Analysis Overview
Threat Level: Known bad
The file https://bit.ly/4cQDt11 was found to be: Known bad.
Malicious Activity Summary
xmrig
RedLine payload
SectopRAT payload
SectopRAT
RedLine
Credentials from Password Stores: Credentials from Web Browsers
XMRig Miner payload
Creates new service(s)
Stops running service(s)
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
UPX packed file
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Drops file in System32 directory
Suspicious use of SetThreadContext
Subvert Trust Controls: Mark-of-the-Web Bypass
Launches sc.exe
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-09-04 15:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-04 15:01
Reported
2024-09-04 15:17
Platform
win11-20240802-en
Max time kernel
964s
Max time network
963s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
xmrig
Credentials from Password Stores: Credentials from Web Browsers
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\vcredist.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5096 set thread context of 2960 | N/A | C:\Users\Admin\Desktop\Tool\Tool.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| PID 4504 set thread context of 2080 | N/A | C:\Users\Admin\Desktop\Tool\Tool.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| PID 4572 set thread context of 968 | N/A | C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe | C:\Windows\system32\conhost.exe |
| PID 4572 set thread context of 4092 | N/A | C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe | C:\Windows\system32\conhost.exe |
| PID 3492 set thread context of 4196 | N/A | C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe | C:\Windows\system32\conhost.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-701 (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\Taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\Taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{BBEA073B-7A4F-4ADE-A7B3-A0613ED1EBA3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 62409.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Roblox_UHQ_Account_Checker_2024_•_100%_Free_&_Working_•_Private.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Tool.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 888631.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 394617.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-701 (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701 (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701 (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701 (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2408-x64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/4cQDt11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffa363cb8,0x7ffffa363cc8,0x7ffffa363cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5760 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4140 /prefetch:8
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
"C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:8
C:\Users\Admin\Downloads\7z2408-x64.exe
"C:\Users\Admin\Downloads\7z2408-x64.exe"
C:\Users\Admin\Downloads\7z2408-x64.exe
"C:\Users\Admin\Downloads\7z2408-x64.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Tool.zip"
C:\Users\Admin\Desktop\Tool\Tool.exe
"C:\Users\Admin\Desktop\Tool\Tool.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Users\Admin\Desktop\Tool\Tool.exe
"C:\Users\Admin\Desktop\Tool\Tool.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Users\Admin\Desktop\Tool\Tool.exe
"C:\Users\Admin\Desktop\Tool\Tool.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Users\Admin\Desktop\Tool\Tool.exe
"C:\Users\Admin\Desktop\Tool\Tool.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffa363cb8,0x7ffffa363cc8,0x7ffffa363cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1756 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Roblox_UHQ_Account_Checker_2024_•_100%_Free_&_Working_•_Private.rar"
C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe
"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe"
C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe
"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "QTOCDQJM"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "QTOCDQJM" binpath= "C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "QTOCDQJM"
C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe
C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
conhost.exe
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\vcredist.exe
"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\vcredist.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UWTPBHGW"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UWTPBHGW" binpath= "C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe" start= "auto"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UWTPBHGW"
C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe
C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe
"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe"
C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe
"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 172.217.169.14:443 | translate.google.com | tcp |
| US | 3.165.190.44:443 | cdn.amplitude.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.190.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 188.114.97.0:443 | bshr.ezodn.com | tcp |
