4e66f8b6c4531eafd06 |
| SHA256 | 45b4334fa96917d99ca9174eecd860a4c8a05e1c779ceb33860d8dbdbde8d437 |
| SHA512 | 0c3ac42b3783e5a65923ec286e2c36e57a42f17ca3a5fb6939576ceeebb4379b8261e68467389962dd52bce8b92a403b3827d0bebc54d8c9603790862d2f1207 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | b09923647a78bdaf231e494e1ee4b4b5 |
| SHA1 | dc7b13582cf381c715e788c3a26b813b10c6ba91 |
| SHA256 | 03bff474a55d9e884ff356d2bc36a5ef683e1e361777a74afde0eb6e274828de |
| SHA512 | fb35894a7951f2d20fa7ab871e044967d63d3fb651202f384ccbf0862c5be447f9caa5516c20dc5241186c812574db5b6b7d6bf053f11b26d64c3058c1419802 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13368985179063571
| MD5 | cc2d3b6f10f72a5d6d82123d4e66d965 |
| SHA1 | 03b79cb697e54d53fa36bb6ecc98b97db8198321 |
| SHA256 | bdc30c0a5fc4a994512f59f0e68b56deedf5203a0d184a32de8d775b5f0b63ed |
| SHA512 | c0ade1ca38b9375614cf345bb10f1aba2f9c1a8a96b44fb8cbea29d9b32c31d0a768aa88c56e8766c2452ac5f7652d13a997cb1f22795c562697f095ad96f6b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13ca3bbb1c62f89f770f5b80f723af0d |
| SHA1 | 025c39db73f084cdd97945331f7bff0390e1865c |
| SHA256 | 9187adc190a69c6fa7cfd2b4259e6313cc1ecf75c9779dd8bf8d48e734f9fa51 |
| SHA512 | d2d1b371af18b3846a89bfb748121391db86f6f80403fa5692b1c6a3e78a46af2a561db6bb6e429b670353e10d20e34da60a7d8ae9ba6601145dfb1e4c7301ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19be5773895c924e43a1e3f9eab4cffb |
| SHA1 | dde370b8c25b193a278023a630c20b2931447da4 |
| SHA256 | 82bc9a650568e04cdde6fbf2b638afd203bdf6a9a657dc9a9b523f65953ba202 |
| SHA512 | 13105cf43f48b11ac6ae564f05fe8c442484b6674a7e5cb025285bb01a64e4a9c71c520e7854a1a28e10b19c5fd30b8042127b6bae8cf69e6813235d19718c1c |
C:\Users\Admin\Downloads\Nezur_External.zip
| MD5 | 954eaa4b1d6dbf8ec37ec891553e6b35 |
| SHA1 | 2807305009a0e3a8f1f6d7c01e5bb8e09388fdc5 |
| SHA256 | b4d07ff54d1f4bb929b1bb46616e3c87ded10d777577a2390f570a7281bfcf17 |
| SHA512 | 61473f3c9e559d4784856121f7a14ee0e3b6d39e2c3526057e46e0b647be074cbd1ab78466f07212b58c65639299162427c805acc0ae4a65d1b93f4c2beacc09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3bfd036e30b2d3821550af5896a846f |
| SHA1 | 5e60b3e5a433d7087559e2c11aa8a27a1d06e2aa |
| SHA256 | 565c0154e084f9384cbc61941c2ca6617c388a6a69082d3734a0136564f08d0c |
| SHA512 | 47675181651634c537451a2a6265551e4709765a0d2efe3efcbd792d6aa830d5f65c357ad517cd421a778e01f719d5e47ebea84c46a65c6c1c6a6af439f41f77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 742817b5338d6c3fbcdb937ae2f26db3 |
| SHA1 | 997e602850e1a3880994b42a989e4c35a087e70a |
| SHA256 | ebdab8b934f011858530f44203402680b01547179ebff90a6a48c8fea826579d |
| SHA512 | e6a1701bcc1dac33bbf7d93f87fe20eeb8e22d823755fd058602c11504d5a7f438ddac1cae54f4e0a25f1f57a5579b1b62a9b13bbdb4bd07d059ab695c721996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 29466b8656043bea843c56450546d469 |
| SHA1 | cb6403097262d6148646a8f0b146d5c348e36e34 |
| SHA256 | 9c353205c52e73e4169e0205af2d693fad445c31fb8681cf6073b99cced6f310 |
| SHA512 | 682e2f96299278bf8c4ac584bbba794f7ef7b49abf6e4c2c2374bc634a895019cd9aeb8974f9c5e4b6463c750bca90fa54ced936cad999bbcf657e2b0adda527 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a5d5a46c4d1af5563ca884801d5ee55 |
| SHA1 | 7c31aa27b259fc2ab578e799cda0f6dfe9067c6e |
| SHA256 | f5614fc31d367b8ed498ad1de1cf615e6728763718eb687ed8f03a0c570b67a8 |
| SHA512 | 7f543a019c494b5aef0aff7d2bbb5e11750772880c0da43c937892f6970983edd7a4bdedf20b8e7d71498183cbb553252c8d3d518c9c1c33274946fd853ca3df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 56d98971ad6139404ecb6edec99226a2 |
| SHA1 | 534dae303cd84901416c368c2a3b21c3cfd6a55e |
| SHA256 | 066220a52b1631459c8116337be4e97f56d9c171c236d3e469ea15150fd37a23 |
| SHA512 | cce590792b856d1f86cbaa5cd489e4eaf0163bdf092d7bda9a9f4673daeefb344426b13349d088b5ed807f0b9f56c5b310e60d2a106e7c89b069afd5d3025b20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\56c4a009-10dc-4393-a57b-9fad8aecc8f0.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4382fba1815c1a3a48694063c44198ca |
| SHA1 | 65848a00b0a5d745ef6a310e3323b164c8a35768 |
| SHA256 | cfb13bc5578f34118365758bb703015a12a39b8c9d75bd829c4963bfa5764e5a |
| SHA512 | eb7fe80ae104a0c95fccc19d8ab0a04828a1036fc0484474fd0c74cc2464128558393590287805b52d9e428adcc7a3cc305f0952e84965c4ab91dd6c028e9a54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b71ba4b26e4f9cfd42c951717048fce |
| SHA1 | 79a4ee9ef8e163227f8e25ae50c54af6d2c1bb56 |
| SHA256 | 977c031aaf320b69ecb1a424aad11bdef7add1299865314002c48e5e9e75fa0a |
| SHA512 | 593db3d0aafa89448afdf745237fb6096ed7b692003514413de149be25c6a134a24c8fa6a2db1708507cc393f6f469554bae9d5e346d5ddf1c8252c2efa37521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 197d80c978d86b6877106e4030a0218b |
| SHA1 | 7b0d20c9e681ef0ccd8154c66d3fd1591c06f940 |
| SHA256 | 2213d1e4758431cf65d7394fcb0158c9a8831c22648e30ea0412eb87cabcf52d |
| SHA512 | cc2710e710f4e3f6b54ff2a8f5b14fa9c61235363f117209741a883ec43d89c4e0745f765d0855d1092d6ea5e8e1770227cc7e12c7401201c7a25a2d768fa3fd |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4e48822e5d99c15713290ec60fe37fbd |
| SHA1 | 0df090319e8477ec5bdca1b4652218ad29f7fe65 |
| SHA256 | a1e23ff6589af2b9dde66e847b3561c04cc955d70cbabe9c9a56a9b77ab3675b |
| SHA512 | 8039c6fc0e9ee4dee3aad8b58eec7fdc5dfd8117c615a288f98c8718357c936cc4162ac2efb012a70342c1e2db1a947267afd627b97b39933a650af8c27ce7cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074
| MD5 | 455cc6c3d25e197d9647dd42676644c8 |
| SHA1 | 7c5d524bc0a529d921eae5dbabd02b0df9c223bd |
| SHA256 | d497d6bc810ed94b71d2e001768c9fc043aa8ca888864b44ce143b695ce01599 |
| SHA512 | e8d198f81f73d8daeb351b8330d9791f59d59f511a7fdeba6faffd9e177512f800f8ae142a1d58df97f249f3be7a3bbc8b3139ff0f3a3bfca898d077aa4cd743 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87ad65b8675bf5815928039e9e319de8 |
| SHA1 | 63d56fe52b41d7335de069bb9d0bd9dc76647e13 |
| SHA256 | 35326b1904e4c03d6c3fe11f88a69c5b7e120879afd9a7d9529005d697925ace |
| SHA512 | f9802105e76cf95f4d2f0783ef0a439cd72c0ac96fdc09fb2f0596ed39eac4ed4fe4cbff8faf5a7969b87848ff299bef95a00a338a0bfe93dc7755ef0bd3854a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082
| MD5 | 7cda131d0cd10230245c4e2b55386962 |
| SHA1 | 850996ba704621664943a140e60805ea4514e6d9 |
| SHA256 | edde3afb4d7984609165f0c691cb9901531111a2f92c79fa191c636c06246161 |
| SHA512 | a3d0d157b91e96dd8f9cad0c4bda6591b797cd5775d12a54ec145ed1ecf63233cec269d626be872aa175582a2e24fad97652aa3b2e1517e4cd8f8dfb53ad5fd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d
| MD5 | 8266eb9d769b0040c61f9107b9233d0d |
| SHA1 | 7d84098b0f5a6b1fb73333838e071558086938da |
| SHA256 | 389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923 |
| SHA512 | 82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c
| MD5 | b3d7bdff8e3fa687cb3a0b41d4f4b811 |
| SHA1 | 73bd7365063e266cc336ce527c2bc5ba8c60e5fb |
| SHA256 | d645a844d52051358023bede11635584bc0d1ed967560017e55274530dd9f36f |
| SHA512 | e946175c00224d1187b772eb7c44090580b71d17a7962ac6b262323eed0093d9d3c752a5baffb5fbe4f03ecf8b34ec59cb22ce5c14efe10465805af92075494c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b
| MD5 | d91b8c6bd7562220e579bbba7e58d843 |
| SHA1 | bcd9eba85e157cd802bbc93a8861ac140be06a6f |
| SHA256 | 3e4555672392b2c30de08de20901494401e1338ea90b939aaf5bd780960aa64f |
| SHA512 | bf40332c152277447e514655b328fe07e62c7365aa4be229aff67da4af29c90616a41ce312b3862ee09a45904dfac32af3881162534ee7109e78524ddf120419 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e47c6947ad22bf98db4bc4bb48817b6 |
| SHA1 | c9e68d17fae00f1c82c5941f7f2641fab21cec83 |
| SHA256 | 25f9f07e76bde7bcb1c399aa379100045a53d7f56f61b398c7751b4455d17525 |
| SHA512 | e9f5b00934895af0da7e5c44b78ecf7a00b0b50842a1391da77bcfe5b20f1c3c076e60b09f84b426b9a2bcaa53238b531a2cab5b6f851f6b196458555ed27d88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ec67df77740ff2cb80f2f6b10f10f21 |
| SHA1 | 13a22f2c896bb4b58e67ad58c2b2930a754771be |
| SHA256 | 327ca68f8eb1b63da1e2e1d1d96d050584270cf082150963c3d01f1432ed374f |
| SHA512 | ab1cd1c3ba981c9002570ba13541c4bd455bb38323c6e51f435265c16bb7e8c1fcd53417ed65759b9b8da77904efb764fe19c3e6b9f8a9aa275fc3df28196f7e |
C:\Users\Admin\Downloads\ElectronExecutor.exe.zip
| MD5 | fff48d618503505f47259a48f928ccd6 |
| SHA1 | 199bd993510be33c4dff44274f0cd29522f49f11 |
| SHA256 | 73f93a029bef9dfd6cf52a331f3a715cf853bab809cac53d8cf609d096cbbb81 |
| SHA512 | 033f3bf94c780d8f43746b9a7c05b5c3db76466f14d95dc36e0b2c9e506ff52ec0ff112253dc47b602f8a6ca965cbe3a0605f3ee86d0d102b95373f2dc69334a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d06eaa7e1672ba9a348772d31ee5d430 |
| SHA1 | 55c86d249f16fc99811c5913e8ad51ab4029fe24 |
| SHA256 | 4d7ac509c53a78e0676b1dd7d9898ec33db4153b6977e827046012a097e46559 |
| SHA512 | da04e0886c33064ce5c6397c0ff784ab633cb5e188bd20bafc65fe4a526d805a7bcae03089d30d4902feb8d11b3ab16e0878d6b15b504ca6337c4b532f03bd6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 059cdefb2255825c52b716959ec0b16e |
| SHA1 | fb38366c0907796fb55799e5ad84d860aad7b92b |
| SHA256 | fc4f1163c18c144a508c34eb4c4626060329f167267a961e167c4f1902b606c5 |
| SHA512 | 62b4a25ee0605ebc656f7a7a1e19f0f1ba04edf343569718ea83f21d35b7e15816ee2841674ffdd074bc2ae00c99ba6f20ad9fb8bcec84c94fde60e1c56676d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b71289587e7f00a58e7d747939a4dbd |
| SHA1 | 6ab9034ee0adbec14b2907586ddb1319db20b1ef |
| SHA256 | 093c540dce95d1a43cbf008aa14404f6e1d98d47d3e8572dfebf105454d04a40 |
| SHA512 | 26b12b59fce572288efb08f9c967a66c99287debd081d695d90397a45198a219cb20e10c43873fc4fefc2a174fd2d3ade8ae12600b35ddcb2d96ad65db8e30e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7ea5f271-405a-4db7-92ef-177b59b7c6d8.tmp
| MD5 | f35ed34987d0fce65ad6dd74b4e286e4 |
| SHA1 | 0377f3f64410697976cde890739883b5495c25c1 |
| SHA256 | 59756bfc362bfc654b34ae93ebbd3a38a364df3dc9f0b5a7aa7f988bf7846196 |
| SHA512 | 0c6b8577607a56f0989b8c840b41b9788bfc07a5675113270637d5cd5c746c11e6db6e30c0b92adca7adc6fe9c2cd424caae4f7c68f8f3a9c06401acd02b8139 |
C:\Users\Admin\AppData\Roaming\7zip\7zFM.exe
| MD5 | 3e53089476409b289a2c8454c792eeaa |
| SHA1 | 9a0a92c55d0562173417ae880f05493f92d03084 |
| SHA256 | f9e982bc418a0895effcd0d3deca22f9d0bf8038ed14a914a86c05fbd4275d66 |
| SHA512 | f199bf971e50635bdd9b8db61ac1de148ce010dd00c46dcfcf68dfaac30781eb8b9c471088de45cb05c157a8bdb56e7c5791c0218d088da6be7e503e2d39045f |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sr-spc.txt
| MD5 | ffd26304b9b5fae8547703515e84460d |
| SHA1 | cff3f023bb47ca3c6c3db202cd8c126b0bb2f59f |
| SHA256 | 283dd99ec8d13784b3d79c36766cdb16dac0ede0c1c09e8b1efa64f5dc2c1a55 |
| SHA512 | 0a4e39e2598c73f936e4c8bd56201fee00aeb5daab0d7b735d5137a8b7c15830b40f028c77b528b75653540836098f5e8fc059111dd2efbd0a46ddbdf97465c1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sq.txt
| MD5 | f5c16d9111631a7280ae99c89d5be4e3 |
| SHA1 | 7fe61a09330c58d445c9c9b48c0ceb904d7879aa |
| SHA256 | 40a3fc08e4b2ca3d691c08b9382b2e9fa391f9123a0769052294d93bc2983734 |
| SHA512 | 1c1801b68d1397d25d6c6d5ce5d1b2d89bd18536a2c0d60ce6aa79cb3cee92fab26424033006091c27efda84e77256c668fb8317fd940bf6996d1fd9ab1fe46a |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sl.txt
| MD5 | 7004b98d09316e84156b91c54888c9d4 |
| SHA1 | 39c8681e497dde4ccffa3bf8d15b53627757ece8 |
| SHA256 | 548aa8422a228617b30fbd448d03c38c3a11d010051a24544cf8ae479314acd8 |
| SHA512 | c48f4baced7a4faf958712225a5326ca2225dd7b396164787ad2c83a0314774e9126fa510eba37b1ab2ff26c67a7aaaa0ba9129b0d97a119ad1d726a56a33066 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sk.txt
| MD5 | ca2b22d21945a478757a099eeafdf9a9 |
| SHA1 | 5efbf215647e82ddeaa4c83d064ef83b51413dea |
| SHA256 | e571c0d87b50f4659099b4ca618057533c22578066e411c5ceb3df8be1e77cff |
| SHA512 | 40365ac6cdd70ff7b7ab09482e1e9263b1b131772019eda357007d029a879111da72b05756adbfc3206b1c060211a16b5f10d507fb0caa3696907c8433fe9537 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\si.txt
| MD5 | 2b78e18bcb07cb8d59d8682502576f8e |
| SHA1 | c277b543ee18441681cdaff9efead09963bf9604 |
| SHA256 | 3899edd17a78bc729278304f7b0ae7750c422a5ba684aac9edc15b8527a229da |
| SHA512 | da07af56bbd954828623c7b38fd3e6cdfe89df98f2525aa486a43fdd17ea5ce79f90e691b1f459df5238b04b3fff0fed58559bc93e15559ff6d8d2a2cf4da172 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sa.txt
| MD5 | 9fe4da297163a84fe9d0b0289b1af077 |
| SHA1 | d14a6a318a50f2f13e45b2269ea2ad8fc5e3c44a |
| SHA256 | a44e8c328bf809890aa6ca883e2cb82b6c5207d9636e9a91253da4cd893668c8 |
| SHA512 | a6fee2f3d6448f1f5be6ec88b51fb65ebd07c7ba3dbaf2f7a801fef54b9da410e6b800094853180a884889b304ea9a54672781fa7d0f1067af6c4a63c494a44b |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ru.txt
| MD5 | b5cec4d03d2d9e162137e475c54afbc3 |
| SHA1 | 3e86ae0174a096b07173c623b637122e4323dd29 |
| SHA256 | ac73d4810639114c3269e3beaec84ecac9473ca6fbc248d804a09df2b33e4351 |
| SHA512 | cb78bd4f6d7d94780bf84f6618a2800a3b6885485c6cb7b0836affcb9ca6f6734834fb84f756946e59595067788cd1b1a230cec760e39d3ea0baf523f7cc7647 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ro.txt
| MD5 | e3ee837f02a1f6e4b2213eb36c025284 |
| SHA1 | 56ccafa0f9c3d805a845311c2ebd80c93a595b17 |
| SHA256 | f168bb4d026782134cc6c261006b815850e753a27fb47c4f23ee617666459a66 |
| SHA512 | a923f953af5df72e04b5c38e523a003b85c0ed74e20ae1c3a2d4848828e03de8e703953cfcf653c148a0eeaa9365f9187804de0d534435ccb90dac1c4ea68a63 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\pt.txt
| MD5 | e6f09b147cb07532c12e47b05ccf87b7 |
| SHA1 | 1b6d069d431edac41c4221a120e8cb9b1152fc70 |
| SHA256 | 55807ed90ae0d9216b93ec7e1d0571cb16d7f9db40723581aefc4ea829d4d182 |
| SHA512 | 95f7db5dd308ca3e91fc3203dfb9fa9dbabd7eec6cf1a8590eef0cc670c6b08447ba09ad151a972d721dbfcfa03468bb7e9d2cac190d6c72c543ce5a16c7aa32 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\pt-br.txt
| MD5 | 7b02e1ae16e2e709d7c97de560b4dbe9 |
| SHA1 | 191a54644417f7d36f5cb4182dcdb3737d74be51 |
| SHA256 | da0b58f52bbc131f967942d1d8e9de1b5721ae864bc21852a0ad4062332297cb |
| SHA512 | 4f689f854db3f766b5e53ce2f19e9f8293c075ee3f9b18098eb05b352f2ec95df85e49a78540781eb531bce60c7b1f7890f1fe3c65200dec3cb908e90fb827a1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ps.txt
| MD5 | 8f15262b3c1cf560b6352fae4a5fde21 |
| SHA1 | c493f7834117f02aab3dd34999acf55977d94c67 |
| SHA256 | 881b19dd1f74251e475855b8bdb53ce9af1c3d2654a9331b069a3c273f723769 |
| SHA512 | 18406e2c762f5e7d5d37d76c0fdc8a8a85d50fcb66b2d92d072b4ca3714fca6eae9ccd9dd50bbb00da84bccfd07eba290930c17a1b9342626715a6d6de8191d2 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\pl.txt
| MD5 | 2cdf63e6b3f3a474465d0d88e5386718 |
| SHA1 | aa4f3f839b35c68ea2a17e7a63053262e94f952d |
| SHA256 | 223c109301a7bbf01fc57c42609083b28e3fcededc1f6e6dcdfdc8ec1580c51d |
| SHA512 | db7c086b9fd9111d468b7bb4f55455524fe161869c20c20ad7e65e5b8eee38fd4e3b19aaa183c69c87d2c61f4561d12c90aa966a07156f193af59bcb6db10ff7 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\pa-in.txt
| MD5 | 6c48ed7deba6d3efe6447be948471810 |
| SHA1 | 4e1d76d565211416f0ed32a2cdd473d9ac54a61f |
| SHA256 | 377f793eedf3a935ddd6260d72ac3cada9391aafdf1f019d0be72be2b83a5dd9 |
| SHA512 | 22b8bbb70492e19ede9c5e74483a1a6d57d4f86f38d1321331e0137c7953c6612e03f854fb1bb0c3234bbc0f561e92501a345d881fc09dde598e217d946018dd |
C:\Users\Admin\AppData\Roaming\7zip\Lang\nn.txt
| MD5 | 366b85bf575444d20944db387f94564e |
| SHA1 | e93fb8c9ae5ea26eb5c128be27869cf3d3cf8fe4 |
| SHA256 | e6922e17b7622361bc4d07e76874a919e3095b477ed008986b94f84a931cb22f |
| SHA512 | 19a7b5c8f4ce681092ed56c78d9dd6bb95367809db78f905f357859dd797e7e04810b6f0441b3f5ea7e1bf53d4e06ce361400f6899d8a6a54ba4fc58f9d8e991 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\nl.txt
| MD5 | 54169e744254bb5a4182bcb2678f8479 |
| SHA1 | 244ff8c38c8da10e20282cf74a08e18ab165640c |
| SHA256 | 8a74f64c91c25da6056b054d388bf1bbd97384ad7d0086f86df0240e077c6149 |
| SHA512 | b798027c10f2aa7f06fa4fc3473f3040a23968d967aa93c08d072f86da2747d7847f8d7b37bc796a8270721c200978c61b1a4a5c6fd8b87845fdbb1337a142a2 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ne.txt
| MD5 | c7ed0560a6145a417b1e92546ed6b0f1 |
| SHA1 | 6be9ff3e7ef34767caa165a0e9851914bb65378a |
| SHA256 | c129f67193295736e1c1ff4ac7245cbd737a07ea6073b43fd22ac767f3d56e23 |
| SHA512 | 508504216c916c6ef168062c1d13336594d469db92d8b40571c726a4b3053ca6fd0c57f9f2fc389f3216a5c663ebdc4aa520462ef39abd5be55c7b87b522d90f |
C:\Users\Admin\AppData\Roaming\7zip\Lang\nb.txt
| MD5 | 7071cabd6fb28ceeddeac8b934879855 |
| SHA1 | f45785be897c13e90c0850a81252ca9ec472aa6a |
| SHA256 | 694481b64e223f9bdd0936f89138ef735ceb92ac962d9dd21682109ba81b9697 |
| SHA512 | b3b0a4da8eceedb39cc72f344880920acdea7d01ec009fbcead3079aa0a576ddaa5b754fd9ec5770cc3ffe5621a95b00da75448d5e7770549c0beb756ccceff1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ms.txt
| MD5 | 91da4b7d7cb3b5eb4304394e0c4caaf2 |
| SHA1 | 940259adf9fe58722df14bcdc472e1fb9196b6e2 |
| SHA256 | 31ab339e581d0d13a43cadde7c0d1e11cc03a6d8c92b91f8fe79963a6982dff5 |
| SHA512 | 743de69fbdab306f8550a9b377494f9231cbb7743f627e89540a8b924cc9e92e18159afca09ef363f2c1f4f8832a3db9008f0c1dcd6012d5f05ab27a77d0e9fb |
C:\Users\Admin\AppData\Roaming\7zip\Lang\mr.txt
| MD5 | 2e9fc42dbd17e30f8db8205fa2d18543 |
| SHA1 | 60639e6d06a38d5c507136c130a172d606b698e7 |
| SHA256 | 08b8f7ff35dd4315133e04fd17b6fb896d63b9c87040a2cc68a83e81ea4efd78 |
| SHA512 | 7e1aa7234dc2c07654847de01600787ba735e9ccf5d376d37696f3810418a357beb1d611a164fdfd7a24ca33e7bed150df08187d4ade6c973c45be5df74fd95f |
C:\Users\Admin\AppData\Roaming\7zip\Lang\mng2.txt
| MD5 | a0d06dc2b7f53acd8cdebf7864080cd1 |
| SHA1 | a4b9c4d1c4355bd90356e60289fb4efce0046b6a |
| SHA256 | 47bfe43f3f5a88a0f366fb317a542cdc1e216f8c368ddc67252480ede7d130f4 |
| SHA512 | 811fdbfc11f8db60b2d059d433495fd50220e5a718ed9fe7f9c422d9695353825129b05e0f287419d4784c3564ea7cf7be9117c4408170f4afa3353fbc875442 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\mng.txt
| MD5 | ba28c5c312d1a7827b40ed84f1f6f85b |
| SHA1 | 72788c4b14c47a3988245e81fc6e7bbb8f88442f |
| SHA256 | 92898472c1db5248b0556fb5bafda8090684249b561de5ef2a84c10f2f4383ca |
| SHA512 | 35871824adede6169118087d28fe3c78ea09cb259c7c168e83a22ca74c024d9f0d61250ad1fc9f75b71a8ee5235a12ffd52c146b8232b7bea84ec024b19da7d5 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\mn.txt
| MD5 | 8756027adf94b3cc3d6c42f0d3fb4af0 |
| SHA1 | 823bdbc5abf1d2f3528aa319a417ee090d1c6928 |
| SHA256 | cf5245d17224f85011ed85062957dbfd936dd760a214980fc8f2eb69e6ba3cfc |
| SHA512 | 92715a814d24318533ba26af542b174df12e5d8cd40251bc27890345eb6c64d174448745b2b138bd0a7e0fa0d96b803fab9b29f89767729e64a95b164fb27f29 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\mk.txt
| MD5 | 71d42abe45803ac9c3da5fcacf9cc59c |
| SHA1 | 98a1049906972abb480abaf1f5658c1b8c10f27c |
| SHA256 | 78f5cb9345ab258cf745eaa90d44c7a7a73d3fe06ea182b1298a989135ffa11f |
| SHA512 | a0096575d6f911cc2600dac93d6fd7aa8d9e2f9f71a92571a76996fb4c47bdb714bba453c862b3f42cc5f4baaf2aed1dff3c9d6f84a3e2053ff2037c56ab85a5 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\lv.txt
| MD5 | 341cc2c7302ae8e91b286d9efff55693 |
| SHA1 | a92f6126ab3d22e2c6a8d35c29492946e92b4a3a |
| SHA256 | 4de5f75c5e05ec4fabfc2d266ae5b254f0c335c822523a0a7f7edc60e35a5e0d |
| SHA512 | 98f267b9023c5d681d6d2839a22dae01285196bab2080a9d9ee79abb549b7a99bd6effc51a5896ecf541d98f47d1abfc01f1c31da498b0650738b63861667e36 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\lt.txt
| MD5 | 92d03523dd0e7e7b2862a6396abad455 |
| SHA1 | ea1fc2bac5ab8d5ee329a5945f1ed90269cb7aec |
| SHA256 | c5da5b37be32fa4cdd8b938d479c0327b84c9f83c948eb7e65f4ddc15a6beeae |
| SHA512 | 1fb0ae4117dd69418ecc371f699630d79f89daaa3099f57ebfa4a7de398cbdef095e0b029a547dfb6936a336a9e2748b880ec83a65554a1858f2f87104d63e27 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\lij.txt
| MD5 | 372bc4a26b676c48cf8fefab3711b91d |
| SHA1 | 39da7ac5a483bd675657c24f875c2cee93204a1e |
| SHA256 | 431cae1bb77633fdf3ce339e97bc5d5d885779decc01ed03583e381f097a2487 |
| SHA512 | 0bf4ded969bc2af21b806fea241b7f0a312d8d4d9c81b14293e352e09dc31b3b876c77c155b6c9769d89b169d8de65c4f52b649acbf90af14e75ccd6bb8157df |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ky.txt
| MD5 | 7d0420ee265c9122dc11ef964871e179 |
| SHA1 | 4b84b209e5a637869e501d54ff0b535bd3924851 |
| SHA256 | 4ef68fbd8ab002bbf4cd6d1c9fd6d87a5fde048afd2ef162b727259eb97d70d2 |
| SHA512 | 0ddcd7871e61b76acf3fa0224519ed8e29c33234c300097f69e799951f8f9e87943a4f755f1362856f0c2a3804c399e466cf08cf0e189ec7bcdf744e07c61635 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ku.txt
| MD5 | 6e9a3e86335c08c15350ba91df969269 |
| SHA1 | 3c5fdc93b569db37b76009f51483e7bf55a7919b |
| SHA256 | a00b21a87a58adeff29ea379160b6ae72df5ec380f6e4c6a1bc352b6581fb4c4 |
| SHA512 | c9919ca7ff62b673a22447029d77630c44d71847e0b4d2d8c572fc6e0fa51cc03473be46b87c0dcafe0194cb12119e8706286060622e42892702ec3c6239ad0f |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ku-ckb.txt
| MD5 | c90d029172a8533946ef7419bf383305 |
| SHA1 | 7b3d96899f5935e559626d215517315c04207627 |
| SHA256 | 19af39960142b8599153a09ef4f03f944fc00999beb9fe2399f5f8b236716eef |
| SHA512 | b0a711161ce233e5b9231c21abfd721bca6a85567debc6cc9c033c68d0a6e1292f369dbf1ea52b4088658d13263c245ea37752e87abd8b2aa878b5270ef0b1be |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ko.txt
| MD5 | 55e8685ac21571f0b5f11a4d5fa088f9 |
| SHA1 | 285d09b7a8adcab4e5d72928487c711b8f48b8fb |
| SHA256 | 58a2dd10438c1199653c1bcd88c520ddb437fa8e01bcf311130ada0a626151c7 |
| SHA512 | bd95e5f82e17494404e7319f5cdc1b4bdd868b2ae73be1cf407f9f1e54b360bf75a36993a60a14d29e4af3ec15e0538f23e1f22dca1153bd01fc0ba964390337 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\kk.txt
| MD5 | f4c46b450a580ad5abf0b638dcdcc6fb |
| SHA1 | 750dfddddadee9cfe0e8f651f1c6cc38cf1fcd78 |
| SHA256 | f2e6e55c102485e232daad00f68d8905f7a54f8ae2128db6afe25231c17acd69 |
| SHA512 | 24b6dc7b491302b905c1e20e67ddab16af9420820b6c83406618e017fa84d952661087e2ea577831441e8a3c82ef697de713597e33626aed787f3485dd9b1f7d |
C:\Users\Admin\AppData\Roaming\7zip\Lang\eu.txt
| MD5 | 29ec04893f6b2c9058a8f1e0beaf9081 |
| SHA1 | 8e7b5a0ec24153aa7be02f0395c003df02cf6a09 |
| SHA256 | 536d93ca6d7c96d203b51333c4e78de2429f78d32cc321461589626759c84127 |
| SHA512 | b84e6606a5f58392de5c5f8113db10b8212a82bb93367469284ad2dd9a961bf381e3d230179ec19a32cae7a266cdde7290d95a262dea247b267fdce905f89972 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ca.txt
| MD5 | 1657720023a267b5b625de17bf292299 |
| SHA1 | 0045dfafafb9c9058f7d0d6a6c382959c5a67fe0 |
| SHA256 | ed8748da8fa99db775ff621d3e801e2830e6c04da42c0b701095580191a700a6 |
| SHA512 | e7998f6484370e53db9cdc80cd55070e408aa93161fa59e48c6e2b26462d6d3eb774c011212840ef1eb821a5ba067b6706cd4ca2be00619aecd24a11e6ca136f |
C:\Users\Admin\AppData\Roaming\7zip\Lang\br.txt
| MD5 | c2eb67d788756be5ecaa0a8cfb3d1e0b |
| SHA1 | 0636e7fba4ec0fd12f93347451b5690c7b0bf788 |
| SHA256 | 0f6bf6749c42c844980db32ee56cadc987ce245ef650bc7d626d56468a7cbe6a |
| SHA512 | 0f98317078723d35553f8252ff9e37a997c90276fbb18359247aa257fc7630b7f6a0c6f6b02ac0a06afd33cca56c77a01494e04fc1a4ce43ded0d40f9f18dd42 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\bn.txt
| MD5 | d0e788f64268d15b4391f052b1f4b18a |
| SHA1 | 2fd8e0a9dd22a729d578536d560354c944c7c93e |
| SHA256 | 216cc780e371dc318c8b15b84de8a5ec0e28f712b3109a991c8a09cddaa2a81a |
| SHA512 | d50ea673018472c17db44b315f4c343a2924a2eaa95c668d1160aa3830533ca37cc13c2067911a0756f1be8c41df45669abe083759dcb9436f98e90cbb6ac8bf |
C:\Users\Admin\AppData\Roaming\7zip\Lang\bg.txt
| MD5 | 833afb4f88fdb5f48245c9b65577dc19 |
| SHA1 | 1a6e013226be42cd2d2872b1e6e5747fab65fe8a |
| SHA256 | 4dcabcc8ab8069db79143e4c62b6b76d2cf42666a09389eacfc35074b61779e3 |
| SHA512 | 05bbc7abcfd0a0b7c3305c860b6372871cf3927bbe1790351485a315166e4cbdf8d38d63e01b677bdba251ce52da655f20b2d44b997d116a1794c7b3eb61ef31 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\be.txt
| MD5 | 3c21135144ac7452e7db66f0214f9d68 |
| SHA1 | b1ec0589d769eab5e4e8f0f8c21b157ef5ebb47d |
| SHA256 | d095879b8bbc67a1c9875c5e9896942bacf730bd76155c06105544408068c59e |
| SHA512 | 0446a0e2570a1f360fd8700fd4c869c7e2dbb9476bbdec2526a53844074c79691542b91455343c50941b8a6d5e02a58ee6aa539cc4c4ae9cf000b4034ef663e2 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ba.txt
| MD5 | d83b65ac086da0c94d6eb57bee669c2b |
| SHA1 | 6210f62d41d44cc280f44b39accf10da28424b75 |
| SHA256 | 2901b54f7621c95429658cb4edb28abd0cb5b6e257c7d9a364fc468a8b86baae |
| SHA512 | 56c7ecb4223103d81ffd11c214cceac20e7770b82fbc78a5e82e6dd9d589cc319d4689bb6d9027e5d272097e1b33ddba27a8414fcbc29f9ef68329e343004222 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\az.txt
| MD5 | 81b732a8b4206fb747bfbfe524dde192 |
| SHA1 | 4d596b597cf25ff8d8b43708e148db188af18ef9 |
| SHA256 | caec460e73bd0403c2bcde7e773459bea9112d1bfacbe413d4f21e51a5762ba6 |
| SHA512 | 8667bff18a26fe5b892ecfdc8d9c78ecc5659b42c482e1f9e6eb09f7cf5e825584851cd4e9a00f5c62d3096d24cc9664f8223c036a4f2f6e9c568269b2fbb956 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ast.txt
| MD5 | 1f86ae235bc747a279c9e9ec72675ce4 |
| SHA1 | 4a67757fa535978021d794d8d2392d3028350686 |
| SHA256 | 8fcd1b8ce6fed05f406c4b81aea821132800bc494d3fd6f42a4258a81f8998ec |
| SHA512 | 216500b5451b84a4882729307b6ea952688550e109a0afbb0d67db0f882f642e5d9e8dd2fc86591c4b2d49658fc7434294cadcd1d2322119fbd1f46190efb7e5 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ar.txt
| MD5 | 1c45e6a6ecb3b71a7316c466b6a77c1c |
| SHA1 | 04bf837911fa31ffca8e034158714b47f6489d38 |
| SHA256 | 972261b53289de2bd8a65e787a6e7cd6defc2b5f7e344128f2fe0492ed30ccf1 |
| SHA512 | 5358bb2346c9f23318492b5e7d208e37a703c70d62014426eadd2dd8cda0b91c9d9c2a62eafe0137faefb38bf727fd4d5d8dc18394784ccae75ae9550558e193 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\an.txt
| MD5 | bf8564b2dad5d2506887f87aee169a0a |
| SHA1 | e2d6b4cf90b90e7e1c779dd16cbef4c787cbd7cf |
| SHA256 | 0e8dd119dfa6c6c1b3aca993715092cdf1560947871092876d309dbc1940a14a |
| SHA512 | d3924c9397dc998577dd8cb18cc3ea37360257d4f62dd0c1d25b4d4bf817e229768e351d7be0831c53c6c9c56593546e21fd044cf7988e762fb0a04cd2d4ec81 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\af.txt
| MD5 | fbbe51acb879b525cc6b19d386697924 |
| SHA1 | a030539bfe976e02f9540993e746c35e288834cd |
| SHA256 | 3793fb69ee9fd958cf15a272b1ed54e4b3d75592836ebcd085dc0e7b1400d1cb |
| SHA512 | 3fee44a909cad9b620fdd850a31d70e762a834524d8ed61490e243c8df40eaebd5b8e0ee5243efd924714e49376eaa024b8ed4bc70b1b7d50d5c6695b03f12be |
C:\Users\Admin\AppData\Roaming\7zip\History.txt
| MD5 | d68c7d03873eb191f46bcc0cb6a89664 |
| SHA1 | 2467e3044a96ee2bfc2720e7e0d6e68d5d1c5837 |
| SHA256 | 5355372cad5a5142bc7a0991bd84dbb751bf65a4c272e9c7eddf48cee79dd24b |
| SHA512 | c4d25238c9a934c13c68fd4b10794cd0000535baa80fe3b74f1f742fd5227c3f65d13f345dce8600a8d7dafc0b85e0025a4c315305fba77b669f65524a29c6e4 |
C:\Users\Admin\AppData\Roaming\7zip\descript.ion
| MD5 | eb7e322bdc62614e49ded60e0fb23845 |
| SHA1 | 1bb477811ecdb01457790c46217b61cb53153b75 |
| SHA256 | 1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f |
| SHA512 | 8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60 |
C:\Users\Admin\AppData\Roaming\7zip\7-zip.chm
| MD5 | e8b5cf54c6bf22492b373715b8b59dc0 |
| SHA1 | 6f77c6484340beca444aedcb3a8411798922ba27 |
| SHA256 | 4f5c2170efc2b6af63873aadfed45e398ba73b414a87ee1e95c4a3af3d5c7ec3 |
| SHA512 | 4813a9bbe77eab0c7f9f65eb14f0b5e0808a0fa95ce47d9b2b34fead09fa2e03d0e0eaa4ac14bb5691b9c53b800c660f38715d058aa182ba2cef5561b786d629 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\uk.txt
| MD5 | d125ef7f9a009cfe4093152e48055ac1 |
| SHA1 | 7063f242690890c98296314884e0e6d058c23aff |
| SHA256 | 53235cb228dbbb5207f18bd0b318f54fda9f9f5b05094ea6ac7ae368216cc4ef |