| US | 188.114.97.0:443 | bshr.ezodn.com | tcp |
| US | 188.114.97.0:443 | bshr.ezodn.com | tcp |
| GB | 173.194.76.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 172.217.169.74:443 | translate.googleapis.com | tcp |
| US | 172.67.142.121:443 | g.ezodn.com | tcp |
| US | 52.32.112.66:443 | api.amplitude.com | tcp |
| US | 188.114.97.0:443 | bshr.ezodn.com | tcp |
| US | 3.165.190.83:443 | tags.crwdcntrl.net | tcp |
| IE | 54.229.219.223:443 | ad.crwdcntrl.net | tcp |
| IE | 54.77.8.248:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 66.112.32.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.190.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.219.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.8.77.54.in-addr.arpa | udp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.14:443 | fundingchoicesmessages.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| CH | 18.165.186.65:443 | cdn.prod.uidapi.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| IE | 52.209.96.96:443 | ap.lijit.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| FR | 163.5.194.33:443 | prebid.a-mo.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 23.227.151.194:443 | ghb.adtelligent.com | tcp |
| US | 3.165.190.56:443 | hb.yellowblue.io | tcp |
| US | 3.165.190.56:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.186.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.96.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 23.227.151.194:443 | ghb1.adtelligent.com | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| GB | 142.250.179.225:443 | a452c91c164772ad7c242c1894786d50.safeframe.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 199.91.155.89:443 | download2348.mediafire.com | tcp |
| US | 199.91.155.89:443 | download2348.mediafire.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 3.165.190.115:443 | woreppercomming.com | tcp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| DE | 3.125.90.140:443 | www.opera.com | tcp |
| NL | 92.122.63.46:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 92.122.63.46:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 92.122.63.46:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 92.122.63.46:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 92.122.63.46:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 92.122.63.46:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.169.14:443 | www.googleoptimize.com | tcp |
| GB | 172.217.169.74:443 | translate.googleapis.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| GB | 2.17.209.40:443 | www.bing.com | tcp |
| GB | 2.17.209.40:443 | www.bing.com | tcp |
| GB | 2.17.209.65:443 | th.bing.com | tcp |
| GB | 2.17.209.56:443 | th.bing.com | tcp |
| GB | 2.17.209.56:443 | th.bing.com | tcp |
| GB | 2.17.209.65:443 | th.bing.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 172.217.169.74:443 | translate.googleapis.com | udp |
| NL | 40.126.32.76:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.34:443 | r.bing.com | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| GB | 51.195.206.227:38719 | tcp | |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 227.206.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| GB | 51.195.206.227:38719 | tcp | |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 172.217.169.14:443 | translate.google.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.155.145.183:443 | api.amplitude.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| GB | 216.58.213.10:443 | translate-pa.googleapis.com | udp |
| US | 3.165.190.69:443 | tags.crwdcntrl.net | tcp |
| IE | 34.248.222.184:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.145.155.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.222.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 3.165.190.22:443 | hb.yellowblue.io | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr.sharethrough.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| FR | 163.5.194.35:443 | prebid.a-mo.net | tcp |
| IE | 52.49.78.189:443 | ap.lijit.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.225:443 | 154c8c04850fd463b7db65c5b30e7ce7.safeframe.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | translate.googleapis.com | udp |
| GB | 216.58.212.234:443 | translate.googleapis.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| GB | 92.123.143.138:443 | www.bing.com | tcp |
| GB | 92.123.143.138:443 | www.bing.com | tcp |
| GB | 92.123.143.138:443 | www.bing.com | tcp |
| GB | 92.123.143.138:443 | www.bing.com | tcp |
| GB | 92.123.143.138:443 | www.bing.com | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| GB | 216.58.212.234:443 | translate.googleapis.com | udp |
| GB | 216.58.212.234:443 | translate.googleapis.com | tcp |
| GB | 172.217.169.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | tcp |
| US | 54.187.177.119:443 | api.amplitude.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 54.187.177.119:443 | api.amplitude.com | tcp |
| US | 104.16.52.110:443 | otnolatrnup.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| IE | 34.247.16.8:443 | ad.crwdcntrl.net | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| FR | 163.5.194.35:443 | prebid.a-mo.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| IE | 54.217.175.130:443 | ads.yieldmo.com | tcp |
| IE | 52.31.181.208:443 | ap.lijit.com | tcp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.212.234:443 | translate.googleapis.com | udp |