| SHA512 | cc199e839e2cf24abcd8b9685702732427295858976a038fddf6e3691fd1a31bcaf9f1dbac48e125e096d1a395dcabfb4ecbb02a6c5e7d6dea67e44e21e69037 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ug.txt
| MD5 | ef3e8d61d03e42a3b40d6f0b12535adb |
| SHA1 | 569360bcfeb39c102a3dd78ed96204b5d733ffbe |
| SHA256 | 9d0268d1eeb8dfdebbb8ea1033c2b99cd667a244c9859085be5d54c9e5ced369 |
| SHA512 | 6e9afeb0a96da6d8bf63f06de421b8d4ddbf4d750e1bdf861fbbdc0268cbeb19068d08787f0f1655b40ebdc603d888251dae188c3547f32b970c7f927754066a |
C:\Users\Admin\AppData\Roaming\7zip\Lang\tt.txt
| MD5 | 6e299b81edacf15face1271d032cc5a0 |
| SHA1 | f2e955fd7bbf9140f0e86bf1a759d729c9a4e4da |
| SHA256 | 18479d66e0c8b5144ea32cc9d6b58eb8748e80d2c3bdec0dbd99bbc3ab42495d |
| SHA512 | 84e9484319deb5a7049fe130290a7d67a8faefc9a17f7b2ce9f9586fb0f0641b839bae681c6f8ffef551780f56166c9886c1f7f6f0df386389f44710423b9865 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\tr.txt
| MD5 | c69be29e4448a858180daf367464d531 |
| SHA1 | d83819911331f73bc35e2eb02ec1fbcdddf30b7d |
| SHA256 | 4816929c4bb958ce8d64d14df47f0b6a35dcf0e7eb88201eaa93af541894e354 |
| SHA512 | 469be1075e9a5c4cc8bb6a0b55e645448eda3d46527a5561cd55807f5e52c3410904a34e0e64e11f963153d5cea5ccf16e7e7fc7ed63aea3fbe532959056aa77 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\tk.txt
| MD5 | 75c23d0431bc83ca17308f08d1173c1d |
| SHA1 | a052e61036e0da973253ba225031d5929ee5e2d5 |
| SHA256 | 75eff9de596459f3eba755b5c4c8ce635af2cecdbae40749df348c97a2e56ee0 |
| SHA512 | 10872e31df08e59d080be3c0b975df06e2e8bcecea14fcf9f547965143a9652c8b9ed50d38232a72b8f0745c964f4e616b06368d9983f35ba05fbcbf2294900b |
C:\Users\Admin\AppData\Roaming\7zip\Lang\th.txt
| MD5 | 8ee06a03dc18e5f8bc750cb6a78f6d9c |
| SHA1 | 179c195700df844216c2cabdc17062cddbd1d6b3 |
| SHA256 | 01e7b965bd4b722003f74b4e4b30ef6a1baea67108816d1b9f8d6add39c7fa10 |
| SHA512 | 4c908ba391bac8bd36bf76b5c3b59dd59eb71f2513bcd04c47cbde683ad463c0feac5d5aada67730f3f566156c4beff09cd7b7d1eb043b988ad7938b9041c4ec |
C:\Users\Admin\AppData\Roaming\7zip\Lang\tg.txt
| MD5 | 4a5529986613cdf743b3f7755f8f5cae |
| SHA1 | 970dfad147ab3d32e93eef6bf464bcac23368e4f |
| SHA256 | 1cedd8f699940fecacacbc5df093ba70fb2099faf9864376a3d990da78b8e075 |
| SHA512 | 1f7e8a8a21e8e5faf546b2f4c621b326a907afa017dd8221022df2d19b3e41d10d5157a8713f8d5485601311029f4e25dcb21d0e9b4991b6d26d651b416239c0 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ta.txt
| MD5 | 228ca6d7b8d850853233c4575a7ebf1f |
| SHA1 | 4bc90fca87925f7d855972f5dc67ef5e9e29b438 |
| SHA256 | 0a3b285566bbeb3f188b3c72ba21cbfc545ea05471eab706e972c828da5234e0 |
| SHA512 | 2995d1c2bacc8c0ee757fc47fe9c8ac07f1ee74ae3a70bbbcc66cbcfa13a924855b3f7515d04031434870829be34f0fb49a35388eaffacc0e7a33f9a44a02870 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sw.txt
| MD5 | ee27959aef24cef2ec07684cf420b2dd |
| SHA1 | 07d9b4d2b4ab10b3341f3286cee73185daaad918 |
| SHA256 | aaeb1631458e448b678579ce369fd0a6d66e0fb02b9218328c537ee38636c557 |
| SHA512 | 9e0fd7db8d799763eee9980d8c2b0864640fb74a86036d337b019ac317a3541cba6d65af1c4179ed46d64d4005395cd6c761f6a234428df3f1fb04634955242f |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sv.txt
| MD5 | 2ec8b6f0c0c05157ae90aba540debed1 |
| SHA1 | 56de30674cf6ed17ae1fd42080214573b8383789 |
| SHA256 | 54112b265ec01759adbf72dc856ff0f9dbb2b3029eff8a56de08dffc5d3dc954 |
| SHA512 | 6cb83b0d3db5254e47f86100c38be073f257b4f2e643f14e91df9ccac36a631bf06e52ce8f98106f5a17cf19745f2b6277605968bfeb9e0d423b1fd3ab5c0a06 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\sr-spl.txt
| MD5 | fd327f424c7e4f23d2c018ded334a1b5 |
| SHA1 | 0fe9a48c528be4022b19f7373cba9190d3bdb473 |
| SHA256 | d5a250b45bd51267e2b0d78cf60e7f14113419565f9b95c2b1113963396570a5 |
| SHA512 | ae6c2959a5348bdbc1464fd0e08a3a00f8598a2d423381e5883347a85e88f7749659e0fac4f89d6ccbc74a1e83f47ec4f42cac22115ca3921def00de41978adb |
C:\Users\Admin\AppData\Roaming\7zip\Lang\kab.txt
| MD5 | c6ac7aad8bce83ac69f197db9d4529f8 |
| SHA1 | 5fa31ccfa23b753cee7aee7ee65915aaa94f9b01 |
| SHA256 | b8a7a5182dfdacc9baccb412e161c60864d3b5d30038935122c736ae4f4ebc22 |
| SHA512 | a643e38a5801a50fd318fefeb0245b8935c818737b860839c15fa09b0cc0e9ef55eb455e3ceaf8b2263ae23b5befd1e6013ba63c4abd1b89627905498ff026be |
C:\Users\Admin\AppData\Roaming\7zip\Lang\kaa.txt
| MD5 | dfba5c2185e113eef167a5e21c32df76 |
| SHA1 | e36703d7d1954e3f1729a0497674ec15c41a2f76 |
| SHA256 | 4d631602ce3d0c4d9162af6bf56a90c8eef75a24d556b729191b62f79aba0681 |
| SHA512 | 3271b66114bd6f145693258c5e84a175acb3db865169734a9beb5de7f9aefd06b4144650dc0e98fd47dd38ad3cabd26415640cddc8ac611c23d14487e975fb70 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ka.txt
| MD5 | eb2af4dc4c28275ae1876523944d708e |
| SHA1 | bfb87569112a081a99ecd5bfdcc6f2aead07f67b |
| SHA256 | b78defec49d07120b74c2172f3e07540314771b16729c6bbfc3a1902ece2eda0 |
| SHA512 | e04680a6050fc6b3d0bf50a092f5fe2049bedf705f479fb5c45852e4cc19d1b735b85166da15ea67dbeb3aacf39dbe6c80eda9d4c180805d87762468875ab49a |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ja.txt
| MD5 | 470b0ca449e9f34bb34244a7ef39441b |
| SHA1 | 471c37014eff0214ce757b6e88987fb9e2b31931 |
| SHA256 | b0150c2b3d2ad9b37a7f47a24466aea4a56ced728caf12d02b407fd0080602ab |
| SHA512 | 1e2d690e484449fa4859836f7ab880d512e98e5f996bf679ecb3a5c3ca8a3fc7e9fed4e6c2470fff790ce22bb6aa407d951ec6c7ced571b5ac8e86ca873f3afa |
C:\Users\Admin\AppData\Roaming\7zip\Lang\it.txt
| MD5 | 87efe148b443c6b50eab945e27f9b39a |
| SHA1 | d4a46f9a798c381a7415de8b74b296f5632124c1 |
| SHA256 | dd0a9a9ce33d25a9f6c461a6e43721e975b8b1e189c3d5b81f1dad0ff12870be |
| SHA512 | 3f391e6c840ea267f500e7912e87e8696099aee683a0a656a97033dec8de38f875c60dc21e9332a7e24ca3e2ae8c404fd936f915ad8c8a05eab090c355916dd1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\is.txt
| MD5 | f361950b7d1bb073ef48ca729b7ed5ea |
| SHA1 | 8c5d3fb8e09c9682c6256f05f82ca67c58f0ff2b |
| SHA256 | f4f9d6dfd36512f027452499b083ad0656df6503ce03e4e4cc45b925f1f1d678 |
| SHA512 | 6163fb77d3155525a563ad907cdf48fa18a6ce019a073c7d9dc2438927217d0d8534ada7fc444114f14ac216c89d12e83f5b582021be693baec80bd69199909e |
C:\Users\Admin\AppData\Roaming\7zip\Lang\io.txt
| MD5 | df8bd55b7a296da48c8705e1d00bad7e |
| SHA1 | a77adf8befce2ab506c2fc728df2d0725983af95 |
| SHA256 | 60eda200d8d995626fdfb1d523f02a9aa538ce5e8ee5028b41293f615a9d451a |
| SHA512 | c3abbc52ed7b331681e2ca1ea260dc54ed93854799839ec5e724439368e970f09a145bcdb0b638099fa3c8dbedb21b2ef69196b35565a597e45606491b5d5642 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\id.txt
| MD5 | 73b9f189f0c37d7cf37df8db89fb52af |
| SHA1 | 060ad5b22f8dd408260b7210392c0a6f6271fbff |
| SHA256 | 18c4531e9fc00ed242f1c0526dbcd0a3d1ada9bcfee651ae950328ac872a216f |
| SHA512 | f8dca8e9aecbaa7fd596535fb792314253814098c1089262ed36e78960ffebe377c6436354228a9b4e17bb87fa6e1833110fd843c63bbce3294262b623df86e0 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\hy.txt
| MD5 | 1362c3c286cff992117d5466bbe284f6 |
| SHA1 | faf50ecdb6db6cd6ba9e0ae18e7fad64511048c7 |
| SHA256 | d8f60bf92541d20d01f6ddd56d49f25519303fd16e285e18080be6815b74b8a8 |
| SHA512 | 1834fe901b1182b793872e2a822801966abdf312873e15877e589b9c6a58d04e06a2c60b26d2209fe7048f7ea9befe0f6b39630eb4c5578a54735b6840677205 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\hu.txt
| MD5 | eebea9c4e71a5d2820f5e8972822800f |
| SHA1 | e9f5e741995bf92266e5b6d6891896e5b9cc1f42 |
| SHA256 | ef79e98fc911e0d0d16bd061a65f50f5e50caa011699852e1608a2629b8ba37d |
| SHA512 | 01b4bd586a1b2629b94dab877510110e6fa1286eb9cdf7882539d42466609d830489ba450e7e7cc41958f463227f5376151f912591aa88c7866182374ed574a5 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\hr.txt
| MD5 | a0a8a75560efcf15801c96e6d71becc3 |
| SHA1 | b3f7b92d2a13151a14b493108a50a8365c46f6a0 |
| SHA256 | a72f01215eba3be3af6659129dd20f7a42d74f1da08658a9c8ce8e303c3e8f64 |
| SHA512 | d730c0dc30a299b6bab1b8cfae64d8d4bdea121e651641f578b0947bf5f67669f342ce20198b26fe7881ec99baf290695bc460828198a997b4e59ec91396c217 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\hi.txt
| MD5 | a0fc3c3d880a54918d86b40ffda12f23 |
| SHA1 | 34fb9f1b5a6731100466f66e193ab5028b3ec1be |
| SHA256 | 8cce5e5a846196dac3649483290160177f47d88a7dcf0e85acfd3131856a266a |
| SHA512 | bd1f17d76699f177ce6df4b69f82dfa777a0ae20e243d5fed0605fe951a79d8ae54371b07eb30f075161c108f46be1ce21b162b66cc099c02adb6eb6d5e8f158 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\he.txt
| MD5 | 1b53819f8d58fd734b5fd985756b557c |
| SHA1 | 8759783adbd62c6f32511313babb9d138fa0a150 |
| SHA256 | dcd061a0a7b29f55fa28d4396f60881836c2df07cd936412c476a7f149540cc4 |
| SHA512 | b7f0a16d9d02434e7d1c619768dc1d67c163ad6630c19630c405b5934311c41b65918c61dd5f27555cf5cf629411d57fe2ce04fc6c99a2272d4689b69a078e73 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\gu.txt
| MD5 | 410c8a33c66b4b2bc707e113d9c76914 |
| SHA1 | 81a9f3618168dbecf309907ee74591ac3b1297b6 |
| SHA256 | 9025d8a58e0c76b186c943ef8a73a1bba6c08945e346de14d3c255ccfa3a10e6 |
| SHA512 | a520cf2dc7e9f653bb08c93c657cb8e2d1142e86c3e0bacc44457cba5ede044e91ff01f55139c5aeb7b3f26e51724931ea2b2bb20a058c4b9d888a3ae8766021 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\gl.txt
| MD5 | 492e51b4b5b287fe2b90a5f0bd433847 |
| SHA1 | f7e1eba770d3d07d0e8c2bd61d556508ef0578b8 |
| SHA256 | 54f676333ce58af67b839b0f0470f99f405b5ce7fdb9c345a19d00b6423277e5 |
| SHA512 | 0aa1df55256324b24b495543e4abbefd776108bdd90d3155d02b1c10f018bdbd1700c4430848dfbd5073a374715f8510efb17ae1812a9aa44b65e50edb23de59 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ga.txt
| MD5 | b4295e254b9dfc90e0093188257c007c |
| SHA1 | 6ae9b959a752c32fab8407b3aa277f300165a579 |
| SHA256 | 406669ecbdf562e773b9cdf831cf5f63c3dd1a012c3521a41227c9141511d959 |
| SHA512 | cc4671a9312b7f41ddecd2e02d038affd58bbc62363b811f15f10002c82ae826e060f5ad6e2b1fd75557b3dc3bbf12b6e6900b398623cf547e3727ccaa6bf8e1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\fy.txt
| MD5 | 0111890c0137974fce2d79b6d22e5686 |
| SHA1 | 98ab055fa8bf5f410cad55627424d6512338a4a1 |
| SHA256 | 9fe460264af4abd9ff23eab79387ebb52b4498758645cd5721e75fd7b747e536 |
| SHA512 | 86acdb4d62bf9c784bf21999cba5fa3674e70fe5647fdf1dc6a9c5b3cf9c182a18272d9c8400d997bb09e12c908e08a87a951c3d0156a134802e00f70dd1ad90 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\fur.txt
| MD5 | dfd698a0f6ed7bf405a8fdd6f33b2315 |
| SHA1 | a8cdbc14ad118c61d484cd62e8c4e7d1141fbb4e |
| SHA256 | fc944eaa7883341372ebd5ef0e2f236ca248b2996a902240a75218541b600e72 |
| SHA512 | 07c5cd9ededc00fc28f878d83d327d91a91edc236b51d05cd8171e43bb175072fe9bf0a4c89d09e21441d8192b08e5c3e5e156fa132b1c657715a5b7cb0488a6 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\fr.txt
| MD5 | b1b6e1c3cf5247ec1618a88f9853d54d |
| SHA1 | 0671cb77ad76f9e27237aa538f8efa6bccc40de3 |
| SHA256 | cc283e9b0c1822f757372c21f179710c4592a2f7755e706c48065bcfe70bba5b |
| SHA512 | 045422d358b3348a1e52cced12d70757a7e6026801113eb68f07a399acc75b6ecc9a1a4401cb7a65506c6f61d4fbb348765b0c80080072bfe06e0500cf31b0ac |
C:\Users\Admin\AppData\Roaming\7zip\Lang\fi.txt
| MD5 | 7ac9d88f81aacef8759e510e9601a4b9 |
| SHA1 | 249fe906a2d5a8e084cad76e3e67dad26c77bdb1 |
| SHA256 | 24d66c5733314f3f72b7ca0f5ceb5a3246726dddefcf2f033715188edb062db5 |
| SHA512 | 00b67a09cc101c557b7c9a5ea623e654407a953fe87ebb5786a7a2e8ba1944130ba4026a64bf83952a14e7a7c719f81351d8a84fe0b3fe9ba553e4796e7a7ec1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\fa.txt
| MD5 | 952328b44391b1d4196dfe1f832a16a2 |
| SHA1 | 7bf9ced7d272d2df60d2d3984333a6bb26a69377 |
| SHA256 | 05851ba54b24d7fd45179419aee91a2d40bcab62e6aab99c1a92189fb636bbb2 |
| SHA512 | 34cc2908320e349d04babf2e5039dfc18b6aaf9f39bea6192e9d53bced3c661c847cce8a17b9aa6bcb941390da9a7ac40b28a93903c9f1946152a7fd93f43aef |
C:\Users\Admin\AppData\Roaming\7zip\Lang\ext.txt
| MD5 | f048977cdc74ff4d1f045fb3fd5d0118 |
| SHA1 | 4d44f8644a0d41fdde9f7d7732b197a4ebb65dae |
| SHA256 | 3cd8b8633fbc076ee07bf58da6e01ab692df461381a2bad4ef5512c653da46e4 |
| SHA512 | 48011fbffa45f8809fc6e7d1e8899ee29d4cc6be2cde36484301e71a3c3ffb85cca6cca6a9e9e79af5355b1309834f67d62100ad09aec852d152aca3688d129b |
C:\Users\Admin\AppData\Roaming\7zip\Lang\et.txt
| MD5 | 54d610c174514d0f60b382249885963c |
| SHA1 | 4d2c22ba3da557a3e8641f8d5388123d96c8259f |
| SHA256 | d3fc7e1dd6f0486c99997b75d9d8c5592da6cfb9b89c3ec4f59e7bc5826b3456 |
| SHA512 | 80d51ce4dafa9967ddfa7a8bdf4f62351fa085a7059bc63f9427e0a5e70dc21cb917057f1a41b5e1a218138141dedcadf02e18a0f028ebee8316aaf4ad280d59 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\es.txt
| MD5 | 5a449308a0176d6401181bef4af13765 |
| SHA1 | 9d8bc3e801bcfb43c7dbfab94ab91a4079a2070f |
| SHA256 | 7dddae25296f14c1f45ac032d9c950c3a8d39a41489f9d2b06000edcfa7a6660 |
| SHA512 | 2aebd25219b12d88bdf7a4a1b90b6b13b4ed5d4215e15d2316494c56b7d696eeb3252478200bcf0d84160d11979f5a71c72ca110dd3e28e901cfdb13255c45b0 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\eo.txt
| MD5 | 53bc9385d0ea9e7e601bbe9b2cd5e3cf |
| SHA1 | 2ad5323c3f8340027a19ca63c46072cff56505f2 |
| SHA256 | d598733b1dd7fa37fd156348bc2bae5549dbd6c709125d1d40f43eff6bec2445 |
| SHA512 | 354c841c73662b2529fba4f10b802102b9f2d87446c7e68f02c96a19265621c250fc0fbf27ca746d27da7d06d56e1d6f2a7ff6f990680afd5290778d7ea28ab4 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\en.ttt
| MD5 | 8d7264236adca0407fa61d942b7e575e |
| SHA1 | 21861f62751d2e3d452146ba139e758f20da6f6c |
| SHA256 | 628366cbe1964564f8bcd0732abfe08cc3f9a86fe761e41abb41f84f7b6ba00a |
| SHA512 | 74ab8e70fc3a685ae715368df90e9f6b9630e6dc1091436c244ad486db3faf25bc59ac1b89f90e935e7eb2c6766e19165032fc24824ad8af932ad95a8a34172b |
C:\Users\Admin\AppData\Roaming\7zip\Lang\el.txt
| MD5 | 812df218dae08f9f883a7455015707b2 |
| SHA1 | 6e7d7d1c8e783b9b913f44df515f4d376d3502c4 |
| SHA256 | cf90a21c69a13e0d674b6b74e2904f7d9d3bee594d89862155d94105311f47a7 |
| SHA512 | 51c3c6151b47fa5e3968604cc2385c5d0984ccb96b8f92982bd28440786e1b99826aa70ae1232465a3469ddb6c50d13a241b6a979387eb47bff013953db1ed07 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\de.txt
| MD5 | 40ae22f5bcbeab6f622771562d584f2b |
| SHA1 | 4eaa551055ccfa0076766b7bdf111de9dbcc1c82 |
| SHA256 | 06e5265a2b30807296480dc0b0d3a27e41f1381d61229e4eb239c4930d14a43e |
| SHA512 | 581a94dc12fe48aebfd88453351697aed9de5b1decf4c5dd53cf4db38d50727d3b887498f0bee6bd532cfbdc8af7bc01fc8d58ce0c3f6fac235bc6ff3f843125 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\da.txt
| MD5 | d8aba2da47c1031832957b75a6524737 |
| SHA1 | b83069ef9f7a08f18804ae966b8d18657e2907cd |
| SHA256 | f65026ae33d4302a7ef06a856f6f062c9730100f5a87d5c00fb3feaf5fcd5805 |
| SHA512 | 82b5f4ab8e3e2310a98be87b5cf2cbf04b7aeae1798cd69529325ee74add40bdca38eda865a821f66436906d4f3224004f690cf406b532e116475d2b2424b570 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\cy.txt
| MD5 | 0f5662a68805d859f871edc07e766a57 |
| SHA1 | aa4c9c1271fd5ffdc6076ddfe157d9fb8e0018b8 |
| SHA256 | 931de741a6c8f1348a946623776fe36c55dd2fc384c7b1478225f7467853199e |
| SHA512 | cb8c072a8f6c782b678845e156493ac3b2e29a0821e2939aa5119f28289c0e70dd70eb3f7e4832bdb5e8ac1f486a3d7900ec013a637ed117320b96740f37a8f1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\cs.txt
| MD5 | 641b90f9aedfc68486d0d20b40f7eca6 |
| SHA1 | 0a683dd844534905336784fadd80498afe26f6fa |
| SHA256 | 87a4b9369fd51d76c9032c0e65c3c6221659e086798829072785be589e55b839 |
| SHA512 | 567cb9f6c31d196a171e5a9c2726a39a9b3d351ac92d4acf8624213a68c9033acc31afaaad82aa9f5359f32d3a0ca40522e151b8370d553a41abeb6a6e097078 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\co.txt
| MD5 | c76b8c615c11469d5f6dff0abf39171e |
| SHA1 | 1906cd1ce4712d79d129fcf32fd2ff87368081ea |
| SHA256 | 5470b36a4a715deca06035333a01e0a2899fce1cf6c29a6ece4c35cfcc843cfd |
| SHA512 | c4920988538810b9501c6790a2ed4d4e82500134244b8ae1371f3025bffbc7e6cc73fe1a9839aa2a0d020f2b9cbf0fd09ec99354cb2a65c3d08af519bde38384 |
C:\Users\Admin\AppData\Roaming\7zip\readme.txt
| MD5 | 3130c41d18f99b83d27c2a4083f1c047 |
| SHA1 | bffddb9c213e77490f25ad20800bce7aae571da8 |
| SHA256 | 42aeb97dfd35b5352d3f79dc32911336ef59b6b38ee5571d3e2b09460365f5fd |
| SHA512 | ccc2cb356487f8e2fcdb2742819369fc56b5e923347f92e85613a6828772e60b761ded6e1a4ecb4f4854b62f206e96e7ffc06b8483de5cead69237e483146a69 |
C:\Users\Admin\AppData\Roaming\7zip\7-zip32.dll
| MD5 | ca7c01946958ec1d40df672c801bfe47 |
| SHA1 | d43f9b8089f58d6af585e2834729ba75bc8c037e |
| SHA256 | 589dfb6f38c6e636cd32d268aaad0936bbb812927b283f65fb5e594ea2be2afb |
| SHA512 | 945020533db9d5b7e6bfcf430499f9d88573a1765f4369b01b3612ff96040e05947fba6f02898e90a82b3820b8e441b6d31ad0d3f11741a16a8e727ee948f08d |
C:\Users\Admin\AppData\Roaming\7zip\7-zip.dll
| MD5 | 8b8670df5ccd10d7f43a71c9827ad659 |
| SHA1 | e8cd304f4c796ea9d415c34070c347929d7df5a7 |
| SHA256 | 73b61b8a6e58fbfa99d7659e4bd3e4fcabeb98f12039c93eea54e09687d98498 |
| SHA512 | 22f6f9fb9132e3fd933f8a30423913cc0e9b095c46067537a7e869675210e4f26d13520874c9ac381df09e363794efa6397ddaeb2503120febab7f95f57ea3e2 |
C:\Users\Admin\AppData\Roaming\7zip\7z.dll
| MD5 | 0dce103b0102adec3279797665b7a4ae |
| SHA1 | c121392bab6dba8d04bee89c6b526e8e67650cc8 |
| SHA256 | 3db62076e5fcc897ff29da47fe4029900a4ad696b395b6fa96acff1229444c1d |
| SHA512 | 20f0f02097694579ac8794d56411fbe2d97c47d37794cb52afdabc9956c0452e8a3bb273ed34e463f31927e29e7e41c0fddb82fbbe688dd39c4113c00ec91bc9 |
C:\Users\Admin\AppData\Roaming\7zip\License.txt
| MD5 | da110cdcadc141bea8e32c64f7f80fe5 |
| SHA1 | c959125237789c5a1701ae4e29b19204a2aec348 |
| SHA256 | 72a99a393afa877265d336cabb6c7bd762b12cb1fa210303ad61c125665d215b |
| SHA512 | ee995b09f4fce04c45ca0a317b916cec8246b50d996b66b8f0ff09e35d21b2fdcadcb6e728ead069028c22ec1d1de44f69c8886e374d1f16aea31e823a773185 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\zh-tw.txt
| MD5 | acfc57de6b0e4489287bdafe2062409a |
| SHA1 | dbf62f8c6dd239aa16bfd62500517b849ed8e5b4 |
| SHA256 | 37c79297f8d4e491d681b556c23d957bc830068ae1d5f4535fd054c2233f3474 |
| SHA512 | 50a76a2c5a61056b2b9efaf143335d86c5882d97c9d42acf29ca87cd39d79876d561ec0fe83fb377e25379cfebf593b782ecd8613d2a84ac33cbb6d8314481f1 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\zh-cn.txt
| MD5 | 0aae98f500ce669da6a4fcc33aea04e9 |
| SHA1 | 9326f529b796bca164835fb1eb4e135f01cb61af |
| SHA256 | 7cf13e7434e6c062a29b964c026b2f66e75ecf541228665bf0c826ef7c0fe133 |
| SHA512 | fc64fb4c2df2b99f3d24cd938f4f381acc20547ba655fb34016a1a1f860e0d8a99c087b24fdc160d2bd1dad1f04c9ebba682adde0e0004e0b64d774bd3f3550f |
C:\Users\Admin\AppData\Roaming\7zip\Lang\yo.txt
| MD5 | 698af9267c08d61b712417491da6a3bb |
| SHA1 | 01f21ce60e571699b006098afe9520c02d4e11dc |
| SHA256 | ffab6b91ffd2d3c2b1f7f431b47f7d28aa17a11587b876565613bb26c173402b |
| SHA512 | d37f63d3824d12d9bd4749ea94fce924f3a5469874d6777261f0570a2a7ef28574825fae199408c0e1eee7061b08c447da8744a1c2fa486981165ab5062fc8a9 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\vi.txt
| MD5 | 044531d134aca40d5e57cc0ab96b4940 |
| SHA1 | 988aa2bb6922360c1977b97725175613266242d2 |
| SHA256 | 3a6dca3e1b5c8190c81fc859b5be83eaf54efdcaa148f4374d1225381083406f |
| SHA512 | 458a86ea6468e8b1c9cc98a7a579f74854a34f101ec2ede3ab48dd7dfbbf75eeae184c5a23443b3ccc69b8c06e0e09ef2df04d9f00d86ce99b82e785f95b7635 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\va.txt
| MD5 | 639741f687d4427c9d3b170b1ced41a9 |
| SHA1 | ad3d3a09b8877381df520e6eb654227da045b89d |
| SHA256 | f43c31bd959a752eefbb7c76ed918c4cacd50d43706121c55093d72a638fa7a5 |
| SHA512 | eb63b0437624782d2bcd033905c7c0538902f9644e4facdc52d094ede5353309613b4eef3cb437d4f69c2a4fd4b2e0f241990aaa3a38366685b10cabec20a357 |
C:\Users\Admin\AppData\Roaming\7zip\Lang\uz.txt
| MD5 | 3035144eea3a382e39541b218a5d813a |
| SHA1 | eb7a2f6306f7d2ded4cc88fb4cab0f65558db8b0 |
| SHA256 | a310044dbc86e2441f0d50bb7d7dadb9879359b0c6ceb1faf413a0459e07045b |
| SHA512 | 99d86146e0a6407f8d0fd7179061699bc82232e6a2427203a2951fef9089572c9c4e29c8484910f672a31f98ef13b5f3a45d5786fb118701a5b908f8f85a5c6a |
C:\Users\Admin\AppData\Roaming\7zip\Lang\uz-cyrl.txt
| MD5 | 7afedbd6e9ef3a4a2a99bc1bcb133605 |
| SHA1 | 317d758dd9f65a6e320a4d45776a21ecb2ad60cc |
| SHA256 | 2dd421a44ad779d961c951f01e7abf4ac358c61ce26ea8311a0c902b4fc77ca3 |
| SHA512 | 48650bc3ac6c316ad6431b9db3e49d76fd066f976fdd949a8dfdb194775b0e1c6eda5ed99d2574c9d3c2781c6138e3bb3939c294894443eec981c78377823af5 |
C:\Users\Admin\AppData\Roaming\7zip\7z.sfx
| MD5 | 2b8abacd9d1134f0dfdbdcbdd4055f10 |
| SHA1 | 8ab145661ceb8a7da0a9737286e6731386945f36 |
| SHA256 | 3af679ae9456a73095bea74ce4238b4a2f3793c261532f3818c5ee6b844bf2fa |
| SHA512 | c5579418a19058c5113ef779201fb3dcde9dac9fce69b7fdbae54c00056fce5dbe1065255a41647be99cd206860ada003be4593b4b1e8d151ea516e1f8f65328 |
C:\Users\Admin\AppData\Roaming\7zip\7z.exe
| MD5 | 7187ae605f4dce14bb23ea2623956335 |
| SHA1 | f7c1df33b875c98f41dcde24117d89d42d25b7ce |
| SHA256 | 9e2631c19b243c28b0980607ced2540e9447b1166572483475547c1a9dd4ac0e |
| SHA512 | f64522e2fb6bb61884fe53c34e79b355efb9ec33c02b2cd67d729af7d763e7b3873a5c7ce6ac7bb4567e6bcf8c70cadbc66f511e8bb151ab05096a832032bc8f |
C:\Users\Admin\AppData\Roaming\7zip\Uninstall.exe
| MD5 | 432c6d0c5053668e20f4b4be6823a563 |
| SHA1 | 6e6184e5c3655128b58701a598c4604401d80a3c |
| SHA256 | 2e8be9a2357d48dcce56e24ce066f93c62e4765f4e98170fd5a7d3bef69b67a6 |
| SHA512 | 2e6ca50fb161095e564741f61bed87539eaa0656e21dadaee6d363db3317f8460eca55e66d162c655e64c6418f0f3ffc9a8704295d20f385efbfbb7cb010a93c |
C:\Users\Admin\AppData\Roaming\7zip\7zG.exe
| MD5 | 921d7f84fa4b498d79952e1ff0cb42a2 |
| SHA1 | 5204ee81e11ee45f01c03eff1445b1bc70ee3b4d |
| SHA256 | 24073da4e8b38e21144ec93ad8aced81a851a39ebce05538edc99c1c5947dad4 |
| SHA512 | 566bc44d1dab011e1d540b6a08f08d25c7e9d149dcb0868f002c4d5e6da3859c0167c2227d273b7ca933bd86c96a00f05ca0df46e63d7e2c510514f910f63627 |
C:\Users\Admin\AppData\Roaming\7zip\7zCon.sfx
| MD5 | 1f175fcae0c2c4b2f35999e1c6a63039 |
| SHA1 | 101783b9384eb53d6710533aa4747923146c0916 |
| SHA256 | b762f2a075698dca10a8b7e62c6711b4db137228afb5eb2d2e5df35fbf84efe3 |
| SHA512 | a885d43ee6787779bafd50f0cbfc95cbb630752c6e8cdbae548e591a523e52c2ceadc5b7a4ae5e234c75d8e5a703368a4907a6886e8a69a9b0bea340a4b60439 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fac0d8ddd376aa475504cf4f8b41d9e4 |
| SHA1 | d1e80eb4a1ea082f45f3d0344d52e660f21a2c56 |
| SHA256 | d12e4ef220c80846937bec6539aa37559082bcbdb1d223ccf62f3f72c45c4abf |
| SHA512 | 5d9ca846cfffbb3a36730c3cd530860a2c864bc3b3a88f6f1e1884de187c55f6297abb445ed51978ea109b76ada313246177ae39f24fcc39b1abeb210213eeea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e98458d121e524ac7199b063f316ba2d |
| SHA1 | 3a46e18f70971896d59ec708823a9936dd5f74ef |
| SHA256 | a467a340e95d41e9b39846bbfa8dad709f277254023bf4b7c2dcdd02b75dce42 |
| SHA512 | c3db5c6966d34bd5d768d9244ad8a274fd6a5eee6c4e8cbc8fb9685466746988522280bb0c9df050b56e861b3149235e729b93cdd44229f0a040b0950ecf92c9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk
| MD5 | a2106388ba8484b0cc6bf2d375626eb3 |
| SHA1 | 39744442625c566d3e2e34f880da7d82f7b9bf89 |
| SHA256 | 4963373fb88a20468509eebdf3d496d25e7ef1626f5e5b495e9666b8a85c6f98 |
| SHA512 | 8e49b4320aecb5b1c15be7236c6bb57d43730750cc792a4197560c6c4673adaa280b745204d47b1a58d63d6dec279fd473c93ebed8b801b940d5c40b400634e8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
| MD5 | 2c2515e2f38da3826eece61fea598812 |
| SHA1 | c6e5c5d92683b508423d7055285871f23f914d61 |
| SHA256 | e5d3acb3dc4114b895613c1657f7c43c598033b6445d77bc5d334ed4518ba9a7 |
| SHA512 | ad14d17a3efca652dbd43739113e329ae84e5de01e03882e61a7e2d7a1082baa5e32194275c1d408fe79dc7b6f0626a513a348dfeb92dc3e8771d99d62292b4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d670e065a9cb29830cd0299325578ab |
| SHA1 | 4acb003fc1b7abbe76dbc29ef39242b114fabf87 |
| SHA256 | cef2c876ef63797f9b8befb5712f247ca2fa387940e54b079d88ba514cd86511 |
| SHA512 | baec875e5e4911966989d29db84c5426a68a19f44e7cc3ec5ee634bb2fb7fa628e880d3aebc3bbe96cf4e8211bdfb38a33e8192de92d86ab5a984be35a69c527 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d7f7388ac9b57a3a4316315ad710fa8 |
| SHA1 | ba4eb8c360e137955408af8ba28865c9c4196eb5 |
| SHA256 | bbcf93d76f332ecfacdc48de536e8f9ef24eed29e778723a627b186266cf29dd |
| SHA512 | a1f6d3e6a769d06bff6519a2d86c9dda91a99c2fba15eb72dc47596fdd3f8f0e721489c9709c1bd358045d0a83b547872bdf4b865bcb91f866a99ae71359ff94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b70f90233ca0f761ebe792a89b724ed |
| SHA1 | e66adb46f80140289f7a72dbead02cd4f628b71e |
| SHA256 | 03f6a5fc2774addff7552b5e96a84ed3ada2b57fc982009cdbb1f3851c994239 |
| SHA512 | 152970460de07811b6735406781ed8c76fb762042e06c6bfa5b3ca45a2031e7c12374ad1c24a917a5e5e18adad3e7b7993c72f24f8c4174cbac4384b2c5b0355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7803b36afd19555a5fdc3ff2158f253a |
| SHA1 | 7db0d575aca532d95f3ef33a5f82d8acaea9d0f0 |
| SHA256 | 8a3066e79fe770279eabb06a138d302f557a6d61b1cdc810512471c05df7b3bd |
| SHA512 | a79623a7bc9a1af4e76b4634a8b500d007a63a74c38ed184a1e3612c7adec685c7aa24bc6df2a40871f59a3bdaf65b832d2045010065f9660235944ca2cc2de2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a4488b807d1c6e6f4eec8dc8decc5fe |
| SHA1 | 17d23bfa1382364e6ed3345724c4c49bc31d8b55 |
| SHA256 | 28e49e80776b92554909b0294eb40bdb1c969279dbb063ad90f6c9a788263440 |
| SHA512 | ca2b155dc0a45c9e1545504e4e19827285187e6d1aef91b05666e9bd87c29dadff3a4fc8d3f29f73d1d0dd7bf35905f339349a2def0b759c7d9b9011e541a84b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d
| MD5 | 3873df8a366016a585f8675d3c7a7e60 |
| SHA1 | 240d04de55562201835da6df65831a2612fce33c |
| SHA256 | db70ba649beb951701f02027a684432d413e711cbb55bb33f1436bd82266c911 |
| SHA512 | 8f6920495df76f63fbeca61bb0dc4c4a9ffef4abf0ce1f311b09b7f0b3f31a3a359fefbd7f1f0b07a4dc73488b0748f2e5df6dbfe84c9106d25d82e879b062e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c
| MD5 | ed124bdf39bbd5902bd2529a0a4114ea |
| SHA1 | b7dd9d364099ccd4e09fd45f4180d38df6590524 |
| SHA256 | 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44 |
| SHA512 | c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092
| MD5 | 038c1f469deb6932520d09a340856ebc |
| SHA1 | 8b361a8c0489b69e9ef4e132e36f20c161c5ec1e |
| SHA256 | 5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451 |
| SHA512 | fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 410e2aaf107e8b3ce66ed19924a34679 |
| SHA1 | 683845fea57ce332ba1a08a2c4fd8ed445d9081d |
| SHA256 | 3c67efdf5261d58190f507d922fd82d2537e63d28ed436e04fcc88fbfe921c32 |
| SHA512 | b40c2526d94655eb7825ba5786c73adab438b8fe9643e6700270943310947c67b6299c218cf7b2c499a19a63277c4320a25b197d912e714f0de4fcdb309dca7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d194e127a4bd91ef5a23513355160207 |
| SHA1 | 40d934b0051c9189f69ef7a903a3604f0ac94969 |
| SHA256 | d53c2f69e4bb7fc1b2985b57c9b3e96f8befe1f1ccd9f969ffaa8ade23d92cd7 |
| SHA512 | 1a741ab8336e400a0cf161c2200c645ce04305ca3fcfe4ffb8da1388c03b040b96bfb10f25d7c1d01ffd227dd0457f3c7d98df09cb226a756311491689205785 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 29909d6c903fe3d0206e55d1d4ace8ed |
| SHA1 | 4f753be3442070b290a067f7ceb87141bd0cc0ac |
| SHA256 | 6cefbe167383a047f7f653ebed75c00ca8001aeca1018092cc01ec067a38147f |
| SHA512 | b3b04a1d85103e45858b833b7b62a2c91bfde95c9c877245fd0b90909244c0f3eb24202506ad7603e5f61ffc578fe2386b65d0d7dd978e9fab4401d8f19f56b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4
| MD5 | 2257803a7e34c3abd90ec6d41fd76a5a |
| SHA1 | f7a32e6635d8513f74bd225f55d867ea56ae4803 |
| SHA256 | af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174 |
| SHA512 | e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1565372795a6004ff2e1999b5a92092c |
| SHA1 | 66041da61946a82c196fcbb6d888e19b16c54790 |
| SHA256 | ffeadc328b12c0c1b5599667f30eea90dc240c4deb53c1909c30a799ad25129e |
| SHA512 | 4903f6b3d70ecba8227d561038f6c0544ab52786bf5192865e4b77e212b78d24b3bcdf5430c46d1aaa0fc4ddc8e85a388a84be35a3c94a62ca95bce301ffce2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bba296f310f63711a4063e844e4cbc4c |