| GB | 216.58.212.234:443 | translate.googleapis.com | tcp |
| US | 205.196.123.8:443 | download1320.mediafire.com | tcp |
| US | 205.196.123.8:443 | download1320.mediafire.com | tcp |
| GB | 20.58.112.186:443 | x.urs.microsoft.com | tcp |
| US | 205.196.123.8:443 | download1320.mediafire.com | tcp |
| NL | 35.204.130.99:443 | track.wargaming-aff.com | tcp |
| NL | 35.204.130.99:443 | track.wargaming-aff.com | tcp |
| US | 8.8.8.8:53 | track.wg-aff.com | udp |
| US | 8.8.8.8:53 | 186.112.58.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.130.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.123.196.205.in-addr.arpa | udp |
| GB | 20.58.112.186:443 | x.urs.microsoft.com | tcp |
| NL | 35.204.130.99:443 | track.wg-aff.com | tcp |
| LU | 92.223.23.231:443 | trck.wargaming.net | tcp |
| LU | 92.223.51.163:443 | join.worldoftanks.eu | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn2wotcom.gcdn.co | udp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| US | 8.8.8.8:53 | 163.51.223.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.11.123.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | tenor.wargaming.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 151.101.129.44:443 | cdn.taboola.com | tcp |
| LU | 92.223.21.16:443 | tenor.wargaming.net | tcp |
| DE | 157.240.27.27:443 | connect.facebook.net | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| LU | 92.223.21.16:443 | tenor.wargaming.net | tcp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 44.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.21.223.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| GB | 93.123.11.62:443 | cdn2wotcom.gcdn.co | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 173.194.76.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| GB | 173.194.76.157:443 | stats.g.doubleclick.net | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 42.86.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 172.64.155.119:443 | wargaming-privacy.my.onetrust.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| CH | 179.43.191.162:51020 | tcp | |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| CH | 179.43.191.162:51020 | tcp | |
| CH | 179.43.191.162:51020 | tcp | |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| CH | 179.43.191.162:51020 | tcp | |
| CH | 179.43.191.162:51020 | tcp | |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| CH | 179.43.191.162:51020 | tcp | |
| CH | 179.43.191.162:51020 | tcp | |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| CH | 179.43.191.162:51020 | tcp | |
| CH | 179.43.191.162:51020 | tcp | |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| CH | 179.43.191.162:51020 | tcp | |
| CH | 179.43.191.162:51020 | tcp | |
| CH | 179.43.191.162:51020 | tcp | |
| DE | 162.19.139.184:2222 | xmr.2miners.com | tcp |
| CH | 179.43.191.162:51020 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 058032c530b52781582253cb245aa731 |
| SHA1 | 7ca26280e1bfefe40e53e64345a0d795b5303fab |
| SHA256 | 1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e |
| SHA512 | 77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f |
\??\pipe\LOCAL\crashpad_4708_DTFOJSXBZHORNFXU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8276eab0f8f0c0bb325b5b8c329f64f |
| SHA1 | 8ce681e4056936ca8ccd6f487e7cd7cccbae538b |
| SHA256 | 847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da |
| SHA512 | 42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a24b5057f57a02c7d83a25b846f9c076 |
| SHA1 | 3476eba7a9915e229c66a9fc3dd3ccfa8ad96bf6 |
| SHA256 | 46d3471a29f84e92460bc7cac4d1012d8fb992ed98d902690df98c3f52183148 |
| SHA512 | a915e5c7c94401d096a2bff8c686dd98692dab7a276515cb6be9ea3165299b1e0cf5b44a789366212da45ce9d7a1f1f1b78bc448d4c66589912d818d22574f1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b8b9c1d1516c74093dfe66f12afc9f64 |
| SHA1 | b41ce38f30c390596dc01f9b984d9622822c1e22 |
| SHA256 | f8ed4db5d2d619f8561c944159262c2a07329f185852f9be1ddaed5000b9a03f |
| SHA512 | c5c9bd15e4ddd790ab2077c250e00733474e747c8ce7ac5eed11e4a3b61251313807fc2f2513edfd4e0bad867ddbae292b7ed1a2211e2c5df7e58180e755625a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d155971bfc8d73bc38c95cb28db0b8c |
| SHA1 | 56d946e4b6fe8be214b3ddd1842655aeafa4c275 |
| SHA256 | 8897b2ea8087f7355a950374194dc595c3ff2e0b8da9c1cd673ac06a610468d8 |
| SHA512 | d196e08fd2e54217d04007f649386f9126b6c27ad3c5f1121b5f609c8e734ace174bb3b9c052b71f85e0be59d48348d1a4dd3947d5be58ccc293d4fbc58115c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b6cb4b09c6326d9f6fca5290e8f89870 |
| SHA1 | 55bb85b406be378487c01a4e8b20559001c04c99 |
| SHA256 | c9561405416fbbc74a6433a3ae5adf2457fbeaefdfa0e7c0b3825cc163ab228c |
| SHA512 | 96814006d590a2aaaa65dcf67656f5650dc0f0ceed443c2b3b329cebe781feedd28647bbeb75403db55edebe93fa322b1ef6aa64041ebb3d5c0c894a8c12bde1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bda38c99c825eda3acee79d7c1b8bc61 |
| SHA1 | cec4433d6ba995bf82edff1d080422f8f12755ff |
| SHA256 | 293a04fb8ae11125fed1349e663054f198d2ac018e1055d1ab39ee4b8a8ba533 |
| SHA512 | 2c3b694a023128a81ace3ff6f972f55d82e48121ccb3e1599578385ec01b357de0726ab5565253f4be4802f10aa0dfcd7373141ddfc0291c98216771dbe98c80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58026c.TMP
| MD5 | d3197ac2f38098b637089d450b55a561 |