| SHA1 | 7e81d703f0d9d1523467234343215108093d8760 |
| SHA256 | 42b9cb3f3fe186f7228e996db96df12b9ecbcea632697815d2ead43cf86d5d2f |
| SHA512 | 7858b43bad1d87feef942a7bf5b90136cfc228c67adf8295ec0971672994edd4d71984f72c0d7db178e193bfcda748bd63ebf81b422e0df875341464242cd744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79078f19ccad96020ef1cbf03cdddf93 |
| SHA1 | 195dd2162fac95752628c3cd410066322e036142 |
| SHA256 | 1e6e2917ba547c168b3cfb3a12c5b881f9aafc5ee088659be735eff7cc3da40c |
| SHA512 | 852c63d9b11475959a209bc434e38ba6a85f4b392b6c14c0f758dfdf6ac5e33ed6b5fb62bf3718f8ab3bf27d9c3276a4cf5614eb32d1518a0f5cad8fd9d799e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e393f76427d13aea9cbb15aeda9dd6f3 |
| SHA1 | 84c8f9cc2ed304a351504de42c0be11b02ec33b6 |
| SHA256 | 4130c90d9beda5711612d7daa1fff04f7e09dd501c8cb6a8e67f8b9133465876 |
| SHA512 | f71b3ae022ad71b939ba67c9bd51f19351b4c12d785a9523c7c9af6f393b99bcad0f85f4147f2922dc6caf10abd58f24eb5f5b82c8cbad24f80d99e16adc31cc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4df7460bd8863d04f54817fec397a99e |
| SHA1 | 17c9c1796e71714d84b5f64e1e8d12303df7fe6f |
| SHA256 | 45ee709407384809d63f9a5b3930d806b39570ee1480b8445bf70e8240987942 |
| SHA512 | 99e2117e6ca74eb1bedc39e1e33e1b9dbce78988da10fe7813d2b792b59f8c599d826ee2171631e2ff0aef4454baa38fcfaa1a4687782f1dc4d10bd2d898d53a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097
| MD5 | af1a1ee7eab4f62a9552602b0a9533ee |
| SHA1 | 8f22665ea51f9c77bb1b8818607f461356ccd4f9 |
| SHA256 | b4b5a9a5a9675ac66e4d7b039a6fbc8b9dc1dabb2dbf397020bf95e7c66c7cdc |
| SHA512 | 9393f555c83d99a3d036a8faf680835f2a7df80aeea1e9757b854da3cbf491579676de1b6d8009e22437316fedb794afdddd255b620d78593a2bd19f90e0a960 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7
| MD5 | 574088c252d46cafa1aa9b7f1dfce35f |
| SHA1 | 9fc6e42c4495cbb79de9ded06e53c48bcb13a6be |
| SHA256 | 5f3ae5f31eba44f7ca98ffcd99e25a6330471495e73739221288f9c0db2dd8aa |
| SHA512 | 2e0112cf4701e337ae09e3e328ecb4a24bacc09a06b02394d9a00b9dd0846e7d429d87d82364a527ddbbd832d6f7028f5b8b282c9262e743a4def44fd2d64a29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4c9cb3398265d86f1c4f51d991b5dffe |
| SHA1 | dd35d2ab6b505488af40011da9b1696a43c64521 |
| SHA256 | 644a8f81c7aeb6a08e66aa8d245ca8d57e2727bb675c9266f0575130b48b81e8 |
| SHA512 | 664fcf84cbc3b5c3be8f38a4702a665ccd2be4f45456b89cf452c59d84357929f8d5a7931bd3fe5f377accbdf80524f0affbb50c3b54ba9282398bbff815d120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9eb5a001e8bb6d891350e156e4ebda28 |
| SHA1 | f50d163455196aae39713d5f3b2ca1951dd55641 |
| SHA256 | eb2f3633e8359dbd01f7c33501d7125447dec5e22e9285e4f01dab1a4a7609bc |
| SHA512 | 29089ed0db279ede3063138469557f1eb89325dfbc30a5d9ee6683179a277607fdfef5a0e261a7ef333bb910e15b76d75c4cfaf229dc0c1d918e3a919ce453be |
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_51192115.exe
| MD5 | 3d50042e3e3991be509f56a2951a2183 |
| SHA1 | f027790afe9d7ce2ddf17973f0778fb9e983ded1 |
| SHA256 | 76eee256f1223082e8396611baca498542c656edd0fac5fe903e06e6cb5677e2 |
| SHA512 | 120c6a7778bd9f65f469d3335987b780e736bd895ed944d0988372f891b48f9ba09b50ed9dcffd0bf1fa23a12e215ed1f1ffe75d11c925ff4c08d3e48259a873 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48fa08d9078ffa1b7d422f56af614ad2 |
| SHA1 | 227a27309133dada06f37c1576146c07d2fb07e3 |
| SHA256 | ff922a852c266c820e0a8fc8afe249aba393bfd247b56c512ec1881401c153bd |
| SHA512 | 479e52f1049845230ff4d33fa001e259119fab10696a9d280d351e6bdd99eba79e282aa19e74cf129598b8aa7966275c349240fc4fea85b1e9fdea9fe3526c8e |
memory/4456-3579-0x00000000001F0000-0x00000000005C8000-memory.dmp
memory/4456-3593-0x0000000004F80000-0x0000000004F94000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll
| MD5 | 6e001f8d0ee4f09a6673a9e8168836b6 |
| SHA1 | 334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38 |
| SHA256 | 6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859 |
| SHA512 | 0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll
| MD5 | 08112f27dcd8f1d779231a7a3e944cb1 |
| SHA1 | 39a98a95feb1b6295ad762e22aa47854f57c226f |
| SHA256 | 11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa |
| SHA512 | afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb |
memory/4456-3599-0x0000000004FD0000-0x0000000004FF4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll
| MD5 | 105a9e404f7ac841c46380063cc27f50 |
| SHA1 | ec27d9e1c3b546848324096283797a8644516ee3 |
| SHA256 | 69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b |
| SHA512 | 6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940 |
memory/4456-3605-0x0000000005000000-0x0000000005028000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll
| MD5 | 6df226bda27d26ce4523b80dbf57a9ea |
| SHA1 | 615f9aba84856026460dc54b581711dad63da469 |
| SHA256 | 17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc |
| SHA512 | 988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5 |
memory/4456-3611-0x0000000005030000-0x000000000505E000-memory.dmp
memory/4456-3617-0x0000000005060000-0x0000000005088000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll
| MD5 | 8db691813a26e7d0f1db5e2f4d0d05e3 |
| SHA1 | 7c7a33553dd0b50b78bf0ca6974c77088da253eb |
| SHA256 | 3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701 |
| SHA512 | d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f |
memory/4456-3623-0x0000000005100000-0x0000000005132000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll
| MD5 | b199dcd6824a02522a4d29a69ab65058 |
| SHA1 | f9c7f8c5c6543b80fa6f1940402430b37fa8dce4 |
| SHA256 | 9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4 |
| SHA512 | 1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1 |
memory/4456-3629-0x00000000050C0000-0x00000000050DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll
| MD5 | c06ac6dcfa7780cd781fc9af269e33c0 |
| SHA1 | f6b69337b369df50427f6d5968eb75b6283c199d |
| SHA256 | b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d |
| SHA512 | ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3 |
memory/4456-3635-0x0000000005170000-0x0000000005194000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll
| MD5 | 9d2c520bfa294a6aa0c5cbc6d87caeec |
| SHA1 | 20b390db533153e4bf84f3d17225384b924b391f |
| SHA256 | 669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89 |
| SHA512 | 7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15 |
memory/4456-3641-0x00000000050F0000-0x00000000050FA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll
| MD5 | 422be1a0c08185b107050fcf32f8fa40 |
| SHA1 | c8746a8dad7b4bf18380207b0c7c848362567a92 |
| SHA256 | 723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528 |
| SHA512 | dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599 |
memory/4456-3647-0x00000000051C0000-0x00000000051C8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll
| MD5 | be4c2b0862d2fc399c393fca163094df |
| SHA1 | 7c03c84b2871c27fa0f1914825e504a090c2a550 |
| SHA256 | c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a |
| SHA512 | d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799 |
memory/4456-3653-0x0000000005210000-0x000000000523C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll
| MD5 | 17220f65bd242b6a491423d5bb7940c1 |
| SHA1 | a33fabf2b788e80f0f7f84524fe3ed9b797be7ad |
| SHA256 | 23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f |
| SHA512 | bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e |
memory/4456-3661-0x00000000051A0000-0x00000000051BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll
| MD5 | 83d37fb4f754c7f4e41605ec3c8608ea |
| SHA1 | 70401de8ce89f809c6e601834d48768c0d65159f |
| SHA256 | 56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020 |
| SHA512 | f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f |
memory/4456-3674-0x0000000005880000-0x0000000005892000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll
| MD5 | f931e960cc4ed0d2f392376525ff44db |
| SHA1 | 1895aaa8f5b8314d8a4c5938d1405775d3837109 |
| SHA256 | 1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870 |
| SHA512 | 7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0 |
memory/4456-3685-0x0000000005F60000-0x0000000005FEC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll
| MD5 | 9de86cdf74a30602d6baa7affc8c4a0f |
| SHA1 | 9c79b6fbf85b8b87dd781b20fc38ba2ac0664143 |
| SHA256 | 56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583 |
| SHA512 | dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641 |
memory/4456-3690-0x0000000005EE0000-0x0000000005EEA000-memory.dmp
memory/4456-3691-0x0000000006120000-0x0000000006142000-memory.dmp
memory/4456-3692-0x0000000006150000-0x00000000064A4000-memory.dmp
memory/4456-3696-0x0000000006510000-0x000000000651C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll
| MD5 | 554c3e1d68c8b5d04ca7a2264ca44e71 |
| SHA1 | ef749e325f52179e6875e9b2dd397bee2ca41bb4 |
| SHA256 | 1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e |
| SHA512 | 58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6 |
memory/4456-3699-0x0000000006AF0000-0x0000000007094000-memory.dmp
memory/4456-3703-0x0000000007660000-0x0000000007C14000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll
| MD5 | 38cc1b5c2a4c510b8d4930a3821d7e0b |
| SHA1 | f06d1d695012ace0aef7a45e340b70981ca023ba |
| SHA256 | c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2 |
| SHA512 | 99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298 |
memory/4456-3707-0x0000000006770000-0x0000000006802000-memory.dmp
memory/4456-3728-0x0000000005580000-0x00000000055AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll
| MD5 | 28f1996059e79df241388bd9f89cf0b1 |
| SHA1 | 6ad6f7cde374686a42d9c0fcebadaf00adf21c76 |
| SHA256 | c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce |
| SHA512 | 9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35d6322579a05effbfd7e7498ea1b4a3 |
| SHA1 | 3954dfc6e1a475479797a41ac9eeb2be2a826333 |
| SHA256 | 8a13c997af6ae4d46652e322eafaad9091171f1ef7335a1c948a813ac4fa09be |
| SHA512 | 9522595095f1225b329af4a61dca1578015dc63bc9543b9e81695b1a7672a5b8b8d235136d3b4ff28ea8b3f30bd0664f4d7ae0bb15d6c8a09776bd58bcfda2b8 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html
| MD5 | 9ba0a91b564e22c876e58a8a5921b528 |
| SHA1 | 8eb23cab5effc0d0df63120a4dbad3cffcac6f1e |
| SHA256 | 2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941 |
| SHA512 | 38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e665b406937b1c6f315b2a58ca0ad6d |
| SHA1 | 813405d4c8ea022e02d3bc9e6b985fdb69889d4c |
| SHA256 | bdf4a1f66b17d71abe22468f7faecdb7b8b5e1a621bd5b3bbea350b21b16ecc3 |
| SHA512 | 954a12c25401e598a14927186bcf4ee567d95dd4a8d292d75faa9a9cef13bcd300e370dab8fdacb09def8cf762ec38a1eb16c404293deabfd180fb750e9e96bb |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis
| MD5 | bf5328e51e8ab1211c509b5a65ab9972 |
| SHA1 | 480dfb920e926d81bce67113576781815fbd1ea4 |
| SHA256 | 98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b |
| SHA512 | 92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico
| MD5 | 4003efa6e7d44e2cbd3d7486e2e0451a |
| SHA1 | a2a9ab4a88cd4732647faa37bbdf726fd885ea1e |
| SHA256 | effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508 |
| SHA512 | 86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
| MD5 | cef027c3341afbcdb83c72080df7f002 |
| SHA1 | e538f1dd4aee8544d888a616a6ebe4aeecaf1661 |
| SHA256 | e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7 |
| SHA512 | 71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf |
memory/2592-3810-0x0000000000B30000-0x0000000000B3C000-memory.dmp
C:\Users\Admin\AppData\Local\Adaware\OfferInstaller.exe_Url_1hem3jux35iv1vzfopbi55gu03hcnxpl\7.14.2.0\user.config
| MD5 | f3da41e2f01ec12a28efa662df2fa963 |
| SHA1 | 9760227f497132829ec34fffec6184969043bba1 |
| SHA256 | a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2 |
| SHA512 | ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59 |
memory/2592-3818-0x0000000006E20000-0x0000000006E2A000-memory.dmp
memory/3376-3829-0x0000000000AE0000-0x0000000000C72000-memory.dmp
memory/3376-3830-0x00000000054F0000-0x0000000005560000-memory.dmp
memory/3376-3831-0x00000000058A0000-0x00000000058CC000-memory.dmp
memory/3376-3832-0x0000000005940000-0x00000000059AC000-memory.dmp
memory/3376-3833-0x00000000059B0000-0x0000000005A10000-memory.dmp
memory/3376-3834-0x00000000058F0000-0x0000000005906000-memory.dmp
memory/3376-3835-0x0000000005920000-0x000000000592C000-memory.dmp
memory/3376-3836-0x0000000005A40000-0x0000000005A70000-memory.dmp
memory/3376-3837-0x0000000005AF0000-0x0000000005B34000-memory.dmp
memory/3376-3838-0x0000000005B70000-0x0000000005B9C000-memory.dmp
memory/3376-3839-0x0000000005BE0000-0x0000000005C16000-memory.dmp
memory/3376-3840-0x0000000005BC0000-0x0000000005BD4000-memory.dmp
memory/3376-3841-0x0000000005BB0000-0x0000000005BBA000-memory.dmp
memory/3376-3842-0x0000000005C50000-0x0000000005C72000-memory.dmp
memory/3376-3843-0x0000000005CA0000-0x0000000005CB2000-memory.dmp
memory/3376-3844-0x0000000005CD0000-0x0000000005CD8000-memory.dmp
memory/3376-3845-0x0000000006A30000-0x0000000006A80000-memory.dmp
memory/3376-3846-0x0000000006A80000-0x0000000006ABC000-memory.dmp
memory/3376-3847-0x0000000006B10000-0x0000000006B20000-memory.dmp
memory/3376-3848-0x00000000075D0000-0x0000000007636000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoped_dir3296_319952855\e343c176-be52-4e69-b2e7-7ab69ac69cd5.tmp
| MD5 | 08526c43dba41d8b40d98c4a33e3850b |
| SHA1 | 403baa8e261b93f83a22c577d39f53c108cbe9e4 |
| SHA256 | 5616c3955183ef70cf911cb72f6d55277c95dac4cca5fd19edfa14b2d657977d |
| SHA512 | a3417ded6762e544faa4519c20823829b7a135fe3fe9643f2d63be1d67adc508b194d7d7672006d24b9b3560be32e0ed635c0b6a1f649f0a96ae93422dfc0ff6 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3296_319952855\CRX_INSTALL\_locales\en\messages.json
| MD5 | 084e6401c611027c7a37ced03dc4cad6 |
| SHA1 | fb43defd1877aa79f7721487cc4dea82763e1f32 |
| SHA256 | b129c59e3a5c93071f454754c4e9c9a985ec86f9426ddc1a781938dbc6047344 |
| SHA512 | a9c896612d57dee55503869f6e91c68da3029b2b083ce2a672fa1875ed3153bbd71341c4df2a060c17c90610cd403e24546ae364782a62085c3868e118d0a3cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip\4.2.7.2353_0\_locales\en\messages.json
| MD5 | 7d1f1a13ab9860f983720e6fbc3bd93b |
| SHA1 | 50911a792e81c14a376fc32a22ccd22f0e05aadc |
| SHA256 | 0c27964dbb0e474e06a06cbf50c5720058a9c3e6f8dd69c27350bb47f59af2fb |
| SHA512 | 9940b947187abec73c154f59915cc36bc916ede860c907bf591fb71696878840eea2d1fc7fe012dd6ca7d7e8a25af545374747226054c877a2704b3e82cfa49f |
C:\Users\Admin\AppData\Local\Temp\9c38765b-f54d-4e44-a5a6-6660466315c6.tmp
| MD5 | a684051203b09e677f75bf0f36a53f66 |
| SHA1 | 193ba61f821d541322ca2670e2bf31193390b629 |
| SHA256 | 34e1945e291b49127be39fa58e5fcfd68cf04948fa9f3dc5fb2e077a7f904409 |
| SHA512 | 511f83e99d8da3076c70b45a89807ed4f9a4584c5f624dd24455c844a30534d4baa72849947eedf01b0c31f431d1f6faa8aec94c9150c95d09e67eb73c5c5792 |
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | e71c7778f28b3bb753fb8869f562047b |
| SHA1 | 05969f72d3592106712c4970d51c96375a396a80 |
| SHA256 | 0e688ac2274564d71a74eba38889022f9d8693cb8f6e9d0b4c1d6bfa438da7d3 |
| SHA512 | 9243916a396343ea284611e902a94bd99a71f81144faf02ca9b4dfca5119af8baec83ff45dac255e1fd8fd21a91909ca9ed7cd736fee9d2100a8c4c658b479eb |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408241506051245044.dll
| MD5 | e730bd98eb4754f9c0abd490461fbf1d |
| SHA1 | 783ea46e2b4d9e48feda3f9839bfbff40d8cf3ae |
| SHA256 | 0129372834853db0b565c20cceb3781a021fd7893d44d045f2ae671477a6a92a |
| SHA512 | 579cd23108d9cec9ff29447f89b770ee9308b261968242bf8046a3e4ca01704a2cd40072b6814b18d5e0eaa413033eb369c7a65146b3126be14899b73f634167 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
| MD5 | b4da1657d31832c9965d54c5037a3402 |
| SHA1 | c312863d621b0b5ec9ec930b1db73de3c95f7141 |
| SHA256 | 563fcd4ca2678ddb6c1366c92aa4daa410d7eba73d68d9336fb967f732770c8d |
| SHA512 | 643d2ec57767443e0efcc580a0e5abe062375f34b936daa22aa24e20d837b84854de18f636dc0ca5d100b4309a456746d733a65f8d1ccb173fe590ab5bf99007 |
C:\Users\Admin\Downloads\How To use Evon.txt
| MD5 | f9f39abb0e0a9c8953aef46733b24a23 |
| SHA1 | 533799df62153dc93d3c3e48c20e00b4d8a1c65c |
| SHA256 | e630fc474a3d55666a3757c84d9ac06d23d824d290e48b8cc369d032ccaeda51 |
| SHA512 | 02bf96316f7181bfb1c23da73ea833134719d8c07000fbd8baeb2633979e9f7f44fafb092b24924227d31fb6f90b88365bce436ddf04ecd0f4b4b22a5a7d9ad8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39f436bc589731fe8d4dd36788b986b7 |
| SHA1 | 1c11aec188a1e5db62a92087c9921461133cb60f |
| SHA256 | fd04af3c023b1bd976fbbea39ae972fad970898910bea1969853ab3ed6d2dba8 |
| SHA512 | fb708abfede582b08756b23f41d661a5d9c804437047d183e236eee6c5d3fe670a527c93edb45d60c9225c2cdc3d64602324649192611142ed6f05672d181153 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 2718c6c6d9916743f528e1f34cb2db70 |
| SHA1 | 9d6a87e867e668afc69c468c6d65e92968803c2d |
| SHA256 | a05680e4654a45cefada5d8d91396eaff7a1cbe0973a5f7b9ddd5269f8f561c5 |
| SHA512 | 3f539d6746fd546a126b1bb41d5a3545ca2a243bc4a8123c7b4d242669181358d4e3ee0dfabb3b58b45ab80d0a37f596ee20fcd1f975e5b79cfa3bc6d31fda9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a54ba36ead7407c2c75e3f6b09589a29 |
| SHA1 | b57bc0ab5ad3f2b4718c6899a1d8b31b5d7b883a |
| SHA256 | ab38ce43758355711a0274d58b1156c2a8790a7b9a5e5e07b76637d40067e2d1 |
| SHA512 | 614b36e594c9a7fe350a97835c2ed05636ddac4d2f02b4018c33fd8c9c9a33bb91fc18c704e1995757309ef04e81f1595f1de317bdbd1667b0abd1f0ec3fb882 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506051\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8b69c8338f79a34a93763c09ec362e0b |
| SHA1 | ab8a827a457f77b6e744a4e98194d67f0044811a |
| SHA256 | 522958e358c17f97170ad2dd7c6bca775b7416c7ec9dd8633f7d6790a171943d |
| SHA512 | f81bc225f55bffd887f170014f46e62a8db784f248076872033c9f3d54cbd208fb8d3d1aa13b198e97b906e58308afe85a35b0607f7e20ce6206407a48ac857b |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\TranslateOfferTemplate.tis
| MD5 | 551029a3e046c5ed6390cc85f632a689 |
| SHA1 | b4bd706f753db6ba3c13551099d4eef55f65b057 |
| SHA256 | 7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8 |
| SHA512 | 22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\ViewStateLoader.tis
| MD5 | 85c33c8207f5fcb2d31c7ce7322771ac |
| SHA1 | 6b64f919e6b731447b9add9221b3b7570de25061 |
| SHA256 | 940ef5e9f28da759fbf3676fba6da5cc4199b78ffc4fefe078ab11d53e70fb0a |
| SHA512 | 904188ab57cfb4f3d8c51eb55746ae2589852f271b9fa3840b82bda93f69c9f985e65f67169302d08818b707f36246f83f245470d5175dba5f0ad3a2482740c4 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Log.tis
| MD5 | cef7a21acf607d44e160eac5a21bdf67 |
| SHA1 | f24f674250a381d6bf09df16d00dbf617354d315 |
| SHA256 | 73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7 |
| SHA512 | 5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\EventHandler.tis
| MD5 | 1116d7747130f4552a91e61a3a6000b1 |
| SHA1 | bc36996a664dab24b941ec263679c9d6322e61a2 |
| SHA256 | 5c09c6784f3fdc4a6b2998c4c9e02e366265ee5314c0f982859825576dc0eafd |
| SHA512 | af34413f242b64737ac9f7076e449b0d0485842d653d1cad12b54b868f09817d3595cd935ad7e03003d536127c173d624dd9a031c079fdb8f897ab0b7b9474e8 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\style.css
| MD5 | 626313d8f4c859ba6473a8d94dfea5e7 |
| SHA1 | 142a57c5e31d7317b7d52b2d4435df53d4123663 |
| SHA256 | 989e5474b74fbdf5abe98b607870bb7f4757967c51412bc940ecab7dd9babd54 |
| SHA512 | dbaefd7f7409839971ec87bc0e49fbc4992de9dd319e28bea401b35b0a7952e56281084b123b6bbeb06080706ada0ffabcd0cf2fb3f75986d34f844d8cd50de9 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\images\loader.gif
| MD5 | 2b26f73d382ab69f3914a7d9fda97b0f |
| SHA1 | a3f5ad928d4bec107ae2941fa6b23c69d19eedd0 |
| SHA256 | a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643 |
| SHA512 | 744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll
| MD5 | b431083586e39d018e19880ad1a5ce8f |
| SHA1 | 3bbf957ab534d845d485a8698accc0a40b63cedd |
| SHA256 | b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b |
| SHA512 | 7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408241506571\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 55531e9fc8e615bd2657b02ea6fce28d |
| SHA1 | 40a411b19bc2c355749a391b736c2cd4434b5f62 |
| SHA256 | bae00be56e5f415f21fe6d4c3980fd2611d66ec4a32db771a339291f5ee668c4 |
| SHA512 | a3283d4fca8748fd720d0cf1febf9b66e87e01fc14d18e9bffda4b1b5751164a377eadace74f50272110da3fd7627212f83d6bf4f6629d78ad8a8c0dabe23c79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a80c1b01c3e754674c2baf476d53b734 |
| SHA1 | 8f904eea81b798608637794b986baee1c76f7d55 |
| SHA256 | a77b603235a4b67a3cd4d2b9469a94fdc355d0132b9ecdff606a5e15f119f3a7 |
| SHA512 | a11c1db418f5a736589a7e1837dca7120d425992662d00264298fc81f48996395820129fb6580af2b10f4c4c2308a6f6b305e5edbacb4420488452698c032674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2cf09edd148a35618e34e8394ef6af56 |
| SHA1 | 60b536ade6c2bdeb993874161ed293b217d4ac42 |
| SHA256 | af5681ef6773d5bdc30ca0007bf9159762ea7d92ef17dbdb21e29c7befdcc01e |
| SHA512 | adc87f36fac45012ed09fb385732301b71498361f7faf1332b90ddc5c729c64c6cca5363939d56037dd57c7126489d8771d2c448867087bfa846940a7cb382fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b0b67845e1d0254df296a28d743da2b |
| SHA1 | bda278aaaf12ba930defd88e6f8acf7ff32a484b |
| SHA256 | 92e8fe39d0d7098d623199edfbfd5d76223aa131fd07808a2073d527837f45a7 |
| SHA512 | e8cd415d63e6bccc9f101c6a9c1cb75979e743519c6954324b5ad236169fd8afc6fb0cc6d8ee6c9d50c8819268af3dda98762fcf9787343d9acb12bd42078949 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferConsentPage.html
| MD5 | fb18dc96f52616ade6c6fe2a0581ca0c |
| SHA1 | 6bc728733401a64b93fb91a394d859c3f4d5f1cf |
| SHA256 | 31002d617a900ce0abcba4809a17711db05040958efee547ef64c1b0cc540cff |
| SHA512 | a582c57d693df81b062ba13b4d9c7a70a2881102f4de2ffe788680ff2f17207eab686e2a79c6b330a8cdcfcb61ef649aaca5bd4207e26b943754bd51012eb9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 181f0ec3adf580604e8a2049a522b3c4 |
| SHA1 | 2041a952239331032c7e5f8a987d1c5eb70c5206 |
| SHA256 | a686d10a5025b4e2ab195a097246e7b25eda0d6d646f60b28eb8ee8a54cbe7e1 |
| SHA512 | 3a882fd8f8ba88fcbf34d271ee0374af0ffa0f8e23418fd49cb7deaf1cbedd5ea467cd37fc0b674688fd9f62c92a301e52a456c0b81b321b8968bfbcc1539feb |
C:\Users\Admin\Downloads\Steam.exe
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Temp\nsm4774.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e2772466db71d1d22980927c1cef1c89 |
| SHA1 | faecb60978fa062e50482893d3e69172242b2199 |
| SHA256 | a2fa25201914583a3b37852800225d08e7468c8d8d6e1149e565206f9bcec5b8 |
| SHA512 | e750ebf7d517856e3f9d4f4fef1bc7b001932ec7b87baea2e13f5a0d0b764b76deb41cea189b40482935f30a79b0d5787ce01e8e128dc280cd7ccbbbff0e2f47 |
C:\Users\Admin\AppData\Local\Temp\nsm4774.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Temp\nsm4774.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\.CR.3696\2726bec0-4b1c-45cb-93cc-9bc6c53466b6\avira__sptl1___lavasoft.exe
| MD5 | 3ad6f1d43acfdb4533ade2e597f09ecd |
| SHA1 | 295d0c6098f19c81c48a40db7a97a88b4f0632f2 |
| SHA256 | dba4515014a26c44fa8cf4c7f2502bfc29855879e5c890e037e24d09fc757cf8 |
| SHA512 | 405f9e510612899c1b1a79bcb1846f0c283e173b7a7b57de307a3c72d5462ccc323a7a93d69528bb461cdc24e4e22c7038f17276daa3bb31a8862fa6c26bd4bf |
C:\Users\Admin\AppData\Local\Temp\.CR.3696\797675de-6127-4034-b474-f575117fa231\avira_spotlight_setup_lavasoft.exe
| MD5 | 6cfe12667ac17822ea98fb4b35c59f75 |
| SHA1 | 4a24b371f5c5b9deb2fbfac8ebb914b8b3ab026f |
| SHA256 | 92bcf925b39505ed4abc088db1c395e7ff091970274bacb96a60b67786fd80d5 |
| SHA512 | b058d53416a09a9232f206ee0112a314600ad6c1c6005f7c7b96dbc65011e9b95d5d48d474f62449da02ff99a912499425ebbdfd0c286a28fefb52661832ff58 |
C:\Users\Admin\AppData\Local\Temp\.CR.3696\88b9bff8-46b8-43da-8a61-449a9d4f22d2\avira_system_speedup.exe
| MD5 | aaba5dac0f60ea249b7e0f1505909eb0 |
| SHA1 | 9899114f0b381ff7ba25849633a36135a0dac5da |
| SHA256 | 07e0803781af3728a80cdeddd95e26b0b7905b8703e5a46615d4401acf5169ef |
| SHA512 | b653693790cbc520774ab72617196a0c7d6fd29a2d989269c421ab98a06f3b0d1e0c958d92fa6dfe822980efe46ec3ffb3dce5334e5def876973745120e90be8 |
C:\Users\Admin\AppData\Local\Temp\.CR.3696\d791d860-a6b8-4b95-a3d1-4f0180af7fb9\VpnInstaller.exe
| MD5 | 9b41201bb6d9b439103b7a2fb1d41038 |
| SHA1 | e5c7f61421be5c5b0115c1be03ef1bbe8570c832 |
| SHA256 | f6d4a140924af35dfbc63729736310737c6356052094b19fddcb6e88d7e210ed |
| SHA512 | b06fcbac44b679dace89ad633269f02117aeef19a9fb1d481d19f8d5246c8dfd305eaf228994dce10c9f3c3151bd4aacf82c44e541ba7446b23f48f0e23c3eb5 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 136e8226d68856da40a4f60e70581b72 |
| SHA1 | 6c1a09e12e3e07740feef7b209f673b06542ab62 |
| SHA256 | b4b8a2f87ee9c5f731189fe9f622cb9cd18fa3d55b0e8e0ae3c3a44a0833709f |
| SHA512 | 9a0215830e3f3a97e8b2cdcf1b98053ce266f0c6cb537942aec1f40e22627b60cb5bb499faece768481c41f7d851fcd5e10baa9534df25c419664407c6e5a399 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 5163e480ae03e884242165372f55e50b |
| SHA1 | db1da71fa0ce20fbcc14decc2962fdccde45134e |
| SHA256 | d8967805d7edf53fed3f99a830ca26ceab59f46bff8206e8626a2638ab616f12 |
| SHA512 | d2ec17f04d37f5368459f6cc7a0a342d5c54e78e176126e2e26db58f34689bf9dc1e1d7b7bbbafa7af4366af664c1a49b8414e774ddd189cd0951002466b60d0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 84d09b686ffb82a592bb657aa47b6ce5 |
| SHA1 | a9d8ec9e3a17f41cb8b068cc8bb2f75e111e4d82 |
| SHA256 | 2d9df15ba03b99bcd59c1a6975042c8bba165845e859365ec2c5b2c98bd7673a |
| SHA512 | eba49d7600513bcad13d510e080b00ead0c76cd722f76fa446334a8200d997e7c97590ea3bf62871ebad5ec0483b1bf7874a086aaef1ae2443d2d73cf87d7af4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9623f8062dd555cce85f3d4d9d5b2ad |
| SHA1 | a1be5bc315b4e4ac0ef29bc9735af7867bb9018a |
| SHA256 | 7ef2865dfdfd6b876ae92b4b4e08da95ce5858579040732544b5e5af2f4c7dec |
| SHA512 | fd6ad481e1fc1b025fb8c350127c8f8de33a7d3f252ce37c3a467aec73c71446aa00e78293ac8d847dab2c71faaef0026bec3fd093a3a8caa9c92d2530180645 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | eb70ea9bfb209b21199745a1c4d4ef0a |
| SHA1 | cd992f388ec6ca49a103e6ba69890e330e31b20e |
| SHA256 | a1bac27b0e5fab4c26904d86b75e3f9f1efa26f31ada0319a747451924df86db |
| SHA512 | 3ad61c0c514e281599d4cae9ee8e6612ef83df6e7885cfa798a90c3ffed9fc6563f8ec2e2218152529bc7512df7098dd90cad4d50306c2a9c3ea4a5e6bed37df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
| MD5 | 0d2283b0df70bc0217118f5c6d1fd836 |
| SHA1 | 0aaa2e0daa0f0671fbf7817e222fcd777be523d0 |
| SHA256 | fb02c03e84b9a15ea357644f15643bc90eb9c6ef6532e1c82ecd052df34c2abb |
| SHA512 | 16071fce7468cc47fd7a57dc6913cbf41e142fd16b3f145dc30b13fb4a84a05fa3211d3b435ace7378c76682a1afc49e45d180eb88f6d32b0deaa2266196b2f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094
| MD5 | b07f576446fc2d6b9923828d656cadff |
| SHA1 | 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103 |
| SHA256 | d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496 |
| SHA512 | 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Installer\setup.exe
| MD5 | 11a19165aa72e46ad47200ca46760c87 |
| SHA1 | 2fe4616eadaf543846571564ca325e772ea5375c |
| SHA256 | eaac114b05373d005f91c2824c3b907d01842056468018b95a688e82ffcc95b1 |
| SHA512 | 5b4074ba1598c7441fd3dffed54cf0cea540a8e58ace339254b9a29bd6709a8e64458c10e9797a75ba8e0e84566e8c5935bf4891b0115dc02017396d70f47b27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5156901a04a9cb5994a08a28c0932e5 |
| SHA1 | 8212b66d69b657e4b217419b81540e317055d97c |
| SHA256 | 5158990afafa1124e7c27dbe91a4bf8f1f961ea63d26722ddf962257220ae1fb |
| SHA512 | 7cc480ab1d9e604f672b07c9b9c81a157c8cd7bfbf1235e4cfbbd35bee3557bcdc2ae1c169f3584a6397a1fa2c3e4598610239699011c1a3274c792ce19c6941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 06c1952bf5cd1b1472aefa169ccccaa6 |