| SHA1 | 3037554aff3f1c1b46895635777df5783c360f7d |
| SHA256 | 83046db1562142f12ae7ec578a263655d38636c1a1236857bb99d9371d665fac |
| SHA512 | 4da8873cdda1c1ea38f048fa4f87543d766e25d25a5bf85631bd78cd4624883f98f32214dad0f6ee5a9354d931d60788a88cd7f6a198ef93532f28c456f1afd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d914cf4bf8ccfa8cad6db2880f0c032 |
| SHA1 | 32c0a701857928043e4591e402da6238ea9c7f0c |
| SHA256 | 4b68885bbae5329fb0a0b99a6af5f15bd12c8795b095cde06c24855df42815f9 |
| SHA512 | 55a0b5aafbe848e5d6422b6798e06eb75a0e8e33b00554e47abf9451138bb8d207e44da5a9ad8e4e923ee4c11b37f2f7e2f59fbf31285a4526a3f6da920f4259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95ea5a9b0a1989361f71d0dd210965dc |
| SHA1 | ec94d901d4f3e78b7ef949244d7041d6a3ef4ba2 |
| SHA256 | 85cfb7408797456ac02d250bda643e77cafe205d9235ade1efb85322557fb4b5 |
| SHA512 | d50476f17afbb12cc965ab97b9f6b91b39ed799142cc714b8ddaf042ae4a9e194dc012f19280ce30554e0fc8e8bdc9f5fd0ad4d24f78c2607b1e0c8d28d0240b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a1328f022276832691bd065b5919039 |
| SHA1 | 2fa60bb0b097e2232695d2d49b89fa8cc16606ba |
| SHA256 | 30cbe8cdb6ac65d3dba87494adc552e678db363dc1b6c6113662fddde542d6bc |
| SHA512 | b3662294bfd22edb2dfda36c3cfa79e910ca9a9d7e4cac79703fb0477d8543afacbd9edc960dea1b628d54364aea3620017c202ba0c8cab07e7762f7a4ab8774 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3697f2762685f1bfc548df433646fea6 |
| SHA1 | e067ae4b9ca06fd7a9cfbb5ddd05869399adc19a |
| SHA256 | 45e3a59d9005f7cfdea92705f1534128537390bb32779a557d7f80c68f447056 |
| SHA512 | 5544a0d1cb1bc34edf4d903571c44ec0a76a97a595b6858b7eb4201ad0b8d0cc3740be216fcbfe7f083748f602f275efe75b8d885534a1b1bbeeaa057c30c760 |
C:\Users\Admin\Downloads\Tool.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\Downloads\Tool.zip
| MD5 | 27ae86a9f43183e11a50817f33bdcef5 |
| SHA1 | aeff55bf8208b5e028540e204f71c26a547940e6 |
| SHA256 | 745a35df6cc0345cbe54c6383f742fb1a3aa9d8e43aa8dbb4aba2412c5dab6dd |
| SHA512 | 56f6dc276cde284757558d0a4110bf6c304bad7f23341788ed7d1da3eca26412d0e8f9676dbc9a92e9c105b6467fc4b4261771ca14b1da1a23da8331b4ec07a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 834ead8ccd606d929ef6f6849808e0e3 |
| SHA1 | 418bab869e535d31baba1048713543861ea99d80 |
| SHA256 | 104e677491bd27d767f8b103ce4aad585cc805035ff4c5113c22878ec204b3f0 |
| SHA512 | d923fb2e379cf6fb3a1f9c832973fe22a03f7ee42215e4cce1f977ad6e5ae83819febb6d4bb28e79316ebe549591d9b4b6bbc92487e12eea1cb3e492f764b594 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d18bac22b050dcf14769e8a1863701e9 |
| SHA1 | af2d5bbf1a1f1bd7acabc3a2a49b9790d992fdbe |
| SHA256 | 5c9872fd3c4879211436186f7543319e915340724e58dd09c109010b52449aa4 |
| SHA512 | e3fd4cdb05761f03f85a7de1e6bb69f29be8aa9b2f6b03a9cbb66e9e628fc236e8e4fd4813e8d21176a6b99a9a405f80f88d567ffa6d5abcd76b92872ad80a9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5f61fc23e46368467dcb99b46c11bcb |
| SHA1 | b1f0178074dae9a17a609a47cc0100b105fea12f |
| SHA256 | 634703dcd15f7f39f416e249a5f9bb705effebc5989f4bcdd60fdc80802fa7d9 |
| SHA512 | 918d802e80f520e8aaf2db5b62cd47a5743504de58d4769505bcc6a44b1bfba9a52c7a6ca65b50b4e7664b392e8ed590dcbf8357f736d28967a1bc35506fa2b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8126b41dd002e39e98b656afaf6c0bb9 |
| SHA1 | 30767abf278c96031f0b660fe809ff37fca96ff6 |
| SHA256 | b5b554057610e5c73c9b6af8a35e9aac3a7d2d514a7fa4702c4ba8784ff02d5e |
| SHA512 | 98ea48435bc7262dd7700d2d27eabde0c662296b40929d6c5966139f0b0960163e9e26d295b58ac67c1322f9679e85f6fa00542c0150b1ac6c503e03eef830ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f99ed81320a66c6e62dd884bf0841a46 |
| SHA1 | 7d155eb5fec01094ad6a3df51c7cbbdf0eba8ac1 |
| SHA256 | 2b2b391af6ca9977b1533932020d33534bbffac44c9b17e7f4b5250f3caf28cb |
| SHA512 | 6ff1063fd7503ac3810e1a7a44fd24e56b31c59ea85bfae09e10aff9f87792791a2fcb5d776b5bcd98eb14c3963a9b76104f0516a95f28930c25cdd2d006db30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6f49021dc283869cf3bae2372283da2e |
| SHA1 | 3136d70cd3d577f18e9851f849662d3e8d5cd92f |
| SHA256 | 76604b0a48ccd73fe4f8030f7aaae470d6bfcb0f83e9d491d95a4ef8ae0fb10d |
| SHA512 | 222ec81ccd738b51bbb43a665ae9e5ed99c91c8a7ac712642d9d1dd8cad5c781b031c23ebccb05c15cc6dd937fef32800be8ff629e02fc954085d16b5192f28e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7bea22127f121067e2eefb3041e3858f |
| SHA1 | 0045d6fbb3a0052013ff5d7040282038d144696a |
| SHA256 | 713fb2c3d308c88182d209eca48dfc17ed8231439f58c4f42dc7ad819f79de44 |
| SHA512 | bd05cb48250812bb416c50a34e33b4bb896f1317b05fe1e02f2593508cc4e994bf56bf38caa653db6220d4fc6471ae14c0ab1cf119da310f28772fd5dc58ab6c |
C:\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 3a2f16a044d8f6d2f9443dff6bd1c7d4 |
| SHA1 | 48c6c0450af803b72a0caa7d5e3863c3f0240ef1 |
| SHA256 | 31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6 |
| SHA512 | 61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b99d156fb81d71a0cfeae8c592664ea |
| SHA1 | 9ab4a75b52e9f2b98b978d1142afa4d0f8f0078d |
| SHA256 | 3048117c91d4d0c9d83acb4c49c33aa05953bea483da1abb41f57d9c0727fef6 |
| SHA512 | be6b8f82ae83f765aadebcd05ffb9a787e25b4d9659bf49701c8ba892489b3c05cae67ed9cc862fe71d8edbf19707d6dba3464b5d97291a5a2731facef91d468 |
C:\Users\Admin\Downloads\Unconfirmed 394617.crdownload
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | cd6829f53a60318a54648f4ff9d694c2 |
| SHA1 | eda672c23f219a9cdbe740079412f5fbe04a157d |