| SHA1 | 9b9833b24c4969ace575c0107a27cc68f761623b |
| SHA256 | c8657dbbea3f70734b5d69ef6c6bb7a2fa9e7048652a1a814e294cbeb3287174 |
| SHA512 | 7491d5ca8f70b4893b4c2edff74014fd84a71b839649e3ca13581375942f80ca7a3c225560bc4d3e994443100c85bbb2893605d3f47e79b3cab3af9966ea729c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096
| MD5 | f930621607e050dff86f94bbf4806b73 |
| SHA1 | d06bdf16d5794550b78713955629c465b6970676 |
| SHA256 | fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e |
| SHA512 | df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1d894d8ddf821d20ee059b99a40630c2 |
| SHA1 | f6388976e6dc1974dd7e81ef6fd5bb3834bec55b |
| SHA256 | 5cf311b20313f0cf2e761afe362def81b89df1319992be85068ed509531394a5 |
| SHA512 | d049f2b3b5a97a35bedd75db3974dfb52c5afba527e13dd5be3f12e5571ff8c59ec8a89ec2c794c269b5cd7c0c2474a1a1249e68465dfb884b0fc60abd468303 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 04a600c77ebcddf6a4e59e04aff188e5 |
| SHA1 | 69d0898a4ac595655fa73b93fe07b9495ab8568a |
| SHA256 | 3ed097e2d233d4fa1608e0554dc8cd2f06b2edc1a20c664e39e6002d6794eabd |
| SHA512 | 080e1c5ca4ce2fec117675d0ee350fb26f34c9eec710febdb730041e2476430c16c68a490c24f1cc3691f9011ab7ab2a137ed8d3cf416dc67a60fbf45f29f7c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5237e57ec6babb0b84268ce30e359a33 |
| SHA1 | 368fed5b3ed6ed22263e31f3fff5e1763608d917 |
| SHA256 | 964c2ca47b97f2c49a2d6ef4bbe6ffe8166cc2e01808373277516b79f7e18ee9 |
| SHA512 | 9e2e1b0d03690e08f85b0867a42f40e962972ba6fa056d2249eb216091a74255ecb842d5d1cc6866587cb629a3f06a49e1f937894f46253398083029b823a502 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe618982.TMP
| MD5 | 6328c591c16c7da4771c3a3a4dfaf1be |
| SHA1 | d00444e8201637813331e8abf235ed651cfe4281 |
| SHA256 | fae392750007cd39cc71b905d0d79f77b964d75a7719fdd6d82f482928795243 |
| SHA512 | 13e004b6d7e743a3634d8fa6822e76b823d301fe0eb6bdb1db34e5b7cbb3e4342aaff3423396e5047623bc128dc1719bd33d80747b142374c9c393b37dbf95c8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c10d94e3324dfd78fdcf9d9a6b891b71 |
| SHA1 | a10fd2557cf8855ddb9af0698dac2bb312425c4c |
| SHA256 | d24de912743c92624b7e9178809e97a12cc1097854cafaaea8e5dcf203d30841 |
| SHA512 | 9f3d4afe9da352c49c71119a9383dce4c76de6aef9fee631244de949ccc2737322a3f0b0d3c880fdecd983a5a82f4c8c0c0c6afcbdb015eff7f5e22fca836d59 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.dll
| MD5 | 733c527b3d665379f40d4b5529e07635 |
| SHA1 | 73de20be7ae971e5dbf8dea2c459c5e9393a0aa2 |
| SHA256 | aeabbb8386201106dc8445c8bf739d786b28ffd52a9095ebb19de74957afaaeb |
| SHA512 | a97d71e4bd51bf8d8bcbe04b0c1afb6ca4a573b2ff75a5b1fb0d8faab5746ee569b9d315ed9f0a2ef21fc431eb835f7e92deb81019c51c2dca5d1612951b8f8e |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\SharpShell.dll
| MD5 | 5d182dd686856cec5d921394d873c9ff |
| SHA1 | c82281f6818c020d1018367127c81064eb9c0e37 |
| SHA256 | 957ad1c36bf814d63d4eba5de433a05c1195df89b49689e5a90525037957ce62 |
| SHA512 | 5611904d857228baa3d49d114aed6ef5b94eea22d84988022ce15d87e92c657122966cbe4db86c8c302d068019259ffecbe470b9a356922ec1d4cc9a68a3bf91 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\en-US\Antivirus.ContextMenu.resources.dll
| MD5 | 87935d3c3c2063d1302638ef976f4d09 |
| SHA1 | f1b5fbe0057aa9b06b3afab2c62ddee98ee95a69 |
| SHA256 | d03e2b10a9c11fbdb7a9c726b18638bfd09dd40675360de50235b3731e69b051 |
| SHA512 | f6a5d364d8f4f71d4965cb6306e953ae525d708f6f04048dad42854dad766f6c7c06c335517f66b5cf40f714b2fd1bb2301093c77c2220c1515025f28a0b8694 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\es-ES\Antivirus.ContextMenu.resources.dll
| MD5 | 5342025db29e883a027dd9eff6129890 |
| SHA1 | 5eb6e9ce2cd7869d7a40deb80ec96c6966a12b75 |
| SHA256 | d7fbe50e58d918c0fabade308df578b7464fcc7a202a642ba05a720f003742b7 |
| SHA512 | c3be6fdeb0b16c0a6935730f0f316d34c9fb1f7efc897e23f904ada3113e0c235f4cdae7da6b2dffe6c9e293d1a131b5e6c0cc18e141163581a8f478a168f5b9 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\de-DE\Antivirus.ContextMenu.resources.dll
| MD5 | 5c27bd4765eb0a93a098933ea14c3344 |
| SHA1 | d52b79309152057ad0c5c4d5685f2a55f4fe83e3 |
| SHA256 | db0fbbbd09020025f3bd03794d6d37d1f5957df52c7fb1c8487afa616f744fd5 |
| SHA512 | 3429def0427ef139419acfe443a0b3cd3d4a37c8cf68c26df96ad1537b1dcc6863bf6a624353cc1b85a72f2e6efb615294072bffa0f1e43469981c55b444283a |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\System.Threading.Tasks.Extensions.dll
| MD5 | 74ef632858b9a82d53600b4348d011bb |
| SHA1 | 5788e7b8d118f3682e916cfcecb1abc2430ce847 |
| SHA256 | 63a7e8bb4d827e8bbcabc182ff9a1fbdaf838d40e3a3dbda3a6725b1731ca71e |
| SHA512 | c01e6037d67d1670cac64f423d0e585a0134cd84af886671517f292ae166437e56fc2dfa08cb33fba268f9b93234f39f6b274b6ffd990840abc87c233a42b905 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | df14f95f8570b4517dce2f53fc86f57c |
| SHA1 | 7375b8fe21ec3f0805045a426fef5ad0edad78d3 |
| SHA256 | 6fdfa8bd1d67c0f57006c4ac6dcc1a1273f95a3ef9c761765793d1e3236c4c70 |
| SHA512 | 8acd89a9d60768238d17aec570eceb32466a5a46d7db8d8e5eca3a26e4a547c9560b3808627efa09e03a954cd72aea421b45b7145d2903fc4755997eb8bd299d |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\fr-FR\Antivirus.ContextMenu.resources.dll
| MD5 | 0999a32e532e150ab3796e09f2621e7e |
| SHA1 | a442809dde5420cbe490e07453e382ee78c59e12 |
| SHA256 | eafd487bc3c1f33ebb9095a90b345e383a6f2cf2f91a43c1d635dfff9710754d |
| SHA512 | 0b8253b83c1af7476faed34f3a558591e4ea54722e28eb3bc55e3b9d8be65d158f9c72e2689b962dfcd65662cda4bac05240bf20fe5252eb4b64212106779362 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\it-IT\Antivirus.ContextMenu.resources.dll
| MD5 | cb7c69e5f3b22d63e73d969800cdacd5 |
| SHA1 | fc0415709b84dc293aefdc9638c05ab4addb8183 |
| SHA256 | 2e66333b503633987098939ebfc51ed4fb5c552c0f9404b155af47c74ace78b3 |
| SHA512 | 172d65073771a063d64db2b2c1d6a77c2746a3d4775738519d758fa447a8b0151c143e3a7e2d5fa5a61436d7403f80274997dbec2e138998942646c6d9ec8e2f |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\nl-NL\Antivirus.ContextMenu.resources.dll
| MD5 | 166a745eeef70296df620b3288b65cd6 |
| SHA1 | 1775b58b72f850d4a74d5283f6b110b76a779d29 |
| SHA256 | fd717e44a132e6ddbfedf21116e146e84f113344a90325dc0a2c3f58db90259b |
| SHA512 | 8db98025ca59ee743b09f0a7613dc13c9a5829d05e1dc92e7cc7aeb4e9b347aa75485ae5f92c207e934d1546eb96e86a4917b10082981c99e363bc855309614f |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ja-JP\Antivirus.ContextMenu.resources.dll
| MD5 | 8cd68598347af8fbc5f1883c3444f8af |
| SHA1 | c88d0b1f58ab14039c82388614d853158c7f948f |
| SHA256 | e292710db6a1b5d8da73dd3d37f05dbdf57a2aeeab08cde1277407a9d5ed16da |
| SHA512 | 26f0f39d082fb4f4d2205118d0e85bc98a6e5485b630199fb35d2c1262c433c3671bf0c75712ca609ef96d733c1bbdecb81e0b48a96c734e875da4c9f72e0afc |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ru-RU\Antivirus.ContextMenu.resources.dll
| MD5 | af743efa1cec98963cfeabadc609ad01 |
| SHA1 | 05704fe9e2aa4488bad434c2263630e5d1dabc20 |
| SHA256 | 82100f76d393a9b32f31194abe9dcca5201756a94078ff35df2367796f93a739 |
| SHA512 | e8fae3bec46c41ec50a0706da023bd35cbd885c6ff1f24a0d6fdbc259f5acf3384aa3f017e8880d1ae8fffa06e156d5fa37d12fd3f0b9d7c1a38dcfc3bb7321d |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\pt-BR\Antivirus.ContextMenu.resources.dll
| MD5 | cefbe3a2a319e0929744148ce712a29a |
| SHA1 | fe1a9faedf31472abd308ee0e03866dc2f186641 |
| SHA256 | 1ef690b8fdf4efce71b4b831905f9bf80738a538847a963e40ee086f74c34fed |
| SHA512 | 6d76a3e1b2a82b24ef5d995dfd358706cb07b070d144cf7bc4b04bf038e97e52fdbab4567c16dbab49a67f08f8140f7b85b287b4d3cf5e71ba434295cb76167f |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-CN\Antivirus.ContextMenu.resources.dll
| MD5 | 5b39b2a0d94328ccb68683b14f54b7c6 |
| SHA1 | ba11360f41a34d82d4ae7c114984bd78b6e81b9e |
| SHA256 | 96a3af6e5f3b0e391a4c962ba68999421bfb2742ad7c2af22b2cc42e894d6a8f |
| SHA512 | 9f4ea92fabe4cf27dc010acf5e95b9a4b085f4294fb2ff73979d614184a66b28873746e5e57cb8da674d5d76952782247ef05851588d1c8f3a22b68f61a4beed |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\tr-TR\Antivirus.ContextMenu.resources.dll
| MD5 | 7576727cdf7fe15933909ab3122177f0 |
| SHA1 | 62349c7c60fc6aec028b94d34b95aa48d5fd38ce |
| SHA256 | 0ab36adfa52e71282d600a162ae52cf56f89123b8e7edce7b698d4296be7ba1e |
| SHA512 | 58bf6a8ccf1ee69232cbad62d3e98a41385cb4f683ac078c8b342a29fa8c684ab298f56de81d214b3c493cdb6981633ccca24371af94c364f9030af02108194f |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-TW\Antivirus.ContextMenu.resources.dll
| MD5 | ff15263a154e6a3a0f50929811db01e8 |
| SHA1 | 62b54417d8d75b4e854378c13548b8d0bde73f15 |
| SHA256 | 4a99bb477f588219e14a9d4ef29a780e8a0e760184ccc62bea49cd4c76055085 |
| SHA512 | caab8a013f046d8bbcd6b9f9e30842afb8108ef35d6e56d3de3511c10c8d4797e541bec01c01e95af0167c2475a12624cf1f40aac2296f9cc7b2c7fa6f47cf2f |
C:\Program Files (x86)\Avira\Security\Service.Plugin.Antivirus.Legacy.dll
| MD5 | e8783a75ecc25257bac6b2dd76a3ff28 |
| SHA1 | 4038ddc0db4c1eafbaa6f5938bf22af097ff8bbc |
| SHA256 | c3d151aff23ff1d6c32dd371e08322c35ed4a44cb5d6f3570b6d8a2c03c84b40 |
| SHA512 | 67738961cb1fa5d4e57cfebe5193f5a3dd768f3d5c57f29946b7f8e496d0dd904f5715438904976542415afbc125f71385cc505a607b39e1be3ad806ab997b33 |
C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe
| MD5 | 8c35ac6069f7ac705739d88442fdd3a7 |
| SHA1 | ae4bc657aa9a43b3cc0a43abdf73de751ba385ea |
| SHA256 | e8317a669febbcf774a002f2637a3531d3cd8709f30993717887eae9c447e552 |
| SHA512 | abc9999286dee7f8925452f467f232a8e7bdf061bdc7bce5bed5e4bc50fb61657730e2a6aeefe427042b44bce9b8a99b597405900a857829c048bca89be60a3d |
memory/4416-6482-0x0000000006930000-0x000000000694A000-memory.dmp
memory/4416-6483-0x0000000006E60000-0x0000000006EB6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b975564752251d98a9091293e267e726 |
| SHA1 | dfdb280ef67c1c7c63d8a00f5473009050487909 |
| SHA256 | 7041afdbc82d6c082a74c7d74d53084db69d768b83e6555197cfc84055150e0a |
| SHA512 | ca6f98fb91ca668bc965f3fc55f7318bb913629e2fdfe6e60fd0cf184179a7d3b6c34d37021c9df6aa9de4fc6c9b5c3b0bcdbb798a90d31481f1a0e32f976d2b |
memory/1828-6498-0x0000000000C50000-0x0000000000C7E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-0O9PV.tmp\Avira.Optimizer.Common.Native.Library.dll
| MD5 | b102cdd8d737a4bbdb6f661361277813 |
| SHA1 | a66c7d08024945dd18f8eede13781e24289595c3 |
| SHA256 | 1ffbe30a177463c76d6b48d92a0f4c87144d01d7a159463012e1377c36f69280 |
| SHA512 | adbb0e90ca2e29aaaac7968b9af4984ffc012b7eb79f8d11cb3e1f4510c8a7240acbe75febc651eb489402cac2d037223870e46482bb45cf409242cc3e6daa46 |
C:\Program Files (x86)\Avira\System Speedup\Avira.OptimizerHostClientLibrary.dll
| MD5 | 9694c1fe6cf1925d0f3da6da11cc44d0 |
| SHA1 | a6c43512ba7d7dc88c5ee7a8008909f24ca85d44 |
| SHA256 | 6cb71057135bdce45bae960b94777c9deb9d0f9a0132895d7bb8a8b242671a7e |
| SHA512 | 8f769f19ed0457f5ec774b7a6221c226bf66bba54ed90240cb9f59cf4c6f3035b751ef0f651ae7318abd692e0c9a5487880858371759efdba16d938e9faa06d1 |
memory/1392-6789-0x0000000000060000-0x0000000000072000-memory.dmp
memory/1392-6790-0x00000000049D0000-0x00000000049F8000-memory.dmp
memory/1392-6791-0x0000000004AB0000-0x0000000004B24000-memory.dmp
memory/1392-6792-0x0000000004C30000-0x0000000004C7A000-memory.dmp
memory/2056-6794-0x0000021713140000-0x0000021713150000-memory.dmp
memory/2056-6795-0x00000217136C0000-0x00000217136E8000-memory.dmp
memory/2056-6796-0x0000021714F20000-0x0000021714F94000-memory.dmp
memory/2056-6797-0x0000021714FA0000-0x0000021714FEA000-memory.dmp
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
| MD5 | 9805763f37a4804067ec1c83a6a43cf1 |
| SHA1 | a6e685626510c7f415d6996b44fccddfb3de6533 |
| SHA256 | 4713b38d2d1a59d0ada611dcd45aea6ee75e06407e9fd44bbe89700a9a7c39d1 |
| SHA512 | cfb255869ee09984fb9b3df4dbeae64a5cbfed09de6e92724637f9c293d4d441b900598db71520ac81b0f5724b075936e27aecfa8ad8ef163743d14fd393abf8 |
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
| MD5 | c863a9b8f754b3d14df2771c5ef92a2e |
| SHA1 | 54106db51d90d52e2f018256976c89b310b972af |
| SHA256 | 19c31419e5bee816860c7e117dca671fd50ee5d840978753c287fe683784e35e |
| SHA512 | 3a430828d0809c99c790723308e5b4a7f308696cc5817a30fbc1331698955988d075e710b91348a8ec8c1dc859f323ae852ab955750b8ac09b6604a1ee41dba9 |
memory/2384-6807-0x0000000000A50000-0x0000000000AA4000-memory.dmp
memory/2384-6816-0x0000000005490000-0x00000000054EE000-memory.dmp
memory/2384-6815-0x00000000053C0000-0x00000000053D4000-memory.dmp
memory/3612-6826-0x00000000006C0000-0x000000000071A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-0O9PV.tmp\Avira_Optimizer_Host.exe
| MD5 | 5a0d834ea87899647b79051b170aaf7b |
| SHA1 | 8a3759c32de03d3c551d41e85d1e242516a3b016 |
| SHA256 | ecc78f79182ce9ce75efb8a2ff9a7fb3fa9d76290837771dc286154fc2d7bc07 |
| SHA512 | e583f21d661d487c091c98b92d6047e715290dadaf6527812a15635c94e3ebb7736fe85a10c98695faf5a8e1432b2fbf70a14bf7d885798cf3111b9293b2c831 |
memory/3612-6850-0x0000000005480000-0x0000000005488000-memory.dmp
memory/3612-6852-0x0000000005630000-0x00000000056CA000-memory.dmp
memory/3612-6851-0x0000000005560000-0x000000000558A000-memory.dmp
memory/3612-6849-0x0000000005490000-0x00000000054A8000-memory.dmp
memory/3612-6847-0x0000000005440000-0x000000000546E000-memory.dmp
memory/3612-6846-0x0000000005310000-0x0000000005332000-memory.dmp
C:\Users\Admin\Desktop\desktop.ini
| MD5 | 9e36cc3537ee9ee1e3b10fa4e761045b |
| SHA1 | 7726f55012e1e26cc762c9982e7c6c54ca7bb303 |
| SHA256 | 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026 |
| SHA512 | 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790 |
memory/3612-6853-0x0000000005540000-0x000000000554A000-memory.dmp
memory/3612-6854-0x0000000005550000-0x000000000555E000-memory.dmp
memory/3612-6857-0x0000000005740000-0x00000000057A2000-memory.dmp
memory/3612-6856-0x00000000055D0000-0x00000000055DC000-memory.dmp
memory/3612-6858-0x00000000056D0000-0x000000000571C000-memory.dmp
memory/3612-6855-0x00000000055C0000-0x00000000055CE000-memory.dmp
memory/3612-6864-0x0000000006060000-0x000000000609C000-memory.dmp
memory/3612-6865-0x0000000006020000-0x0000000006041000-memory.dmp
memory/3612-6873-0x0000000007090000-0x000000000709C000-memory.dmp
memory/3612-6875-0x0000000007180000-0x00000000071D8000-memory.dmp
memory/3612-6874-0x00000000070A0000-0x00000000070AA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b0192b93ed4b85d7fc6f61cadf4cc191 |
| SHA1 | da1a37fa17c759205b902dc9bdde7a865b127568 |
| SHA256 | bd02187138c38264e76f639a14e92d3ce90b6be61cddfedd3b32a53fb22c2c33 |
| SHA512 | 3dda397492fed137643374784fc2f7f421ac6cd045feb7ae4fc11f8fc178546c26ca389b3e3294c456626625a7729584dcd8ce4739ae74acd7bbec84dba6c3c5 |
memory/1760-6888-0x0000000007600000-0x000000000762A000-memory.dmp
memory/1760-6889-0x00000000075D0000-0x00000000075E2000-memory.dmp
memory/1760-6892-0x0000000007690000-0x0000000007698000-memory.dmp
memory/1760-6890-0x00000000076D0000-0x0000000007706000-memory.dmp
memory/1760-6893-0x00000000077C0000-0x000000000786A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0bc09d7e6b4f889853dc29a6a6c4472f |
| SHA1 | fcd18f50a17234052d5090f426a9f3cba5645c5a |
| SHA256 | f7a8788bcbb3e55cb7e7bcf402b7de6089c8dfd2c289ed5b190f9576ee9be51f |
| SHA512 | 73ef2222a7c6a5b9989880dd25361285a1ef7f5ce4a7f0e9dbd3280e27b5d2b6c9399973b7d3967a724087bed7a032a264d8bfc24e0a94d2178812812e6324bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e907e21b13f6022172b351ceaf7f1f18 |
| SHA1 | 31744c029d7eaa34eb5fc398eecdb06ce7198ca6 |
| SHA256 | 109663a15ad245735a30ba955de023a5403f6f5b8759b00c9c260fce6357a360 |
| SHA512 | 7b121ccb957687250d31047ed576e8102d8ee8619d33cba901f5a855553c86cf0b374516b996120c6c9d0e3ceb3a7ff18a90b22eb8d1da3034803ef9de942860 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000113
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1edec43f64733059e4a5b7a34db4e3ce |
| SHA1 | f2449e1fe59c06ac1314e3eda73e853c1c11fd2a |
| SHA256 | c9b9291e830eb192095e3262db39fc90d8fee77da3107154c504105eecc8fea2 |
| SHA512 | 4218ca1d4bee19a13a9447230df41f3dd5ad9d3f8c2936a53662a9e04e33de43c23fdfe632a663321967758b103096c3c0c9d23a785ceaf438aad7b4b37a27c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65b248adcad95cbf48708d016492f4fc |
| SHA1 | e4e4377002b5d918066273226518540b135f576e |
| SHA256 | e4dd7cf9203a0baa63c7c1950c669539302763ee48bebc9199f088dde85f3b40 |
| SHA512 | de459e94792587fc377499dbe4858438efd98e12fcd2a060f8b3af5a752afd7f8c8552cf168643ab51527a0e6e51a0ce2b2a3a33fe0ae81b09795e7d4adf0827 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eef896bbf44b9f44dfe1c24c5a75f4d6 |
| SHA1 | a184bf271f7c768cdcb3fe18e7123d6f1097a096 |
| SHA256 | e61272fb60cb60abf67ba1bbdd1e3aee5c345ecf9446e1d09e2efed1b208db15 |
| SHA512 | c6e3e14875e602accfa0b6672f44bd8bd10475b5e4a256f0d206d431f74ba658b4f1c94aec10817667e8e92fbbaaa72be182e4b9cae2438352904a452d24e648 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48fa747bb9e40fef1b2d3e824646ed23 |
| SHA1 | 1a3f1cdcb7c7e250acb108165cad4d8e032ad649 |
| SHA256 | 296eabb97f1506bc5217615de506dad07efe1c2384a1ea9035dd86ffbcca351b |
| SHA512 | 4069a7c939d6e54e1fdbe4121102682e67e1ff36ff06ef35db69640f9054f2353838b787e7be231459cedad2c45dcb39d476774f2fc857fdc22b038b5c8e9279 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | bf6609f12f2b986af5997fc24a13453d |
| SHA1 | 699b96fabaff9c203eb78f7bf63671dac1656d8a |
| SHA256 | 16ca916ab10f66b1edc3e336e2c8fcd393a66864f40d408538b70b07dbecb919 |
| SHA512 | f052e9f6723d9b360dd4ad6b560d580dd91e3a51dbb2096b306bedcb547730cfcc79e36ac3f5c4647c4b101b9181f6b91955a5b6c83c85b51bc966dab07dea64 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 77c8c22fd9f65e3c99997774bef11f0a |
| SHA1 | 3788db838f00be3bb42f415b9969209c2c37e930 |
| SHA256 | e9da81c7917e67aeb93c52ea0cb50e4b079aaabe177c5e17ba6772dbc6f6c5be |
| SHA512 | d63119d6dd2a9283a27e30364c42ef11a139834b4723d83d28178e06c8b5a95b3934890ba1bca976575e358d7dc72c069f0d6e020cb6e8368f31ca598008fc9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fa7da62463d135f304740bbe6901b347 |
| SHA1 | b28662a70662778d4c98169a33ac633d81f4d239 |
| SHA256 | ed6f3d5c57dc436fd13629303351f405a2b06e44826c2e11a0010a91ac1e88ca |
| SHA512 | 3b576bdc7a8d6b0fd72b0cfb9e5345388ad28e8dc5f1d8e646cde7cb261935e35cee24077a40659f4f8d10dbe1447d97c9cfc18ce7dab159b023a533c29b9427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013e
| MD5 | e4cc1ece2f2425b10ae2ccc212c1dafc |
| SHA1 | 92609e6d0093693110baa23758382889bcb30da6 |
| SHA256 | 92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809 |
| SHA512 | 2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9aa3bb9c053bc4a411c74db440cb676e |
| SHA1 | fba5eb908635e0e506e1124414ec861bea1e42aa |
| SHA256 | 4ae507873b51fda4bfda1bbc934152da549c16fc31591419f13ea5251f398b22 |
| SHA512 | 163e171d1bd208a40dc9caf8c8ed5e0a96b0a7fa1834ea4edb1cf82e2fd2fe9e187bfb1806ff394786f0cfae8ec0819b925e22132d2802ec9fcc0fb974fcf6a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000148
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 148dd05daed3d6384081b946ac3d20fb |
| SHA1 | d4fb24aaaefb535ae963845068a0dc08ac7f3e22 |
| SHA256 | d4d9085349c306961cd92b489661a2245b6627b57e26c21baca79191fba6b708 |
| SHA512 | 5eaea736c07220251b444ebefa7cedba844f0049e2700d58449532adf5656a337975f4498ae3ed5e371e85aa2609b4e2802dce0489a86ce4e6d2bcb278b64dc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012b
| MD5 | b2993c2d5f93533962e705169ff08852 |
| SHA1 | 5ca52d72e499c57d0df55bf5cf0be5f5215e5f7d |
| SHA256 | 96ea9818d4d6c1ab1334458eb1765110cc67884bbf6423092b7c52a96d4fd5b7 |
| SHA512 | 35a568acf3f1e98f17e8a2945298ca36631f205445e48a39fd11a83ae5c833e123419f47d7faabfeedf257f78e1875bf5b664dfc431789cda1a0d8583b8f339d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000129
| MD5 | 938ae34ff4899e91413f446eb4080ca4 |
| SHA1 | b99a023dd08dc4fa22e1200aad7677a88563317a |
| SHA256 | 53f8fcc722113721dbae5213972bb83bdc5adb811f7b633448298d5cbd35034b |
| SHA512 | f741564d693c1cfae206cf87c37d8f57a07752de08d5debddbccb8d5877f70ba59fe4e09c444165f4a67a6cf6abaad976230aa2e99c36292b7a7e17e20bbb033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000125
| MD5 | 71ce174fc5fa1b2a262e9cd845fabb66 |
| SHA1 | b1fe832a18a182f71c7ade4bd4898629e444eea2 |
| SHA256 | 70085ae095a821767904894e62e0b500744d1f8b71181ba135de78d0511c27f5 |
| SHA512 | 1cd215f44ebf5ca987bc472e0f57749aad2a181195e4b03f495a6b827b48476673f4d3cfc0d23bd50416582ccd52c487172acde23a2e90306686111e688e2af3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012a
| MD5 | f63ad7db2ab6f504bc106616a34337d9 |
| SHA1 | 45638c74a29ee00824c2ad92bf7e9bca1e111bc3 |
| SHA256 | bc577cab9ca2fe54f96ec7e6305cc10dcda0a82f8aa4f6d1dad0c45561226bf1 |
| SHA512 | 31fcea250b0eca1c38123afe8812564d253e39d68c861977c402bd981b874fdcd87e566f420ca66052e05dbf2bb7d475636652890d2cae900600b204cecd2d7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000128
| MD5 | ace4eb1b3e5274770abf4ec424ff22e3 |
| SHA1 | 7aecae76e6e4d4d322088404e59488d8826773a9 |
| SHA256 | 5983d2b5ee2ad35bd6622c1917ca70e515f5f5b1eff796244bb4acfdcc2d9f54 |
| SHA512 | 9cf07171ca30b98b1446f78cc0f568073556943e710663e7c2ca34dd1384319c16438439b3e9e87874f0e41ba6fb62dc7347551ca95a8be5938a909aa0c30607 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012c
| MD5 | b787bd69348e38aad5a2c0f0c899e1d7 |
| SHA1 | bb99c84d3929a939f79ca1caa9a4922ea9367b8b |
| SHA256 | e3957b9ca5ebaa433f3516423ceb881b6828c757a613ff8889f01836adfc33c6 |
| SHA512 | d5e26f83e0778a086109794defc26a3f23bcd86427c37e26d7de565d061649d5a7a8cf22c0b7e9120210b78f87fe003bc45a352a2914537776e2a5f2e7f46c8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8ded9a2cbf62185ed3aee4b0b3288803 |
| SHA1 | e7baaa4a8421c01bdad4f87cb809e1236013c91c |
| SHA256 | 902d87cf7350d49a1a8f6fbff0614a31bbaaab7c3570fe42bead21de6c1a8ca7 |
| SHA512 | 70c37c2a806dee7905bcb896afde691dbd63e73155d5cc27d32c4a104b553f5eb5b0eb8a4c1d826cf504a772c334e6a3c840c98a152258ba4a883d664034ab3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000157
| MD5 | ddf9e6b63630bc36d67d1253a926ee48 |
| SHA1 | 63d5e02dbb16b05885c20dee9541bbc6f939eee5 |
| SHA256 | 228220fb6aa57f32c5901e60f1a2e17ebae1a6d411ac4c33259cfc870070ca61 |
| SHA512 | c71a5d5b8c56f7990e70cd0e91f7dab1adf8be7173ff192f566ba5da2cc4bc7e9cf3f5382e9b64dae63b3ec66d2186e17f6ecaeab864152bf33faf9a90578d41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012e
| MD5 | 3859fdcc9dfc8ee238149b68a1cb2f98 |
| SHA1 | 4c78ac8554c35cdd4ec8a0318bde9bba8b670b67 |
| SHA256 | 9a2ec9b64eee6bfdf104fe6b873c26c8ae22b90c9ef77ce61217030f16d81d31 |
| SHA512 | dc15c3e84175327f6e99ac1130927b0cd1f194e4759553151bb54b6f7b3256f35a690f8650a3d0806a34f3b4855b6936c3373180b9f9c838dac8c7fbfe6e681f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000126
| MD5 | d92d00f1c7b41441862fbca0b14bd475 |
| SHA1 | 179157c5e152a8d3493f825ee92b2a476ccb79fa |
| SHA256 | c695767ac4317044b37bd3b983fd362571589986ed88bb5bf813b143c43708e1 |
| SHA512 | c8522f3607feaaed621fe5157fd3f060a98594fdf1739ed367745397c1d0173a72a2ec21b8907eaa24c9c11e1104de6f3cdc50e30586212ff6ba8bbef3c64ed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012d
| MD5 | 362eb09ea74e41eb7a63d739e847df50 |
| SHA1 | e7e7f7d455e2ff9c82299e9df2554d5928a98045 |
| SHA256 | f747433813ad7c0232799356502d883910f9245fe4a60fff3309d71280995d66 |
| SHA512 | c97f78a19e47732a506e5054a6214fb59a6faf706d90ba5fb50077b2e86ff1eceb6de832656611dc2d43cf5f76277e5eb204bed2fa83c0a9c63c977f8e9c856b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000155
| MD5 | 966670acd1334dee959ad15015844fe6 |
| SHA1 | 494344158d32f6caa5b9a75aefadf39694763687 |
| SHA256 | a151ff1a2d1b4028c2cc8e3723cfced4017ad5bb893594a590c0ae00e499df00 |
| SHA512 | 92a9f2d7737e979ef1c6e7697d4a68c3e28bcfc188ca13627cc3d47069e3aa8dbb1e6afa03540a977d97d9100667f2c55e315a0f5d6720652e907e4d3ea1e4b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135
| MD5 | d160afb2dbf7a0d2bb9daa6a91106523 |
| SHA1 | e3ed28481c585f9288e53f440300dfdaac72c6bd |
| SHA256 | 474663a9c102e52384d591f114cfe7f1bddf7542ea0c7a728b27ccc60c8ee7b1 |
| SHA512 | 6b350bb82c923503403d9b9c217aaf959ba315cf4f3164466a3e3ee402590a653928ae1494aecd9166b4c4bab211bfe2843b46adf3c2e158736e18e1ef6baa54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013b
| MD5 | d44b00eaf066eb7050989509fd4e36c7 |
| SHA1 | f9c5a6144aefdc63afdadfdfba432a7f2921aa72 |
| SHA256 | 81d81f58eace71c343daf95f8a2756fa914556bcad33ca241c127c4ae68c215f |
| SHA512 | 99f9f4b102f6eb4c6ff8868fc598c536397d247de9764a67548739662ae302ea79cc2f730d63b8ff40c8c285b2c9783bba96e37c72d9922623fae83219d6694d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7b7b8c81781ebc13f851847a198c9ec |
| SHA1 | 270c5d071595026464727a3d707637031f51a77e |
| SHA256 | cae34ca5b30dead99fb617f7a6765ad4ebacdca9524fb52e4c59e9295c361d2f |
| SHA512 | ab8c9b66b6cfdfa5c4e9b514599eba257ad30167663c323ef7c29247f71cdb5d6b42fa2c85ec0ad120fc16681a610761028e8e5d5a9660f827ce43ffbedda2cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000144
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000145
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000169
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\Downloads\Unconfirmed 578302.crdownload
| MD5 | 2cc5b729f93352b4d7dd711f2d8a7b87 |
| SHA1 | f569e00c21cf8191d40bf91fdb90a303ade577fa |
| SHA256 | 0844232767b773a4b8efa5291830ff93d2981b0afd05368cc85a1c1e5fb09541 |
| SHA512 | 37fba9f4d892932bfeb4bcf6abfbc7cf8338089612e546214907bffad57da0bbcb8631fa91e44ace24eb2b8e815f6fde3ce86397c8aca17e9529ed1688019659 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014f
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de3cae3f6d4c57809619c3daa97ee365 |
| SHA1 | 51a209a57e24420199cd1ec41dd2b4576c95672f |
| SHA256 | 100bf5d34cda31d63fed1ae41475e04d4db017651a5a23e306523bccff24863d |
| SHA512 | 9ec1b0df7de66db18ab298dd431634ef7a20634310292d47d1d7cc0a76ccd67ffdb37cfeb9959ee99aefe6caeb32b3d9d7bc572336e89d3256af57ad4a02e96a |
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\mainlogo.png
| MD5 | b61853f040a8c21ff16e408b9262b758 |
| SHA1 | dc8717aa8280f0f884b662f0b5e588eaecadf963 |
| SHA256 | b722b21ff7ab620e53c3bbb5dfde556938263ac95da725b40298167fafb6c538 |
| SHA512 | efe38db66dc93e6a590c671db8ceb1b8d9b7ca67ddd2d3928ac81230255dea1c194648908435559eefe2c4979b54a72e29dd79b75393bf1731592d5290ca4270 |
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\RAV_Cross.png
| MD5 | 4167c79312b27c8002cbeea023fe8cb5 |
| SHA1 | fda8a34c9eba906993a336d01557801a68ac6681 |
| SHA256 | c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8 |
| SHA512 | 4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb |
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\WebAdvisor.png
| MD5 | 5fd73821f3f097d177009d88dfd33605 |
| SHA1 | 1bacbbfe59727fa26ffa261fb8002f4b70a7e653 |
| SHA256 | a6ecce54116936ca27d4be9797e32bf2f3cfc7e41519a23032992970fbd9d3ba |
| SHA512 | 1769a6dfaa30aac5997f8d37f1df3ed4aab5bbee2abbcb30bde4230afed02e1ea9e81720b60f093a4c7fb15e22ee15a3a71ff7b84f052f6759640734af976e02 |
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component0.exe
| MD5 | a812307fd799dcb498e635147a1943f2 |
| SHA1 | cd66d2f82fbf412db48f106a6631b620a9037a0b |
| SHA256 | 2446f0dfe1fdcb608c36bdee88a337a3ecb4351bcf6540af8f1fd99a9008b93a |
| SHA512 | b67d3d5f45ec0cb5f3ad202328d9a81120d4130897ff4eae7b241234d8506452f11f3a07aa3531e06052de9a599e988a1cbc572a3c3f0d89bb704f1326a45f3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bd0d358fc9a2d88176c7c0cf51f00f26 |
| SHA1 | fc3f9e8ccf9d5370c82a338ae80ec646c4dab92f |
| SHA256 | b9ca459794fd388f35364cdf9fa33eea7d3e91dd59952851a4498de0e4f53ae2 |
| SHA512 | fb565b021bb728b81a10635fe88d348ea64159edeb34ebcff1701a7b2b0711adc79be86656c821aa7fabd35118e89d6ba76bcfc0a7a583505b43fa784492b224 |
memory/7588-8103-0x0000023118960000-0x0000023118968000-memory.dmp
memory/7588-8104-0x0000023133380000-0x00000231338A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1.zip
| MD5 | f68008b70822bd28c82d13a289deb418 |
| SHA1 | 06abbe109ba6dfd4153d76cd65bfffae129c41d8 |
| SHA256 | cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589 |
| SHA512 | fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253 |
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\Users\Admin\Downloads\activator-2.0-installer.exe
| MD5 | 31d62ff8d4d3f0a6b9003d43edee08ba |
| SHA1 | e06556b5aa3958b284e6e29178cb95032cefbf53 |
| SHA256 | 2e70f03ab7b027e70ba52928eb70c1993711db436cf5db004a3be39eb9970a52 |
| SHA512 | e1d837441047204f3a595839771cf1dca36bb98ac0211ce5bd62da5e28f5846375239de2874f982e860c4f382a58954dbdb20bf4c3f9d3ba109fdcf1d0856dab |
C:\Users\Admin\AppData\Local\Temp\ij0ywfbg.exe
| MD5 | aea1687719375c1e7dff76605793a559 |
| SHA1 | 524c581d383543e86267e056fa7d2c2d720bd4c4 |
| SHA256 | e130b3598afeea2643e5a0fd369d39d3db0e12952663049b7422613358a553ec |
| SHA512 | 525cd644f6ad656e1ec38db1635c54de53081d6b56772a7ad3af4f9be113322e82fdd22dcba09cf98ae6a34eb4c6e9fbd1c5cc64e5c4405828ea606a113a99bb |
memory/7800-8268-0x000002A6DC460000-0x000002A6DC56C000-memory.dmp
memory/7800-8269-0x000002A6F6980000-0x000002A6F69C6000-memory.dmp
memory/7800-8270-0x000002A6DE140000-0x000002A6DE170000-memory.dmp
memory/7800-8271-0x000002A6F6AB0000-0x000002A6F6B62000-memory.dmp
memory/7800-8272-0x000002A6DE170000-0x000002A6DE192000-memory.dmp
memory/7800-8273-0x000002A6F6A40000-0x000002A6F6A6E000-memory.dmp
memory/7800-8278-0x000002A6F6EF0000-0x000002A6F6F48000-memory.dmp
C:\Program Files\ReasonLabs\EPP\Uninstall.exe
| MD5 | 79638251b5204aa3929b8d379fa296bb |
| SHA1 | 9348e842ba18570d919f62fe0ed595ee7df3a975 |
| SHA256 | 5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d |
| SHA512 | ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9 |
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
| MD5 | f2738d0a3df39a5590c243025d9ecbda |
| SHA1 | 2c466f5307909fcb3e62106d99824898c33c7089 |
| SHA256 | 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21 |
| SHA512 | 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5af14ed83155ecdaf52c5140cf34f444 |
| SHA1 | 8cbb66501a5fe877b6f7f5fd94df22f6a03ba6e7 |
| SHA256 | a5cb20ee0cf2315c4bc3634c70d1afe0deec4306c62c4541e864333c6a18a2b1 |
| SHA512 | a302ed47d6baf5c1923bd0b4c2f7a4e6b95eafdd9af34334aad38b6b718542d71958177a7403f7a90b245ca6ffd39999658441eff5463fe947467c37185d562e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0bd067e224902a8eb1e59b5d279fb777 |
| SHA1 | 11a82d6b027f9f079a490061191b5b7270e7f7cd |
| SHA256 | 7e5ae11f22efe1c1091216754a452b238959d698cfa9c97e87599ab51154202c |
| SHA512 | 0fe5e7ca96902013e9e1daa5a56479e5da0bdede223ca3b659ef842b6520a39f6ae95651722ee749e9d9bbaaa3759d9a60894e7f159ba850608214459b6410bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 718c0c0c6480f8f92b83c9e6dfb107d3 |
| SHA1 | 08c41ab4f88e453cc8df9265768876dcad2e96ce |
| SHA256 | e3b83f5ad320ee77f7a105a671e93e694a8ca59b9559c74fc64fb81da2f81b0f |
| SHA512 | f016173821e56d623d7c93800a3892a2b77c79122e9e29aa34a790cc90d5ebb90b3abaa05b54a85260e9d0623b8ab1c55a87475913f5fb294f0fed81d773a4a1 |
C:\Users\Admin\AppData\Local\Temp\is-PE1I8.tmp\component1_extract\installer.exe
| MD5 | 622b9844fcad806c124c810c1b852b51 |
| SHA1 | 123056b8bf5d09cba8a7dd3344277d1ba5500bac |
| SHA256 | f67b177ee10e72a7865b96de49591441def17f7d33015e673d91723f8b447566 |
| SHA512 | f35ba8609990a7de7bd16e4cc2daf53c3f79badbb06c5770b8c39300624411e3aab743294d94ad987a4db7cb34447a85fea41344e5b5ebc2ed8beb192551ba9d |
memory/5836-10005-0x00000000006D0000-0x000000000070C000-memory.dmp
memory/5836-10012-0x0000000002930000-0x0000000002940000-memory.dmp
memory/5836-10021-0x0000000005360000-0x000000000541C000-memory.dmp
memory/5836-10026-0x0000000005590000-0x00000000056F8000-memory.dmp
memory/5836-10027-0x00000000052F0000-0x000000000530A000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 3646f5d56d16d6afd03e15b6f1754a1d |
| SHA1 | 3d5f14c923e1d58b21d5640bd6d66e4e900bb16b |
| SHA256 | 5ee23e1bc1775c7c683f91a04a6705b7f4e87a21b7599f937125de5e7443f4a0 |
| SHA512 | 12ba3f049b60c87d0f227bdab97588e3fe76d9eeeb5a496c03d0150d767c3ec23dfffdb7bc720dc96d76b438212cf59d2794a6237d2f345417b4c9db6f37cc28 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 6565763a491f564a91b197cc8055cc96 |
| SHA1 | 5c3771babe93526013af7dea0da78fbdcf7976ba |
| SHA256 | f0d8fd96dbc13b6dee7608193f069115fb863cf3f8410f53d5d52b9c65daaa9a |
| SHA512 | 9cf78415f618d770da990db7271339eb622f726d953537492ecaf900d929782d5f01acd3ea89c0f85a6dda87a99e9b75f2a00953f975e04e1f754b4a9bd70eeb |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | bd24f68f711e4d301817b88659763ec8 |
| SHA1 | 72aae428b4383c60652067c5b564030be2ac254d |
| SHA256 | 80b570b8b82abe48c0565422bf0c124b2e2c91af57c1aa5ee3fd408d7ba0344a |
| SHA512 | 875a672661f1044865c4bb43bfab36ca657b0a98d6b9293597e922f639bf639517cd3b675cb894e98224a302237fb37c8cfc089d0c713f804bbc88a2d7cfa448 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | bd4e67c9b81a9b805890c6e8537b9118 |
| SHA1 | f471d69f9f5fbfb23ff7d3c38b5c5d5e5c5acf27 |
| SHA256 | 916f5e284237a9604115709a6274d54cb924b912b365c84322171872502d4bf8 |
| SHA512 | 92e1d4a8a93f0bf68fc17288cd1547b2bb9131b8378fbd1ed67a54963a8974717f772e722477417f4eb6c6bb0b3dfba4e7847b20655c3d451cba04f6134c3ab5 |
C:\ProgramData\Avira\Security\Logs\Elevated\Sentry\Avira.Spotlight.UI.Application\Sentry\104358A6DC134E47715BA87A769BBF11E2563EAB\1724512372_-5864__6044116.envelope
| MD5 | 6ca92d56961e174f397e2d857ee11f75 |
| SHA1 | e1b4f5c723a2c2ffd53f541fa585ebb222f35992 |
| SHA256 | 565a2d20405fe26864d5e70fab75c4a1704fcba44b6975316087b899c8608c9c |
| SHA512 | bd33360ae19b9202b1bd9d13feddbb515be979de0eab856a576f54ad1fddc2b228921a3f3a4c350eeabfcf35f2f0a4bc56e0b10094dec8c5239c1b3ec17d6473 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 51a50effc944e7cf4da5743844463df9 |
| SHA1 | d01b9b9768113e498aecaf47e589fb7223d6d268 |
| SHA256 | ceb0be3888759d9d19e1ee322588ea79ceddac886de289f2389222fc045c46f2 |
| SHA512 | 8085a87e3167da74ca72e85067978ce05c37b0c9e100f3fc26251719bb7c892ed473012b474119b4508afa0c50cdb45da5558d6ed4d449188fd34b9bab231e93 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 904f9f8eb2aa46363e64dc692cf3a657 |
| SHA1 | b939fe7ae459ee3ec1b2d709fac729d52210c72b |
| SHA256 | f39827da72fc0941aeda531a95676a19775f76b052091f55bed88e9916762342 |
| SHA512 | 162497f0195cfa76ff43b82ca5b6b7404e4a1bbec546a37f9597340921fe28d9df279c35a73b6dd6caddc5b39bcda9be616ca3018c0e823af19c62893638b38a |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 15bb6eaa1ee69e91a9eca9f0a6e69b08 |
| SHA1 | a9de1cef1ad039e464bcbdb38efe4d07f74588c2 |
| SHA256 | 632249fc97f8eb2dc7eae9aeac454f0da678641150d1918cfe05098ffb50dac9 |
| SHA512 | c19b885e6546020b8698d4e5cf2203d7d8ea08b759e5462f37e46b33c0586709b7de654d78198ca404873a8d4e227cb73dcba755a9f863637864bab9369c4ab0 |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 18915a6e4ac8b6f21855acea6e01bc81 |
| SHA1 | c85163a78d1c29d38d00ce3abc3379724624a308 |
| SHA256 | 76775ffdfce67ac30e4237d0584d83c0c74e1c0a11ea89fc5eb04839ebcfd0a8 |
| SHA512 | 918a0729b9ab1d191b4809538c8951084197e866e23a4e1073c9685982829eb92a379206b6cf58f023ac981995581bacc6e316235bc03e4388244f0a578941e0 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 09e93eb833fe276b348f40c5363b8b07 |
| SHA1 | 0f08104faedbae350daf072806c909fd8695ada5 |
| SHA256 | f4ed54f9d090eefbdcdd8634c4f2237e7855d8725de628797530e3fbcb415732 |
| SHA512 | 66f3a680ca589116285c1d54818b184d4aa9e06f38a816da0a320b066a3bebd4d7dcd45d12d0a53dadebc75d7714ad5eb1bb2eed7134c143772b6516e757d030 |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 94833c0c365d5be20893f51584579eb9 |
| SHA1 | 87ea6e20b3a902494050fa7b223d8b4eb4a11339 |
| SHA256 | 92ea32785a5ae730010b13f640ce313cb3e3704b190cf1d613478500d602d845 |
| SHA512 | a3b3cd14aacdf4c2dda30b08e064dfd3c2734effb322a98eb64e53241f5a0a663472b36ac72e1477aa619bb7dd03cae8769973937e799cd44da97b0341a43837 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | 88c54411a07bf5456c2da9f52c593a25 |
| SHA1 | dbb538798294231a94378a3adff3ae9be9445a9e |
| SHA256 | 2694f78a88a55106c7e7d5d15cda03322b029392175cb48ce96c327328a06b59 |
| SHA512 | 0710b6ba00f2ad161b27768ce978a375a16e9654128b41438a26662e269bc8b6937af02062cba43c8af1195e37091a17b279f8b07fa13198499ef03b546d3475 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | 0cdb20df7079e4a281a049b7d48d77fa |
| SHA1 | 449575e96e62be6ae3d9de2b15af663dc4f8ad38 |
| SHA256 | df22ef68f5315f75837b4ddcf0588e5e85ffd56244b7b319554cafb83b334879 |
| SHA512 | 2872ad4167a861154f763c26a90f712e3292a84074f870ebe114c8925bc7d9522c0dc181f384933bbde915621d9bee78dc44603a7aa37fc21a22abb6ff605bf7 |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 5cb72bc9f5e2502e47a71fd03a4a2c06 |
| SHA1 | f2cd06e894a77363b48a84e8c33a99a346262a52 |
| SHA256 | 8702b745f6208a95bea200fff308c7fd7bcaddfea6b22b7764b9298963b21d45 |
| SHA512 | 2877fcb12a903b9bfe53ddfc7cc906ca7eeb788e021ee972c603537a199a692e1e69bdccefe3a242c46a51eedf5b33cf0d879f4b59697f19ffeafb862f46ff78 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 4c7a55d16fdd57be929c49b8e8dc68cb |
| SHA1 | d3aab8e94b8be7218682aedef3c7042210658b50 |
| SHA256 | 279ea8a509755734a587834e3d45f1efa4d815a9a742b94a88dd4ff6fe3bb1c6 |
| SHA512 | ca81bfe2399b2c3fd143986b41db03e1242de2e96948d6d08d54af4443aec8ef6cf77074f63cf40916b80bfd99810ef490ebc449c07fcb6e696e07154876e0fa |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 22226665d099e8d68e273ec077abca80 |
| SHA1 | 89941ab6d3637c7231fcc736793bbf5837a7ea6e |
| SHA256 | 41f7bc2e431d9cb873539e9a143de9d43add13ba1c1035711773c712247328be |
| SHA512 | 7abde67b596feb0c09c2320f2d2f367bef517caa8359a1a92e49889c1c9e599e563fd140fac85560560d8b8f394c61d984693d213ecd6cb101de66f4eb74ed9c |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | bd2feaa3847ec99c6ee3450471cc2fd6 |
| SHA1 | 3a1a5e300f8ac458388fdaa6f34c68017f69effd |
| SHA256 | 3f71f6a780a8e90c79381e8b5476f333a0535ede32edaa95b5ad5871de354457 |
| SHA512 | 42b8c56bae9e6b4b650446fdd5bf4a9cc0c5ef92d30e6bf6678bd78f15316a31a139001169a6b1df50f4386a9f3eaeac0d405663a1214ec50aac7cadaf43e02f |
C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\e4998f94-d4b9-49b2-ad46-b1a28175c758\UnifiedStub-installer.exe\assembly\dl3\633ac06b\794a571a_38f6da01\rsJSON.DLL
| MD5 | f0439e58103c63c8aae325518e6201fd |
| SHA1 | 92bf7d2642c521c7c5f1c86749951cb969c569cb |
| SHA256 | a45597f694b22641bc89d170e4ef60a57244eca80e827f37196fb63a4c551c70 |
| SHA512 | 3f6130da5b5f04925e1c1a043b15e7c5f44450149f967249f2e550d32e5166fb2ec5f199e1afdf64ab6d1cf5cd243a9ae23d0a7a62f086fc728858d1c53db283 |
C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\e4998f94-d4b9-49b2-ad46-b1a28175c758\UnifiedStub-installer.exe\assembly\dl3\57352adb\9f71571a_38f6da01\rsLogger.DLL
| MD5 | 107b5af3ae55b7bc20c41f54075ad02b |
| SHA1 | e97ea9f91f101a5b1cceb9631d8fe78e89540df2 |
| SHA256 | 1aa8b4d1b65ee9026c80c8c50ec8d0b2b91d0c6d61d23d10eda1f179e8752c3f |
| SHA512 | ab793fbdaddf95fe277c861186610df3946107c8088d8c298b13a20a70107d169836c67f9c5240f268eb63b6bbf3de13553400835562516f2b20e904f8b2efe0 |
C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\e4998f94-d4b9-49b2-ad46-b1a28175c758\UnifiedStub-installer.exe\assembly\dl3\cae89883\c304531a_38f6da01\rsAtom.DLL
| MD5 | 4a9556a6c10c20f2df0e7ca042c228fe |
| SHA1 | 4985bcba1fd78a42dade6c0606be86d3f6cabdd2 |
| SHA256 | 153bba87ae611a95e5be3dfb53021884413fa54bf950e65a6797b82297d06a50 |
| SHA512 | 69a413e08cde3b421882b4192ae5b3e540e23fe8132d5bf38b1c6a656e68fca7cfedfe302af8a31022b62ca2bc6a2424a04378d418c5ebbba076417e8bec61e7 |
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | e3ef0ebdb9f407b562241a348a8de12c |
| SHA1 | 968fcfa84c2b11d428b5b97a66db37811ea74068 |
| SHA256 | 6b80aa802239642c55bc1d0f6d174dcd30d0d245b9f30f5f865b4c19bf324919 |
| SHA512 | af75d6dd7b3cd47fa78f8c525a93e2373eb33bf597375559cc0d31904c681abcc15a6e48bc1c5b456e8c33f000155f7b28f57cfd9841f8d7395295718368fabf |
C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\e4998f94-d4b9-49b2-ad46-b1a28175c758\UnifiedStub-installer.exe\assembly\dl3\d78543ad\1199571a_38f6da01\rsServiceController.DLL
| MD5 | 6ea512fef41805c032b44189d54120cb |
| SHA1 | 24a915d7bcf3ce54f2ecc0fe47281668012148ac |
| SHA256 | 11b159b40201346571e0cfac60955d9fa4dd4b08cb8b1219b7d10b29689fe7eb |
| SHA512 | 5b9f8f00aec998f57b8be4502b004704abecfde469967ce0626fd15bd265c60e98422b55d26b8825dc26773ab25a28a99416030daeb8810ae5150e52115f979a |
C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 705ace5df076489bde34bd8f44c09901 |
| SHA1 | b867f35786f09405c324b6bf692e479ffecdfa9c |
| SHA256 | f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950 |
| SHA512 | 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 7c9b77fe49d24ef989c12e52bba2b7bc |
| SHA1 | 37b9ee5a72f1387776e3dc67c7c3ebeb2effac7a |
| SHA256 | 2dd1c9e0e4cd57cda19b20412556e7b6d536c1e82b7913976ad6e4774d52ca60 |
| SHA512 | 9f52be631ca374c090639c4de41d6bd64805870d39545a40d7567a80e936c901a4123d9e42eb92f83e1504de6dabcadedf59363b8ccbb9ccc909794903fae529 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 6895e7ce1a11e92604b53b2f6503564e |
| SHA1 | 6a69c00679d2afdaf56fe50d50d6036ccb1e570f |
| SHA256 | 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177 |
| SHA512 | 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState
| MD5 | 362ce475f5d1e84641bad999c16727a0 |
| SHA1 | 6b613c73acb58d259c6379bd820cca6f785cc812 |
| SHA256 | 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899 |
| SHA512 | 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b |
C:\Users\Admin\AppData\Local\Temp\7zS4CBD4123\e4998f94-d4b9-49b2-ad46-b1a28175c758\UnifiedStub-installer.exe\assembly\dl3\819ec0a0\f22e8fd7_7ce2da01\rsStubLib.dll
| MD5 | 3bcbeaab001f5d111d1db20039238753 |
| SHA1 | 4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8 |
| SHA256 | 897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a |
| SHA512 | de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | bb7bf22894dc3f2935ef8609920fda5f |
| SHA1 | 5c55793a4031f0ce6148f3185deef7bd87b755f4 |
| SHA256 | 77e0a722ad5c26334c3fa6377fdbc139ef71256ac805d36007254754d4dd7b98 |
| SHA512 | abb6bae73d4b29cf9bb016c1815880d94bf0986e050b06702a4503898e5cbabc393363a3156e7c992bfc2e5888ded47fceb2691a30958edee692db5e584c03ac |
C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt
| MD5 | 61ad7ebea23a7dfcb83c7e0fbe60b937 |
| SHA1 | 43673c2913e3d49bad577fa0872a9e8416903d58 |
| SHA256 | 0480d707bfdcda555c4d14c9db7a7e969dda283ca1396e08e7a94065fe0fa902 |
| SHA512 | 22962314582ee23f4c12e7bf490b2796851a9acd2423e7be42e54a32f5f9d2a7b4dd3dc87290d3fa7aeb6e1a3efe58d46b278797879c574a5c01d040c18599f5 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp
| MD5 | f04f4966c7e48c9b31abe276cf69fb0b |
| SHA1 | fa49ba218dd2e3c1b7f2e82996895d968ee5e7ae |
| SHA256 | 53996b97e78c61db51ce4cfd7e07e6a2a618c1418c3c0d58fa5e7a0d441b9aaa |
| SHA512 | 7c8bb803cc4d71e659e7e142221be2aea421a6ef6907ff6df75ec18a6e086325478f79e67f1adcc9ce9fd96e913e2a306f5285bc8a7b47f24fb324fe07457547 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp
| MD5 | 8b314905a6a3aa1927f801fd41622e23 |
| SHA1 | 0e8f9580d916540bda59e0dceb719b26a8055ab8 |
| SHA256 | 88dfaf386514c73356a2b92c35e41261cd7fe9aa37f0257bb39701c11ae64c99 |
| SHA512 | 45450ae3f4a906c509998839704efdec8557933a24e4acaddef5a1e593eaf6f99cbfc2f85fb58ff2669d0c20362bb8345f091a43953e9a8a65ddcf1b5d4a7b8e |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp
| MD5 | 2a69f1e892a6be0114dfdc18aaae4462 |
| SHA1 | 498899ee7240b21da358d9543f5c4df4c58a2c0d |
| SHA256 | b667f411a38e36cebd06d7ef71fdc5a343c181d310e3af26a039f2106d134464 |
| SHA512 | 021cc359ba4c59ec6b0ca1ea9394cfe4ce5e5ec0ba963171d07cdc281923fb5b026704eeab8453824854d11b758ac635826eccfa5bb1b4c7b079ad88ab38b346 |
C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt
| MD5 | 79abac29193122bf74b0c7da1412a386 |
| SHA1 | a89d9a6d86cce1fe4b976193336553f3cad44bd5 |
| SHA256 | 3e3ec248380bd5dc40736fbc84c3921ca33dc0f29ff7c6241a3f39e07f008d30 |
| SHA512 | 7dd7819371eeca58253bae04f392ea3623d2d9cfd88be0c49834a768d7321bbcfb07c75ddf03a8953d66a79c44ce0a74fc98a21d46e3b8b198513038a31898d2 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.36.0\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.36.0\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.36.0\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.36.0\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6ce68747e4a3229515db6322e865f16c |
| SHA1 | 5760026c29af97988dfd459277f14c650703163e |
| SHA256 | b59830edf2c343a6f0857c4ad4e99c68b3a145e71927f78b0b4ffe8648c7af8f |
| SHA512 | 79f5fc859d1a8aea1257331db9061d19a3fcfebf27a3a0bca4fbaf268a31b39fe9528ed934b8b8a757a79a475f4344deb05091af6749495cc176a60c1449d493 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58874f14909b823bde2b19a8956203a5 |
| SHA1 | 56090d99fdc43c3c66dd7413a47d39400aabe51b |
| SHA256 | 78c1e12928aba29e7dae06c5fd1196c5f2eff80a9d5b46ab8dccbc393dced6e3 |
| SHA512 | 60b3642c920474fc40fc42efaae3efa3e508dc498fd01f4eb2eb29b27afea788f440ece35ad4f02190254228c5f217387776d6012ef254ace3c605ae96c52012 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 45c9c9d82e2f7977ff4846abdceb51a4 |
| SHA1 | e7cf1aa47a90b76e9f980c6796017579e5be25f7 |
| SHA256 | 4e01a1955703addc4772462eae2427d9d45c1a64d5028f9b91d40e99df71639a |
| SHA512 | a844746bb97b86caedb806c3fc991da7c3bb947e125fc63f73f827f074b9d036958013757ff46438d7192efb0eb8f5ebd0853b983bcba945fe786cb494dd1d55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9384d584fbd982889ad7d3a04c6649ed |
| SHA1 | f647e6654ad46d1a54e5e5dfdc354e2687b6e58a |
| SHA256 | b4f4f50f009e1e17deb27eebe5709ac3728ebde255f8a4ca4e908197529aeab6 |
| SHA512 | 0376cee5203e8fda3dc045620f5b179d35452c0f10fb50c8b49a29ebeec4ab4ffe4e47a40c346c6922d3cdbd818e18a181214b518efc860a154a39bc9991f658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000181
| MD5 | 8327b301e68c9f92de970d530af86d82 |
| SHA1 | b502458a7bae3a7fef710cbfd0913480cf257a27 |
| SHA256 | 7f5582344d89204ea92a2f16e25c2d5570eadaede2ce25df68d7cd107f466ec1 |
| SHA512 | 61c08747fbdc501049dada4223140d05ee24ca76daa61f89e9017dd7469aeb6f319a7253424d16b82805a5ae0559979e12773dafdc11123c29a1c6a990934357 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9057ac89714b7e8309b7fd9a5f1f3b4 |
| SHA1 | fa3eaabd20a9b583db7d2785411645a531b235e1 |
| SHA256 | 8804e9bc2300726d5a18ea95a6835dbf2200522ffafde818170c820400b85084 |
| SHA512 | a57cee9699789829ae9880441fde55d08392779f9b41003e7d625995f9244d7c0bce3ceedf2ef79de3ccb6b2474718fadc152d342fe921e27333598257547003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a48fdbecae7dad538c81380c4af3b8c |
| SHA1 | 04b6acb90106b9a95c64487d838e141abe47d3f9 |
| SHA256 | 9a68d82d73d346a6b8733f645351cbdbc4a76edfe336d4a1df35f5d7946733b0 |
| SHA512 | a6ca70b98f9ab37d8b180394c61601a130afae5b9f76dbbe5d4b79b1bd5c594cc3cc8f6cb650d7f20f9bd1b33309b79ee84381467fafa7e3904c64ef0ba65d45 |
C:\Users\Admin\Downloads\trojan-1.16.0-win.zip
| MD5 | eaaf097adb8b1b67af0286ef86aba1f3 |
| SHA1 | 4c5ef20dad4fd5e8e2f471a6593474c0fa6cbd33 |
| SHA256 | 0e6107a73e113b30893d66844ed8d619a125c5f5e54c559727e87a33f1add423 |
| SHA512 | 1760ef0dd64bd318422ad4af901c9918cb7910bc96e9d7d9d2a1b420ff148a3381714f4275a095d2eb4891ab741991f1a7dbd0e1af19bc756a80e00a3c6fdc9c |
C:\Windows\Temp\TmpD42A.tmp
| MD5 | 4b00250a87cbd6f06e0b69018e0c758d |
| SHA1 | 40c1548d364a77759fab2a12fc97792b102408e4 |
| SHA256 | b57cf781ec61e75d8a733c583f31afc229458d7f01e4e7207ea86bfa1a8ff5fd |
| SHA512 | 0b8b8a1626318b7ae85bce0958916915f875d166910474f23f871d3445695f8958469da943357530fea9f55ab2757bc4d3078ac9a66b6b31c9d8717134d5a600 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 373615c17feb0c482a7896f02901daaa |
| SHA1 | bbd77d4f2970880a95c5620a3e89b8003fcb380c |
| SHA256 | 44af6a655a50b53a8dca4e729dddf38918a3c624df4690aa70045c04ac239292 |
| SHA512 | 1e62caf06b76d53a2d02eace6df70d58bc28bf227e538fc6f3ec56f96fa4de9eb58818b74c84302f66048f4c2e5ee49d6bd69c8dca01eb232b7159bcafe6bc25 |
C:\Windows\Temp\TmpD68D.tmp
| MD5 | 2cf7656be08296059f161406b21c544d |
| SHA1 | aaf0250ba0cc8b8d58a61dad8d9967486a544f54 |
| SHA256 | 58a187c400314f023b2635f752029197d838c26671992cb5c5a0b35bd79a3177 |
| SHA512 | a446f9fc0c39d9f1b01161c1988905a0799b3c6a2bafa48738c8db5bf488de91605dead9fb6f498096f936d0ca5f2df23d8f6669142067b08dbc8aee2af44aca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 68fb18c3279bea35971fa1af1dd23e1a |
| SHA1 | 8a9e7754c59ea67f50078c0b7a93d52ca0fbf6d2 |
| SHA256 | 36918939a732bb634d6d3eaceb7ce9521b34761d9d3968ffb3989de7ac64271e |
| SHA512 | 3ae857a4754b664b3f1edb5cf1fcc42102d027139d84cfc58123a41f3c15be2956d1a6ea540a1b469de21aa6ff029b0c6c7d2361788aa3d2ea6df29cfaba6d81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d247dc16799b930150711b88ac61643a |
| SHA1 | 8ed9268c0bca2a83db964c5d2095fe9b508742db |
| SHA256 | 02ca2ae373cbcb49e31b94b76fffa0b733b4267fd48ac7618cfbd568d33be757 |
| SHA512 | db8a6fd7b81c6683becfb4321060e6711196c518f168c7f2369581d23736b78d5a66608854564e827db021f372101e92909ac97b70cb03c68554941e9aa00334 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a1861347510c3ced4f4f6b2cb8f76102 |
| SHA1 | 7f8720b5434527cdb7f034a54fda81919d07aba8 |
| SHA256 | 107295cd131d607e559ccb1b53642ae6eb2254c6fa14ae5ac5505b4d59e24cdd |
| SHA512 | 0aebe9874dbd7ab6db7d5cd63021f8de725e8bee56cf3f9bd3e9f79781ad4a28880e7079bdbfa2445036b81f883301736e30793c8ed2c648a6afaa8eff553805 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 1149d59b5a70f1cc4adc2b27681e113e |
| SHA1 | 516afe88a999e2e6e5c1e48bf7e14c2425a169d4 |
| SHA256 | d906677146989b09ae2450afdc647ca39aa2acb3760b05d977bf4070bc581208 |
| SHA512 | 2eaaa6885c4aa41ee24d33abe1b636bbb9dcd3bf7109a0eb06f919ab42db396d1cf3569152cde2c4961b1d964dd4bfa60971086f01918afd7e2e2ba4208e0f3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b6389a51c493841d99c5631ad2b2d9c6 |
| SHA1 | 214a5e62df088bab94acd39137f0749120bed413 |
| SHA256 | db6c50c0ea07736f3e44bcb2125a819e5d126de6d8f6266c65a51fdbc713c424 |
| SHA512 | 84bf120eaab5f357a75d3688e6d5da1399a9f184732ee8310e38b2d465b953dade993d9b14697496f00c2a70f2ff01ef657e557734b276bcd884689e806d81d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce895846575332e1e0072f7f31a84d39 |
| SHA1 | a7ba89fb8cde76e2cf8464cc6c389dc15d75ccd7 |
| SHA256 | 377ddd9c9062cff1ba2ae7233a972c5403929839f2c02a862a0e186af9b99ad3 |
| SHA512 | 8a860dec7e5f6b5e4a64d9715c78f01ee3a9aee1cfaf6864c6d9b3e97869d60a09a770305327846fcd93f6f651f233e141bce08fbc03116884f7b3df96f06506 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cac4faae5300975e7deb4c01796efcf0 |
| SHA1 | fea81c1a672cb7daa1e7a7338651a0036ded6b09 |
| SHA256 | b87d44cbfd8921d841cd94d232ca3d51643e2ad9d9101ae7eaf13d6fc5125831 |
| SHA512 | ca50504f7b83b8ed04f345cfaec55a20667ed1518a189d561b00d5979e2b39f80962029a49ed9e2bcb2b2e8db6fa3b072a4e343fec4c73d60ed376ff02fded72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\196dfe88-0647-40ef-b59d-ad667947eabd.tmp
| MD5 | b640d93b19638cb38974099f5961a9ef |
| SHA1 | 525eb3e0d5cf83ce5744979b25ed1c5998ec5251 |
| SHA256 | de7711bedf59606499c8a91aa995a77ad4f591e51d644d06ef1bc7a116ce7cad |
| SHA512 | 7905134d75d79f426bf1c8295f15650fcd8c303dc1450f96c3cad4f1736b8eb14acc510d8679635019355450ed611b0947694b49bf0ede1e734dcca4e75fbcfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 36d1a3e89a2f632d6f6ce79ee7114632 |
| SHA1 | c07e93522ba7df5463b8ba552e3643862f8a000f |
| SHA256 | 899343b8340d79db01aad37e9b2929213622bfdff097a7b30b553833fcc8c024 |
| SHA512 | 6117ecd3262f6d90867948858fa47a14b812e94178cd1591b81d895cee7a9017e65c4f1658e4e031d9cc3c4329134d3a594c2458bb28417e0186d8a380f6c933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 56b4dad9bd893ff93775ef2c69272ce7 |
| SHA1 | cbebcbd8baef548900cfb645443190cedc86f654 |
| SHA256 | 83a6e5329b01b8646f40c556c1b7416655ef0cb19fe456929f6b05989148d30c |
| SHA512 | 0730eb511e9678cae77d494f246113a1d8cee331f60503a95b29acee6ac83d7ec038b6c9dbef6ece65bc237109cefc3da781f2da16adb719c51acd3461d1d77f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9345cfd4b08ab34f935b8fb44ffa8063 |
| SHA1 | 574d50d973b64a077655b91bbb32888e0f3bc2be |
| SHA256 | 547f6d54e4b1406b67ac86d24b3fddb6576892fa713cc88f5dc52feb2fefe100 |
| SHA512 | ccb40dee1599f09439e335b99e0eb2a828272efa40e826f7b79a683f6a78ec9d55101ac903ad2664ff0ee0667bf3a14804c5fde4e0b1317fe8f4001ab9030116 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24584c2faea4d647e9b927ea4f69bdcd |
| SHA1 | 56a28e5d741b2702bff57d514bab26f648e3d0cb |
| SHA256 | b13bdff867c55bad745712114b731de4de986dc331f2008ea0b392f55398f711 |
| SHA512 | 8c741b1ff16c13a4aa6828256872efe25c1d9cb60258a33bc89cc6860efba5043de7a3dc67804e0746f40a33301cb7761d229b5aceaea19d4cac42b5f59b454f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 22595ae40d11f0dd3e0b5ca58e8f96a0 |
| SHA1 | 545a4d69c7342aeb030a1a47960f26f01c485c9c |
| SHA256 | d4ae98115c0c505e60102742158d628405fe56fc7d0cbb3b2f184a0267fadc80 |
| SHA512 | 8df9e4252195fb4c5c98b7621469854a8a1aabf01b64b7a2fd68bb0acfdabd18e1fe7fb09642d72eb38538bc533887d03451d705dfcd4480757fc085b4487944 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4b030fbf886fe9287fda8a04d124c4a1 |
| SHA1 | cdcb969a1064ba45dccca674fcba8acc51c46798 |
| SHA256 | 57732a508268fe734aafd0a988a58213d1180aadd222fb06d8670eb57756a867 |
| SHA512 | 426f5dc4946459707fc293de3b64ceee865c913a6931a3e8ec2d382de05ad31af4ba17db10f4a2a41c63b74413f648b7681d9badfb62fb48f1ab518b0c950159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7bd03b1cce78439e7c1ac39c5db19f39 |
| SHA1 | dd1e31236ab11e8c6bbe66101668939cdad939e4 |
| SHA256 | c855df9acfead62e451d7b657fd7143e5b78e967d32d8550af6b696a97ff2904 |
| SHA512 | ae34f350ed18b27e6e4128d09c0c362467b5ed03ec9e1ba00e09fdb570ffa57d156f7275d5db6504bf420b705e82203a3912383fed654b33d623ece7afc04d6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5633566214c959bbafcce0f9f5ffc72 |
| SHA1 | b22879bc08a97e7315e7bb16d70c98bd1f82c932 |
| SHA256 | f22623068a7a204224b6cbf100fbb756f04ae4613c9371f7df054620465b7d8a |
| SHA512 | 5244393ecd7e36b38f41b8ef477533ec9b4f872e9a35207cd4a50b80129a2cd39400f3ff74f220d3559c0215e3b4a1588bf9b1f64f75126034c6af568af71729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4779989eff505c06646663d759f6159 |
| SHA1 | a036c4e6d27247072fe6b8edcc401223a8926b42 |
| SHA256 | 6975d0626bae1a4f957f14222243caf590559d8ca9ad93d8ed63d35798a5e241 |
| SHA512 | c12e92a932b1a50d0ff9941632342d74076eb9f20ac233d219e0dcd3b70e4a692c9b5c85b93809a01d010d2a7f8c2337f2e62c27920a0d43af9a421f6f002551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ae29e492a135e638cf9504872aafd4cb |
| SHA1 | 787c16141e4eb62f683a03c04cd60f71c7e3dcec |
| SHA256 | 161ff2ef39555775433941c9e3fa874d059d4d4d6d411b0c8768a04e9af1e0db |
| SHA512 | 2c9bf8f3fa02ab4849a356a2657228e777c51e0f5d6c5357465492d0a90938f079b3a9d42091b183776a14be2fce236fdbf8c17122ae1fc976deb83ddaf941ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3f73e3a5-1201-4a3b-a099-6db0b05f0ac6.tmp
| MD5 | cfcb52b6396af87cdf89601e5d725c48 |
| SHA1 | fc0c51990dd60e6c16a5450ee30219d5b3b6163f |
| SHA256 | 39bf482c1db37e58e71a16ab91f4e02d2e5d24bbbf7f789c042ed4cb1abad40c |
| SHA512 | 0400f319c70e1ea7cd61b989bdeed364267e2482defbe7acbb10bb5c1858b5b333dc2569cb7631a3d0ac93f03dc7df6bb400bbd7b5b05b8b190b84493bf813eb |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | 8f063fa6b2593ab05c321820033aea48 |
| SHA1 | 64282a0cb725128d174b868d6aef936be31784eb |
| SHA256 | efce35bac1f42e05c2d10b2da7ac2e85d2b3944e9c40e1a082b4dcf79455d58d |
| SHA512 | 8a49c6c8c2c0efc3ec77f9d8a1621773360680f9f27649b4d55e9607fb4d1f6f5860ab9094cd0e9af6b8866afa3aabb8116506b6a4b9ab8911249cc76e2988a8 |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | 0f72f50ef6b95791a7feda6d932de7ed |
| SHA1 | 2fb9a146d0c05898115bd499dd2f1c99d54d783e |
| SHA256 | e5991f167f38891596eff8cd16b8f662f9dc58ff30da08713510c194fd575820 |
| SHA512 | 7d2bcf443cc1ae19ab6ecc8c90b7f9840c28877e120365c41dedee4c56abb5c5e3943877cce30c9a498eee359baf44443673b46ace9df7a85cfa74dd7a2f4140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 03b00d285d1970ee5bdb852b12bf7722 |