| SHA256 | 5410184dfd5ef071de14c78cc7e9488049a85e313a3454250d53e974251ac906 |
| SHA512 | 25a54ac013419868211b704a9b1f4cbc7c0a5b1a0e10cec09cd8eee3fbde7497e36c8e35f0506622eb9a47939c2c6b9590bf9bbf8d43508be13d7f85f7838ec9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05decd75f4b23bd80c55de19f9a91601 |
| SHA1 | 0eed92372fceb5af418f3072b4c1f5df9dcb2d08 |
| SHA256 | 3e1d2a5744d13aacae12df38de9c03f75103c8f16f9c75d508dd083fcc039070 |
| SHA512 | 62d6ee3d3e3002b79d33b215b16f79d86239e9de3b739d781f4d8f36f1016f6b8148658fa2fbc3dacdfa961a17debdd8421a46e9afd9d82aba5cf0db44a06f15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0e0f2fca99ed1ae20f7bfa691ad162f5 |
| SHA1 | 91b740e8a5ac50686c589d0cdbbea9835a1507e7 |
| SHA256 | 9bd0ae19182ee355a5bcf22ad4beda7f5b66fffae95d800b540f8a81a46ded67 |
| SHA512 | 2f30a73fc0ce89d7de78fc3af06bcfa734414a7c31513207ee430bbe54b9b74030061f7524f2605b46ae091cd9bbfaabf0320ce714edaa616ec1ccc8a2fecca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a6113e1734f4f5e606a2bd4f90240729 |
| SHA1 | 00639ed2a93e3a45586139e2fa5fb7cb5753dd90 |
| SHA256 | 77c30426b0aced3b13f9cb5128dc37ef6d75773b3bdbcb0f146b95ef653d4599 |
| SHA512 | e880c6fee715736b31f0716206702e426132629b0c3615fdb7a668d90cd2f1cf8d8b9849ec581ed87313829648ff59c1be74aeb55e238a8aa5275cbc2e61795d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e923b82fcfb50ecee5f2ee7ed89a8264 |
| SHA1 | bfcc53ba2bc3cdb22b2ca5d2508e99c830c08ce4 |
| SHA256 | 8f367c2ca832d15ec7060d6b444539b252df7989aa709fc1544fc85288f2ceb6 |
| SHA512 | 30742ddf82610c7ddc3bdf2b61548b5a064c93d3a405c35073cdaee7f67a51ece4edc257cf22006a71a6164776611811c0e4015c8fe6d5c43a88ff089a3edfde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3b2e4b4a1c29e9350002f6ef25683d64 |
| SHA1 | 771cfd7b21c1ecfb0fbac3ca106265516580b348 |
| SHA256 | 5cf6a4d65d8a4166bf90d2d30d6b338332127efb649358f86ee0e55f3cc1012f |
| SHA512 | f4a32ea2ec0c50cbec0bc61c2f1179a521721bac46df3c80adeea7b19e19a595ff037d0e2e2a2c3fee851948690e3a41520ea6dc1c6383673428893064138697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | ed124bdf39bbd5902bd2529a0a4114ea |
| SHA1 | b7dd9d364099ccd4e09fd45f4180d38df6590524 |
| SHA256 | 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44 |
| SHA512 | c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | f3d0a156d6ecb39d1805d60a28c8501d |
| SHA1 | d26dd641e0b9d7c52b19bc9e89b53b291fb1915c |
| SHA256 | e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3 |
| SHA512 | 076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | bb23576e988ee410c53c6982529308d3 |
| SHA1 | 9c19397e83f7fe40a07eca22f5e5bbf64974918f |
| SHA256 | 1cb59c4d383ffcb876f1f7c279007731b87644e0b17620135639cc9b0186b393 |
| SHA512 | fe26c6bd32970627459a5a695de2de7b429099fab9c42f79a5a9df92e3e3d179687d457a356fbefaaedb874461c78182b42744b59e03a3c63cde5230c4bd7e6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 108957e3cecf9e06d4bf2b2f52fa6232 |
| SHA1 | 8ad0a1c6796c1c294b9ab0642252df0b50540339 |
| SHA256 | b5e7eb4869c93194d0ff9807543b996d6b35f7e5da10a3f68db752b51254adca |
| SHA512 | 0fbaa975fe3bf38e342e89bcb04422906d8d70f58d707280d06bc7547fc296a1d9c448b123b9a27f78790339ecd54a3415cbae182380a7b9e860edcc304ff465 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fbbd96bad5acc64d56de9eaa2dd21e7 |
| SHA1 | 4019949dd517633b4cfb72bc53dc464db2067e2d |
| SHA256 | d7cf9776f43eb5f214c7744b71b3624df109c67d70b17832ac24d15d720b6003 |
| SHA512 | eae9bc1760c2b9afe6e9c17da15e33afaca2343747542cb4866e1017f039cf3726700d7f73dc805cd5ab65b75373a5be1e94498a7b51a1a9034380e9dd853864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b778328cfe896f0d4ed5e31408176236 |
| SHA1 | ef0f75697418d6b7fa5bada3ace314f46b6ac8b5 |
| SHA256 | fccee9ff369dbe6faddf17b3b0ac24e938874ac01860693defe068e8ada89f9f |
| SHA512 | 470b9ad243da2bde7748ca7bd5156265154b0ca31f26e3eb30968634af9058afd3544acdbdf33aa3eeed0fe5560dddaa99c55fb48aee9730356d8d3d47636a4c |
C:\Users\Admin\Downloads\Unconfirmed 62409.crdownload
| MD5 | 0330d0bd7341a9afe5b6d161b1ff4aa1 |
| SHA1 | 86918e72f2e43c9c664c246e62b41452d662fbf3 |
| SHA256 | 67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b |
| SHA512 | 850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1 |
C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier
| MD5 | ecfc262c1fff38d81ae2683695bfa689 |
| SHA1 | b19c33459f9d2aaea1541fac7f7a973629198040 |
| SHA256 | d2a3d6e15abef23f9c77322ddd6cdbb454d556baa848a9baf861cd516846ff2b |
| SHA512 | 0bb4abc8775f5b2e9197aedc5c20ecccda9df40ce884b70201c3e60427bb6aef86d80b2ff2e2e7ef47259cd660e87d482e09893042fac0deb715e5a94ec31dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7c6f08db56f18ca491665674bae19f24 |
| SHA1 | 055dc2a422f4d5d1d3ccd575c6bb7f76332e5831 |
| SHA256 | f36dbb52d9e2ba0f5f654890ef79b2a4088d63acc7c5304fab1f6ca4e9a62fe7 |
| SHA512 | 739d770e5b153fc81fa64260be89022afa02c4f64bcd1a35f4d853220ba84e822ba2d927cab5147846f8fb23077822a5d887d1b4c4d60eb27f8dac5c9b2ee0bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 74ac2e4f4e5d65513deef4e8c25e4686 |
| SHA1 | 5754ac03fe52b409a159b68fd8ca2f5a27894393 |
| SHA256 | 12ca6f8441caec7fe186a4c92bf436ba53c2ae2743d5d596a21a670ec1106c96 |
| SHA512 | 4f1d32e1c4fb0586aeccf1f2c25878a0ab500f0daa5c3ae3d69044365eab765443401f2df93441d58e60fc453394ff56856c58f9fd08b207f841c8e76987ee28 |
C:\Program Files\7-Zip\7-zip.chm
| MD5 | 99b88f4d6d13713053db06b449ed6a9f |
| SHA1 | f718e09a42e9ec49db060589d24135ca6929e8e0 |
| SHA256 | f830ddc5280d00e1cb160f9e5dd114292d5efef66c23c3c03c224894250bac2f |
| SHA512 | 9f1cb9ad8023b340c82e987bab33cddd817e3ece892aca7350650343396d4dc5d00cfd99c0718a862280c81d7d525c5e870390e1cdfdb4987b6663b1394cf1fc |
C:\Program Files\7-Zip\Lang\az.txt
| MD5 | 9cd3a23ca6f66f570607f63be6aa0001 |
| SHA1 | 912837c29c0e07470e257c21775b7513e9af4475 |
| SHA256 | 1da941116e20e69f61a4a68481797e302c11fcf462ca7203a565588b26011615 |
| SHA512 | c90ead15096009b626b06f9eae1b004f4adba5d18ccdb5c7d92694d36903760541f8aa7352be96466f2b0775c69f850605988fa4ef86f3de4fca34f7b645457e |
C:\Program Files\7-Zip\Lang\ba.txt
| MD5 | 387ff78cf5f524fc44640f3025746145 |
| SHA1 | 8480e549d00003de262b54bc342af66049c43d3b |
| SHA256 | 8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f |
| SHA512 | 7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344 |
C:\Program Files\7-Zip\Lang\ast.txt
| MD5 | 1cf6411ff9154a34afb512901ba3ee02 |
| SHA1 | 958f7ff322475f16ca44728349934bc2f7309423 |
| SHA256 | f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f |
| SHA512 | b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c |
C:\Program Files\7-Zip\Lang\ar.txt
| MD5 | 5747381dc970306051432b18fb2236f2 |
| SHA1 | 20c65850073308e498b63e5937af68b2e21c66f3 |
| SHA256 | 85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72 |
| SHA512 | 3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff |
C:\Program Files\7-Zip\Lang\an.txt
| MD5 | f16218139e027338a16c3199091d0600 |
| SHA1 | da48140a4c033eea217e97118f595394195a15d5 |
| SHA256 | 3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb |
| SHA512 | b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14 |
C:\Program Files\7-Zip\Lang\af.txt
| MD5 | df216fae5b13d3c3afe87e405fd34b97 |
| SHA1 | 787ccb4e18fc2f12a6528adbb7d428397fc4678a |
| SHA256 | 9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34 |
| SHA512 | a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68 |
C:\Program Files\7-Zip\7-zip.dll.tmp2
| MD5 | d346530e648e15887ae88ea34c82efc9 |
| SHA1 | 5644d95910852e50a4b42375bddfef05f6b3490f |
| SHA256 | f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902 |
| SHA512 | 62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 004d7851f74f86704152ecaaa147f0ce |
| SHA1 | 45a9765c26eb0b1372cb711120d90b5f111123b3 |
| SHA256 | 028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be |
| SHA512 | 16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d03d79b3df28c8847e016114af7bc5f9 |
| SHA1 | 622f8dd848be0cfbb6343ceb99b772c9421ffd96 |
| SHA256 | 44f4503a4e801d3597408aa0b8a018d5047367a739acd0511e4ad5acc97c0fd5 |
| SHA512 | 69baa536775514e82091034f9bb3d018deb707cfecfb5336e0988b1cdc8e32dc9af4d7d020eec57bfa618abf93bf9f8d9dfbbfe3e3fe7173d171b4215c228325 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ac5cb56dbd62b8b38aa1abc59404f77 |
| SHA1 | 3ee7044d3163731d6e1a58943ebf8507f8282178 |
| SHA256 | cd62723f2561e1a3022dab5c3e605a2611b7cd947fbe71828b94cda3b6a98366 |
| SHA512 | fadc81d3fc3b5dc70faeab6edb9e4d13eb6ced07110c7540c3fdc742292d8055d95967e2778b5899c99233525d58b25c15a0a7e270f777b2174095cfcc2468d7 |
memory/2376-1910-0x00007FF733210000-0x00007FF733678000-memory.dmp
memory/2376-1912-0x00007FF733210000-0x00007FF733678000-memory.dmp
memory/2376-1913-0x00007FF7C9CB0000-0x00007FF7C9CC0000-memory.dmp
memory/2376-1911-0x00007FFFE4400000-0x00007FFFE49B0000-memory.dmp
memory/2376-1914-0x00007FFFE4C90000-0x00007FFFE50ED000-memory.dmp
memory/2376-1917-0x00007FFFE3A20000-0x00007FFFE3C2E000-memory.dmp
memory/2376-1918-0x00007FFFFAD70000-0x00007FFFFAD98000-memory.dmp
memory/2376-1916-0x00007FFFE42D0000-0x00007FFFE435A000-memory.dmp
memory/2376-1915-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp
memory/132-1919-0x00007FF733210000-0x00007FF733678000-memory.dmp
memory/132-1920-0x00007FFFE4550000-0x00007FFFE4B00000-memory.dmp
memory/132-1924-0x00007FFFE36B0000-0x00007FFFE373A000-memory.dmp
memory/132-1926-0x00007FFFE34A0000-0x00007FFFE36AE000-memory.dmp
memory/132-1925-0x00007FFFFAD70000-0x00007FFFFAD98000-memory.dmp
memory/132-1923-0x00007FFFE4C00000-0x00007FFFE505D000-memory.dmp
memory/132-1922-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp
memory/4024-1929-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1928-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1927-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1933-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1939-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1938-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1937-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1936-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1935-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/4024-1934-0x0000017BF4630000-0x0000017BF4631000-memory.dmp
memory/5096-1949-0x00007FF733210000-0x00007FF733678000-memory.dmp
memory/5096-1950-0x00007FFFE3E50000-0x00007FFFE4400000-memory.dmp
memory/2960-1952-0x0000000000400000-0x000000000045C000-memory.dmp
memory/2960-1953-0x00000000058B0000-0x0000000005E56000-memory.dmp
memory/2960-1954-0x0000000005300000-0x0000000005392000-memory.dmp
memory/2960-1955-0x00000000053C0000-0x00000000053CA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tmp2F7.tmp
| MD5 | 1420d30f964eac2c85b2ccfe968eebce |
| SHA1 | bdf9a6876578a3e38079c4f8cf5d6c79687ad750 |
| SHA256 | f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9 |