| SHA1 | 1d164ece2b5fb988b8b5d30b5fe6e2a345db6ecd |
| SHA256 | a327851c5a1fe14a1166fda5f4dcf680288ce03f60661c3f44aab84d516ce575 |
| SHA512 | 6766461a286e3a4e5601598d38bc288f9228a504be46ac49ace20f35e464d09a8f2106ee7c711dba6727e087f820b8a64d09b713fae53037cfb502788aca8b3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21dc8ece349410a0a91616554453ce6c |
| SHA1 | 5b40863622cf5ef510a7123f54786ecf1abb5d4c |
| SHA256 | a08baef38e187152617203b0a6a5f03d53642addd97b8dc73cb53d7c3a3fadbc |
| SHA512 | bb5d934547ea6da6c202140028e0cf68ec8549a11326ef291c9080174f58d91ec4729d06e3dcd9a8659a5573b8683a644d059192d00691452b46ed31cd2e1078 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f6848c025250812414e4cf75147f394c |
| SHA1 | 3095ba965269014db68947e13d8b9620c209f7d2 |
| SHA256 | dededb2a1d9ca6215e28c1da7ef449a446384328e4bdb9a1cda47ee0c12e9395 |
| SHA512 | d647eccac64ff41d192a089836f7fdc910f97361d6a75deb093fb4a4b23be69521c585898442e2ed833a4e2659f6f62bd797cb43c53d4e1f331861f935cf57a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b2c01fbca63496e4106cd746e9e98a7 |
| SHA1 | 8f04e6a60128ecc68cd1889d348306030e0d07d6 |
| SHA256 | 0b9ef581bbd614a3c61ec9cff17059da588874a3e7f4e432a0bf0f9293522ede |
| SHA512 | 2c43dd1b35e41387eccb05bc1b880c2c2e42c2d2bd1d26c0e5e676a31739bbff32ecc7662a4eafded557efa8c0836b5a9d1eb7c8f08662b116218a697b4b366c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7db7fc51fa53bfee58b50e6b5a002733 |
| SHA1 | acdfbc8ea9c92e582e6ce915efcaaf24d13088b3 |
| SHA256 | 0f5bb09c14d5750f14bdd738681a98abe28ebd089b4ed37cc83fdb8b1d266668 |
| SHA512 | 92a4d06a5bb4eefacdde4e331c4b39e1035416562da93b0668d848cbd978f861ebd09a31c9ab67785320c49c161e58c1701e4ad70ad545bda395cd0794a01359 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4644_185181373\CRX_INSTALL\manifest.json
| MD5 | 44a740f58ebb5a3e6e28eb562ebce7ca |
| SHA1 | 19deb4b10080e5b288f1c637ceb8b01ad89a76b2 |
| SHA256 | 3d3891ac4169f7e856873b5c0250796b9ec740185de0c202ef7ff0809c8fefa0 |
| SHA512 | 24de9ad013cb7c98115c0e2c85342b40d594ea1b1824cffdfcc8a204776b959e138af9d6b51717dcdf083449b5e9c7029a4d6dd6bc7c518d3183f71c3bc3fe84 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4644_185181373\CRX_INSTALL\images\icon-get-started.png
| MD5 | 5bf73fc5729ccc1eaa81865cb6f491e0 |
| SHA1 | 877489af9c0ff9bced96733107a2c8ca260bb7a4 |
| SHA256 | 2929cf9a58fe263184f9b60d8a9b27af2a4b85bf978fc3bcce8ae05d9c721f0c |
| SHA512 | c0246398226ac1f75ab3c628c3b426b89c543eda8f833f3fedc8ed8a90714ae759c6a2ed0c7d36d605e554a7f9aac574ea7228e598d5c7acf1d5e4ba455dfaad |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4644_185181373\CRX_INSTALL\images\logo-password-manager.png
| MD5 | 833fd8f51be1c48926c2ec18bb5cdae1 |
| SHA1 | 7b07c0ee94fc37be4681e10b5f218d7ce059eda9 |
| SHA256 | e023fdf40b211c886d5e3c3488523baf0a2c6451e5c7871951799ca764f2164a |
| SHA512 | 3c45cac2f4e860d1fde138207049d0ad732fae9f7678036883151748f0ced6bb96e96170cee31ad349db2a6c30f40317a3b29c944b56e8e6c2aed7f7f67ba8d7 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4644_185181373\CRX_INSTALL\js\content\app\dashboard\index.js
| MD5 | 0f7682d9a4e52491b222f5dbdf2fdbc2 |
| SHA1 | b505eff478dfc104489df558f9d9d1495c0d8e17 |
| SHA256 | 1f6b1147342e33afb3f8c8ac3958ca88787c295a5973726b1ee96edadd6c8946 |
| SHA512 | 89873ae0e6fd34285b2135c3e83d1327baea0355a961e79875495ccd5163b3765c66132f87241e449573fd5851a776d24bc34f828d65c503035ab04bd2d0fe34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2451628389bad914a17b37f21da78083 |
| SHA1 | 01628f8f100e41e0005508232ed8167b54ef0053 |
| SHA256 | 0d955e2e15384a01fd51652b9e5c8ef0e1464c21f004a2d7c2f508fbfd510cc4 |
| SHA512 | f0b5f879a84c24ef2d04537b6dd94842e0163caa496eb9c5cad05cfc142933b0d13da32387ba67429f3417d776bee64633173a1050004606b1050491eacd2110 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 92f062b822996b5cac5a9bf4e16942c6 |
| SHA1 | e13e8ef969075472aad5f1b3bdcf30adb22715f2 |
| SHA256 | 2efaee11a8da25fca013d29b4b15167caf00088fb5a7496a1df451828f81a8ac |
| SHA512 | 803077238139390373a8d639e854dcc8342a23e3faea1c9ea7b23eaacc59c70e8eecfd846acc0b5a7dee184510425431286bd2eaf1651a5b0f85d97413cb70dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0081802050762447b3a65d4220ae41e3 |
| SHA1 | 16dad320cdb865a06b6ef556dba949527bb128e8 |
| SHA256 | a9fa6832763b5e495ef33975f67e7f295bc777886e70b5108b83d051184c2d8d |
| SHA512 | 2c571e4d5cd2b2bf0593897d68ad9ab977e201e825c1586eb341381cc748e31905b7d8b71b0a186cf7a9e8c336b89dedb349f9db5de7934c528c3a288fcf5564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09a0cfe830b2fddc68a23b8d55b848c8 |
| SHA1 | 676fb1e794ec77257d73d01c6bd21a6d1d4dca05 |
| SHA256 | 0241b79c5debd14782d9a7397ce9cd8cc68203cd1ae03fae839d75f4538594ac |
| SHA512 | 9ba0f802526fe92f414ebe2e46836b603f965e1dc46a887724017446260f2649ff20ec961836dd0d9c079db35d64ee7806b461b95e31459f911185a883928719 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 621ea01ef54bb8f277cd8023c1738897 |
| SHA1 | 32eb188e813f387e1d25afb495030db81e874f0c |
| SHA256 | b92d4d16356c2420f681edab7c1e1758b61318727d8ff8582b0b30de93ff331a |
| SHA512 | dd760cc2d91ca82bbc5343ec6a43f2052bd56f2baa0705e1917690d6f10a37f7fb710b6e333aec6553d5297d51604bb0807e9d3a0a60c3e9f24409dec0b969f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 879906ecac97f83dcc4be19e6169e210 |
| SHA1 | c106eb44004c71a5cd70ab50073feee5a0a68f60 |
| SHA256 | f84528030e0b2ab51120026112b4156c742a6094c759b80e9ba43efff19f4ae2 |
| SHA512 | 02ff37f7e2a778ea96c32c78f073e628c5fb17beaa63cea941c10a8a5fe719b36738b43353b5035c315ece0293d3e11cb798035d4af8f90c18cd8c8e13cc1845 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1a2ed17318388575d5c4b55fcc04d1de |
| SHA1 | 109ed7aadcf7f04fea420d4b1804936b69809692 |
| SHA256 | 39a58f7898c4ce3d73369cfb66e1b528d7d504bece6129df1f77ec045c6213e0 |
| SHA512 | 67a1dc885ebc4b64fd448256b65790ffd9bd7be6030de3015992ebb07609882c554b56b59ac647a6cab8c9a870e1c1811526ae459b25a4441badb0a2ee01aaeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cdfb9183c224bf1d0d65f8306a0cf394 |
| SHA1 | e7beac74c17ee57dd4caef747d0c07a8c7e5d0f2 |
| SHA256 | a4fee7bd46248f9680a3fa209de2682b35c4522266a7fcfe4b20d2cc6aa8f337 |
| SHA512 | 49543d167a721afbd59c37c5ed1beb418d14e800c22e4658595240993a92e0e38b286e380dde02df429fd513f5b6691a086f3218a14eac23c809813ba1f785ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 668cd3d58d9929c2cc741b1108a8d82a |
| SHA1 | 4d95121ea3e4001b0492e20776523f1a042a8fca |
| SHA256 | 8fcfece89709d6d5fc087ed03762ce58dbd35a9d71d176c9e5b895cf5b78e24e |
| SHA512 | 3216d5f99f4d38fd812cdfd5d211bc2e13fae1a4daa99bfa9c3ca2c6a572f500eea7df292a42141c2e59045d309a0619c762002002a8cc760bd683d947efa52d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4265f3248b96316233c8604b66a81064 |
| SHA1 | 0092fbc53e5c497a5e6d2fe0d8d63bbffa4a3c06 |
| SHA256 | 1405d03f86986b92cf6221768399e7031baec9e9e6efbf0426dcdd4258fbd262 |
| SHA512 | 36035f510a718b902f544158397ccf0daf584ccf519774a6967a00a047feceb33ada1bb9c7a2e829951819b700e8bce60f435e519b93c4f27138d9a04dabf034 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3cef062495326361cd3cc3b159169467 |
| SHA1 | b9d4f1c3f6af010290e4132b0022a1f06e653280 |
| SHA256 | be497ad110830fa7f5fb179bf7a055520a6b6775f946c5acb09beb77c978f138 |
| SHA512 | 76e648f2b8304298e0532b572f77a1f9e81a411e17e84b05adc5b2755d3a1e92f5d421e05b2300d7ff72b64189b512d26edbc222c3e4358a6ec6b4b7efd6a36f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3946400b-ed42-4a08-aa70-7976eb5a54b1.tmp
| MD5 | 9b99dbbf8cda21710aa294b37e756098 |
| SHA1 | 782b6d68486b71b7f393359c8ce3c7217c436b2f |
| SHA256 | 21d21090f84ec0506fd2eaeb9d40fddb7b1b1ff4ee88e6f2dec2daf48fc52721 |
| SHA512 | 1270854836011144bc4ff62cb530db2f48a47de064293bfe52e3b9a52b8726919f1982c84dbc08e3607dd6d6ca2572d071e7dcda12db2af8dd06005f5051bafe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ce2f0c0d0824de99019f00fca50acd7 |
| SHA1 | b46973a39b884f9dcf6b58507c92b937153e7f72 |
| SHA256 | 0a133bff318e20bdabf67c5df442fa26b83d4cde709dbd33dc3e06bc7e85af06 |
| SHA512 | bc0a25adaa9de96fa40d82b7756422922529ae3ea4cbb6030459848453c0f21939ca810f3005b3c600f2d675a96bf509ebcc721533fef82813ec6206ba8a49ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | a10d256275501279556a6dfb7452389e |
| SHA1 | 3f62ef875bb077ebbfea1eb7087548a352f2f6f3 |
| SHA256 | fe3c7e6e8b7431c153bdeeb5b58d0765de7d95ded799f2d27e67fcbe0c28b8e2 |
| SHA512 | 0431f7e6af736dbd40acb5aefd9bc7117ffc9cfa478364e9b218d80e1ed3ed157b078cf3e2728f259de98d5b0c1b5394450fa4398721348be180baac777b735f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt~RFe67edfc.TMP
| MD5 | 4cab9f4f1e7f602417652c0b564bbbd2 |
| SHA1 | 0c743e914f43d5d17c28488f5c7529388f7b89a3 |
| SHA256 | 221687a42571caaf09bfd65e1fe40d1eb1933b64ac26e6f4ae7ca8617f5721c0 |
| SHA512 | 6b33dc6cdfabb376016a667c0513c6b14d6931f1dc3342379d4961457e2fa394cc287c34173ad91891896f3225f9f7e3415356ed1fd29ca40d3a2d7a0590dddb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 871fb703c8ad2efcb297e871cecfb191 |
| SHA1 | 47597811dbe35561c3d53c362fa14d3798c2de22 |
| SHA256 | 11239b3f95d2c020e097a2ec98418fa358cf7c62dc6c933cd0ba8f588a6ee98e |
| SHA512 | c50b80b9a37ddaab89476036efd9b4e98bebd0b1a92e908747cd498dadb45522fc8c8ac246979069c8537baec50e4f92e7d7ff8be3fdb9872fd29f6a77425293 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7ab71be163841901c56079832f021001 |
| SHA1 | 356f7f939f219fa9c492a78534f8e92976f30dbb |
| SHA256 | d429c6ca81ae4d2ba1e27af585f42be0cd3567335eebca3ca75206587d1469bc |
| SHA512 | 0d6acce1268c4a225b7aa5f18fd909984a58b26408abd761782113bc244a69819881edcb132a28a1b68985ff7cc790d2e86ed95f390b197a7587fcada1d86f40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0bbd84c6d33fa4ea3f690ec819015ae6 |
| SHA1 | 02e459ec430de966223295e35ffe04c6733c3de1 |
| SHA256 | c285ad964f75893faf019e788ff7cf04fb12e2f541cdfccedd7f4737fc6fe426 |
| SHA512 | 275720a922a8ef8eb7a0ccd48a0fc118bfb0256229cadecb81eee18ab2ca762d87462984b45e20d4c2443a7345736631225db25a970394b48885ab5f0707a566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69afb2fe0f2d79fa9052ebbe4cd75c20 |
| SHA1 | 0aa7c58e653a2c127c3c6eb02aa64ed2c377005f |
| SHA256 | d745049799910af6541fef8acc29ff40628819c1d56f37fb646f19967966dc41 |
| SHA512 | be98d112596f41fb45355202f162427c6062d623120cbe313751f74fad578128b02ca4fa59c4589a9990469d283f1579c7b35b748172afe2efea126bb8aeb7cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\6dea425e-aaf2-4b3e-b6bd-0012d4c9cc84.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\_metadata\verified_contents.json
| MD5 | e79b98d0a64701929c16b02ef0d8ade7 |
| SHA1 | 6ba56251c55baeee5834f3781ed60ae37e641dcb |
| SHA256 | c975383224e5a340ce0d4bb5d21092fdfbaab48beb4e64461f7ac5bdd967ee3c |
| SHA512 | 00185620f631f6224f63c1d050f15e92fb6d2d6e744dbeaa91760add810168d1368ed99faae19b2440301f52a1b20aadcae0e35797358fb44e66c5a2e1ccbfa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 7c5bd65bf1face43ffd5c0da89a70a27 |
| SHA1 | 25cb7f2cbbd01372fe68dfb9cb0544f59f041b92 |
| SHA256 | b767b5120819f6915a27bdd47cc24d117fbb8e9581be4c7e745970a21b8a1ef5 |
| SHA512 | f48016e1673f71c4a29a6afcb48d1e45f0d0f483a7219476aa1c8d15c39bf0f79367e8027a210bfd87115a1cd566c113be9bf4f03154b3708cdba47cb043488c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\info-badge.png
| MD5 | 3895bb0b2b33935ae386bdd0c8a6dd5d |
| SHA1 | 168aefa8fb3a8d4afb6c302127418ec48c388b46 |
| SHA256 | 401647f062e788d7569ea2e55836cffbec3bcb71d05b05ecd922e4d8ab8c06db |
| SHA512 | 81d9af6db2810dd82be3f104eea92b4392a74c27a996f3479ccbcb599285558c9b13d8ee28baf7381e62fcc142ffda6d82cc47448a159a65ce7b4b81f66dc326 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 37915d8dbe3be6d830084796ad97ecc5 |
| SHA1 | 8919349ce9f21746817c0a0c348d496c5f57ce35 |
| SHA256 | de7ca9705662bc55deb740083b80b663172bc602c58568190186c07142c56410 |
| SHA512 | d6c1fcd77c5a345f7a726dc64c2f967f44fd54d34a078a86060b67d513ce36a830db8c8aa53e8dd027944d190a41bb64ee7fcb672e84803f232dac08a8b5e54f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | c72ec46565055c64f2f7b879d980fa38 |
| SHA1 | 5a99c4f51e765327792194201f44b2818a031ee3 |
| SHA256 | d4f9bb4e0b9474b48b2f981cdb0190d8c2c1a8d99e1626094575e955e5f37bbe |
| SHA512 | 8dc7e988455b66e5cfd70e8f507a84f17775945f96203e03d98af267036a5375e6e18a40ef55d2104cc499c125e227dc2a89b061a1877342a5a8209d5a0e6505 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 831749581de068486bfa011c9cf7ddc7 |
| SHA1 | 1e16e02303fb85cb4a1dfb64f3bf3c46eea3baaf |
| SHA256 | 93beb0791d3e6fdde0be76fbc56277b43e93b9db09091f24e3ea0c7c557f2e87 |
| SHA512 | 846d783b25b5d30b1913ed249b00ed12671121aae4a3f8e68b1c98def6f27334c8d1fdd5058abe10e95d4019f588d07ba97227d8b940100526373fcecc1c1171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 1086a4411ced78b186dbc29dc33af96c |
| SHA1 | 7ff3665f9b663f7ebec0827ea27eb24d5c30e0f6 |
| SHA256 | f726a498648ca6712624456fb3aa6763bcd71f8dc2cd044c664937f67ffe074f |
| SHA512 | 4d30e09d4b9e586294c2bc53958b49b9d574053a80deef54b82ccfec9ee4221df28c2b3f5c3ba245e37d807d728f33473aa7ebcd18456691491bf534f9166bf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 5c03928b22388e66bf086cc0642c6772 |
| SHA1 | 0ce92d2ce1e5be933845d0c047b6e531131f5029 |
| SHA256 | 35fbf6f9dfebc99c1f3229074ef1f8ded77523ffeb5d1ad600e7b9384b0dbdc7 |
| SHA512 | 48a1affa729e369c7f68ffb72e5d1f950b436c895626afff2948cf6d0a6fc8b0340c41ccd60e86b46d16f9bdd0f9fd4b9713b2e3f5f49de5be68ea84e9a0ab9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\de\messages.json
| MD5 | 596067c38b6295f883e5511a2ac9a76d |
| SHA1 | 2ffde0050aef0733e11f8386dbbc06bc636a8717 |
| SHA256 | 7477395930e5b9c9ce5c8c8fc0b71ce8e2113aaded95368466a34fd1eb81499e |
| SHA512 | 3342f938c2462fe9e8e0b7b6bce46ecf97788b24d74c64dacf1adb75a6992f040946bc4b9eeba658ec3d2414d044b3865c24bb2e153cde604ee5a06069a3daf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\en\messages.json
| MD5 | df3f22c1eaa295e15d92284fa3d018f6 |
| SHA1 | ad602e6540d59c8e817196c2f70074863ed44a35 |
| SHA256 | a82bb22aa3fdf01214124cdd56d1d47a9508e57ef05cf64379bb41615a4104e6 |
| SHA512 | 6068ee6f412b08cf81428dee3659cba33d1b5ecddcf1acc25ce2a158c607452dc6961d925df3af83b8766fd817906175594b39b1a396e993589b916abb6aa162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\es\messages.json
| MD5 | 961530b8414aa43d3b3aff88bc5f4dbf |
| SHA1 | 6094dd23509e92e88caf739b9efbb25b3a0c5903 |
| SHA256 | 847b06b5ce12a053e67c37e532f961f2853c41cfae22bd5bee24fde3f27befeb |
| SHA512 | b343babaa53e17f372280b4ec25ef50e4bc64be20fb1bf081446a5d7a2bd7a87364a80f2c32a4ffe60a80e472c61459d646a17d2d2a8608b0ebcf4cab9e331f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\fr\messages.json
| MD5 | 28d662b19e3d1f962ee9fbd0bd57f052 |
| SHA1 | 742aec8e47a007aa487ea02a48f4ac4fa5aebc06 |
| SHA256 | 443aad335809951baf50dde8704a4e11756e02b3a3c927bd9acc7b577d526ad8 |
| SHA512 | bf21e194d9eb7c5c1b4666d4a1c50864ad50a6a9d01204eca0c5461ce5e032956d04dc028ceb92becd3110eca2b2da184c02ee53a8958d88810112762d3c87fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\it\messages.json
| MD5 | 8244e1bd235dcc03fb5d56aef0789a81 |
| SHA1 | c2f356faf82415cd7a5d639617a789c98e9234b9 |
| SHA256 | 98677ded48ab15afe70ee68d220ff86fd5c535e4307effc90b002afc8cb28078 |
| SHA512 | 213cfa5a6d331e8c997e76b3b61b59563d5173e0cc52659e02898e25be1ad14e3a276ca17892488fbcd1750cca1d559c2dad43d6897b2369abe3eeab02cfc5ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\ja\messages.json
| MD5 | 9fa9039de2ff41373de477221f7ecef9 |
| SHA1 | badeaf9e39922a931b69f79fd511f24078bd5ec5 |
| SHA256 | 162c9b2e46c4c24de5d1a0845ea67b245c5cf9b0fd75b71edf07a3bb676ae197 |
| SHA512 | 6ae0074d69d01e7ac4c6a9dfb91869cdc76ae39449a32110d59389aafaa1fec65a36af788e02b6c09e7eda702b50f6e9e3be6153c0a996a06539874e92c855ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\nl\messages.json
| MD5 | 452d8f051694d8ab743e5fa7adc71bbe |
| SHA1 | 39af4b3c56f4e451982ef6cb7ac5516cc67146a4 |
| SHA256 | 674e2b72c7c80f5ee1786287d7cbc431065ed6f5c964eb3a2d3d2da5d52d8afb |
| SHA512 | ae1741f93b885ef246de7c96630cccee487fd49cdea77c417bd92ce7ff6763303a17d6087aabb635937d3eaa3f2566193fabcaae6f30c585315a18d0c1ee08e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\pt_BR\messages.json
| MD5 | f6a2670805eb0606d9e045081907ed35 |
| SHA1 | 98b4e75cc17650d89609e24ff1a0cc48aa894f07 |
| SHA256 | a9c1f98d527d0ee70b5abd66ec8a90ecb94275411ded92cd788d7d30dba90804 |
| SHA512 | c9fb76f45ede562ab84fd51de20173d77082d216309acb66400ae46296ea1dbe2fb7e704bd9e7ad85a0fc8990ac1de5ec59f8a25c540d18f0422ba3376ca8eb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\ru\messages.json
| MD5 | 8db66377405161cb10f3f408c9b25e42 |
| SHA1 | 376b7aeb73da5340ca6dc3024f16187ddaa76903 |
| SHA256 | 99f59537a0214691530bac18484ddc9442a6536d80ac451a4c3d38a541c83bd1 |
| SHA512 | 069002552c65620d2f8d4aafbe7c170f3110d02b90d8add72cd425d4d03e719981022075755f6ca58ec68c3ca6b1711902f8c549cac3b4bb69714d8077be27d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\tr\messages.json
| MD5 | 1305f7dbb16342d090a5628b0ec1110a |
| SHA1 | c498664ab98067adb906ee45e5ffa5aa945d8c7f |
| SHA256 | a41c979148f8189112edf4dcdef4d510a31c7bc6191292b38728767d1c0ac573 |
| SHA512 | 81fce451df7834849cb7a03fe2fa8b9b627f0118a87621f862ecdce2c972c41afc28edece3f6b1843a569731dffc5c9386a8d395df71ac4449f7aed87586f21b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\zh_CN\messages.json
| MD5 | 1052f52e8c607d6077ccadb3aec9e511 |
| SHA1 | fb2b79318c937443dad834bf590dede48431a6c0 |
| SHA256 | a3af868cd705f13792e8d1f7bfe75c1a42cc6a0fb9ff5c4f76586bf295ce16ef |
| SHA512 | 656c14aa711e00e5c8a4c97f3bf037b9e7b650ddf98e50ff647d8b3e3f2f6967aeb631bd26d9dd03c7d1a3d0d3f9d5d97d5b2e3c3203bd37535039399caedf79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\_locales\zh_TW\messages.json
| MD5 | 1413179df68ad369e26acf16bd7e0bef |
| SHA1 | d04da2e6492c63d5539f61177aec2a1666ecc7bb |
| SHA256 | fa44cdd6db50feeb3b5bd2af202c86082f407b70c3dd7fe7dba22050252e768b |
| SHA512 | 2965e4a27fea36bd1f825946010d119a338a7b807bf7feecfe2b89a30d0fa07c3b23caae205bddc66d449958cf0e02890378d48c3c7ddb18ac4a52838d0f2d30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle\2.21.0.4923_0\manifest.json
| MD5 | 7fda2fc5ca32856d370e9a3ddaa143e5 |
| SHA1 | f390b7d563b86045b30e33d1fed222bff8a41055 |
| SHA256 | 1335229c3f3e66211130bba04abe9bc8d82da1798bf31fcbaeacda7935dcd8c1 |
| SHA512 | f37af8d9edabf162d10935f506833983d2df26ac534799a7da348b41b07b1332e3ec9f9ce28435a4cedbf3d18d601894b1468cd35ce8daae279ac924c9a5f0cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\fonts\KievitCompPro.woff2
| MD5 | 4cdbaf9a71aa7b69c4cbe22595e842f5 |
| SHA1 | 59806d172c95a5515ace130d66fd8f87cf4f9fcf |
| SHA256 | 6d46097697edc09f49b3b3de3841afdb8f6af7b8a8a10a58e9f805bd2370cb9f |
| SHA512 | b546f57f9bb27c66a6c2da3ca885f8fa4900417efd03fb5b7f6ff647885945d9b27e82f9d132503f1e5497d6f47ab4481b4bd1576da928612d36852e04ec60df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\fonts\KievitCompPro.woff
| MD5 | 1f390cc4dc99f9b621d4047083741a6b |
| SHA1 | 56b828dd11fa075a136a9726e210f0208ea11b6e |
| SHA256 | 1a670dd6194158fb7e45ab281c5a4d5ca35ee0f44df5aeea337c9226df6169a4 |
| SHA512 | 11781d41402b3e7e0c211353ae296d69366fc614efaba56f8a69ce0c74d7515fed8fb7bf1c11143f4cb75b333b6480445e8d76e990c2cfdbdd6fa2fc50afbb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\fonts\KievitCompPro-Light.woff2
| MD5 | 9c8f40b6938ac2a40f111df86af2f5c4 |
| SHA1 | b90ad006a6c683a15eceab85dfc75e4650bc2db1 |
| SHA256 | 8815a2acbc58713dfafcba861fa0177390d6046bdc8345ef55fa9c1d21c55a87 |
| SHA512 | b5cf3dea7b749352ca6b52205c10a5937ef955fad782a982ce553f79f7fef5051d40caad301141162cdcedcb2e8473563b9d6aff74d18de903baf3b3e6b1be51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\fonts\KievitCompPro-Light.woff
| MD5 | de8d96c3eee8da2e1c675a421054ac55 |
| SHA1 | 2b7e51be3c770624e7716706aedf234e588fa069 |
| SHA256 | e02e879080b419eb294eeef69d83c696ccbe98e47a39c7bfed11721eb95a4bb0 |
| SHA512 | 7406617240132648d197c1772c2f210d34192a4554858251dd61f999d7df3b8a24d283bedb67be20943c37673437d1658a4af72b5124e665cd6342a0a9ee186b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\fonts\KievitCompPro-Bold.woff2
| MD5 | 164abe057fc3eb335d3b9c8c85be08c2 |
| SHA1 | 51ad4dd65145d426b0303f1fae4220c947ce0d6b |
| SHA256 | 9f27cca321616c49f43649a9cdf2d37e3087a542227639875361ac516eed9926 |
| SHA512 | 0f8be152d334368dbae80d60c132c4d7fcc76eb7af65911dddc02dbf0875fcbb92c7e043fb76d2f8c428ecc5955a874b64ea041fde953649a04c558faf284410 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\fonts\KievitCompPro-Bold.woff
| MD5 | 027ae223979e9aa03a719f287c068e0b |
| SHA1 | c8111c572362d877c0f4e32b65e622af44db8cc4 |
| SHA256 | a233c73dd1225e3275e695ac72de5acd7c9cdf4124c2c1ee56c988068e5476df |
| SHA512 | c0a91a42f1b8b4e281d3666dbcab3db1c2c2b6fe46ccd425bebf976774e6f541afa59121c072587e4b8713e2903f918bf1d90fb7902390f3062ea999e2618c16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\notifications.css
| MD5 | d9cc15c1a22b67b421893d15354a061a |
| SHA1 | 3963215ea03278519013d2070b0d49f5b8bfc006 |
| SHA256 | af63a31cdbed189f1e77ba74fc3885c9b9db770add6d18771dbfe4cb6b720fcc |
| SHA512 | 00eb6cea2b78d8cca33b8f31c0115ae11f0659635eba6bd48af49b7c6579b06ab514c57c827a10e8aaff6c4cbd922d708a437c693cc394faf571e729cdab055c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\css\main.css
| MD5 | 2d10c260204ab0b8bbe5377ad3b9c4e0 |
| SHA1 | 4128342038eb43ec8d5be5abb603ffe35916eb26 |
| SHA256 | 6e417719735a1c74e2c7140284dc27dd8080c8c75ca89bde1d8808357445364e |
| SHA512 | 4e37311477f3f150ca8719aa501f47806304651b96591c3bb45c397569bcf4b1d3ae06a4b7db2c3cebfe16989887489be087eb5e4475cb708a2d4867a94efc3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\html\notifications.html
| MD5 | d218540ce34212d2aa09f69a74fe9168 |
| SHA1 | 2431e40c9d3c06a581d8ae05a045529d4c67d209 |
| SHA256 | 58e62e764e91cdb5d12e0f3da16395ab9e97a858512395362ebe518c63e280d5 |
| SHA512 | c3890ddf872e588d501a1f5f268e51357d28d512777c945abe3c85776e32446e28b7f68078a4c7354b5e4ed034abdc2135340b38b1b60ef578068e0d15e254d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\html\inlineTooltip.html
| MD5 | cdee109268f6239f9fa4fb3cea2c7ee2 |
| SHA1 | a7e80f4c1ae4fab0db6b54958e1e66bd32755122 |
| SHA256 | 727c86a4bdd1a3817f0a43495e42c22fda591213fe167980862cb27e2fe6894e |
| SHA512 | 76dee3ceed57d4dd8a2b13807c7b3955e9c37f64b9dea264876eaa22946430c168a424cf833e523fda5c4a3b49e536537cf2df5ed07f8f13d4a3a14a00ecd0bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\html\inlineForm.html
| MD5 | 8b464e714c1c429156e70120642ab5cb |
| SHA1 | 89f58008fc785be7e0475be7b24e433004d1a218 |
| SHA256 | 618398a0bb7b64a8a40867cc142ee884a6c8862f5c13306fc5f731cc95d4af38 |
| SHA512 | 475185c0d17ab4092da932d64d6c77204dede75ba3390d637623d196f0b0a90d89f25d43c7ea78caf82cf9db222261388b589f80d7e441e695dfcc5d84ea2ad8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\html\dashboard.html
| MD5 | ec19b50e559a9b27f197c9a451e1b1e0 |
| SHA1 | dc7ddb18cb9430290ae92d8a2aef35b9ae23e81d |
| SHA256 | b1f0bc8de563c329fff4c162c612fb248ca331fc844450839751ee29bfa3d293 |
| SHA512 | c9456238f3c1453a076e930f9980879ea8f624c1544caaabef0b062f867f3cb0be09bfa18cb9e132fa5a04f418755a37f674bd2d3192d87fb40f6afac311c3bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\assets\[email protected]
| MD5 | 911ef3c054d03cf5328c24f4c6fb7c76 |
| SHA1 | f258dfffa5d2d0644c2d3bab41ef4fd7c1f8be3c |
| SHA256 | eedf80272af3b31075f26bdd310ddb902da84c5e55696e83891e82ac76cf9085 |
| SHA512 | ae5cf07abe1f7b8dced32e5752cdf06f5daa0bd3bab41447274f1c62b7db7de2010f958d3dab2fa366394dbffea2d0df567c05108b3f994f022e9681c9be2642 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\assets\icon.png
| MD5 | bb32c87f325b5ddbfc97b1e58770590a |
| SHA1 | f11f0ce4199a8642ea7dfa5a2136f945fc056d06 |
| SHA256 | c87beabefde7fffd858049d00d4798941e3921ae6b9b9a658255ab15dd76cc26 |
| SHA512 | 2b29f515bb48738213914dddebf9ebe0afc70fbf71b0f72c129ab7c1ed82170b18fb1e91bd568fbe2b44855b9db9caa5201f827e6c84604162fee9ff8fc7e056 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\assets\[email protected]
| MD5 | 3ee6c46bf174b899af5ee40231c7b30e |
| SHA1 | 033384be6267fa40b9ca3e70bcdc936c18b4f734 |
| SHA256 | ff72bd2553d1dea19ecf3d3e24ddf40c300f15b6d54764c7557d96d754766020 |
| SHA512 | 4d69a50c1e91621bdb0e7e7ee23c50fad0908d84400938b1c3e06514d27fcea7b8f3b5c52fa590abc7ef79f991f2f3a52572363ebe91d5616476e02a796cb8ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\assets\icon-survey.png
| MD5 | 03c9972540a5a494890caabbdcf011f4 |
| SHA1 | 1daba0ba1f4decd1ee4a5dbb1b013a1f689d8cb8 |
| SHA256 | b1472f7e76f85f2bdf96783a7bca6e0c7de3476974523cafe5855e87d5aa6eb6 |
| SHA512 | 079a2950fdd78873cdf915ca51f31226599a02a0fef973e12a019d68be489a65c5b28366ceee1f37bf077d1c699af545838581b53d83e0f2364f7f1bb6b40bc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 9ca721401370229bbe93fbbd7db54282 |
| SHA1 | 6b1b46ec7fbb5902b63692676529c6a4edcafeaf |
| SHA256 | 08474d27d02b202739eb0620aa36f7b4cddd5357fecd7624d6c6f1d55a18d659 |
| SHA512 | cde3c29b462f6a6514dc713cfa33cafa91d20873d7efa78f7496dcedd5f4751e55ce8d0274034d430c2c6e9fef570f928c3ddbaa94f3091955a682b8367c99c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | ad9b6c3ec6fc679b82633bd5bf23675d |
| SHA1 | be96308abbca0005dd9e21f671a33807437dd12a |
| SHA256 | 6a75b4220861599b356288cca83fe346fac5f63faac49535e09c12d4dcbeefd3 |
| SHA512 | f5444038c2eddab8ed48e821214d58dbdb91bd4a7c6fecf35ba1ea6480725ba328d2cc13ed1fbcc50d5eb6d3e2b8b77cd709d48ea13a6e2010ba18f181afbee6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | ac6e811a85c64b90bb3a12226a26cdbb |
| SHA1 | f36fe2a40c19f6be7fad84d0dd925b79a43a9996 |
| SHA256 | 22c73e8a87c2b462f13ef7ba4d8f0fbf712f947adc0eee9adbf452d971e967dc |
| SHA512 | 7c2d8666374ac06a74314681986a59eb6aa32543e909c42c9ea20ab31cc63ba1496f7cefd9c04d79c4069caf793294f44d6a29119035813c1e8e02d1f9e8bf6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | bd79bbcf0e79436dd2dc8d78fa00c209 |
| SHA1 | 34b3087cbef903f54301a117fbc383125b05881b |
| SHA256 | 86ad41ae9f00e0636192d84da1f8faa3a12ff6157d601f000ae4b4d9c1d42663 |
| SHA512 | 745e6e06de157ea4a5db2591440014b1616c2b9d7b61e9f6c15a75a2bb16de4334beec1bf5570b80f6f55275fb6ef5d73075e5b57bad8f88e7e4eaed4bfb2b38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | b99dc482197e200e6c41d63f38719795 |
| SHA1 | cc2ce172072b27afea290ae997a8660da978319e |
| SHA256 | 2269010280b9738368bc553f248c9a2c809d2a9b8b861d5ce6d402857f2dde2e |
| SHA512 | aa7c493b2676bce605053c87071955bbbd04f2c58a6d693c9a86aad74a5c588c830111c8cb863a0ced44537f6daf949152b302475a8b2bc66c646cec0ddfb8c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | bc2d9b45da4f80700a00ca61981b1866 |
| SHA1 | d0032e0d26b8cb2b3fe7d2ab6c1da25141d93048 |
| SHA256 | 40aabde8ccaf596e4c41d19e97d087330d60abd7b922f6350784467cc3696923 |
| SHA512 | 7bf7de24ed13bc1ca352cbb1fd6e3c6a0f388d8640412c48af69437c07ce1ad067ad58374a9cb69c0c0e279dcdea4e551b141e450c2747e0eb7e7a2a45c7524c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | bdb252ef973a0bdda897e396ffab97c1 |
| SHA1 | 13379786f2af6c322ee6eba895ca20e45216dd14 |
| SHA256 | ff1547d9cec4c9578e0be3cf4c7eca85f97735c39d5574ab5b0c83b22a04dac3 |
| SHA512 | 97c5aac292bd7c4a067c8941e5a112ada60c7b096dc0324b94a90ac7ac1f600c88dfdd565767488811e5a35c2f64e6d6bf5eabd46af45ce895e5abe8fe7863c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | f4f077144cef59c8879aa736b73f1001 |
| SHA1 | bc23530090602c617050ff81295e0f6653120be5 |
| SHA256 | b89deaa23e8738486ed8f7908c2c145ee3eee095bfad9c845803ebcf3c931b23 |
| SHA512 | 9511b5841d23bc0544868a5afd089ed190b2fb3cc2d878888e61bfff774b2fabd05a674e22d76f374c1537f522ecdbe5ee422deb337f68eb749b3b6aa42484a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 0b68f4cb69ce2377624731863234acec |
| SHA1 | 8cd003375e3add0f5600cf9e0540c0b553e54a33 |
| SHA256 | 275337c2b63d14d2f27edfc5390d890efa7578b533976fcb14e90944abd49a2f |
| SHA512 | cfe42deada0c5ff743c72317f51e2bbc59a1f1924c661af0ac65defde3bc9006b696161997abd8e665e70be83920f15864840d3e8b6511fff5cb826b607858b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | aa7524bfa7c2d7f46ebbfa5d3cf7a87f |
| SHA1 | e826092a40ad014355a5ae5422e7c8ef0bd9d72b |
| SHA256 | 62931841d64e59b3eae6a4c8fd9b0a2f9dea12741a196ca389b5229e97b488e2 |
| SHA512 | e56e0729d0ceb8e67186704bf3b2bae7f36d7a75f038eca65e28f34fd199f4692c825c5cb18d3c7c4c7e45ccf4aa842277752689a382cc8c81771eef5f5c2304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 206e30f04b1689610f9de339bccc59a2 |
| SHA1 | 93c9e20d37d66bd0796711d1cc4fd685e683bbce |
| SHA256 | 2eba56a6d472163b5dd3c6d8f0b4a173137153cb0f245d7fa69c708c4b7fddfb |
| SHA512 | a19a7be301cc01030ba2c7c18e55f30e50b63180bbe0924f832ecc061e25af6caa839c14c726baae22c7b978632f6cbfbcb454bbbede8f5e096ca84c53dd740f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | aed436c69462418bab96036bd2119997 |
| SHA1 | 5b9db67080df812df068f47fa89d71cf3a2f80ce |
| SHA256 | 7c9ccf319382df776a5af1128c722755b041914c4a44f0b79348cda11669ed46 |
| SHA512 | 19aa2269feeb80f860ee70cacffdd97ec2359034521aa221971b3026a6aa6c5f0288c4b642df80f3cb5c573ac25b077a5b38b256c6d8c0405edde9c669d6408f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | b29acc56f431d12f16977ccc195ca1f1 |
| SHA1 | 4e73aa63eda04a02e5a118dd2da737a7189bde0b |
| SHA256 | 057eeac5fec64b45a591842333486c6ee363179a021f852f49d97e5fae2ef59d |
| SHA512 | dc04087cc515e32939094cdec097a255e62a85e553b2f74112c3720778a9d7700aa23a5a79acfafd0ebdf96b06d86ec966b1875f6a678daddf2feab555475100 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 0090628a46913d8f9bacd34b1d7491ce |
| SHA1 | 33e708170a544dd8a6519288fd7b3f84a8c1855b |
| SHA256 | c65724ca5c23b02e4cd803497fa342696c2b89787c086c77f220a51ee69e523c |
| SHA512 | 290b53e7aade7424306cebe4229831a5af2aee375d251b0939e9f7760d49ba9aa45df9736a34fcdfdf12b9be440ca6cbe7a683efbec51488d9495a0ae2ad4b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | ff082a873806b970bad5b6a602a36f24 |
| SHA1 | bb61991c15e4bad9a889f4ed6a5e1a34ba9b9a2e |
| SHA256 | b468ea77af3c97a532632324a092437b405b62efa21a5353b42ce0b4df80e72b |
| SHA512 | 83858e8cc8ad3b87cd25baa0e6714c45af3c3fa4e72d02477ca0b24a7cd9ddacac2e41443e80492e4c20df0b6d8f52797d63668db66c66a06722cd18d21d4987 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | ab284461ae6046919fda1ba49037f210 |
| SHA1 | 11a1bc6407d08a1f94657ae506ae92270c0e3c1b |
| SHA256 | 65156714a7a9ebfdd577f48b47bffa6b37bfd46dbc688b5a2289016c42c287d3 |
| SHA512 | a451bd8c48504000a43a5feacf5a962dc9d35f078d7ea362889a357ae4230cd5dbff97fb49f00bdad760225f61ef40dffd7f2399cffba2c5a378cc64b59ae212 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 3e0cff1c5b993ffd58b0e588a80b3084 |
| SHA1 | 302a6d238324125db244063c66f089984dc8eca1 |
| SHA256 | d8b29ac6fec7aecfb6202827f651b799e5d56331bb00f2d381eb32e2120537e6 |
| SHA512 | 56ab20e1dc5dbd1b9faa372d370f7d5c40e2deb88235c36e56f81cfd9779c4f37ffd6b95b2d3172e599b687010361e804336e5c6315657d51f2dcbfacafd03f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 0fbc15fabc6f1108a8a5d782b735bfef |
| SHA1 | d72afe6d2292afb94f7b91795f30728a81a6fe80 |
| SHA256 | 9f40772044e0dcec968abfdf4d04d6a6f2bf3246d3313c3f77823645a77852de |
| SHA512 | 0cf5f0a82422bbf7965a758419e58d78f30f1395d28121926956078c2ca4f46c4c9a77be92823949bea00c33ddc7b2bae57f11b859c92f40d8ad626e5dd60344 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 3027c3cd48a8ff569a0b93c75d6e8f5e |
| SHA1 | 0c9f6e5027712d69c35c27c9b602f6228414191d |
| SHA256 | d929b3ac7b8e49488faf0f45dd828181b2426f9b7eddb819617ef7a57c9c272d |
| SHA512 | 1848e5573299928b79f56825909b22a1a54ca02f4a89c60dfc25a145204e9f54e515161c428607ca375b16a6f3addf6d7b8ba76e8ef4011eca5a7792acd6e648 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 1b447b6ab9e97d15c1bbe8a832bcccfe |
| SHA1 | e10f76a6b536cc9e3e4d9719b2bf7a1591088758 |
| SHA256 | 5b8619532b5b63b2b10f4af74a34c0d51571279164ef672c6aa26acfbb783c12 |
| SHA512 | 0d06de74046131dfa842dfb0ca6610277c664814c8bae8fb6b8441e13bb9fe01138863b2f6c251bf241de99c37d33f2a5680e3787979dc52e109e0b528bc5b67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 8c6e50ee32809166290d6c42cf48db84 |
| SHA1 | fe9920ce1e56cfa0e97cbc66bb75bdfd24b37bb9 |
| SHA256 | 5283b999f79da00db07da7546f6dbe85d4efd6a8a066030cc1a5df312e378732 |
| SHA512 | abb728f3092467704db71f39ad6af47d46479761dc4193e05ac0376201b722b9f06f271fab4b2f12ff174faf5ba10ddb5055514b908dbb0b4d0ef94701fba75e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | c11afe01ac07127318a98efdaa35d772 |
| SHA1 | bdd3ec3b284c7355d796d509117583c62bbd993d |
| SHA256 | 7372064ec6b21fb3a15177184baebf48977c20f6a478003a1e37599912c44af2 |
| SHA512 | 5eb451640669a93a4b2f28930734e8d4b6ebd2675aea5725637851515c063dfef3fd3664e2d5a4f3eb32c27d6367da2e3bbb6228955ce912924d0fd98d5e8763 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 0d8118e89611afcbba26912026380217 |
| SHA1 | 9ba25d720110b55b9df830bc2939064f7f2d240f |
| SHA256 | 99289a8c96b0a84f67764671192d5fd824c77e0569896bc0dabf425bd1564472 |
| SHA512 | 1b12f57ca37a701093110afa298727a95ec6691ad640eb7dd3df3b36d3933f505bdef5c8b5729492117f8158af2b00a03114c353367986d1d840f2ed48744a97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 3f1278b7f86b05e5b6326986aed280e3 |
| SHA1 | edbccd632813e83afc0651dbcad1ae6655150936 |
| SHA256 | da8706087fc1c081566aeee8c0bada7901ba0e54525f6e1b34a0969b2a6b7ab2 |
| SHA512 | 089255d33c459b7182ab373f793ce3205b500e1431256e88bcd3ba78487eee19c130bbcd42c634478bc9903e337e0081ffad159916cf2fd7012d71535fcfef85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 29857003fa3446e68c86682787269587 |
| SHA1 | 73e66c08712a637d51bf7662c74705d37368a677 |
| SHA256 | ff3fac0c6a196bb41c95c992a029fe3ed86b70871414b0616424fe67a151bdc6 |
| SHA512 | b16820f0257a39705664d294b2ff25b00838f12f31b14345209143cdc298597f9dd7c5d4bf550223ebc69e373822dcc4040207523e68a0075b920dda19b69c96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 2b0551358a479842832e4184642a9f0f |
| SHA1 | 34d5518b380c60de39e0497b9fcf8ac525f696b8 |
| SHA256 | 13f2f99237cdc2426d9b66386321bd5e130fd98b671923767eb188674bf3204e |
| SHA512 | c3268f8fb0d8ef99586366bffb7dde03a42a4f92bbe83aba6cbee906a8f4f2b67a5626306b937d63861e9df3c10faf1cf66000a1eee15a745d2469cfa76fa1cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | f036e1e131102ce4ca424b19e2c23601 |
| SHA1 | 2c2caa8de3d3fa327fdedbc9676879133ea68004 |
| SHA256 | 6875218a4a83af984a20ba4fdab4acef2af4ad18ec7c651e27af0047df1a581a |
| SHA512 | 2bedae944223da91949e7d96689ee9503d1cdecf77b170272e2fa335d57a5215c03d684b4db6dd511bc740448226795a8d9bf9789579c36e597638b29d98b764 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 4f6d5778be5c9f981c446f27ef612e2d |
| SHA1 | 8a1e4c657fe563bcad9d2249f0d1bf9b260af469 |
| SHA256 | a29542fe8467c154795244389ab0f5c3a31ee1594d1e83a49547a7906fc18891 |
| SHA512 | 8b0b2c23bc0a33b4dda3c36da43af581ae573c2d073296605119bf76af76f343149d58a28d8a9ba30313a87de95a009f311725d5bd1734c3f20f35d3fa42c166 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 3a0c12e77ed5e21a8c5dde895fa7da6b |
| SHA1 | 6d7a4f46cdfe65c1b7c28b6248a8613ddccfece6 |
| SHA256 | e11e7ca727b531e8e13588ee52821cb3087c43fb0018179c1177e1e1bbffdb65 |
| SHA512 | 2871f8e1c00ba38452bcbbe04e6b5c265f7980cc7404eec8ff6feb5e7d15b25d17ba4110e747120b853ed04c9ec8846aaae0440a2aded44278309580e1a03f0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | b197b19389ab19038fa44047ed6af6b9 |
| SHA1 | 3b1b9687c281e2fd4ce3a40de2e845859d903611 |
| SHA256 | 2f0cc1b36542f8db4e8e1d3231cec92b0916e21dd8bde1f517e34359eb2a0dcd |
| SHA512 | ab735b35bc2179c44366a8e7b5e799794172aaeb768e88a5d88d69226779f4f99afa8d6ffe7e4687e5fcaf4a97bd4773f06523973b0e9b2c66d58319d08ab7cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 71a7d5500cb19b0d3a5a46a3bb2173a8 |
| SHA1 | 135dfeb670a39c5eed6dfebfed38d5b81b3674c1 |
| SHA256 | 13a8f199ca7a4237a548093ba66bf484f42899df90a7f65e200f038021290c6a |
| SHA512 | 8fd8a5d1979499d45cdcd537ca7bc161261e9d7fcb8e291febd121596fea6a97a6e89a0bc3ff6e7b9112db69fae6e477e8fae0ae5b59aba08eb6a178cc0cb64b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | db7aab43f6f5e80aecc4281c7019905b |
| SHA1 | 07a524f32dd17378e75e2c7a3329db2baa9c8ddb |
| SHA256 | b26bdcd193c190fe3eac9bca542b60391fdad1cf5bcf4e641a9e50d96b99ea6a |
| SHA512 | faf8547173f218515a8881ebda38f2a07a416bd37b6b7d952ec4267154c5262cdb66a004aa93656ee8ab50e025d13007ce8a972b150db63324247ff66aab8b40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 60deefa8443b80a2c601d7562973315e |
| SHA1 | 4239782a0f2dbf0b4c7ec0831d3e0fa792df2d51 |
| SHA256 | 534597133f8a7b70e594713e2113d2201945a2f0d35d1d6a1287cf149b08f850 |
| SHA512 | 6d42566230048869b187d35810c484d2daa60b5523d9a17f3b0c1bedab96e388350262b3aedf8c96101e45a2d794b1d0c696cd9b386c86a8d62c622d7dabe96d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 8a79ae959608684c5f878d29b32f99d6 |
| SHA1 | de95f17ad9c2c29363b35f4a9ee304a17d9b50b9 |
| SHA256 | 37554355c4f1f9d8873776ac0c7a515e33d2d1a7ede6607b59aaa9ba431ffd93 |
| SHA512 | 953b8a261377b777213eac224f2d1fadde0537b991232007e375e2981eb5504b852a49eeef0e95614d44190871d0dc7300195a6aa3fdbb69c6bb41a6794402b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 6d548f7002cd22f41a1e7793f94293d4 |
| SHA1 | ed2af1363946db1b38fe012f7b127afc59149346 |
| SHA256 | cc82d12ef87806094256cb5838930702acfff74a21ce2f9b5cc1b38cd5f822db |
| SHA512 | 0c9ca1c9defc1f23173feb04b1cacd245d8a7bfdf2f82cce10b9f75402a214863ed683eca8126c453d03a61343487edd8b5d3a45f1d60ca0de53a8ca47f9f0b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 6918d5cc0d90fd7816e9a0257e0fd675 |
| SHA1 | 0b18a2d3969e44b7c0f0f6036f7c41b4eb89dbcd |
| SHA256 | fcae1a533dcb0aeaafe2f5438f6bb5edc19d5c4332e484f00127095cc5f1ff48 |
| SHA512 | f72df90e2fc57dd374de9424cc78f4b71c329858624d4b2487e712a3eff7d86d876c0d2c0bc16f12c751a77ea3158e620d276a552ca5f552854085f67d80964d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 4097562f037c225772d8628b2f85d075 |
| SHA1 | 6f6b65646c839166322fe5de1462a5cdc781a61f |
| SHA256 | 99e7503ccd5371be0075d457e0044317d6d4e81f96ad6d9cf540988cf810fcda |
| SHA512 | e8e5ed0c0e068911fd175119a662743c416ea843f076fea423a83e464b397bbae2243a14378ae49ca53bee2bf49639af00992d30b933c5cc152263f27b774125 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | b7c315931b39fc667afe206132e1379d |
| SHA1 | b093fdef15fc17ea120516a3a5897e60521d2069 |
| SHA256 | b2d545a1919b6bacb2a0bb656456bbebc173af74cebbe262de6df0afb32bb969 |
| SHA512 | ee939b628cc21af0d0ab934d61dfb35ccc8b6360d8d644e40aa8e2ad4a31730a10d51de00e78c7dfb18b7d94b2e6dc6d29e0cec0a29db8d771d9a38202318748 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | cdce2e75f37466623455dcea951eceb3 |
| SHA1 | 91d489e0c103ae3fd44ddeb3db8bf823fedfa986 |
| SHA256 | d3ec2df55e92e295dcb5c6de44011d4b2c7d1581e099d5d9e9fa9b9b26c617c9 |
| SHA512 | 5af971a19d73ed460f4071b8f7027179b04f9908a545a34e8d91cc8a7d32dc68692a53a0f1f3756a9d231e7bee7a08dc059400b134434504a1812459f20d8c9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 90332f9ab72f802645c5ead71e84998e |
| SHA1 | c8b076651ad3e1263bf335ba43b460f709a67945 |
| SHA256 | 14b5b257716f48952922e2dc53932bc7663829886ed3b25cf121342259d53201 |
| SHA512 | f1739e3da9dd3a985013fc790252d34e1179439b5e3f2a30f472d223ceb219d1a4d6fb3be77a04508783f1a51ae3c61d9b06795a074d16c1c5b92c87579aaaaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 4ddc15183541ce64df7643afedc66967 |
| SHA1 | 71bd12e5057c28a657650c585e0930688e5e823f |
| SHA256 | 0100d00a3ac138934daa169fcc63ea727ed17296b007fa50fe83d5378403d4c3 |
| SHA512 | ac84edc0359feb146c3649c738aefb28687a11aab02d2f851909f7f2e0271785a04471c95b49e3ae3312af24d88a8f571b3df7d07a278e76a95ba4023152447b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | d61aec2033cabdb2f2b52b29db9aeb94 |
| SHA1 | 501c95a757469cd7e0a00350789a454faf1f78c9 |
| SHA256 | 86bb978a86556c88a06f45f226bb1377c64dd0d59d3f8212f0fcc29239c65ac4 |
| SHA512 | 268d1c6a094dab0c3f6ad82bb0e18793fdf3a88e4f8f19f4a3922383b5539a3f553f12b267a5f7aba2e0ed12e31cab65f9da8f1a16d8adfda97b24eb3372b242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | e8848053895bab1ee7b5763fff7be855 |
| SHA1 | e06d971dfc8e1ced8f35811b510d14e231b09ae5 |
| SHA256 | 22725a0a3660bf429ba6b94dd2f3e5d55d12c77a51d6716fc47e3382320b6c31 |
| SHA512 | a8a52991de7e3bf1a7a96983521cd2e3143afe85de90489d8115c7cb21dc00aaa5cd58761f57f197d1f4dd38ae61b07acc606e7c8d807638f157ce88606d186e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 946529e7328a03dab2eea55c156ad767 |
| SHA1 | 55c03835bda0d4253823a432365d808cab904fd4 |
| SHA256 | 6052a3cbd636d8a83d805240914a0e2ccbaa2ac886e58c68f3e36ba7acb2c5e8 |
| SHA512 | 1e00489fe0e0125b425083462a52c2f3d424e46ebbd13d78833da6e2b94ee39641e27089f798180500307fb36bc55b6f7d7bbe3e8ae6ba74cdf3803018ec9138 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 57d548eaa32f80f3cbc6e07e32b4f66e |
| SHA1 | b1b98482892cdb7d60673efbf578e78963780f00 |
| SHA256 | 4c6537f1e37a31c2101f7b66a9480a9dcd6be01b9a3aa5793c69627cc2f34293 |
| SHA512 | aa8012221004c4cf697ed86df0ab1ef16bf6140a5cb3d7cedaff0973b55d3c183c83f33ee823ed445b24c9d4a0b33190eaaf17745dd99628fce05006bf57c85e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\cardProviders\icons\[email protected]
| MD5 | 6953c85f5cb512336d281d542a08f5df |
| SHA1 | c067d69525eda6fff9eda1d583c030f893255a2c |
| SHA256 | b99349b93302434fa19782bb776eae0827585b5a221a9936a9984561c1a9f258 |
| SHA512 | 1839cd143fed8fe8709d1cc1ad3bbe80a29e9208b7a6b8166b64d80e8bf3627d6c9a1dca9c63d4cb71663d2390e32eda98f4110aacb2c6d7557fff6fb1a964ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\ftu-animation\[email protected]
| MD5 | 9e7ccd97af6a47972e2440ed33ae1b26 |
| SHA1 | d10e51a451628126cb4f37268430a728d0420f46 |
| SHA256 | 64b731875bdac8a842626e991d4ce63296133a82a83910b36fb6b92c88c21a08 |
| SHA512 | 1f56f561a0be966f7a57be15fe13f76cc8c37d11deae9c1be919b2214b64a8dc57b6d898f13f95aee7e4c24217db6bc19969e208e5eb05d85d629281db399d6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\ftu-animation\anim.png
| MD5 | 97c2ced412c847f5c8f1673d69e802b3 |
| SHA1 | 15bc0d31606a349bbfffcecb95f9ad458a451566 |
| SHA256 | 403665a1b3d0723cc096622564d6660dd1e59a375f8c2149d8a71c1eca43b922 |
| SHA512 | 3d9339d243fbbdc3010c997e1a398f68761f740ccaa5ea12941c8ed68798f57a805d86f6e15f4114ccd5ebc46f615f9a545fc1680e10f3ee8ffae2f9e39aa19a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons\50x50.png
| MD5 | 8bbc340dbd9b5f6eb5b42afc1fa60ab1 |
| SHA1 | a3e1093c173a00559221ca5c97cb4b5e79bb7606 |
| SHA256 | 99266f9e809166bc5e1432fd65e373e178ea4a185fecebbf17d6b17e7d604ca0 |
| SHA512 | 758378b2543b4b840d300088f4cabbc191a41324f66d56e9b23b13ceb1af771f17e2ab88903a3f150d9fc49cd27c4ae52720939ce03d3c26ff3f7b74238e4ccd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons\44x44.png
| MD5 | 9bff062e9e4f6c042ad2e84645667850 |
| SHA1 | 3e8161f7089a68bedae43b2eb570e04768658e72 |
| SHA256 | 59844913c14b6a00ee70a399da34049dc8bcc129afa12869fd870e35b6e1ddd7 |
| SHA512 | 839de0c6e0fc46564c9a00c79fead8fc263de31398666f1d8f248e64445ca9bf51ab1c22047710690b3afbaa873f37edd88583fb562fa226e61bd305cb7feed4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons\38x38.png
| MD5 | 8b4d816ed19a78fb6036264ce3aaf9fc |
| SHA1 | 707a439b74bd6c433931dbbafed021ea190c7861 |
| SHA256 | 2b82d3d1ac2c9dd120ff0dbb5fcce381c9188c66d5ff5ef9d44d7aa26d02abd1 |
| SHA512 | 1ab1fda6ea07b741c9e8e3ae03463442d65d1256203c8fb781ab01fa2601c93a37cb4762457ba623d308a8bc0bcf99e6d12e486bb7bde604031b93c229a17db1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons\19x19.png
| MD5 | d357966e2bd37fce2f12516281ffca25 |
| SHA1 | 2d04720ae16acd8089e42e53d90d9db0c112311d |
| SHA256 | 031d16451756a28e098e0de35fafbbbd9d5d6ad85b0104c0a39c285d8f951fac |
| SHA512 | 4de28bc73fac3e19efe77f8e53cf817d12c0bfa0b5632548abd67600cb376ee18149781b8fee0ef3dff7b26a8920450b5f7049cdd2b6fc7d76cfa5c81ebf688d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons\150x150.png
| MD5 | ef8a66f73f643a76960475622736e51a |
| SHA1 | 2c78867ee975f9ea3afc678cbc4027081a37140f |
| SHA256 | 9bd197aa852b67c241675c8203fb594fa37bdbe92f86e21ede3096f7a61663a1 |
| SHA512 | b1515862f066a18c958ff9ebb6e55ee1676bb31835533a4275cc2cd29967f4566cb0a7af7237588d27f9a4db519ac1b6bf04800cfd469957d01626414f03295b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\50x50.png
| MD5 | b441b317356c8ce4f3e5afe170487d6e |
| SHA1 | c8b7b9409053cdb61b39b83d41954e408b3a71b7 |
| SHA256 | 458aef4bcddc51de25043d5f180ad0c35da78c6635d7229ea939e49f52e5cf2a |
| SHA512 | f6f8f4abb09472ce44fd618ab1159f1b7bb8802ebffb57c50613af3ee726dbde7f031d0dd52825d8ff0c924210e0e8f4294425e3d57132a7f55c98fa0681889a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\48x48.png
| MD5 | 45e4bf6f710b42bc11893c852727b94f |
| SHA1 | 38a374c9cc64250daca751a1e9869ac7fda951c9 |
| SHA256 | 9107759096cc8eac7a639651b45c8360ddebdf0474cc722ed2d0ba54b58d1e80 |
| SHA512 | 78002f421454ecd7167fa4483544cb7622e22871fec72269f777f77ae7382d4ef14d3d5b5718ae52fbd1fd65a262c70a255fb77f8b66b1b8bc0832d26c7b3d87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\44x44.png
| MD5 | 0e053d762ae1b6a5bde27df1e865c1e4 |
| SHA1 | b164fb688414c7027b257e89ff593a66a347b6a9 |
| SHA256 | 289b845b05106882ea198ee98c583d92287618dca7974282ad9d86a22c5d01a5 |
| SHA512 | 131a824c25ec1c8eda4b3457bccd0a08347e412cca76f200b946ae6367f8a20db73be681e950e3926866b13a88601dbf530220166ea52ff9df084406d9d1d77b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\38x38.png
| MD5 | d4ec84b27c2207faf5eeec5b36379c18 |
| SHA1 | 9d30cfaae152bfc32869da96d11b3ed4138754e7 |
| SHA256 | 21e5b64df78f8f1d27656a17eff701111b9b33224a4f383cb9decd952997bc23 |
| SHA512 | 9aa68af818dbe1644d83e5c30dfd6d0f9171bf01f81dd6c6699dc5cf9470eddf65741ad6b39ff8747c9402495bca58e2835a792c5cbcf138b1aab6b1e44dd2fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\32x32.png
| MD5 | 8b9c41f6eed3b1621ce81f19fd443555 |
| SHA1 | 5849cedcdbc0f3535e3be216934de5adf39793b8 |
| SHA256 | 22b8ce97c45aa129ca843a5755face36e44395e908b663fef5040a3cb51b3cec |
| SHA512 | 60dfb3bc74f7a02a5b3805f9042a1c68981f3c02179ed140ea5cbba555cf8e37aba5730c96d0100caec190e068956e69454bdddac831da0a0fe7678bac0184b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\24x24.png
| MD5 | db9ca9127ece67b28d557a57f75aaeb4 |
| SHA1 | b2d03e0a1b46c4dd88b186869847c662e9bb8219 |
| SHA256 | af5f32591bf069243c5b7f9c4428cc535ccbe9275035530f27142f6b80c29f8b |
| SHA512 | 6bc0b8994ddb0e42c08fbe399441cceca1089d4bd60740fca3d0a43a7d80c76865cd5f511f707a25b5d1283d5baa6b2288cad8518760dd4bdd6722cf1ed2e5ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\19x19.png
| MD5 | 5db55f0c00bd631a553af0609cfce0a4 |
| SHA1 | 4e1629505475d4214d85a9a37ad83ed33ceade8f |
| SHA256 | d3d9628db7687be8deff5f25ed67cc2f22d6ff8a76007e352bc85c5f479dd4f5 |
| SHA512 | a172ed2c29432ca14a9a5fbd4393ad8d66d728ea0212afd361c47713cbdab0b562b4460685b3bc5f272539ae91f70cb16d429037cfa735c56e8548d7514d2929 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\16x16.png
| MD5 | 84ccbe95bd88005da7ab4ba78a65ee23 |
| SHA1 | e50f4143f056c81fc944ba642c68c6bfb3754d05 |
| SHA256 | 3901190429d527d427b5e50c35e4faf61bc39ca3229c0e928117afd73c2fd62f |
| SHA512 | 91b3e278b50983b41a6f6fdd36d3538a987e7480571fa941bac19d0fdae7837e3dc3ce2d16ee8b717b6dd8715f52f8435de1124042c6f93672728479d43a316c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\150x150.png
| MD5 | f2311a9535e3c28ff057532706d15945 |
| SHA1 | 143dd0aae49e00ca0c770af34c92cf2e994d22c4 |
| SHA256 | 1edb31afef48db86ac5c5d6dcb62f2ad993e285908fdc01fa3ce8f7680686f4e |
| SHA512 | 98343d14cbb757b3e9c0df36423762bf941b42a078ccbb6615a1d0b0f1a2d84f047ab428bc6c26a1451e722c4757cd56ddd67fe19adf91c6c2cf89363216f5d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icons-gray\128x128.png
| MD5 | 32cdaa480de04d055cea8b7f63f24b62 |
| SHA1 | b5b47fc982bfc40ea275458efd278bef26feadaf |
| SHA256 | 38bb4e18db551bd40803ee058a68c9ba327c9148884c8104218931832c592ce7 |
| SHA512 | c818320f311b37907e845374bd68b5653b49b83a4659b3fc4ee3d97eb6d77c6bcbad1397a47c8b7f83911f76c9daee6d44d4da961006fed221845189557cb6c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\tutorial\7-allow-permission.png
| MD5 | eb949169fae4e711f11573ceea7e640c |
| SHA1 | a3a641a2e2029ae5a99418d4104580f9ced6ae40 |
| SHA256 | 2ce139fe67123e63c733bd23558b4258d2e783b88a04d5df64f74d7769a891f2 |
| SHA512 | ed3fb2e58f22ce648fdaa36cea8191b3bd51e58d5b8c8d2dbbb550619a597cac841b1bfb8db0b6db98000fd30d713df60d0373efb1bb97c477f60c39aad9632f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\tutorial\7-allow-permission-2.png
| MD5 | 04d73a77a1ca0464fe041c2a3c505d6c |
| SHA1 | 849b13fcbe3569bb4ac29a13c0381f24dcfbf7bf |
| SHA256 | 192e6c03158d0d96fac7dda190ec54945de636e6a032a7d58bfdf4dd5b4f1349 |
| SHA512 | 42e8f912328d0a78fe3f3d8490ff3afe7481b530486b37ee94cca50b56732fc75230d096091def3fd1d447493e6017876132e9e506813279bc67544dec46de9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\tutorial\6-browser-bright.png
| MD5 | 37d8123ce8ab75a64de4a68fd6fabc5c |
| SHA1 | 9431143b8fec9cec6c9d21ae23c168b4dcfa878b |
| SHA256 | 095028404641396da92c452797027b4abf9048438f554f53d80935aa7d748717 |
| SHA512 | 685fb91a29fd69934b71e593892e2a5a359abab217bd723654c43caec065acea9d8d23d31d7a4077a641ea51ec37e49748a6d4c97cd02718f164c575fcc8fc5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\tutorial\5-cursor-and-boxes.png
| MD5 | 7a54b0a5c021c0df884b4e66d0848468 |
| SHA1 | f95f8eb5f3e25aa5132fd5a8964d17d6b6edcbe7 |
| SHA256 | f61966367ceee7e09ebc804f6420364c17a23b269d6f14a3c3bb701f29166735 |
| SHA512 | 8d8bd87fc2bfdd8f108ca565793bdb29a1b771e1a03e868f9c5ca8ace1984d25ff170302c29b9622c3f8cf07c4c6ff9f43033fad4f6a1a7d7e6186b01adbc616 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\tutorial\4-pencil.png
| MD5 | e4a5ffeb1b12314a9051a694bad16915 |
| SHA1 | c065f29d37bc183fc7e04ef91093e83bea795d93 |
| SHA256 | 72908c9c045a2ad16a3cb1d0c6fb3a7ee362d72c6e4eb90b26649794aa1ed3ba |
| SHA512 | e100fe08777c1380f7aff3f6c85ba2b7d41cd0dd6978e3d6dae08c771fee022a7cf5e4d2699da000ea7033eab15a3c5738ed755647e4c5e5908f0775161dfec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\tutorial\3-browser-with-extension.png
| MD5 | 3be032160b1046738c13f343e1918b22 |
| SHA1 | d17316574e26f6ddc9127c3f240f3b2d974143d3 |
| SHA256 | 99fcf93ac11b7726868eea3d72d916ef4a19ba0651b7dd6bcf9a713e9d99a77b |
| SHA512 | 68d5f1791109039809f4714461234689adfa2f39e0944e222908f78329787797e0939788a6c613da88e69b36b19f2d52a615385707205d93c58925cb1489420f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\tutorial\2-safe.png
| MD5 | 9365ddab7dc17fb2e4ad00a8347238c4 |
| SHA1 | 5249283e15939cbbaef45119edc92f52ce04b0b3 |
| SHA256 | 23769936799fc95022467f85c9b4acd00995beeb1c36f09aa60ac48fee28c4de |
| SHA512 | 32a2cdfc52da744a8060604b2c5887f0b7cc4ea18e9476d08937ead71c6ed0eed21d4e211900efea378d8cfa222c7e1f78d3cd6107c21e290b7921664ede9d92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 66040bc85cb7d4f19efba787509ca654 |
| SHA1 | cf6f64b1868918265f0cace6acd4bb0bdf358e50 |
| SHA256 | e104ea9a9abad73e07b695bd44ee42aa1092e81464c577cf1e6c404aeade72c2 |
| SHA512 | 41262109e9ab828c407bb6bd696e0a9290c40ea21aa00a4083b66de93be963d0d162f78e59bd0123fba3b7b452098e1d4f3ae0c3e560514de0b3cc17f4d5f373 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\rocket.png
| MD5 | 5e53314ad9c8e93aa8e94c6148864a7e |
| SHA1 | af580dbdc785fce57b97a878cfa5e48143653f16 |
| SHA256 | b4c98920efc1a965a1fb3385342948b174a7074c0e041ab1b93f7fe3cf6f625d |
| SHA512 | ea1a77993e5f34e16efc090c377bae1941f71640657f4f054bc2102910d52fd801aaec4812b6ae09952e5adf4bd966078d5f0dd5c111ae0fae7772927c80486a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\number-two-circle-icon.png
| MD5 | 17da3865e94194650475196d296f8579 |
| SHA1 | a7d04d7963b39dd624a21a5166032341e75f748c |
| SHA256 | f9148660ae04f47352d0fc055c87cf8b46cfc5fc0e9c651a96f9628768e8db34 |
| SHA512 | dbb3b3f0982f67945e5212f7a1e58bc684c89fee96902f271ec0e08c6a95b68f269032d35447c66116fb1c30e2a4f97be557d4544b4d83c53ebcb6b14436f015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\number-one-circle-icon.png
| MD5 | ce42269869ecb32d7c14e5bc958059fb |
| SHA1 | 98c67f94ba00c4ca6b342b3222887c47d6a0bca7 |
| SHA256 | 6aff8dacb102ce3d5fe75353601c32ef35b0bbd4ae5bcd25ead097781f3481c2 |
| SHA512 | 7b98837932ab1924aec3aee82faed774ee0f00eb8b715843689e4cd358865b23ab93854baf7788c3fad03938b395b2e962c38f9419f43778ecb296781e9f8106 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 9349f3c9af653b3b52d4b4e32c938313 |
| SHA1 | bf6a569d15e6c8316ac736dbb3b879371530fe42 |
| SHA256 | e6689643923eab2fb2bbac471f36d4be403c99e2e7f880e4f8a758ebaba93e58 |
| SHA512 | 1f3893480da58f34bd0d6701543ebd43a1b9ad62a7bd1f61064e2da586572ce61d326b629b9b9b24cfb2c89698f10d881bffbba306558b39f6b9b1507daf36de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\mobile_section.png
| MD5 | 11ba61f9f71b440e9e023e86ab8b7bc9 |
| SHA1 | dcd0d08f83633dfd070a7230733e3bbd591b2857 |
| SHA256 | e12026c3145d491de0fc047dc521207ca00c9ccfbe22495abc55e7c2ad893f23 |
| SHA512 | cd43e3781fd9a2136d18329b03658259ff69e68f98b93f30c61e414056bc23054ed0d3751fc0a660576efc4da329a6e2dd420fa332dca0ef7e58e16bfcf6be12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 036b1eaec26a749d8df6674e243d3482 |
| SHA1 | 6e3146bda34f158c206238e60aab3e6b8e2da055 |
| SHA256 | 1b1fb86640ca97ec9512198e4c9f18bf9ca19fda49db01e030b41059258d329e |
| SHA512 | 9e08a97e0e4017d1f3cce78fcd52e9b29a6ea21d1cb4543eb01754c788214504dc77cb0ffd277d1a7ae8983192dca9f7d84cb9d536300bb30e73da3ff590ce12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 7652da5a0c8b85bdbe9bdf382ab29ad4 |
| SHA1 | 291b9bdf25b182cd94bbdf8567a567cf404bd01a |
| SHA256 | e88cf6b750d4daa997910bc5d021fc4d94588b727b7d83923b3efe464dc77f7e |
| SHA512 | 2bfebd2f4f92b6ca977dc7c249227f61768171bd88386f6375006165280b5061c6eed57092475afcdd4a3c91bd50d3611e4f4fb837c71eccc4a77c5b4192ed19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | df81fc5582baee6470898c591b566ec4 |
| SHA1 | 393e4174d2933b1ad6d245f362fc4690612a013b |
| SHA256 | 36018936c2801c5c2f9ec3d5c668967b373961ce8171b8c728423c902616f977 |
| SHA512 | bfcad186317693efbc7dc5ba42f8fe3394fc38b79022f18772d82dbd6129922a59455b240a415bb87e8133e1fad253839d3c9517c69535874de041dc83f1da9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-settings-gray.png
| MD5 | 2f455cdcae976fa1ea3de33be7fe99af |
| SHA1 | 3623f8286e0adcaf1a82c41a3aad6260aef3c352 |
| SHA256 | 87e510ddb8454d68d2a62a2baf36369cc1abdea91d972d699781f603f22df757 |
| SHA512 | 37b6e38695aca8a1a72b7d3483d84ff1b12f553ee01a46729c17a13df5912949c4d48e4e6d25c2ae65f0fe2e647d616f8ccfca6bcf816a88119382bf557bb2db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 342f9e6c37d4bb3e5df8e6c6d33be015 |
| SHA1 | 13c662fc82dfde2369374712084390aadca36b16 |
| SHA256 | 6f9e35559d16528712d08d849f19769a64a56c6ab0508c884bf830ad2ecf7bb5 |
| SHA512 | 3e5c26466f6b176ac3c73b7c04a20eae85ed61a393023e007f8dd327fcce6794c88c3e04e5ec0b4d4e5ad328836b200e8f869ae38dd6a3de2c69b2d50997d6ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-search-gray.png
| MD5 | 660a4e3059bcf02b9609b63037d03d2d |
| SHA1 | d0002361f09d63fb8eb7c579e9dd8ec6e1af2744 |
| SHA256 | a09d4a47317587d47b69de72ef7fa9fa6859ed63bf67ce227c46fd26002747f6 |
| SHA512 | a59a40fc8d2f509ec1e69aeba77cb859bff826dc0be8be46d53b9de5dd4b3df8eba55e99a6ec3d334300842a545b577189001e8af2603ac43a643e6c383f3219 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 2f9f50c79cd90cf9bcd495cf12591e04 |
| SHA1 | c31dbd0853a7429a5f9a0760d745b13f054e7236 |
| SHA256 | 605a7465d033e8c42b90705b1ff58e402aff21b368e11c6bbd834c66fdbcc70f |
| SHA512 | dd6d2512a13de7425cc74587e5c3e81e1cf06e0dc208300af95624d78118c545ffa0ece0b6c6fe438328d2274ae1573f20fb4e854cdff2748ceaa91c0f47aa43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-manage-passwords.png
| MD5 | 77cbddf30b5cbb7bcf395a19aaf190cc |
| SHA1 | 763a28cd4aa9bb5e72528bd1438e5cc64de6beae |