| SHA512 | 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8 |
memory/2960-1970-0x0000000005F60000-0x0000000005FD6000-memory.dmp
memory/2960-1971-0x00000000065F0000-0x000000000660E000-memory.dmp
memory/2960-1974-0x0000000006C30000-0x0000000007248000-memory.dmp
memory/2960-1975-0x0000000006780000-0x000000000688A000-memory.dmp
memory/2960-1976-0x00000000066C0000-0x00000000066D2000-memory.dmp
memory/2960-1977-0x0000000006720000-0x000000000675C000-memory.dmp
memory/2960-1978-0x0000000006890000-0x00000000068DC000-memory.dmp
memory/5096-1981-0x00007FFFE3720000-0x00007FFFE37AA000-memory.dmp
memory/5096-1983-0x00007FFFE4C00000-0x00007FFFE4C28000-memory.dmp
memory/5096-1982-0x00007FFFE3470000-0x00007FFFE367E000-memory.dmp
memory/5096-1980-0x00007FFFE4400000-0x00007FFFE485D000-memory.dmp
memory/5096-1979-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp
memory/4504-1984-0x00007FF733210000-0x00007FF733678000-memory.dmp
memory/4504-1985-0x00007FFFE3E50000-0x00007FFFE4400000-memory.dmp
memory/2960-2004-0x00000000069E0000-0x0000000006A46000-memory.dmp
memory/2960-2007-0x0000000007650000-0x00000000076A0000-memory.dmp
memory/2960-2008-0x0000000007870000-0x0000000007A32000-memory.dmp
memory/2960-2009-0x0000000007F70000-0x000000000849C000-memory.dmp
memory/4504-2012-0x00007FFFE4400000-0x00007FFFE485D000-memory.dmp
memory/4504-2014-0x00007FFFE4C00000-0x00007FFFE4C8A000-memory.dmp
memory/4504-2016-0x00007FFFEE240000-0x00007FFFEE268000-memory.dmp
memory/4504-2015-0x00007FFFE3500000-0x00007FFFE370E000-memory.dmp
memory/4504-2013-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b83e76c5ced0c9f6726f235c9efa6f0b |
| SHA1 | 628a8af1f293ee38d9b9d7ced4f0811746fbc3dd |
| SHA256 | 533dd25b39137a6646a363d659b1f3dfcf07542e3b85d13c3ac3fe2002d47738 |
| SHA512 | 6a44e7241bde4ab3c70f26a9da9ee64dd5a46da88a494b7c6b31fae3c51ac8c6863ef243cd3cc6206f0cb8270370dc43cbdeb32579a60c701e3ddd454a10b6b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d1ddb64d6b54f8f652e92b2d51b5705e |
| SHA1 | 03776a7a2dcbac10427518f0e08d18b2ec9f505e |
| SHA256 | c56f093665eb08ebe2c8e6940dee81996735c3e0fa8aa4e0c8878a2385dadb4b |
| SHA512 | cf7560162342a059b7170d96c7a86cf4a3c93c40bc2339f06e1dad1cd304e68fe3f93b7cb483a2fe0f07fbd9625892cd1a73a3e68e9f7b7535358d49416bd7c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93dfd8157f324adbfc76df69ea17838e |
| SHA1 | 2b3a7dc69abe1534e9aef0482479f646d7967ffd |
| SHA256 | 8cf124ecac0d2b82a1233dde9cc874f000c0da63c696131a7273d44336190f47 |
| SHA512 | f4f4716f5fa3cc13ad28ce0008810f864e0128c9ec1693222b5ac0bb4f23540660c64892a3178d6296f1424ac2e4ae062b1c30df662f27be85dbd9ef5905aa8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c9e69ed9445f53750d126fb34c5875b |
| SHA1 | 1529d219ff1ce8988113e27d45dd96ef8f58cde4 |
| SHA256 | 90f1a5e9b501a00e2b65446fb14ef017114907a7ffd1e3d710047bf8f0817097 |
| SHA512 | 4045e171e1582f8e5a2e771dbdaba4df4269319ca16c11e0bec3c4c501c8a309fcac1afb07c2601be668e3a12753c1cb8ce06659c599801b01f03f6938a64139 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c94822011ba0370ab90ea243ad66d7e3 |
| SHA1 | a44051d36f8cdf81c3d112b85f78178ebf32dff4 |
| SHA256 | 416bfe392c6a03234546c9fbc9301c441937276f81cb2338da09437188f3b4f8 |
| SHA512 | 7aac25052e94981b20411ec8a182d70cd36e71a8439fd7994ebeeedd901a0af71c401734c9a7be4602b5bb0f2489da4863706ee97b0d96cd6485539b3489bf2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1dac630b03ba0b65e6395f3fb435f96f |
| SHA1 | 23349e51163ecb347660635465ab2a089e28f590 |
| SHA256 | 173861f7945b0bdbbff273fc6e8bd30acef2e9071f398d30331099a989d4b681 |
| SHA512 | 5e1b10e679882565275fd88b94086753e62635a5b0f9955323aa19ed0b64ec4cd29b919d1d3d6f8b24d3cd630daaec6252058a85411d6f11cfc34a33e45fe1d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | effe04daf9c88917b1093ae6acc790b6 |
| SHA1 | 80675a49d45063aa4d8265dd5c619d6067019156 |
| SHA256 | 19cf9185f81dd8cdb1542999e210df79b4170522a6e71c89597678da1ea75872 |
| SHA512 | b9ea775c1696e75a952d56d74942488d569cdf9c186aa3252ef53cfb22f0a9bb7781d522036a3f1fcd5776553a095ec992a5719527ab2a5aea17a006503c900f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 30f8df28b83476caf5bfb441b8832001 |
| SHA1 | 1070a0e526acd1346c185ca1b740888ba7885d4e |
| SHA256 | fe30535cf2112c2d3521003235e87bfc1dcacffe77bd5dcaca37b3b00fbac9d5 |
| SHA512 | 4029053582f25092560ef1c16eef61e30b447e8d8107525b720790b013e528e987ff73d4d5c6479d4404546a4ceacb773995f1a026ac42583709039e6fac4b2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 572f0dd5af38a2f82018bbd560122e89 |
| SHA1 | 18986312b14fd33ac83079c58f0ea96041de9387 |
| SHA256 | 6307da711dd27917048a566e776c24991d50cd73acba1a0e30ca21e070d9a82e |
| SHA512 | 4b4cf215ef40fcc3b310f179e7774bd2b222893c16b866ec55fd51305782544956a9052d578c5b2ec78db4e5b443521c71edc242ce67be3d9fc424085cdce17c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 1d454c43afa493accde04613f4617429 |
| SHA1 | 7eb2f71ff9dc895697f73b54a7e69fd3bf0dca03 |
| SHA256 | fc41d2a7fbe260f33c8edc0d761f82a3b82766e8f0efc606228e76f61d3405fd |
| SHA512 | dcb9b282dce0d9a4ea5b3039c341ab9d64993eb6c6cefa77098984a037e8c2ced348077dab6e9a9cac65032f168a6868b18bc4f91fa4329d6e699de0f8fb93ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70e17cdd24e66fce8c553829c04bf0a3 |
| SHA1 | 640c55e07979d93703d16cef9f6a1d6a12ef775c |
| SHA256 | 30c13b61d02c09baa06e3873c1d4a305e46f9a2e64e240d5bc477e011dc6336f |
| SHA512 | b51c3ccaca0a319cb1be43a5b3d8f47d75d37f29d841cd67fca13cd93e9b995561d2913f3415c24fba03b82340104c26f6a48059f890e61117d9b3026b39c0c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f878aeaff723a4dede2749c735a0841b |
| SHA1 | 2782f4af474161235c7d7cc6558d8874c9612b65 |
| SHA256 | c5de9e2ac756266a8ed06e89f496147f9e7fb8e8785ee4f50ef623ac83837adc |
| SHA512 | a3a7a5d6009a5f6257e8a9256498bb7a65461124c1e1a6b53e0bc2af6c9094d2a317d3c4487274224711e4502312656453d85399db6198d57d78902cd4cf9bfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b67072eb7479d1f9c2fdfad3a62f33d6 |
| SHA1 | 5a63c924a433ff5efab9419333d5b36ce907922e |
| SHA256 | 252ca1b2c4ec21268269f134681e40663b98127e26708070688802da85df7d0e |
| SHA512 | a47daf6960dce60964f4348f1c1fa76ab5fb17ace78b4221f5525950697c93310b212dd51dd5f5541c1f6dd9cd85a3df999547ab44ae4d5a60b8fccc2df9f5b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be332fbab1356c57342bfec08e853063 |
| SHA1 | 2eab09c98913be52f9fea542aa8b3136c8483da9 |
| SHA256 | f3b11293064085d660a4dbcbe9f33d2106c5174872deb93dd7f6f8cd5fb68dd3 |
| SHA512 | 255b972d0b94b3f9ea152d67fae4336b76d9e48391572e4a3aede8afb44301d54a8a46e0860be19bb9e08965c508f54f3a6bdac4c729476704f6795063305cbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 170d784bcc00e12da2e2badcfd3170af |
| SHA1 | 5b0b803675694ac9bfd62abb75a2541fc83a8b62 |
| SHA256 | 18972d91d45bbc378b5ddaee2b90024de35cd219c47d8f3baf611dbc6b1f3833 |
| SHA512 | d6307611e0e4d6be22bdd236ede32efba8e2b9c1a5339970a3fe92627db88dec1df52b88af5208d8af1cc88e5fecd106cead662d0f308cd53f4ebfdf1eb079b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ca68fbef682ff1f18169b97b3cd4fb04 |
| SHA1 | 3bfbfa7ee4b232594a2b2167c274bbc335226ac4 |
| SHA256 | 9975822c3277592446ebd1c7a7f80738584b748ffc42fcee21f7d10abd67096f |
| SHA512 | b742615f27c15bd9d08be8be6962189fb89828b37391714f4ef13364caa07304a0b324262bb0100a808be2d4d0012c97066b72e27e2785675d3465dcd6845817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 310af89337ad02033ce447f1f31ab414 |
| SHA1 | fab88f5986b6dc39a9ddc081a9b90d6efe2e7032 |
| SHA256 | 6bafe46cfb740cf1c9d9bbe0f2c651e5e711ec1284d496049aa096ff7ea58809 |
| SHA512 | b387e7bd1b1ca21e8262123ed895fb828178ae3650f6ecdfd099f14a643eda90840652df3a5db3af22a74210265fc101b43e9504bfdf1934c409fcce689340d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a126081ca229a7bdc10a6c94d3755a6c |
| SHA1 | 77e8faec26499cf50d7f1df46e430811ffdbf62e |
| SHA256 | 396cb79cfc1f35407611d38606e11465d77d0d0b3c4732fdc5a4ed5fc359d3dc |
| SHA512 | 84a795f1add9f0a9a729532014fc787d15bc76c6652270878ef0036eb0277a249bb1e59aa46f1fa51eaf15f1697d1602d816278e7d33ca1aac9c0316e4adb49d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 08cb86e6c38ea015bf0774b1acdf1b6a |
| SHA1 | dab9e6c34e947749733dee9b7ae45b67795a1590 |
| SHA256 | 5cd1602c7b32b86b8faed681c8d3b0f85c765d154adb47a830ca983df045c3e4 |
| SHA512 | 396745d2c894a9bed959cbbbfe4cb5a94aaa67a573ac75916a047e58690f530451b3221f265356f9fd10926eb6115cde8b8cdc88134dc6ae26799cf4303738aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f30f69cec6d89199fb554203aedaa3b4 |
| SHA1 | 00de151abdc7fbdd6ee6a0a3d0289397341b2926 |
| SHA256 | 314f86565adba8593cbeb1903818bc118de497c0be1b98588d05f4dcff564b1b |
| SHA512 | 91b60b6c8d22eedadaac591b94685eeadd8bf2f9ddbe97b7b383b25fc807e32652762f95a4f9f14bf63e3da068e5787da2333fa3ee251f4d37b137814a17ea19 |
memory/4344-2576-0x000001627DDE0000-0x000001627DE02000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rxzhno1i.hrw.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2660-2602-0x000001E8EE2E0000-0x000001E8EE2FC000-memory.dmp
memory/2660-2603-0x000001E8EE300000-0x000001E8EE3B3000-memory.dmp
memory/2660-2604-0x000001E8EE3C0000-0x000001E8EE3CA000-memory.dmp
memory/2660-2605-0x000001E8EE3F0000-0x000001E8EE40C000-memory.dmp
memory/2660-2606-0x000001E8EE3D0000-0x000001E8EE3DA000-memory.dmp
memory/2660-2607-0x000001E8EE530000-0x000001E8EE54A000-memory.dmp
memory/2660-2608-0x000001E8EE3E0000-0x000001E8EE3E8000-memory.dmp
memory/2660-2609-0x000001E8EE510000-0x000001E8EE516000-memory.dmp
memory/2660-2610-0x000001E8EE520000-0x000001E8EE52A000-memory.dmp
memory/968-2617-0x0000000140000000-0x000000014000E000-memory.dmp
memory/968-2616-0x0000000140000000-0x000000014000E000-memory.dmp
memory/968-2615-0x0000000140000000-0x000000014000E000-memory.dmp
memory/968-2614-0x0000000140000000-0x000000014000E000-memory.dmp
memory/968-2613-0x0000000140000000-0x000000014000E000-memory.dmp
memory/968-2620-0x0000000140000000-0x000000014000E000-memory.dmp
memory/4092-2622-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2623-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2621-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2624-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2625-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2628-0x00000232D35B0000-0x00000232D35D0000-memory.dmp
memory/4092-2632-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2631-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2629-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2630-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2627-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4092-2626-0x0000000140000000-0x0000000140848000-memory.dmp
memory/2300-2671-0x000001AFDBFA0000-0x000001AFDC053000-memory.dmp
memory/5084-2680-0x0000000000CF0000-0x0000000000D0E000-memory.dmp
memory/5084-2681-0x00000000056D0000-0x000000000571C000-memory.dmp