| SHA256 | d761d2f60056c0cecd1856a015719aed8f97efb71c42369706169f7dc599d8c1 |
| SHA512 | 0bec71200c3963d426a3d4acd95bee9c984d89f5879e2d5371f329f1ebfe9738e7b489b06d11bef263e1e4a7856ede7720e1cee228c5c7e1f63ac776feb3a123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 352fd72a0fc01552c8eca76d3b09d522 |
| SHA1 | 2b95e0a08bcc949444a56416f8cb853f5da44b35 |
| SHA256 | 5a907ac796ae7774f840432e56d44b266448cba1ebdbb1d55ae6015cd1dedb48 |
| SHA512 | c729e67391e4db3b1d12eb7550b137980fadfa0289cbf8e57c6ce1ef2b5d46f1b9a6dad504a0f3bed96aa40f70accf47f3f0e01b7d89ace0d146e40016832018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-lock-open-gray-large.png
| MD5 | 037dbbae97f954526beb6601468dfc43 |
| SHA1 | 613bdae219f7ffc3e64dc125266ba3a1c1b7f5a3 |
| SHA256 | c104e7dd9b03efd27a1ca85c444a908a72f3cb901d92d5d8c0e22aeab436b288 |
| SHA512 | f461ef4885965ef9f164959b943f8d4c5f4a908e2aa578fb8a9cf435d3fd1a62eec0468868a7fe9f0b092532b9f3681976aeaeaf58a3362085ee02edf6f2bb9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-lock-gray.png
| MD5 | 07324dd94c7e256df7e728895510cf07 |
| SHA1 | 027f3e06b13bac82e61b28812f2501ecbfb3b9ff |
| SHA256 | e69b0ddf22c99f305864581ef06a6f421f753633c77975d881a28e403d22eaea |
| SHA512 | c3e99a57043bf892afb7737bc515dd37378a833e59436b16ce8835b7eeb3161f109349a4d12e4a207d6d8200aae361cc8843ee3a6a087f35afeda8accda8b390 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-close-gray.png
| MD5 | cee947a245016421ba6718d4502f53b3 |
| SHA1 | 625a2769ebe0ee769197fd8723d54fd311e5098c |
| SHA256 | a23bd7f8007b57a3e8a27b00d4bfe37ee70eae74236cf419ba67c6166c746dbf |
| SHA512 | 751a0b76318dd30f4bfe943bc5a54d36dbc353e7875e1c1428fcfe2ae0525987f83ccafe11c2c7e0828414854808962e6a3d0094d7b2c14be735956936a9713b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | e5c9c16a3f7252a4e3680fbab599e0f5 |
| SHA1 | 51eef6dd16f62c047083b45e4887a0062614b3d9 |
| SHA256 | 7d7b1552797fb09c75b8fcb5ce34b09ba81a3184c5a30541ddb4eba44931d6d0 |
| SHA512 | b436eb705586a0dc25b7f693775969c2a0c649ab67c511d08e34b4ca3ecc9aeb9cedf3b3c4d2c1b987c91c740c7676554107422fdcb243dd70c1f47ae0934c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 3f0b852f82c36c062b261d843858f323 |
| SHA1 | a58f32e02f6d90a6fee6c2dc98583dd9fecdb05b |
| SHA256 | 333e34b4e2c28286a0afaf4e2ecf533193d96bc1c28be960c7922c8f640c2573 |
| SHA512 | 54451d1cada4321e063ccc807f0d8cf3676d6a719fc1f71ec96d0fff073b3db17c489f4a9232bfd066f5c799055dbacb83713f5d15b8dea479a6f5ac0b38e4ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\gift-box.png
| MD5 | 4622254c2ec90ccdac3c14b7c2c04552 |
| SHA1 | 0285d597063f4648da731b9072086c7c9f9c59b9 |
| SHA256 | fcdc822baeffdf19057316f6ecf06bc6be8909cd498b2d95c24eb547f35106c1 |
| SHA512 | bcbef0e105f5da7b1ed7978f9ba577dfbf1c7b11bec663b1aa07be25f9caf681c618f17f7496c7657c9f0c9559cc381020bd5ba2f12a9d90d82d2b634e514675 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | ee82730fcef8e738a37246f582c76456 |
| SHA1 | bb1edbe0b4eea672dfe20ed24310f3e98cb46b6f |
| SHA256 | 06240a958bd8fcb9174bc5853d8359da9d5faef86481f0cd26758d020d6ded98 |
| SHA512 | 99ff0afc975aedc13a9e1a13051b1c0b75c404d1d94553236bd8ddc77b08c05f2043761438d1d08b4d1d49fc3c01f5e7a6fa8a4d3de73282a3669686371e80eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\get-started.gif
| MD5 | 48ae450a7dbb4ad131d9cb4573f4c5ba |
| SHA1 | 6595ddc89f08caf4ed1507cc3e06083a3c46c383 |
| SHA256 | e0faf05eaafa0a4362846023b90cb6beb54a5e4591b6152b4d671e6ced095e15 |
| SHA512 | aac113a381dd9f3db0b936ec0f0a81973b13b79dd9bc4010e790fd406c5ba4bd24b65cb915e08afb07ac836878e803f3c56f42da12e5e7f67dde31d4fb0be435 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\bkg.png
| MD5 | 6e16094194823621770d46ebedcbc0fb |
| SHA1 | 18d48ae4ad67ef20e949b58b7e5e1d6dda3a871d |
| SHA256 | 9b1acba079d3bb0ff8742507cf0555c648065a0f0d9b6ffe3032c010fc16fed2 |
| SHA512 | 7ceb2b2bcefaf69b8173ccbc34f0e7e12fa265cf62a5f3a91b632f425d2cff4dfe7e94a6e6eaf25ddb929f890ca096b2bef87d9d99a8988abfc29712f1aa0790 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\allow-permission.png
| MD5 | dd9dd03c6a011d63c70345aa19c4d716 |
| SHA1 | 9ca4294206e16a63cbe90e2e870d49a101ca9e0a |
| SHA256 | ff0e77ba9532ba1ef559112aa97a478bad2c533731e65165c7b4625a9778d4ad |
| SHA512 | 7d69f1e41f728485b56d658239464ec24de079619d974763acfe3c44fd2364f966bc48ccd1c48984a56c9cd1dd330e58b9cd4fcce013619d566d5efc2554b2c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\ajax_loader.gif
| MD5 | 33a752211d05af6684e26ec63c2ed965 |
| SHA1 | 298727755cb9a5102a771270b8c2de44b2bf4186 |
| SHA256 | d24043d57ed7f603eb9fb2ac930b54f6e850b68b27d5cefc2af7b5a6c1ebb9f3 |
| SHA512 | a796ffd4afccdf327e649b8634fd3d03aec888dd40b0a61080d89e50de766526b2f22f3521fc915f7cdc4582702177fe50c5e3585c690f509013a71e290109ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\background\deps.js
| MD5 | 7aa9688565d59c89ecc94c98535416fa |
| SHA1 | bc0044987c6a42ef18a8061f51945e3846c31e81 |
| SHA256 | b78ba8f668e25a1575e072742d6922124ccd91431c7adda764cac82e6474b52f |
| SHA512 | 8ba6a66d9c878659d0347ffb1c8e261e0aa038b48ce97158bba3a787017bd0f313f88c8cf23ef4711e3c4054a713771999e93894bf51464cd38b3796543dba91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\background\background_worker.js
| MD5 | 4ebcb6b5afe7e881b53cb51cb755db60 |
| SHA1 | 5ad7156522e1b4766023c898a9ef0f18193471eb |
| SHA256 | 9d941f8d5343cdc31e775ebf35af5fbc476ba972687e29f271b4d5ae2220f0ee |
| SHA512 | a995d8d1bc47ffbcb2c42f8136745c00834ed8dca0b5f03944a19e00874f70b7cd7b06d69a62268ddcaba65129170647df8219a79be5e83426abdf4df185def3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\background\aws-sdk.js
| MD5 | c8ee9e129356d61f5ddef88ce51c9fe9 |
| SHA1 | 4452e1fd66628d843fb1ecc6d1a311071dfabd28 |
| SHA256 | 85c79d6e7a57e86d96d9dd92e3934b8d696b55ed2228200b2bd3559c49f9a1da |
| SHA512 | 8d663d23e1ee609f9b2ec0eae384797c31f8c4ca7d959f707ffede52bc90188dc461c20da9f359e880dbcf3571bf292511d4052f8fd3fb67f000e9cc00be0e9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\panel.js
| MD5 | 0fbb6c45fd4b862a54d8ba1de7c02806 |
| SHA1 | 93ab018f0470f076c99b39e9c876ac5d3f3942fd |
| SHA256 | 33ac039b31da68274a1ded7bbc16461f077f9b1ce9364ae90d8d2f9726b0ff05 |
| SHA512 | 7acbd0cdbd136546d9348cb8bdfa6eb11adffee7d12d33a9cebd9984063859ba9b3e6fc64ceec57bf6821b9f4b243d5be7a4143cc0b9f19d6905447ff18a9cbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\iframe_content.js
| MD5 | a0259d6fd3e6ca6fc1bb62b5a4c1e54c |
| SHA1 | c05ebf04bac7ee20b2737b7f280e76d705d6421c |
| SHA256 | d66779199d0f564d91fa0fd56b6bd43d41d75f29be4810f2e8951e7a1214cd0e |
| SHA512 | 4161d3da7e188eed393e00f0c205baa2ec19668ced8590e124e306bebd5f7e9f51adeba77df389fd341989d45e4072c7eb1f37ecb3058b5ba6e7a140c3bc21b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\content.js
| MD5 | df1481aedece313f8d5463b6e350c7ed |
| SHA1 | 563b88e486c47f499d3c22a1437b51891bd174c3 |
| SHA256 | 2af6eea68c90f4bb3c372bde9f80a28efa8e60f54e24bca331e1752bab25541d |
| SHA512 | 1a850d8ace1fbec9136fd654dbc7828c2656d269b4bbb0da6de8f8a3ef20e77272705b21e0472cb1bc9d5db11b4b7100243c055b306503adde3951b73cc292ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\content-inject.js
| MD5 | bd4bb689c6beda2ad56c815d1e2fedb4 |
| SHA1 | d2e964264b579fbfb69f47abb5bd5a4d517c3b13 |
| SHA256 | b6481b6bde8523b5884befa2160ee25b353c219945e765dce88926251a76dcaf |
| SHA512 | 0c2bb6cb1fc49d0274d4cf9aa84bd26fb249adf710e6a656600657746fcfefedefa64528e7070b759ded171d694ed5fee90d914b4a32dccdc7874163a63bbbab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\common.js
| MD5 | c300112af808d6bd58bf12a6815fdba0 |
| SHA1 | 0b3b6ced549bc93d31c2ebdc3fd98c5d6a2ed267 |
| SHA256 | 15c223fe6034ba5317dfe109f582c0b1f98cf701493278f36665edf21283fd6b |
| SHA512 | 1d0893c11d4af690fa0ef8461a8370c968be9d1527aa366079b9961dd9b19be9508e5a597e5572b7fef0a3cf41e83d69aa409d766a285be16a0e8769b7794156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\common-modules.js
| MD5 | 5e09ee7018c05968cf92f27b025d87f3 |
| SHA1 | 1b4f2eaabb8132f3398eb3c6c92090085dd7cdb0 |
| SHA256 | c28c1710ae9dda07899cae302b5b171f27d3aa708bb578b089426c500a4baf42 |
| SHA512 | 611dbb1d3447a81cb3424e2a900ae70beeff32ceeb11f1889c84f472d5c967769249c62b51ecb589b2d804c4a892e81db955497bfee9677a850b8d275be8fc02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\panel.html
| MD5 | 5279b5dc70c7652de080320490060f9f |
| SHA1 | be4bc8409ea2ce08848dd3ef9bb683657dad820a |
| SHA256 | 5f9b2e95290286c39777a018a3e0e57d59f091c317056ccf0a9f3d09d64aa9ed |
| SHA512 | 43aa1070fab2052f36dc3141d7bfb26ec0cb4743e8a872f18a99f0481ddde01a3f1860b3c2cddc95617886bfe62c42a6791dfd636adde1c01d3edbc8ea6cfe9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | d6ced79fca409c098f0dbdbb78c6da4b |
| SHA1 | cec3f5732e96c1186d8af4a1eeecdb28ae7d300e |
| SHA256 | 5b3b7df3cb822ef5f823914e10d22f5e2f9f8aeca023f4d6cfbdde970616e415 |
| SHA512 | aeb01c7121bed5c7e93c367d1b2c05b4f8b1b6c979cce1ff4e765d5418b4ddb0763d62065ba7f9f26c362fc2fd36e1d6f17e89927fa381654da80bad2e07cce2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-help-gray.png
| MD5 | 473b9ee24fce0e320cfcfb4578fe9cdd |
| SHA1 | 7fdba86b9c7211df9eb7238bfa4fe6deee3233db |
| SHA256 | 7df3ee7136c4fc04e98d11db5bc50aa3214c189b1675892ec82e13f6ab6d7ce7 |
| SHA512 | d47c8327d10db56dd7fbb50dd7c66d767c7713de87a99892535be7b4eb949f5da1cfcc506aacc6e4f86c780c8cf41ab19174f0c56c0f0a4945cb3aab9b103e90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-google-plus.png
| MD5 | 0c5c7af961266d84291146536c9ffd7b |
| SHA1 | f51c32e2ce1a78d10b3d6249b616cf8aa0ccdb52 |
| SHA256 | 549365abaf98700b3cae8d626644f052c03e76bc7ba0e96e35602ce5e23f2714 |
| SHA512 | 4a68700266f432c2b81010eec81241e14bd5853436d6dc964380db48c68cd9723ad84d41e61c1d6803e9952b2908d36d3b112d51231cfa40f323af674be59db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-facebook.png
| MD5 | d8dc5c941c2adf4b6e4600d84ee61571 |
| SHA1 | 1c32222ce15150798f71e6610de33746eaeea5cb |
| SHA256 | fc96ff627e5cc5b12adb131adb2745d4884c0fd05f237808a882cc1a66370464 |
| SHA512 | 7b87ac1abf82ba4291c575b138b8e7ac6d722a05d713f9e2245375cadc6fb515ea144e12055407ce7fb6faf6b259bb52124fb4ce80e2f7d5dbf1d15b51fc8fcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | f9bcbe4add4290a1c087a8745a01a103 |
| SHA1 | 13cecd3a1277d78422030bb791a97e9607ba103c |
| SHA256 | 0deb228122c458d9c2c8e84f04b4ae69d5c0322eaab3b570e685e2836ecbce91 |
| SHA512 | 4e754b55aca2e0b50e0397d4cd1e2a43d7424ae20a721efb5bbc5638d9e4450f26078674547dfb867d32b11d0d8697c624bc50785584095c8ce1fccbda70d2c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-eye.png
| MD5 | 772d1359b09882ae41ab3d3bfb2ccf7b |
| SHA1 | f88d35d69682b548f6f4718f7a58b0c8bde638f8 |
| SHA256 | 4811df242745523972cefa1ede313152be609c30e2c94adc276143b47421e522 |
| SHA512 | c64acfcc0e3a4cef06fd762d3d5a77e11e4e3d20a105b81601c437e3ec503d9a226d77fbb9deec93fadaeaccf2920da955ca5a4e270961edac0ad6ba437093f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 6680058302015aacbd62ae0357b5bd89 |
| SHA1 | 211b4eb807e102b15dfde6c85b9448aebe84e8d6 |
| SHA256 | 82cfbe50129804b1d647bac2b153559427ab10d63233254dfb528eed59a5559c |
| SHA512 | ed8ca0b8c07cb581c17f2477291fb8fc4716359ef0be7950159dcf0a174daa94086511fcc0c79fe0825c7ef8d651c7dac198b6198a4a2bb450c002ae4fd27ec3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-eye-crossed.png
| MD5 | a190290305410c98586a54a4e3febea3 |
| SHA1 | aeaaa600b4c22370cc1b25f2c49078d0ef0ddc39 |
| SHA256 | e197cbd60518c928159573a8d49a6cfefeea94de62b124272bd2ae2052efd5fa |
| SHA512 | 5259a1d05a8c7eea18d940198e795c1adaa261807cbacbbe9ab448e8e9d3184ebc0dc3e79c6fcf25b381c8d1243ef598540adc67cc16fde7644eb5b9f286f4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | dac8889f0b4465c1b58c76ca434bb0c4 |
| SHA1 | 19939a67c9e9cf35c4d26ccbf448a2a27a6d474b |
| SHA256 | 3e4911709fd9c6639fe9d93186e3c4bceaef4dbd9d9e9a8b3bf4089dfff2193e |
| SHA512 | e9fa7f2ce4d642d421274da6a10224ba749b3a814ce7e285a7e9ba281bc9086ad23b2be94244cc8d1635f84eb4d97e09eff8f7a65aeaa7a05231468f496797b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-close-tiny.png
| MD5 | 089526797cd7faed8b89a8082c7dca91 |
| SHA1 | 737bc0c2b94df084051596624556aa7e5d44bea7 |
| SHA256 | 7222b4914554848cee5f6be58b51a81a412df49f511737ce1f62faad1d6b83d3 |
| SHA512 | eae1d9bbb403ed4b130953e4da6288ea225a458e009afd59012848aa2e6741ee8ead30f56af0e23e4f7ac5e7455ad124c02c3b2d199f6162a24ca0375b2b1058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\background.js
| MD5 | d06253891e7721fae73666e930ec6ad5 |
| SHA1 | b46c49e778aaf6f49c526f921612301e13c199c4 |
| SHA256 | 2a9880703870e31eaeb04c29cc18330035ff786deadaa98e2321df6a3a46a077 |
| SHA512 | 3ed0f9581131b6cf6f6cf9b75689672dfcabf258d7156e41eb96d5a3a56b1141ffa21c14cdc0c9dc6aa39ff4b3ab731114a4032dfe205b4e2ba1d1d0ec70dc82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\[email protected]
| MD5 | 5349afe9099d5a54d255e09668f98b3f |
| SHA1 | 87a6bb59f22da6bfac260fc71a07617198fde887 |
| SHA256 | d3f1e1eafa5c7a04d8a5bb30e15b2ef4ec10995f0940a667b9314fb89d0041e7 |
| SHA512 | c42297b80e379b877a8807a78afb2c4b05d195ac3b029ad1811abd8fcd1a02a74a088de0e13fed28a332be84d7d31a98d23cc29d7ed28580a715153a3028f708 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\images\icon-click.png
| MD5 | 7284e4e8871aa13afb5cda71c2b9ef1d |
| SHA1 | d7d3a158e119afec0eaf65845b07a0409e759120 |
| SHA256 | c4ba2bfb68df9c1a10d2225e8b615f9026f7aed8664ad8c5361477e6749372e1 |
| SHA512 | 1b49ae47003a7b7e6a45e76f3092a01f65a13a31c162361ed31e6531f858eca72e580151d75f7dd218f908e923289ac543ec7f4003571b0650fae58c9a40e54a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\app\inlineForm\index.js
| MD5 | ac58f72dbd7934b94652bd8eadf28883 |
| SHA1 | c9e768b467dcd3707f0d6712961aa57d6208dcaa |
| SHA256 | fc199c90c7f58083a2d57cd4a6fcea5dd0690c4bfc3bb6ed0d57c7805eeebb2d |
| SHA512 | 9cd3062d5847f62f641b95aa039cadcfaa8ac2ab19dabdeba268fdf6182dadc2e6978a1a213dd8722b8e2c7c6e27e82adaf336efbf7fe2c87281855200c4bfc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5936_874098246\CRX_INSTALL\js\content\app\inlineTooltip\index.js
| MD5 | 0e7662b17df45450c23139902703cc05 |
| SHA1 | 48a5b7fa667e125ab77e4adb05ebca6fba12bf35 |
| SHA256 | 026af7c38fd7b0e86589f131a66a8b13f250291b3b1ae08a1228381c35133020 |
| SHA512 | 2c0730810923c0410b6b0b2156254f5895fb3317b69ba2d03bb86a6b44f5153efa052b6b6b7fedcf3bf1c68f4e45d306e6c24f4d9c1330305a816aa76bcaced6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | ab0f2814b0a2d2722420cf594ce54671 |
| SHA1 | 8d25c600fdf26d742aaa9321ffea7c8bc3fefa5c |
| SHA256 | 8edc55b5da6d5dead9411f516f9008bcdb63e05967e9721879c3b10f8fbfb6e2 |
| SHA512 | 9509b6dcfec19fae297862a92daf2d14e69235a6b2032d9603abfe1c19ebf0ae9cb1594d6bfb50b5b7f8a68de8bcf5fdb1e255303eac4985d4e2488adc40f5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5fda93c9398db35efb0458ab609b15c |
| SHA1 | 9b6429435ea84fa768892821ae2b5e3ca4f9c733 |
| SHA256 | 918d16555f1f42d84b7ca46308866e11d9cc6d43c0ebc512ce93fd59d93d48d5 |
| SHA512 | 85fa75fddb434cb7d0e51de5378bb6b901cb2457449835dafc68df26c5bc7ea5d95701d7cef9d7f710e579cf522249fba21e881652306e27e7dfb8ee5173a176 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ea4db8f7680c900971166a8222b8a59 |
| SHA1 | 828021ed612f40582d8f3b36ad63fc5a0c708de8 |
| SHA256 | a194b9266c0d11d51f5c675cad083764a40ab38252b3e69fb8e52eb5f624a485 |
| SHA512 | fe231ce56aace52fea7a7a7f4f6a324078e4e9456a428bd83ea69a0492b036fa776ad88470ddb6082dff7fa8e767e39d58c7655698fecdfbd79539a1a92fc78c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 0a9555c218057bc6f911de4c6a18f289 |
| SHA1 | a657dfb46b2d403c9d0c9f0c542b96bc8c4756bb |
| SHA256 | 4a60a9398393e106f3a3e40ef50745df4676654912828f661270cf04a95354b6 |
| SHA512 | 2f313553e547ccb3eb7867fb22c496106e65d3ad66fd58c984a7a89487abdc92dac3730c52411678b17383aabb5e06e87d94c8990e844a54d73c8e8d8b25fda4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\33edb384-ae6c-400e-b8ab-1e7268638247\index-dir\the-real-index
| MD5 | df7beb91f59b45bd0dab6e88d441fbef |
| SHA1 | fb530592b9eed03b33453e0508a1bb88e0646c63 |
| SHA256 | 612df609b106f7e62506267984ee7c2b532974c78e0154b6bf65c33b36f3dacb |
| SHA512 | 8be017c1e6594b06f8dd6eec7df43ce41fd1c653a7ac761d42baca56be5a9db8bf40b819e90f09b7d23e33fd4b47d3c4537c8b8b186c9acea68eae0809c94faa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 02e0650295bf77cb2675073b6dc577f8 |
| SHA1 | 9397372f3d9316fa65a1a15d4786242bf5a49500 |
| SHA256 | 1d988b66601c4516f3295beff58649d07c1764b85a0105448fc12e5d77146a5f |
| SHA512 | 0bb1d236b6620e077df7a1e7d895efbef9a0404785a08f4c53cf59679d9f4881fcc3df6f7d8d9870ada7eee0fe832590d7dadb5a4e831bd89b02721f1d7bed69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | b9abaff5f75f07985806c22f1bb9c68c |
| SHA1 | 2abdf2fb7511f0c1d863be3e53090be82c2b47d2 |
| SHA256 | 9de0a8fc5b708ac3e757611a5a2c09a3d236338a1d05d6932960cb4acc0cf46a |
| SHA512 | 4cb5bb58b502b664ff1b3559f7eb0e4386e4d9acd8812898ef2dba92a019d5176c53e7f32fc9b9ee5046cd77e5bbdad68c7d23e673b06574a4b9f824a6f954d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 905ccd116b399196b289147b38fe4cab |
| SHA1 | de108f8184de18763cdab40c3fe62467fea773f7 |
| SHA256 | c21ddb48bd5f30258d546f79d45131392354a14d959f0ea7e004a565b8c581b1 |
| SHA512 | 91913e12cc5cbfac528c87a36ee17f78897bd1599f5e60ee410a33d0df81a8a1a7d61a7459a98d96e1d71c8e7de9d99e0206b73bd512a033839190d589fb6a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62f3021881af162c9813b74830808639 |
| SHA1 | 934bf0cae17c940d9027af0b31a59571c455e90b |
| SHA256 | 0baca25b77c0db740b15b495bafbc998b74e3bea33fa1805742034f7795fb5e5 |
| SHA512 | 68a0214b4c5b48e15f8c5375e36493ac1781d74614ecf8884ef6db4ac92426258edf0c7017fbdd061e6798e96eb3ed06163d2b6ebcadffc38415946cd5f31250 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 7a1890362f352d80f4be50dea44fb75c |
| SHA1 | edb2bd6e0e9aa8494a93182982e0e5069f12dcb0 |
| SHA256 | 78f33af8faab42f69303a6d84e33df2c8178dbe136c37cef49129029b7818ac6 |
| SHA512 | fe62fc336c027eca2c8d3d2b23431871ec87b515adf944402dc6cf08559b42ab233661868f38b9b95f0d93761098f5824427bb9151b1cfc1e63d5886b3155dba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8102a88a4f2165f7af3cb1f8ed4b09c |
| SHA1 | 8868a7d6789a3568c12a59eb5a68fad5d6c346f8 |
| SHA256 | bc78cdc4077736c83b759aebad0605cc26de2b08b3eec9cdb8b5ecdf96da91c1 |
| SHA512 | 4fae62ae5c7e1321b8bd0b1e7aa957fba6863678c67b894c4bf32f2f42e954721ec68fc5f37f1ff8396b40302d059e600e934333f816c91b77c0c824cfd92052 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fff94bffc352bbc32541278c3ff1d502 |
| SHA1 | 920ceec1ab5a04a857c6de9398dde308fb36c227 |
| SHA256 | a29a52909cef9ee3134c380b9354198e5d43ba20639708642c3c97162423df53 |
| SHA512 | e489b66c477f994ba8b1c9485341b735976c7df5de8ee4226a9f2e5c4ee8b6762ae67055353dfca595e7dcfeb14647f15a3d1e21659ce3a85e868825b911d5bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ea2a00792a832006a78582be86240008 |
| SHA1 | 74c2d397aa25ee5d6f8ab4ff073f55a4bdd64528 |
| SHA256 | 7e12e15db02c2684066ba69894070998a2695edf5a0826715ad279585a244dcd |
| SHA512 | 1a55896ecf48eac5ed24a72cac75d53db59e58d3418e0f0d3e91ebdbbd3f23129a03ac37eb0044c20ed30cb8f9af8109df5e4c8347810440cb25ebe46b63ffc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6629a1f7-a4eb-4435-ba36-8461ef0f17ca\index-dir\the-real-index
| MD5 | 9155c9c47a6c1bbb03496ebf112ab716 |
| SHA1 | 4d6adf3882e0764718366e48067cdf6982cd4030 |
| SHA256 | d69cfd8c2d00151f92d13b81ebed38ec2fab11d3a7bbb3658aa48fd3ce6aa439 |
| SHA512 | 6cbbd7fb62f59f0711144cec539400c46d5d80ee57f17456b76518bffa1c6b174dd517b879f0726c805ab0cb8e406288ac1cb610858e81aa6ad3daea17cc31a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | c078c9824dfac29fd2ebdbf4e3e3dd6a |
| SHA1 | 47433886918f6bcd841323012136574369a4de13 |
| SHA256 | ef763fb52ba5f91b8f3dad46f47fab21a5ca0c6a3a7e786b1faf951dd3279915 |
| SHA512 | 7e860615cf1fe3bbb8da6378fd2081354d4b520f92bfa9f22aa782cda5c1cc63c63e73efd2da98124604fdf4a4fc374f8b20c2a5ec218bcfed581d6f5593891b |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity
| MD5 | e11a5cfdffa524aff17fe1f87cc892fa |
| SHA1 | 7710b9d130f890f1e16de557caa5453a6bb73b96 |
| SHA256 | e14075b5bdb17525bf6266b285fe78323260284f6e8527b7cd170cf96f475cc3 |
| SHA512 | ab000f226ab6209d4a9981c303f26e73fd3e469f954eb3302da809e0f35027e1f0b60ea50c856548139300b81c1c0fd6ceb7238c413f35d3367dfdd8a102f412 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 27187114a2f574e82efdb042a659df92 |
| SHA1 | 3e86af4bcf5de628544945d1b2c889a53d750611 |
| SHA256 | dbaaaf0234bc36a8922ee63712c34ea728d20eeb666c2c63fbc4c5b6fc5e4548 |
| SHA512 | 371e0fd2bda3eb06f72ab53c52d1da5b582f1ca1bded28bf7983eac6801144f3cbbc381d43a599e308e8999a3f860e79d4643bc16c612bb9d8672185b282e272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7aba5fca822cac7a2ae77f43747f9fb1 |
| SHA1 | 2807f9b0e723f6414c67adc581b164153747fb91 |
| SHA256 | b1e38f56217683b35dfad5aef5de03dbfb0b11a266e1e5c2f86f45212a5e5fff |
| SHA512 | 378cd99682120eaf02641833515ce53d2d29c216ed17d6cf0af71065714d00e81d3dc95f42ab475527ff188879c367830cb9db30bf327f5c80259753bba775b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 38cdde8eb98c0150390f50712a0b92d0 |
| SHA1 | ebe36b60d3319c1cc532d32040b37ed3f5abbce9 |
| SHA256 | 6e4b3219b501b9d33aa984bb5d2f19a5b5b6ab0e185b2c0e7d6e872cfc8b7bf2 |
| SHA512 | 35ac6e41fe1b8a7a6227d5fbdbcf59796ae683c3ecef7175c76f8e1b3972e5e1283cb2e2b15dceb593cd5e2d93dc94b1858c33b6fca4b91a177d9b57376b993f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 1a5df3d446482993e944e2f4c98ca1f8 |
| SHA1 | c2bfcc05096cf06c112ad6049930c826a6d93b62 |
| SHA256 | ac9b8397801face0d6486192971765f5ff193cd965e2e395150754f89480af10 |
| SHA512 | cd458328562b31b3e814143a543e06b30fc25d8fadc54493b9744c4f30fd3580c91474832445409a2322fce0b39a7b313665a21fe36160912a87f72fdb87db33 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5936_1525095542\manifest.json
| MD5 | 1b8cb66d14eda680a0916ab039676df7 |
| SHA1 | 128affd74315d1efd26563efbfbaca2ac1c18143 |
| SHA256 | 348c0228163b6c9137b2d3f77f9d302bb790241e1216e44d0f8a1cd46d44863c |
| SHA512 | ab2250a93b8ec1110bcb7f45009d5715c5a3a39459d6deead2fbc7d1477e03e2383c37741772e4a6f8c6133f8a79fbabc5759ff9f44585af6659f9bb46fbe5d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\scoped_dir5936_778043465\LICENSE
| MD5 | aad9405766b20014ab3beb08b99536de |
| SHA1 | 486a379bdfeecdc99ed3f4617f35ae65babe9d47 |
| SHA256 | ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d |
| SHA512 | bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b189cc96b2bc3319dec4244be03bbbc |
| SHA1 | 5ac3675300f8fbdc36dff8d103e603607de1d27c |
| SHA256 | be08e4b1c051175bb540e0006d9bea40835ea3c51ce60fbb36c976a7cd0caf55 |
| SHA512 | 5677b31009dc8b040dcc37f0524da256d4dbc5361897ed7b1795214084500204260ab2a5acd171eaaa751b389f4980ba77305a9bb9ea07b2acecd1645cb9a50b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c43886043ee652b1c94423e19808155b |
| SHA1 | 4c571b2109675c4fed33cf143add7e2005873075 |
| SHA256 | 811742b155aa5f91fe879421366b2da9959cf6ecdb9b3652334ae665ee790160 |
| SHA512 | d6f0cdca3272b86baef3203bae08f79fa12f67b078494a8ec46f365d6195620783135d98a4095834d6197594906fc545850cc1724d02900b68096335c8535aca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\33edb384-ae6c-400e-b8ab-1e7268638247\index-dir\the-real-index
| MD5 | 5b69a7aa1c787267dcaf2332a9e20131 |
| SHA1 | 0b8a17e73c58d892dedd884e7219453c1a40e404 |
| SHA256 | c6a21030b450320f3c4c33a126c0ffcc8c23d1f5dd742d3320e1516c79ce1445 |
| SHA512 | 4c6a87a3e2c56ab2665bce92750b35c8ac6577dc322d34a8dca54f51234eaed6ef7359347b12836d59113749e5bc6b4bef287055bdb1bec2c2d78566cd128c48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | f3e54f463400cbc2d032471a365492ef |
| SHA1 | 77430091241fd651a03c8aadc6c794bc8eeb9654 |
| SHA256 | d3833447d664b68f0a74182243082aed11993a7a16a01346fd20c8d8464ac1e8 |
| SHA512 | ee75a2d344430fd02e86e1c3b0a5fad5e8ea35f6f2125d16994ac2d3508c88375d5dfc554c862ba55432a6403fcd69c293eb3e690e3744b942e24290b6590bd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 28573a663a8a5c61b8753e4c2ab6d226 |
| SHA1 | 10905e86a1451d4ad3218d9c5c42fb702c3690c9 |
| SHA256 | 14ffcdacb8cf17f09f29fa3709bc0fd8e8bb298b164fe123ad6eeb10c49d06af |
| SHA512 | 13da6f3f3e01c647b808cd38fbc9d674dd5091093f17a8c5785bb2a3c40b40fe41446af1e8680e7a515b63238d129248ecbf5708328e10a4d89186532857eacb |
C:\Program Files\chrome_Unpacker_BeginUnzipping5936_363001891\manifest.json
| MD5 | c3911ceb35539db42e5654bdd60ac956 |
| SHA1 | 71be0751e5fc583b119730dbceb2c723f2389f6c |
| SHA256 | 31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d |
| SHA512 | d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\195ed3d3-ecd1-42ad-8771-cd9884a37b4c\index-dir\the-real-index
| MD5 | 28ee25b2f7a2e505b8e138252b17afb5 |
| SHA1 | d3c96991e996dea4a7cd84bc16e76aa33912fb9b |
| SHA256 | 455340350639fc36d03e087e412746e24c9c6fc8db78ffd8354bb4f9b3395166 |
| SHA512 | 09da57cef9e9f43dd63525a8c310a54132ff29c7115e4d12a3392b020a87a633b5e8b92aa8a3913252c87b4d5a483715127ce3ccf8ee0d9bcfca38f5494d1fb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\758fd36f-ae01-4209-a1c8-a59c444c37b3\index-dir\the-real-index
| MD5 | ab86c88638e7b39134ddd4e87799d8eb |
| SHA1 | f5acf1656bcee4a9e957a4c28ce16be318b17f16 |
| SHA256 | 9d80e0590d97ea7e24651421d47effb6d520eb9b2738e1c99c5198d7d0f81a8d |
| SHA512 | 96c4b94c1366afeb27a0e2af653b7b7e4febc2ee5737ab8a4ed25b438f6b83b9d99f7fea73ade6fa391e62b50d355153737c82001a38313603cb4d39100cc196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 69150450349f3c6f2f1ea2c629a05f3f |
| SHA1 | 68a0240504666d9510ea0786e3f59e6f254e8c3d |
| SHA256 | 837210be750a813238c83bd5c54490178a3c85f9cf6a3390ce5f6919dab0c43b |
| SHA512 | 3c402dfdf164d58ae894812dbb5e2c2016fcfc761d7f4a96e268964e676a52cdab2ebbabc1630542d4442f8b75e416548e73a770c7bc6698fcc84d20af091cfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | be9a2400dec5398641d42c59ec2961f4 |
| SHA1 | 24bffb85d1821a195c339e6f59c34031ab52602d |
| SHA256 | a8916c9f9dc761b92d23f6fb4f221b3bb25b7b08e2efbcaa466d2d8d31e5ad8e |
| SHA512 | d1ffb6c0784021a0ff96df35e2ff5d47a6c8dbfe8d8c07e4156129877320c63eb1c03cd87de32553b1fa6e23fbd0d95a7f9300a64f0bc38e90492dc918c5df8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7fc614bfeae3d810b443393502c7f9f8 |
| SHA1 | 4c3e831e43e6e2f687789cbe0382bf8cd31fcc51 |
| SHA256 | 23417488728b597d8ee7e0f250053c6398c8a917e0ff3a1b614fab540b0a8ddf |
| SHA512 | 2ba629951a055b3a8a02921d1f2778e5d98b71baf76b490af29b1989f0cb893561dbeac6386c97d1fbd94c69bebd580853d52abded0d0e02ca09b9f6048c49d4 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5936_1393690450\manifest.json
| MD5 | 9eec88e496e995007baa564d1a4bc95e |
| SHA1 | 329ddb7a9cb8a24f8f11a443740e9b97adc0aa65 |
| SHA256 | 95bc1a03a1359ba30386ea205468f4739426294f720347b1e8e88b440fefd9f0 |
| SHA512 | 315b1c1b80f6a678d8b6fbfe8927f18c5b3d5749815ac2c4eda2ad01cc8e937210c55d101b32256b161ce91e19949d600a0b289ad5609a5042387c14af5f4299 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b10c1de2535e20c0dec029b0f055fe29 |
| SHA1 | a63af96bd15eca38ff698f9d29f58fcb525fa59c |
| SHA256 | 0611598d95bc8e0dd9f54d6218779b152317ebf2e7024bb7df9c32b25594f47e |
| SHA512 | 932ac7054eeb7102aadb25c6f7ace1ff77d0977aa96422250610e401869b9427f2fb97c6b7834201780cc6b92a9fc76bd5d97c1c3c441ae58d55e44e939ffa61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 856055a047d6bcfd8ca05903dfc7baea |
| SHA1 | 438f637ec778deeb541f4a1ab4a143f8cd0ea487 |
| SHA256 | a409ff899663e03b6adeee6cd7223519ce73fd881869af085896bc82ab5355d5 |
| SHA512 | c3f09c272a0f518a6d93892daf75b609f443b48471877e91f6651c4a238df0a6c41202af457e398ccf98a0674892fac6dda807bd12d902da6ff4efe9abde8e5b |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State
| MD5 | a5feffc99b92625c184cc23eda2951bb |
| SHA1 | a70f9fea6cf09f3921e7ce9cc98194f24cc16936 |
| SHA256 | 88e5787c5e9a31343db169e81bc52826faeec34e83501fcfb023767024354fa1 |
| SHA512 | a69b880aeecda027e0b9b58c0c338e37a0bba0b874e4123f5ded93749d04957ddba2753509ec0e864950358cb51a949ca4a3c77b10a0c8bfe5c9c5878f9c43c2 |